Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cleaning out junk files [Solved]


  • This topic is locked This topic is locked

#16
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 
 
Lets deal with those files detected by ESET, and your list of installed programmes. 
If all is well afterwards, we'll remove the tools we've used. 
 
Let me know how you get on.
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\ProgramData\EmailNotifier
    C:\Users\All Users\EmailNotifier
    C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res 
    C:\Users\All Users\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res
    C:\Users\Papa\Documents\New Folder\winzip175-mediafire_c1.exe
    C:\Users\Papa\Downloads\java_installer.exe
    C:\Users\Papa\Downloads\winzip18-lan_en.exe
    C:\Windows\Installer\12c478.msi
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

​----------------------------
 
I've listed the programmes installed on your machine below, along with a description of the programme and a link to a reference. I've also stated whether I believe the programme should be kept, removed, or decided by you. 
 
Key: 

  • o = optional
  • k = keep
  • x = remove

​----------------------------

​----------------------------
 
It's important to consider if you use the programme or not, the size of the programme, and whether the programme is paid-for or free. Please remember that you should not treat the above as gospel; ultimately, the choice is yours, and you must be certain before you remove any software. 
 
Programmes can be uninstalled by:
 
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the programme, right-click and click Uninstall.
  • Follow the prompts.
  • Reboot if necessary.

​----------------------------
 
The following software (if still installed) requires updating. Please do so afterwards. 
 
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.


  • 0

Advertisements


#17
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

FRST stopped agai, ran it twice, stoped twice, but it did produce the following

 

Fixlog

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-09-2014
Ran by Papa at 2014-10-01 15:00:37 Run:8
Running from C:\Users\Papa\Desktop
Loaded Profiles: Papa &  (Available profiles: Papa)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
C:\ProgramData\EmailNotifier
C:\Users\All Users\EmailNotifier
C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res 
C:\Users\All Users\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res
C:\Users\Papa\Documents\New Folder\winzip175-mediafire_c1.exe
C:\Users\Papa\Downloads\java_installer.exe
C:\Users\Papa\Downloads\winzip18-lan_en.exe
C:\Windows\Installer\12c478.msi
EmptyTemp:
end
*****************
 
"C:\ProgramData\EmailNotifier" => File/Directory not found.
"C:\Users\All Users\EmailNotifier" => File/Directory not found.
"C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res" => File/Directory not found.
"C:\Users\All Users\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res" => File/Directory not found.
"C:\Users\Papa\Documents\New Folder\winzip175-mediafire_c1.exe" => File/Directory not found.
"C:\Users\Papa\Downloads\java_installer.exe" => File/Directory not found.
"C:\Users\Papa\Downloads\winzip18-lan_en.exe" => File/Directory not found.
"C:\Windows\Installer\12c478.msi" => File/Directory not found.
 
The other items will take some time, I will have to work my way through the lists.
 
Regards,
Ian

  • 0

#18
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

OK, let me know how you get on, and if you have any questions. 


  • 0

#19
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

OK I have installed the requested programs, and uninstalled the X and some of the

 

Windows updates have always been scheduled

 

But please be aware that I use AOL all the time, so left that uninstall alone

cheers

 

Ian


  • 0

#20
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
OK, that's good Ian.

How is the computer performing? Are there any outstandingissues?
  • 0

#21
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

There do not seem to be any further problems. I am about to do a defrag, then I will start to remove some of the items in the Startup.

 

Otherwise all OK.

 

Regards

Ian


  • 0

#22
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 

 

I see you've used MSCONFIG to manage two of your startup programmes. I would assume you intend on doing the same to manage your other programmes. Here's some information on why you should avoid using MSCONFIG as a startup manager, and an alternative method you can use. 

 

F0hoanr.png.pagespeed.ce.pT25U8PuVr.png Using MSCONFIG as a Startup Manager
From your logs I can see you are using MSCONFIG as a startup manager. I would not advise this. MSCONFIG is a system configuration utility, designed to help troubleshoot and diagnose system configuration issues in Windows. From the Microsoft article relating to MSCONFIG, "The System Configuration utility helps you find problems with your Windows configuration. It does not manage the programs that run when Windows starts."
 
Whilst the programme works as a basic startup manager, MSCONFIG should not be used to routinely disable auto-start programmes. It is a temporary solution and not a good practice for the following reasons.

  • Uninstalling programmes left disabled in MSCONFIG will sometimes result in a failed uninstallation. 
  • MSCONFIG will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot-up errors.
  • MSCONFIG allows malware-related items to hide in your registry which may not become apparent until switched back to normal startup mode - this could result in reinfection. 
  • MSCONFIG does not list all applications loaded in all possible startup locations, as some entry points are hidden and unknown to the user. 
     

For these reasons, I recommend reversing the changes made in MSCONFIG...

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the Startup tab, click Enable All, followed by OK.
  • If prompted, click Restart.

...and installing the programme below. 
 
1Vc5ho7.png.pagespeed.ce.COxAFG6BVF.png WinPatrol is a versatile system monitoring programme (originally created by Bill Pytlovany/BillP Studios and now owned by Ruiware, LLC) that utilizes a small memory footprint and offers various features, such as:

  • Takes a snapshot of critical system resources and provides alerts if any changes occur.
  • Serves as a Startup Manager which works much better than MSCONFIG.
  • Tracks programmes that have been installed on your system and monitor the location Windows uses to store uninstall information.
  • Alerts to changes in programmes that run at startup.
  • Alerts if another programme has removed a startup programme.
  • Alerts if attempts are made to change (hijack) browser Home and Search pages in Internet Explorer.
  • Has the ability to delay the launch of a startup programmes.
  • Monitors toolbars, registry modifications, changes to file extensions and changes to the HOSTS file.

I recommend reading the documentation before installing the programme.


  • 0

#23
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hello Adam,

 

I have followed your instructions.

 

The documentation program shows a series of links, most of them do not work, I get an "internal server error" message for most of them, but the first link does work and I should be able to use that to work out which to delete.

 

It will take me some time to do this as I will have to investigate each line separately.

 

Cheers,

Ian


  • 0

#24
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Ian, 

 

The links work for me. 

http://www.winpatrol.com/startup.html

 

Most of your startup programmes can be disabled, and manually enabled after logon by double-clicking the executable if you need the programme. 

 

SynTPEnh, EKIJ5000StatusMonitor, iTunesHelper, LightScribe Control Panel, etc. None of these need to be starting up, and can be turned on manually if needed.

 

Let me know how you get on, and if you have any questions. 

Provide an update on your computer once done as well. 


  • 0

#25
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hello Ian,

How are you getting on? Do you require additional time, or have any questions?
  • 0

Advertisements


#26
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Good morning Adam,

 

Sorry about the silence for the last few days. I was away for the weekend.

 

No more problems as far as I can see.

 

I still need to take some items off the startup, and also delete a number of redundant files but cannot see any further problems.

 

Thank you for all your help. it has been very kind of you to spare the time.

 

From the timing of some of your posts I suspect that you do not live in the UK

 

Best regards,

Ian


  • 0

#27
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

OK, no problem Ian. 

 

Let me know when you've finished sorting your startup programmes, etc, and I will provide instructions on how to remove the tools we've used. 


  • 0

#28
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

OK Adam,

 

Should finish over teh weekend

 

Cheers

Ian


  • 0

#29
Geekimnot

Geekimnot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Hi Adam,

 

Have deleted all that I want to now.

 

Regards,

Ian


  • 0

#30
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Good job. :)

 

All Clean!
Congratulations, your computer appears clean!  smile.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 

 

STEP 1
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Geeks to Go!
 
Safe Surfing.  thumbup.gif
Adam (LiquidTension).


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP