Free PC Support
PC Help Forums from the Experts at Technical-Assistance.co.uk
 
Google
 
Search The Web Search This Site
 RSS FeedRSS Feed   FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Mystery Folders?

 
Reply to topic    Free PC Support Forum Home -> Helproom
Author Message
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Sun Feb 01, 2009 9:21 am    Post subject: Mystery Folders? Reply with quote

I've been installing quite a few programs recently trying out the DVD to AVI conversion thanks for your help on that by the way.

Anyway, for some strange reason the first thing that occured, was a new programs folder in the Start Menu. This contained all contents of the start menu, so if I deleted something in this new programs folder it would be deleted from the start menu - now its gone???

Also, my Administrative Tools folder has disappeared and the Control Panel shortcut to Admin Tools does not work.

Now my laptop starts up and a folder opens on the desktop containing loads of empty folders:

C:\Users\Scott\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\Programs\Startup\Programs\Startup\Programs\Accessories

My original Startup folder has always been empty until recently! I have also deleted all these folders, which had to be done one by one due to being locked and unable to delete from first startup folder.

NOW THEY'RE BACK Mad

Please help

Thanks

Scott
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
Steve



Joined: 07 Feb 2006
Posts: 184
Location: Bangalore, India

PostPosted: Sun Feb 01, 2009 11:04 am    Post subject: Reply with quote

Are you sure you don't have a virus or spyware? Best to post a Hijackthis log for Softstag to check out... Mr. Green
_________________
My Photo Gallery
Back to top
View user's profile Send private message Visit poster's website
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Sun Feb 01, 2009 11:57 am    Post subject: Reply with quote

To be honest I don't know. I've been avidly downloading programs to try and recover a DVD with photos on and also for converting DVD's to AVI files. I think I cracked the latter but still no luck with recovery!

I downloaded a program called Media Dr. for recovering my pics but as I installed it nothing happened, I tried again still nothing! This made me wonder if it was some sort of virus so I deleted it.

Funny thing is, I use AVG free 8 regularly updated and recently it started telling me that a game that came with my laptop is actually a backdoor trojan. I assumed it was just an error so kept ignoring it until today when I got fed up with the constant messages and uninstalled the game - Big Kahuna Reef by Big Fish Software.

Other than that I don't have a clue...

Scott
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Wed Feb 04, 2009 11:25 am    Post subject: Reply with quote

From your other topic (I deleted it BTW - best to keep everything together Wink )

sl23 wrote:
As Suggested by Steve in my post on Mystery Folders here is my HJT Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:53, on 01/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Scott\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Programs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} (CUpdateAdvisorCtrl Object) - http://legacy.cyberlink.com/acer/update/prog/UpdateAdvisorV2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{916884F3-7512-4896-8BDF-11BCB15ECE4F}: NameServer = 4.2.2.3 4.2.2.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7295 bytes


Nothing here looks too bad to be honest, although please try the following:

Arrow Boot in to Safe Mode
Arrow Fix this entry:
O4 - Startup: Programs
Arrow Shut down and restart the computer

Does this make any difference?
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Sat Feb 07, 2009 7:53 pm    Post subject: Reply with quote

Thanks,

But when you say fix this entry what does that mean exactly? I am unable to check as away at moment back Monday if snow holds off!!

Scott
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Sat Feb 07, 2009 7:59 pm    Post subject: Reply with quote

O4 entries are Startup entries, so it will stop this loading on startup. Hopefully this will stop the windows opening that you get. It's not normal for this entry to show here, I don't think it's malicious as such, but probably the cause of your symptoms.
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Sat Feb 07, 2009 8:06 pm    Post subject: Reply with quote

OK...

I actually wanted to know how to fix this? is it an option to fix during viewing/editing registriy entries?
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
SoftStag



Joined: 05 Feb 2006
Posts: 2049
Location: UK

PostPosted: Sat Feb 07, 2009 8:08 pm    Post subject: Reply with quote

When you run HijackThis, you get the list you posted earlier (or an updated version of) - put a tick next to the entry to fix and click Fix Smile
_________________
"Microsoft programs are generally bug-free. If you visit the Microsoft hotline, you'll literally have to wait weeks if not months until someone calls in with a bug in one of our programs. 99.99% of calls turn out to be user mistakes. I know not a single less irrelevant reason for an update than bugfixes. The reasons for updates are to present more new features."
-- Bill Gates, on code stability, from Focus Magazine
Back to top
View user's profile Send private message Visit poster's website
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Sat Feb 07, 2009 8:10 pm    Post subject: Reply with quote

Ok cheers Smile
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
sl23



Joined: 06 May 2008
Posts: 198
Location: Portsmouth, UK

PostPosted: Wed Feb 18, 2009 7:40 pm    Post subject: Reply with quote

Just to let peeps know, I did a system recovery to sort all out.
_________________
Live for an ideal and leave no place in the mind for anything else.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Free PC Support Forum Home -> Helproom All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 



Powered by phpBB © 2001, 2005 phpBB Group

2005 - 2017 All Rights Reserved www.technical-assistance.co.uk
Terms and Conditions