Solved Health check, please - after Grinler's tutorial re: XP Security 2012 rogue
- Thread starter B00kWyrm
- Start date
B00kWyrm
Posts: 992 +39
Okay... I found 14 instance of Normal.DOT.
Most are 145kb; Dated 12/16/2001 3:40pm
4 are 144.4kb; with the same date but time stamp "03:40pm" (not just 3:40pm)
1 is 27kb; Dated 5/7/2005 5:18pm
I am pretty sure if I just delete all of them, MSOffice Word will just generate a new one next time it starts, and it will be in the normal "Template Folder".
watch to see if they show up again after doing some more with the machine.
Note about 4: These are not touchable...
I cannot rename them or delete them.
They are noted as "all files on MozyHome servers"
Most are 145kb; Dated 12/16/2001 3:40pm
4 are 144.4kb; with the same date but time stamp "03:40pm" (not just 3:40pm)
1 is 27kb; Dated 5/7/2005 5:18pm
I am pretty sure if I just delete all of them, MSOffice Word will just generate a new one next time it starts, and it will be in the normal "Template Folder".
I'll delete the 5 OA (block/ask/allow) Entries and
watch to see if they show up again after doing some more with the machine.
Note about 4: These are not touchable...
I cannot rename them or delete them.
They are noted as "all files on MozyHome servers"
B00kWyrm
Posts: 992 +39
May I request help with one more thing?
Though it is not malware per se', I have some program remnants that are resisting removal.
At one time this computer used a Canon Multipass Printer/Scanner
Files were here...
c:\program files\canon\multipass4
All but the following files have been removed...
ctree.dll
mpdata.dat (deletes but respawns)
mpdbif.dll
dtm4.dll
mpdata.idx (deletes but respawns)
stormgr.dll
mpdata.sca (just respawned... not sure what triggered it)
The 4 that will not delete at all are not marked read only.
I have tried from Safe Mode.
I have tried to make sure that all remnants of this software are no longer being called by windows upon boot, but I must be missing something. (I have used both MSConfig and Autoruns. I have not found the processes / dlls as "running" using Process Explorer. So I am kinda stumped.
I see that Explorer has "My Multipass" listed after Recycle Bin in the Folders pane.
So it would appear that Explorer is responsible for these dll's being protected from deletion.
How can I proceed? An OTL Script?
Thanks
Mission accomplished
So... Thanks again.
I have the system ready to return to my friend. I appreciate all the help!
Though it is not malware per se', I have some program remnants that are resisting removal.
At one time this computer used a Canon Multipass Printer/Scanner
Files were here...
c:\program files\canon\multipass4
All but the following files have been removed...
ctree.dll
mpdata.dat (deletes but respawns)
mpdbif.dll
dtm4.dll
mpdata.idx (deletes but respawns)
stormgr.dll
mpdata.sca (just respawned... not sure what triggered it)
The 4 that will not delete at all are not marked read only.
I have tried from Safe Mode.
I have tried to make sure that all remnants of this software are no longer being called by windows upon boot, but I must be missing something. (I have used both MSConfig and Autoruns. I have not found the processes / dlls as "running" using Process Explorer. So I am kinda stumped.
I see that Explorer has "My Multipass" listed after Recycle Bin in the Folders pane.
So it would appear that Explorer is responsible for these dll's being protected from deletion.
How can I proceed? An OTL Script?
Thanks
Mission accomplished
So... Thanks again.
I have the system ready to return to my friend. I appreciate all the help!
Broni
Posts: 56,041 +516
Download, and install Unlocker: http://cedrick.collomb.perso.sfr.fr/unlocker/
Restart computer.
It'll install under right click menu.
Open Windows Explorer.
Navigate to offending folder/file.
Right click on a folder/file. Click Unlocker
Select Delete from drop-down menu:
Click OK.
A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:
Click Yes.
Restart computer.
==============================================================
If the above doesn't work, try...
LockHunter: http://lockhunter.com/
FileASSASSIN: http://www.snapfiles.com/get/fileassassin.html
Restart computer.
It'll install under right click menu.
Open Windows Explorer.
Navigate to offending folder/file.
Right click on a folder/file. Click Unlocker
Select Delete from drop-down menu:
Click OK.
A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:
Click Yes.
Restart computer.
==============================================================
If the above doesn't work, try...
LockHunter: http://lockhunter.com/
FileASSASSIN: http://www.snapfiles.com/get/fileassassin.html
Latest posts
-
Apple slashes Vision Pro production, might cancel 2025 model in response to plummeting demand- WhoCaresAnymore replied
-
Is there any way to get back my Flash drive data? Free of cost- miahenry replied
