My Documents and Recycle bin have unviewable files

Inactive
By GloverG
Mar 23, 2012
  1. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    Temp File Cleaner Log

    Broni - I hope that this program did not destroy any chances of getting my unviewable file in My Documents back. Here is the contents of this log:

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Barbara G. Glover
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Garry S. Glover
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2536971 bytes
    ->Flash cache emptied: 456 bytes

    User: Garry S~ Glover

    User: GARRYS~1~GLO

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 83850 bytes
    Process complete!

    Total Files Cleaned = 2.00 mb
  2. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    ESET Scanner Log

    Below is the contents of the ESET Scanner Log:

    C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe multiple threats
    C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe multiple threats
    C:\Documents and Settings\Barbara G. Glover\My Documents\Data\all_files4.exe multiple threats
    C:\Documents and Settings\Barbara G. Glover\My Documents\Data\Data\all_files4.exe multiple threats
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe multiple threats
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe multiple threats
    C:\Registry_Virus\asc-setup.exe a variant of Win32/Toolbar.Widgi application
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP71\A0015295.exe a variant of Win32/Adware.MyFasterPC application
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP85\A0030219.exe Win32/Qhost trojan
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP85\A0030220.exe
  3. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    What happened to MSE?
    I don't see it running.

    Uninstall Eusing Free Registry Cleaner .
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===================================================================

    You changed Eset scan settings and threats haven't been removed.
    Why?
    Re-run the scan with default settings and remove all threats.

    =======================================================================

    Which folder files are invisible?
    C:\Documents and Settings\Barbara G. Glover\My Documents
    or
    C:\Documents and Settings\Administrator\My Documents
  4. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    ESET Scan and fix log

    1. MSE topic:
    When requested to run Combofix, within the body of the message it stated I should run Appremover to identify any programs that may conflict. I did run this program and uninstalled the MSE program as stated in post #17. I did not reinstall MSE due to your response in post #16, "We can reinstall it when we're done with CF". I'm assuming we are done with Combofix and you want me to reinstall MSE?

    2. Eusing Free Registry Cleaner topic:
    Can't recall the last time I used this but I did remove it from my system.

    3. ESET Scan topic:
    I didn't realize you wanted me to leave the 'fix issues' checked when following your instructions. I reran the scan and fixed the issues. The log contents are as follows:

    C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Barbara G. Glover\My Documents\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Barbara G. Glover\My Documents\Data\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe multiple threats deleted - quarantined
    C:\Registry_Virus\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP71\A0015295.exe a variant of Win32/Adware.MyFasterPC application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP85\A0030219.exe Win32/Qhost trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP85\A0030220.exe Win32/Adware.AdsInContext.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP90\A0045027.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

    4. My Documents topic:
    The files cannot be seen or accessed on Garry S. Glover's My Documents.
    The C:\Documents and Settings\Administrator\*My Documents*
    This is actually my side of the computer: Garry S. Glover
    I'm registered as the Administrator for the computer.
    Barbara has never signed on to use the computer even though I noticed it showed some issues.
  5. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    1. Yes, reinstall MSE.

    4. Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
  6. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    Unhide Results

    I ran unhide in normal mode and it did not reveal the files that were there in My Documents.
  7. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    unhide logs

    Here is the log for the normal state unhide run:

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 03/30/2012 02:27:08 PM
    Windows Version: Windows XP

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 91349 files processed.

    Here is the log for the safe mode unhide run:

    Unhide by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Unhide.exe can be found at this link:
    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 03/30/2012 02:40:38 PM
    Windows Version: Windows XP

    Please be patient while your files are made visible again.

    Processing the C:\ drive
    Finished processing the C:\ drive. 91336 files processed.

    The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
    Unhide cannot restore your missing shortcuts!!
    Please see this topic in order to learn how to restore default
    Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

    Searching for Windows Registry changes made by FakeHDD rogues.
    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    No registry changes detected.

    Program finished at: 03/30/2012 02:47:04 PM
    Execution time: 0 hours(s), 6 minute(s), and 26 seconds(s)


    I guess IOLO really put the boots to me! Not to sidetrack but have you seen this same issue with this company with anyone else?
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
      Code:
      :dir
      C:\Documents and Settings\Administrator
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  9. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    SystemLook Log

    Here is the contents of the SystemLook log ran normally:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:07 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\Administrator - Parameters: "(none)"

    ---Files---
    ntuser.dat --a---- 1048576 bytes [13:07 03/03/2007] [18:48 30/03/2012]
    ntuser.dat.LOG --a---- 1024 bytes [13:07 03/03/2007] [18:48 30/03/2012]
    NTUSER.INI --ahs-- 178 bytes [13:07 03/03/2007] [18:48 30/03/2012]

    ---Folders---
    Application Data d------ [13:07 03/03/2007]
    Cookies d--hs-- [13:07 03/03/2007]
    Desktop d------ [13:07 03/03/2007]
    Favorites d------ [13:07 03/03/2007]
    IETldCache d--hs-- [15:00 23/03/2012]
    Local Settings d------ [13:07 03/03/2007]
    My Documents d------ [13:07 03/03/2007]
    NetHood d------ [13:07 03/03/2007]
    PrintHood d------ [13:07 03/03/2007]
    PrivacIE d--hs-- [12:06 27/03/2012]
    Recent d------ [13:07 03/03/2007]
    SendTo d------ [13:07 03/03/2007]
    Start Menu d------ [13:07 03/03/2007]
    Templates d------ [13:07 03/03/2007]

    -= EOF =-
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Re-run System Look with this script:

    Code:
    :dir
    C:\Documents and Settings\Administrator\My Documents
    
  11. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    System Lookup Revised Log

    Here are the contents of the second search:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:18 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\Administrator\My Documents - Parameters: "(none)"

    ---Files---
    DESKTOP.INI --a--c- 76 bytes [13:08 03/03/2007] [12:36 15/11/2001]

    ---Folders---
    Data d------ [13:07 03/03/2007]
    My Music d------ [13:07 03/03/2007]
    My Pictures d------ [13:07 03/03/2007]

    -= EOF =-
     
  12. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    Desktop.ini file

    Also, every time I reboot into the normal setup, I keep getting the contents of the desktop.ini file. This started happening after IOLO technicians finished with their search.
  13. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Can you actually see the above three folders?
    Is it all about files being INSIDE those folders?

    Re-run System Look with this script?

    Code:
    :dir
    C:\Documents and Settings\Administrator\My Documents\My Pictures
    
  14. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    What do you mean by "content"?
    What iolo program are we talking about?
  15. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    System Lookup to My Pictures

    I can see all three those folders in My Documents but there are a total of 52 folders that I can see in that directory not just those three.

    Here is the contents of the C:\Documents and Settings\Administrator\My Documents\My Pictures search.

    SystemLook 30.07.11 by jpshortstuff
    Log created at 16:25 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\Administrator\My Documents\My Pictures - Parameters: "(none)"

    ---Files---
    Desktop.ini --a--c- 183 bytes [13:07 03/03/2007] [12:36 15/11/2001]
    Sample Pictures.lnk --a--c- 572 bytes [13:07 03/03/2007] [12:35 15/11/2001]

    ---Folders---
    Dell Image Expert Images d------ [13:07 03/03/2007]

    -= EOF =-
  16. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Give me any folder name where you know you have files and you can't see them.
  17. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    My Documents issue

    Yes, this whole issue has been since I downloaded the program offered by IOLO that all My Document files are unaccessable. As stated below, recovery programs have found some but not all but I have to recover each and every file manually and individually.

    I included the original text I sent you from Post #1: Three days ago, I was upgrading an adobe program when a company called IOLO offered a free system checkup. I downloaded the program and found for $ they would fix issues with my computer. When I accepted the program that was downloaded (system checkup) self-destructed. I then became suspicious and began checking my computer. All my files in the C: drive were left alone but all the files in My Documents were changed. The computer shows the files sizes are still existing but I'm unable to view the files in the recycle bin or within the non-deleted folders in My Documents. I have performed numerous restores and it has restored my icons but not My Document files. I have also downloaded many recovery programs and have limited success but have taken no action with each. I have also contacted the IOLO company and they tried to unhide my files but to no avail. The technician told me that my issue could not be resolved and hung up. So with a friend's advice to contact you, I'm hoping to get a resolution to this issue.

    A supplement to that is that the technician, once I granted him sharing my computer ran a %temp% search yielding nothing for him. He began running many attempts with an unhide program that acted strangely. Not like the ones I've seen run on friends computers or the one you had me run. It gave no screen for the status of the program.

    The Desktop.ini file has popped up on me everytime I reboot (other than safe mode) and the contents are in an earlier post. I'll look it up for you.
  18. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    IOLO info and Desktop.ini

    There was more history with IOLO in post #5.

    The Desktop.ini file that keeps popping up after a reboot has (this was in post #8 for reference):

    [.ShellClassInfo]
    LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
     
  19. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    My Document Folder

    This is just one of the folders that had information.

    My Documents/Resumes

    This folder also has three subfolders in it:

    My Documents/Resumes/Current
    My Documents/Resumes/Disk File
    My Documents/Resumes/Office Work Document

    All of these folders, even the main Resumes had a lot of files in them.
  20. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    re desktop.ini see here: http://support.microsoft.com/kb/330132

    What is the exact name of iolo program?
    Did you actually run it or just downloaded it?
    Did you uninstall it since?

    Then...

    Re-run System Look with this script:

    Code:
    :dir
    C:\Documents and Settings\Administrator\My Documents\Resumes /s
    
  21. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    System Lookup Resume Folder Search

    Here are the contents of the System Lookup for Resumes:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:05 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\Administrator\My Documents\Resumes - Unable to find folder.

    -= EOF =-

    The name of the IOLO file was: System Checkup

    I downloaded the file and ran executed it on my system. Once the program was done, it found 11 errors which IOLO said they could fix for $. I accepted and that's when everything went haywire. Most of my icons had disappeared, my screensaver was gone, and also My Document files. Also, the System Check program I downloaded self-deleted.

    Unable to locate the file to determine if all of it is gone.

    I tried many restores after that. They recovered my screensaver and icons but not my files. After trying the restores, I contacted IOLO about fixing this issue. They immediately searched for %temp% and got back nothing. IOLO attempted their modified unhide program and also with no results. The technicians also opened the DOS command screen and ran some programs but also with no results. That's when IOLO technicians told me that the issue was unresolvable and hung up on me. I called back, got another technician, she found the other's notes and told me the same thing along with a Senior Programmer there.

    This is when a friend recommended me to you.
  22. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    It looks like "Resumes" folder is gone. At least from that location.

    Re-run System Look with this code:

    Code:
    :folderfind
    resume*
    
  23. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    System Lookup Folder Find

    Here are the contents of the Folder Find script in System Lookup:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:18 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "resume*"
    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes d------ [00:58 27/09/2002]

    -= EOF =-
  24. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    OK, re-run System Look with this code:

    Code:
    :dir
    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes /s
    
  25. GloverG

    GloverG Newcomer, in training Topic Starter Posts: 49

    System Lookup Resume new search p1

    Here are the contents of C:\Documents and Settings\Garry S. Glover\My Documents\Resumes /s System Lookup log:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 17:29 on 30/03/2012 by Garry S. Glover
    Administrator - Elevation successful

    ========== dir ==========

    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes - Parameters: "/s"

    ---Files---
    None found.

    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes\Current d------ [12:36 06/02/2010]

    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes\Disk Files d------ [01:41 17/09/2008]

    C:\Documents and Settings\Garry S. Glover\My Documents\Resumes\Office WORD Document d------ [17:21 23/03/2012]
    Tim Nutter Resume.doc --a---- 28672 bytes [17:23 23/03/2012] [17:23 23/03/2012]

    -= EOF =-


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.