TrojanC-05 Continual Crash Poweroff

Which Eula files to delete?

I sent the last post before seeing your instruction to delete eula files. Should I delete all 65 of these files?
 
I think JUNCTION worked this time after waiting patiently

I deleted any recent junction.exe and eula.txt files. and redownloaded the junction.exe and followed your instructions again.
Although I got different screens than before (such as UAC screens), when I right-clicked on the junc.bat file and selected run as admin, then the black cmd box appeared and stayed there. All that happened is a blinking "-" and nothing else.
Then after just waiting awhile, a Notepad box popped up with the following contents: I'm not exactly sure if this was what I was supposed to end up with, but here is the contents that were displayed:


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

...

...

...

...

...

...


Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15440e46511cf09913864dfed395f976_0c3038ea-fe3d-4f29-803d-8b3e12d13861: Access is denied.


..\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\Alicia\Cookies: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Alicia\Local Settings: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local
Substitute Name: C:\Users\Alicia\AppData\Local

\\?\c:\\Users\Alicia\My Documents: JUNCTION
Print Name : C:\Users\Alicia\Documents
Substitute Name: C:\Users\Alicia\Documents

\\?\c:\\Users\Alicia\NetHood: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Alicia\PrintHood: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Alicia\Recent: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Alicia\SendTo: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Alicia\Start Menu: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Alicia\Templates: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Alicia\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local
Substitute Name: C:\Users\Alicia\AppData\Local

\\?\c:\\Users\Alicia\AppData\Local\History: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Alicia\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Alicia\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files

.

...

...

...

...

.\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Music: JUNCTION
Print Name : C:\Users\Alicia\Music
Substitute Name: C:\Users\Alicia\Music

\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Alicia\Pictures
Substitute Name: C:\Users\Alicia\Pictures

\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Videos: JUNCTION
Print Name : C:\Users\Alicia\Videos
Substitute Name: C:\Users\Alicia\Videos

..

...

...

...

..\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

.

...

...

...

...

...

.
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\15440e46511cf09913864dfed395f976_0c3038ea-fe3d-4f29-803d-8b3e12d13861: Access is denied.


..\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files



\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Windows\System32\LogFiles\WMI\RtBackup: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
 
Okay

I already deleted the old eula.txt and then it finally ran and produced log above.
Thank You. I'll check back later for instructions.
 
Please download GrantPerms.zip by Farbar and save it to your desktop.

  • Right click GrantPerms.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next > Next > Finish.
  • Enter the GrantPerms folder & Right click GrantPerms.exe and select Run as Administator.
  • Copy and paste the contents of the codebox below into the whitebox (Do Not include Code:)
Code: 
c:\\Windows\System32\LogFiles\WMI\RtBackup
  • Now Click Unlock
  • When it's done, click "OK".
  • Now click List Permissions and post contents of the log file that opens (Perms.txt)
  • A copy of Perms.txt will be saved in the same directory the tool is run.

Re-run Junction batch file
  • Copy all text in the code box (below)...to Notepad, Do not include the word Code:
    Code: 
    @ECHO OFF
cd c:\
junction -s c:\>log.txt
start log.txt
del %0
  • Save it to your desktop as File name: junc.bat
  • Save as type: All Files.
    batfileicon.gif

    junc.bat<<------------- you should see this on your desktop.
  • Right click on junc.bat and select " Run as administrator " to execute it.
  • A black CMD window will flash, then disappear...this is normal.
  • A file should appear on your Desktop. Please post the contents of this file.

Let me know how the PC is performing after running the grantperms fix.
 
Grant Perms and New Junction

Thanks for the instructions. Logs posted below.

BTW: Each time the laptop is scheduled to run Kaspersky Back Up task, it stops and says the task could not be completed.
I will see how it goes after running the grantperms - will see if I can access something, and get back to you.

HERE IS THE GRANTPERMS TEXT
GrantPerms by Farbar
Ran by Alicia (administrator) at 2012-03-27 21:35:08

===============================================
\\?\c:\\Windows\System32\LogFiles\WMI\RtBackup

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)



HERE IS THE ENTIRE NEW JUNCTION LOG
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

\\?\c:\\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

\\?\c:\\ProgramData\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\ProgramData\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\ProgramData\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\ProgramData\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\ProgramData\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\ProgramData\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates

...

...

...

...

...

...


Failed to open \\?\c:\\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15440e46511cf09913864dfed395f976_0c3038ea-fe3d-4f29-803d-8b3e12d13861: Access is denied.


..\\?\c:\\Users\All Users: SYMBOLIC LINK
Print Name : C:\ProgramData
Substitute Name: \??\C:\ProgramData

\\?\c:\\Users\Default User: JUNCTION
Print Name : C:\Users\Default
Substitute Name: C:\Users\Default

\\?\c:\\Users\Alicia\Cookies: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Alicia\Local Settings: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local
Substitute Name: C:\Users\Alicia\AppData\Local

\\?\c:\\Users\Alicia\My Documents: JUNCTION
Print Name : C:\Users\Alicia\Documents
Substitute Name: C:\Users\Alicia\Documents

\\?\c:\\Users\Alicia\NetHood: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Network Shortcuts

.\\?\c:\\Users\Alicia\PrintHood: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Alicia\Recent: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Alicia\SendTo: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Alicia\Start Menu: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Alicia\Templates: JUNCTION
Print Name : C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Alicia\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Alicia\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local
Substitute Name: C:\Users\Alicia\AppData\Local

\\?\c:\\Users\Alicia\AppData\Local\History: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Alicia\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Alicia\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Alicia\AppData\Local\Microsoft\Windows\Temporary Internet Files



...

...

...

...

..\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Music: JUNCTION
Print Name : C:\Users\Alicia\Music
Substitute Name: C:\Users\Alicia\Music

\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Alicia\Pictures
Substitute Name: C:\Users\Alicia\Pictures

\\?\c:\\Users\Alicia\Desktop\Other Program Shortcuts\Documents\My Videos: JUNCTION
Print Name : C:\Users\Alicia\Videos
Substitute Name: C:\Users\Alicia\Videos

.

...

...

...

...\\?\c:\\Users\All Users\Application Data: JUNCTION
Print Name : C:\ProgramData
Substitute Name: C:\ProgramData

\\?\c:\\Users\All Users\Desktop: JUNCTION
Print Name : C:\Users\Public\Desktop
Substitute Name: C:\Users\Public\Desktop

\\?\c:\\Users\All Users\Documents: JUNCTION
Print Name : C:\Users\Public\Documents
Substitute Name: C:\Users\Public\Documents

\\?\c:\\Users\All Users\Favorites: JUNCTION
Print Name : C:\Users\Public\Favorites
Substitute Name: C:\Users\Public\Favorites

\\?\c:\\Users\All Users\Start Menu: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

\\?\c:\\Users\All Users\Templates: JUNCTION
Print Name : C:\ProgramData\Microsoft\Windows\Templates
Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



...

...

...

...

...

...
Failed to open \\?\c:\\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\15440e46511cf09913864dfed395f976_0c3038ea-fe3d-4f29-803d-8b3e12d13861: Access is denied.




.\\?\c:\\Users\Default\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming
Substitute Name: C:\Users\Default\AppData\Roaming

\\?\c:\\Users\Default\Cookies: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies

\\?\c:\\Users\Default\Local Settings: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\My Documents: JUNCTION
Print Name : C:\Users\Default\Documents
Substitute Name: C:\Users\Default\Documents

\\?\c:\\Users\Default\NetHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

\\?\c:\\Users\Default\PrintHood: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

\\?\c:\\Users\Default\Recent: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

\\?\c:\\Users\Default\SendTo: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

\\?\c:\\Users\Default\Start Menu: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

\\?\c:\\Users\Default\Templates: JUNCTION
Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

\\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
Print Name : C:\Users\Default\AppData\Local
Substitute Name: C:\Users\Default\AppData\Local

\\?\c:\\Users\Default\AppData\Local\History: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

\\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files

\\?\c:\\Users\Default\Documents\My Music: JUNCTION
Print Name : C:\Users\Default\Music
Substitute Name: C:\Users\Default\Music

\\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Default\Pictures
Substitute Name: C:\Users\Default\Pictures

\\?\c:\\Users\Default\Documents\My Videos: JUNCTION
Print Name : C:\Users\Default\Videos
Substitute Name: C:\Users\Default\Videos

\\?\c:\\Users\Public\Documents\My Music: JUNCTION
Print Name : C:\Users\Public\Music
Substitute Name: C:\Users\Public\Music

\\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
Print Name : C:\Users\Public\Pictures
Substitute Name: C:\Users\Public\Pictures

\\?\c:\\Users\Public\Documents\My Videos: JUNCTION
Print Name : C:\Users\Public\Videos
Substitute Name: C:\Users\Public\Videos

..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
 
Still Denied Access

See screenshots in attached document (I didn't know how to take screenshots of these items and post to photobucket so I saved as both a word and pdf)

I’m still denied access to all the files with the Arrow Icon in
C:\Users\All Users
C:\Users\Alicia
C:\Users\Public\Public Documents

Additionally, access is blocked to the Backup Task in Kaspersky Pure. It was backed up 171 days ago as shown but when I go to select the “Restore” it tells me there is no data to restore!

View attachment 9368
 
Hi ASB2012,

The arrow on the folders in the screenshot indicate that these files are merely shortcuts to another folder. They are not the actual folders you are looking for.
I also believe that these files are hidden protected Operating System Files. I would not be concerned with them once you can access your actual libraries e.g. C:\Users\Alicia\Documents etc.
I would reccomend that you turn on Hide Protected Operating System Files.
You can do this by going to Computer > Organise > Folder and Search Options.
Select the View Tab
Check the box next to Hide Protected Operating System Files.

I cannot tell what is causing the Kaspersky backup issue. You will need to contact Kaspersky support for this.

As far as I can tell there is no malware on your computer. Please follow the steps below to cleanup the tools we used earlier.

Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the
    customFix.png
    textbox. Do not include the word Code
    Code: 
    :commands
[emptytemp]
[clearallrestorepoints]
  • Then click the Run Fix button at the top.
  • Click
    btnOK.png
    .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Clean up with OTL
  • Right-click OTL.exe and select Run as Administrator to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.
 
Appreciate Your Help!

Thank You so much for all your time and assistance. I greatly appreciate your perseverence!
 
Run Fix OTL Log

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Alicia
->Temp folder emptied: 46866930 bytes
->Temporary Internet Files folder emptied: 19108231 bytes
->Java cache emptied: 58820 bytes
->Flash cache emptied: 8056 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49984 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 322913 bytes

Total Files Cleaned = 63.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_205624

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
ASB2012 said:
Thank You so much for all your time and assistance. I greatly appreciate your perseverence!
Click to expand...
Glad I could help.

You can now delete any tools still remaining on the machine.

This topic will be closed shortly unless you have any further issues.

Diver79.
 
Thought all was well and more problems today.

I have no idea what the problem is, but it is happening again.
Last night after running the OTL Fix and Clean-up everything seemed to be okay.
Then I installed the latest one windows update.
Tonight when I turned on windows normally, it HANGS on everything, even the welcome screen.
Anytime I selected a program, it took forever to load if at all.
I had to again start in safe mode in order to get to my email.
Then I had to do a System Restore back to 9:02pm last night.

I'm going to try again to shutdown and restart windows normally and see what happens.
 
Hi ASB2012,

I'm afraid I cannot help you any more with this problem as I can find no evidence of malware on the machine.

You could try posting your problem in this forum Microsoft Windows™ at WhatTheTech.

Sorry I couldn't have been more helpfull.

Diver79.
 
You must log in or register to reply here.
Back
Top