Author Topic: Win 7 UAC or file permissions are messing up / stronger than it should be.  (Read 18922 times)

0 Members and 1 Guest are viewing this topic.

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
I went through a harrowing situation where after my girlfrined used my computer I was faced with torrential pop-ups and "helpful" programs loading themselves on my system.

 

 I cut net access, uninstalled the programs through windows uninstal

and removed 3 trojans using Microsof Security then scanned for any others

 (total system scan)

(or to see if they or any others were there) with  Hosecall and Spybot S&D.

          I prefored a crc check in safe mode with no problems coming up.

   THEN

 I did a system restore to a about 4 hours before the whole thing started.

 

 My problem is when I restarted windows did not load two items on startup (an alarm program and puush)

 And also UAC now pops up and equires me to constantly give security permission to active some files sich ass ccleaner, U-torrent and others.

 Also I get a " Destination access denied you need administrator privileges to place a file on this drive"  (which I then give and things are fine)

 

I have no idea what's wrong.


I have tried to fix it using settings 26 and 27 but that did not do the trick.
I actually managed in  Combofix which worked - but removed a ton of files I'm using. (like classic shell)

  I restored the system (with no problem) as I don't want to do without those but still have the security issue.

 When looking at the UAC settings (both before and after Combofix) it was still set to the second level from the bottom,

 have no idea what the problem is.


 

 OS Name    Microsoft Windows 7 Home Premium
Version    6.1.7601 Service Pack 1 Build 7601
Other OS Description     Not Available
OS Manufacturer    Microsoft Corporation
System Name    USER-PC
System Manufacturer    Gigabyte Technology Co., Ltd.
System Model    Z97X-UD3H-BK
System Type    x64-based PC
Processor    Intel® Core™ i5-4690K CPU @ 3.50GHz, 3501 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date    American Megatrends Inc. F6, 6/17/2014
SMBIOS Version    2.7
Windows Directory    C:\Windows
System Directory    C:\Windows\system32
Boot Device    \Device\HarddiskVolume4
Locale    Canada
Hardware Abstraction Layer    Version = "6.1.7601.17514"
User Name    User-PC\Admin
Time Zone    Eastern Daylight Time
Installed Physical Memory (RAM)    8.00 GB
Total Physical Memory    7.86 GB
Available Physical Memory    4.35 GB
Total Virtual Memory    15.7 GB
Available Virtual Memory    12.2 GB
Page File Space    7.86 GB
Page File    C:\pagefile.sys
 

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
It seems that you messed up  the things in  all ways, please see not always.
          Did you try AIO repairs, for file permissions . what that 26, 27 fix. Which programs you mean?
you have used vigorous cleaners which kills normal registry entries, related to file permissions.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Your Available Physical Memory looks a little low - do you have many programs in msconfig/Startup ?

You don't really need any except for your antivirus program and perhaps printer.

To check, go Start - type msconfig and press enter.

Under the Startup tab you will find all of the programs that are running in the background when you boot up.

I also have most of the OEM non-MS services also unchecked, but before disabling anything under the Services tab, you must check the box to Hide all Microsoft services.

I think you first need to ensure that you are completely infection and adware free.

Combofix is only best used by professionals because of what it can remove - I tried it once and it took out a legit system file.

I wouldn't recommend MSE and neither do Microsoft.

I would suggest that you uninstall it and use Panda Free which has come up in the AV ratings.

http://www.pandasecurity.com/uk/homeusers/solutions/free-antivirus/

If you have any problems in uninstalling MSE then either retry in Safe Mode or use the Fix it for me Download button in https://support.microsoft.com/en-gb/kb/2483120

I think you may have meant Housecall which I'm not familiar with but Spybot S&D I have seen used by others and seems to have a good rep, but I prefer the free version of MBAM.

For adware, I use AdwCleaner which is specifically designed to remove adware.

https://www.malwarebytes.com/antimalware/

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

With AdwCleaner, when the Scan has completed it may list items in the lower pane that it considers PuPs but which you may want to keep - just uncheck their boxes then click on Log File which will open in Notepad to show what else it has found.

It will remove these items when you close that report and hit the Cleaning button and then open a new Log File after the reboot to show what it has removed.

When you've done that lot and if still no improvement to your system, then go Start - type cmd - right click on cmd and select Run as administrator - accept the UAC and enter sfc /scannow to see what that reports.

If it reports that it is unable to repair some files then download and run SFCFix.exe which may repair those but will produce a more concise report.

http://www.majorgeeks.com/files/details/sfcfix.html

It's also possible that your account has been corrupted which is why it will be prompting with an UAC.

You may have to create a new user account with admin rights and transfer any settings, but this can be checked out by creating a new admin account to see if you have the same problems.

https://neosmart.net/wiki/corrupt-user-profile/




Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
It seems that you messed up  the things in  all ways, please see not always.
          Did you try AIO repairs, for file permissions . what that 26, 27 fix. Which programs you mean?
you have used vigorous cleaners which kills normal registry entries, related to file permissions.


I have scanned the system with the windows security system as well as Spybot search and destroy,
Trend Micro's Housecall and  Kaspersky  tdsskiller which found nothing.

I used item 27 and 27 of Windows Repair. 3.9.3 (free)
 before doing so I ran the pre-scan checking the package files and System Reparse Points
 I have run  CRC and check disk (in safe mode) both prior to running WR  as well as during.
 no errors.
 
 I have also set privilege levels on the programs that are getting the UAC stoppage to run as administrator to no effect.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Spybot is a aggressive cleaner
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
Spybot is a aggressive cleaner

It is but you can tell it what NOT to remove. 
 
- and I have used it previously without problems.


Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
hi, I was regular user and then stopped as it deletes entries of genuine files in the scan. You cannot say which file , in some of the deeper access of the program.
               i use ccleaner, which is not aggressive.
               Do you still have the problem of uac for each normal files
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
hi, I was regular user and then stopped as it deletes entries of genuine files in the scan. You cannot say which file , in some of the deeper access of the program.
               i use ccleaner, which is not aggressive.
               Do you still have the problem of uac for each normal files

I don't have problems with ALL of my files..
Just certain ones.
 for example Puush, ccleaner, u-torrent, adding torrent files and of course when I copy or move a file from one drive to another when I get the  "needing administrator permission." message. As soon as I hit continue it works though.
see 2 examples here:


Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
Your Available Physical Memory looks a little low - do you have many programs in msconfig/Startup ?


I think you first need to ensure that you are completely infection and adware free.
Quote
 

this is my log.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Also try this after ofcourse, after creating SR
Press Windows key. Type cmd.

Right click on cmd, and click Run as administrator.
Type the following code:
    icacls “full path of file” /grant %username%:F /t
To find the full path of the target file or folder, open the folder.
Click on the address bar on the top. Copy the complete address that appears.
Write the full path with quotes. Press enter to run the code.
Once the command runs successfully, type the following code:
    takeown /f “full path of file” /r
Similarly, write the full path of the target folder/file with quotes in the command above. Press Enter to execute the code. Now try
Regarding ccleaner, there is option to run as admin in the program itself, i think
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile

I understand that
     icacls "full path of file" /grant (user name):F
 gives me full control of a specific file...
 how do I do that for Hard drives?
or my system drive?

I supposedly have administrator privileges already - but I seem to have lost them.

Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Hi, Adware cleaner ofcourse found so much entries, that indicates your computer is infected with virus, malware etc.
                     I suggest you first download and scan with malware bytes , a full scan covering all drives and then see if the permission is given back to you.
                     The torrents files are too dangerous to use.
                      Adware log suggest, that your system is infected in root.
                     After checking with malware bytes, recheck with adware cleaner and Junk removal tool to be sure that nothing is left behind.

                          Then post
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
actually Malware didn't  find anything.

 Posted 24 June 2016 - 10:01 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/24/2016
Scan Time: 12:49 PM
Logfile: malbyte.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.24.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375372
Time Elapsed: 18 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
# AdwCleaner v5.200 - Logfile created 24/06/2016 at 13:54:02
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Admin - USER-PC
# Running from : C:\Users\Admin\Desktop\pics\virus stuff\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

  • Folder Not Deleted : C:\Users\Admin\AppData\Local\Hola
  • Folder Not Deleted : C:\Users\Admin\AppData\Local\PackageAware
  • Folder Not Deleted : C:\Users\Admin\AppData\LocalLow\adawaretb
  • Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Hola
  • Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\702xkr62.default\StumbleUpon
  • Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\702xkr62.default\StumbleUpon


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

  • Key Not Deleted : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
  • Key Not Deleted : HKCU\Software\MozillaPlugins\@hola.org/vlc
  • Key Not Deleted : HKCU\Software\Hola
  • [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKLM\SOFTWARE\Conduit
  • Key Not Deleted : HKLM\SOFTWARE\PIP
  • Key Not Deleted : HKU\S-1-5-21-1630394192-3370408934-626767058-1000\Software\Hola


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7132 bytes] - [08/04/2016 22:42:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [1714 bytes] - [24/06/2016 13:54:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [11301 bytes] - [08/04/2016 22:30:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [5729 bytes] - [23/06/2016 06:16:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [2052 bytes] - [23/06/2016 06:33:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [2457 bytes] - [23/06/2016 17:01:44]
C:\AdwCleaner\AdwCleaner[S5].txt - [2280 bytes] - [23/06/2016 17:11:39]
C:\AdwCleaner\AdwCleaner[S6].txt - [2102 bytes] - [23/06/2016 21:17:32]
C:\AdwCleaner\AdwCleaner[S7].txt - [2175 bytes] - [23/06/2016 23:04:26]
C:\AdwCleaner\AdwCleaner[S8].txt - [2248 bytes] - [24/06/2016 13:41:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2372 bytes] ##########

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Admin (Administrator) on Fri 06/24/2016 at 14:55:11.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 38

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Admin\AppData\Local\adawarebp (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\adawaretb (Folder)
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\convert audio free (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\system (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Windows\system32\Tasks\At1 (Task)
Successfully deleted: C:\Windows\system32\Tasks\At2 (Task)
Successfully deleted: C:\Windows\Tasks\At1.job (Task)
Successfully deleted: C:\Windows\Tasks\At2.job (Task)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HI2PBML (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUFA92K0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4RMX30H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEYWVQXA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\system32\RENBE10.tmp (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HI2PBML (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUFA92K0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4RMX30H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEYWVQXA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN8E9F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8EB0.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8EB1.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN9F3B.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN9F3C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD1E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD2F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD30.tmp (File)



Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/24/2016 at 14:56:52.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile

The problem with ccleaner was fixed but I'm still having trouble with my drives and some other files
both needing approval before copying and moving files and I cannot do things like create a text file on my system drive.


Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Hi, it seems that you have downloaded all sorts of unwanted programs which have injected so much that your system is not fully cured.
Did you do chkdsk /f/r and then try to open those things. If you could not , then it is better to repair your windows.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile
really doesn't seem like a lot of problems.



Checking file system on C:
The type of the file system is NTFS.
Volume label is DRIVE_C.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
  436992 file records processed.                                         

File verification completed.
  16065 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  63 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 5)...
  518912 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 5)...
  436992 file SDs/SIDs processed.                                       

Cleaning up 526 unused index entries from index $SII of file 0x9.
Cleaning up 526 unused index entries from index $SDH of file 0x9.
Cleaning up 526 unused security descriptors.
Security descriptor verification completed.
  40961 data files processed.                                           

CHKDSK is verifying Usn Journal...
  39384456 USN bytes processed.                                           

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  436976 files processed.                                               

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  12840917 free clusters processed.                                       

Free space verification is complete.
Windows has checked the file system and found no problems.

 246650879 KB total disk space.
 194532292 KB in 323400 files.
    200780 KB in 40962 indexes.
         0 KB in bad sectors.
    554139 KB in use by the system.
     65536 KB occupied by the log file.
  51363668 KB available on disk.

      4096 bytes in each allocation unit.
  61662719 total allocation units on disk.
  12840917 allocation units available on disk.

Internal Info:
00 ab 06 00 55 8f 05 00 8e da 09 00 00 00 00 00  ....U...........
aa 8e 00 00 3f 00 00 00 00 00 00 00 00 00 00 00  ....?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
------------------------------


Offline jraju

  • Hero Member
  • *****
  • Join Date: Feb 2013
  • Posts: 2323
  • Location: india
  • Karma: 17
    • View Profile
Hi, Tell me whether your problem solved or not.  You have just deleted unwanted programs.
The Bottom line is "Check your hardware first if it supports the task you try".

Offline gendo666

  • Newbie
  • *
  • Join Date: Jun 2016
  • Posts: 12
  • Karma: 0
    • View Profile



  CCleaner is working like normal now but everything I was having problems with before (including needing to click "continue" on a pop-up every time I move a file ) is still occurring.   I know you can claim ownership to specific files.
can you do so with drives (including the system drive?) ?