Tweaking.com Support Forums
Main Forum => General Computer Support => Topic started by: gendo666 on June 23, 2016, 01:51:25 am
-
I went through a harrowing situation where after my girlfrined used my computer I was faced with torrential pop-ups and "helpful" programs loading themselves on my system.
I cut net access, uninstalled the programs through windows uninstal
and removed 3 trojans using Microsof Security then scanned for any others
(total system scan)
(or to see if they or any others were there) with Hosecall and Spybot S&D.
I prefored a crc check in safe mode with no problems coming up.
THEN
I did a system restore to a about 4 hours before the whole thing started.
My problem is when I restarted windows did not load two items on startup (an alarm program and puush)
And also UAC now pops up and equires me to constantly give security permission to active some files sich ass ccleaner, U-torrent and others.
Also I get a " Destination access denied you need administrator privileges to place a file on this drive" (which I then give and things are fine)
I have no idea what's wrong.
I have tried to fix it using settings 26 and 27 but that did not do the trick.
I actually managed in Combofix which worked - but removed a ton of files I'm using. (like classic shell)
I restored the system (with no problem) as I don't want to do without those but still have the security issue.
When looking at the UAC settings (both before and after Combofix) it was still set to the second level from the bottom,
have no idea what the problem is.
OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name USER-PC
System Manufacturer Gigabyte Technology Co., Ltd.
System Model Z97X-UD3H-BK
System Type x64-based PC
Processor Intel® Core™ i5-4690K CPU @ 3.50GHz, 3501 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. F6, 6/17/2014
SMBIOS Version 2.7
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume4
Locale Canada
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name User-PC\Admin
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 8.00 GB
Total Physical Memory 7.86 GB
Available Physical Memory 4.35 GB
Total Virtual Memory 15.7 GB
Available Virtual Memory 12.2 GB
Page File Space 7.86 GB
Page File C:\pagefile.sys
-
It seems that you messed up the things in all ways, please see not always.
Did you try AIO repairs, for file permissions . what that 26, 27 fix. Which programs you mean?
you have used vigorous cleaners which kills normal registry entries, related to file permissions.
-
Your Available Physical Memory looks a little low - do you have many programs in msconfig/Startup ?
You don't really need any except for your antivirus program and perhaps printer.
To check, go Start - type msconfig and press enter.
Under the Startup tab you will find all of the programs that are running in the background when you boot up.
I also have most of the OEM non-MS services also unchecked, but before disabling anything under the Services tab, you must check the box to Hide all Microsoft services.
I think you first need to ensure that you are completely infection and adware free.
Combofix is only best used by professionals because of what it can remove - I tried it once and it took out a legit system file.
I wouldn't recommend MSE and neither do Microsoft.
I would suggest that you uninstall it and use Panda Free which has come up in the AV ratings.
http://www.pandasecurity.com/uk/homeusers/solutions/free-antivirus/
If you have any problems in uninstalling MSE then either retry in Safe Mode or use the Fix it for me Download button in https://support.microsoft.com/en-gb/kb/2483120
I think you may have meant Housecall which I'm not familiar with but Spybot S&D I have seen used by others and seems to have a good rep, but I prefer the free version of MBAM.
For adware, I use AdwCleaner which is specifically designed to remove adware.
https://www.malwarebytes.com/antimalware/
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
With AdwCleaner, when the Scan has completed it may list items in the lower pane that it considers PuPs but which you may want to keep - just uncheck their boxes then click on Log File which will open in Notepad to show what else it has found.
It will remove these items when you close that report and hit the Cleaning button and then open a new Log File after the reboot to show what it has removed.
When you've done that lot and if still no improvement to your system, then go Start - type cmd - right click on cmd and select Run as administrator - accept the UAC and enter sfc /scannow to see what that reports.
If it reports that it is unable to repair some files then download and run SFCFix.exe which may repair those but will produce a more concise report.
http://www.majorgeeks.com/files/details/sfcfix.html
It's also possible that your account has been corrupted which is why it will be prompting with an UAC.
You may have to create a new user account with admin rights and transfer any settings, but this can be checked out by creating a new admin account to see if you have the same problems.
https://neosmart.net/wiki/corrupt-user-profile/
-
It seems that you messed up the things in all ways, please see not always.
Did you try AIO repairs, for file permissions . what that 26, 27 fix. Which programs you mean?
you have used vigorous cleaners which kills normal registry entries, related to file permissions.
I have scanned the system with the windows security system as well as Spybot search and destroy,
Trend Micro's Housecall and Kaspersky tdsskiller which found nothing.
I used item 27 and 27 of Windows Repair. 3.9.3 (free)
before doing so I ran the pre-scan checking the package files and System Reparse Points
I have run CRC and check disk (in safe mode) both prior to running WR as well as during.
no errors.
I have also set privilege levels on the programs that are getting the UAC stoppage to run as administrator to no effect.
-
Spybot is a aggressive cleaner
-
Spybot is a aggressive cleaner
It is but you can tell it what NOT to remove.
- and I have used it previously without problems.
-
hi, I was regular user and then stopped as it deletes entries of genuine files in the scan. You cannot say which file , in some of the deeper access of the program.
i use ccleaner, which is not aggressive.
Do you still have the problem of uac for each normal files
-
hi, I was regular user and then stopped as it deletes entries of genuine files in the scan. You cannot say which file , in some of the deeper access of the program.
i use ccleaner, which is not aggressive.
Do you still have the problem of uac for each normal files
I don't have problems with ALL of my files..
Just certain ones.
for example Puush, ccleaner, u-torrent, adding torrent files and of course when I copy or move a file from one drive to another when I get the "needing administrator permission." message. As soon as I hit continue it works though.
see 2 examples here:
-
Your Available Physical Memory looks a little low - do you have many programs in msconfig/Startup ?
I think you first need to ensure that you are completely infection and adware free.
this is my log.
-
Also try this after ofcourse, after creating SR
Press Windows key. Type cmd.
Right click on cmd, and click Run as administrator.
Type the following code:
icacls “full path of file” /grant %username%:F /t
To find the full path of the target file or folder, open the folder.
Click on the address bar on the top. Copy the complete address that appears.
Write the full path with quotes. Press enter to run the code.
Once the command runs successfully, type the following code:
takeown /f “full path of file” /r
Similarly, write the full path of the target folder/file with quotes in the command above. Press Enter to execute the code. Now try
Regarding ccleaner, there is option to run as admin in the program itself, i think
-
I understand that
icacls "full path of file" /grant (user name):F
gives me full control of a specific file...
how do I do that for Hard drives?
or my system drive?
I supposedly have administrator privileges already - but I seem to have lost them.
-
Hi, Adware cleaner ofcourse found so much entries, that indicates your computer is infected with virus, malware etc.
I suggest you first download and scan with malware bytes , a full scan covering all drives and then see if the permission is given back to you.
The torrents files are too dangerous to use.
Adware log suggest, that your system is infected in root.
After checking with malware bytes, recheck with adware cleaner and Junk removal tool to be sure that nothing is left behind.
Then post
-
actually Malware didn't find anything.
Posted 24 June 2016 - 10:01 PM
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/24/2016
Scan Time: 12:49 PM
Logfile: malbyte.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.24.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375372
Time Elapsed: 18 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
# AdwCleaner v5.200 - Logfile created 24/06/2016 at 13:54:02
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Admin - USER-PC
# Running from : C:\Users\Admin\Desktop\pics\virus stuff\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
- Folder Not Deleted : C:\Users\Admin\AppData\Local\Hola
- Folder Not Deleted : C:\Users\Admin\AppData\Local\PackageAware
- Folder Not Deleted : C:\Users\Admin\AppData\LocalLow\adawaretb
- Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Hola
- Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\702xkr62.default\StumbleUpon
- Folder Not Deleted : C:\Users\Admin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\702xkr62.default\StumbleUpon
***** [ Files ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
- Key Not Deleted : HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
- Key Not Deleted : HKCU\Software\MozillaPlugins\@hola.org/vlc
- Key Not Deleted : HKCU\Software\Hola
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKLM\SOFTWARE\Conduit
- Key Not Deleted : HKLM\SOFTWARE\PIP
- Key Not Deleted : HKU\S-1-5-21-1630394192-3370408934-626767058-1000\Software\Hola
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [7132 bytes] - [08/04/2016 22:42:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [1714 bytes] - [24/06/2016 13:54:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [11301 bytes] - [08/04/2016 22:30:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [5729 bytes] - [23/06/2016 06:16:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [2052 bytes] - [23/06/2016 06:33:32]
C:\AdwCleaner\AdwCleaner[S4].txt - [2457 bytes] - [23/06/2016 17:01:44]
C:\AdwCleaner\AdwCleaner[S5].txt - [2280 bytes] - [23/06/2016 17:11:39]
C:\AdwCleaner\AdwCleaner[S6].txt - [2102 bytes] - [23/06/2016 21:17:32]
C:\AdwCleaner\AdwCleaner[S7].txt - [2175 bytes] - [23/06/2016 23:04:26]
C:\AdwCleaner\AdwCleaner[S8].txt - [2248 bytes] - [24/06/2016 13:41:29]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2372 bytes] ##########
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Admin (Administrator) on Fri 06/24/2016 at 14:55:11.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 38
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Admin\AppData\Local\adawarebp (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\adawaretb (Folder)
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\convert audio free (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\system (Folder)
Successfully deleted: C:\Users\Admin\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Windows\system32\Tasks\At1 (Task)
Successfully deleted: C:\Windows\system32\Tasks\At2 (Task)
Successfully deleted: C:\Windows\Tasks\At1.job (Task)
Successfully deleted: C:\Windows\Tasks\At2.job (Task)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HI2PBML (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUFA92K0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4RMX30H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEYWVQXA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\system32\RENBE10.tmp (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HI2PBML (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUFA92K0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4RMX30H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEYWVQXA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\REN8E9F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8EB0.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN8EB1.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN9F3B.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\REN9F3C.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD1E.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD2F.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\RENBD30.tmp (File)
Registry: 1
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/24/2016 at 14:56:52.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
The problem with ccleaner was fixed but I'm still having trouble with my drives and some other files
both needing approval before copying and moving files and I cannot do things like create a text file on my system drive.
-
Hi, it seems that you have downloaded all sorts of unwanted programs which have injected so much that your system is not fully cured.
Did you do chkdsk /f/r and then try to open those things. If you could not , then it is better to repair your windows.
-
really doesn't seem like a lot of problems.
Checking file system on C:
The type of the file system is NTFS.
Volume label is DRIVE_C.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
436992 file records processed.
File verification completed.
16065 large file records processed.
0 bad file records processed.
0 EA records processed.
63 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
518912 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
436992 file SDs/SIDs processed.
Cleaning up 526 unused index entries from index $SII of file 0x9.
Cleaning up 526 unused index entries from index $SDH of file 0x9.
Cleaning up 526 unused security descriptors.
Security descriptor verification completed.
40961 data files processed.
CHKDSK is verifying Usn Journal...
39384456 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
436976 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
12840917 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
246650879 KB total disk space.
194532292 KB in 323400 files.
200780 KB in 40962 indexes.
0 KB in bad sectors.
554139 KB in use by the system.
65536 KB occupied by the log file.
51363668 KB available on disk.
4096 bytes in each allocation unit.
61662719 total allocation units on disk.
12840917 allocation units available on disk.
Internal Info:
00 ab 06 00 55 8f 05 00 8e da 09 00 00 00 00 00 ....U...........
aa 8e 00 00 3f 00 00 00 00 00 00 00 00 00 00 00 ....?...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
------------------------------
-
Hi, Tell me whether your problem solved or not. You have just deleted unwanted programs.
-
CCleaner is working like normal now but everything I was having problems with before (including needing to click "continue" on a pop-up every time I move a file ) is still occurring. I know you can claim ownership to specific files.
can you do so with drives (including the system drive?) ?