File recovery rogue scanner infection

Solved
By CanHazTrojanz?
Sep 1, 2012
  1. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Those are the 21 threats it found and cleaned.
  2. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =============================

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  3. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    # AdwCleaner v2.001 - Logfile created 09/10/2012 at 23:36:28
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : IdHusseys - IDHUSSEYS-PC
    # Boot Mode : Normal
    # Running from : C:\Users\IdHusseys\Desktop\adwcleaner(1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Users\IdHusseys\AppData\Local\Ilivid Player

    ***** [Registry] *****

    Key Deleted : HKCU\Software\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\IdHusseys\AppData\Roaming\Mozilla\Firefox\Profiles\brnuba7s.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v21.0.1180.89

    File : C:\Users\IdHusseys\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1612 octets] - [10/09/2012 18:09:55]
    AdwCleaner[S1].txt - [2182 octets] - [10/09/2012 23:36:28]

    ########## EOF - C:\AdwCleaner[S1].txt - [2242 octets] ##########
  4. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IdHusseys
    ->Temp folder emptied: 3256 bytes
    ->Temporary Internet Files folder emptied: 2351427 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 140 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 3486 bytes

    Total Files Cleaned = 2.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: IdHusseys
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: IdHusseys
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.61.3 log created on 09102012_234208

    Files\Folders moved on Reboot...
    C:\Users\IdHusseys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  5. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I'm in the process of uninstalling the various software using the Revo Uninstaller, while that's going on I'm trying to get to YouTube.com and it redirects to a weird page:

    http://www.youtube.com/lohp

    That page has this as its HTML:

    <!DOCTYPE html><html lang="en" dir="ltr" ><!-- machid: nWUxLTF9mYXdnanVINnRiU0E5ZDNHemZuYVYwZjdhelA1OGFDMU1LZ01FWWlwLU55UDh3Qy1R -->


    I'm not sure why it's redirecting there...
  6. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Nevermind about YouTube's HTML, apparently they experiment time to time. Found a topic about it in the Google forums. Cleared my cookies and logged in and it seemed fine.

    Thanks for all your help. One final question: do you even use Windows? Or are you running Linux or Unbutu, etc.? I'm wondering how the techs on Techspot avoid being hacked.
  7. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    I use Windows only.

    Good luck and stay safe :)
  8. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    Broni, you helped me get my PC back under control, but one thing that didn't resolve was the issue of getting full access to my files.

    For example, I have SEO software that allows me to upload fresh proxies before running. I also have software that needs updating, but when I try to write over the old files (updating or changing proxies), I am given an "Access Denied" error.

    When I check the "program (x86)" folder (I am running Windows 7 64 bit), I see the permissions are set to "read only."

    When I try to reset the permissions to "full" under "Security > Advanced" as recommended by Microsoft here:

    http://windows.microsoft.com/en-US/...t-access-denied-when-opening-files-or-folders

    ...I still get the "Access Denied" error. Every time I un-check "read only" or try to give myself "ownership" (under Security > Advanced, as Microsoft recommended), the dialog opens up and it seems to work, as if it's changing the permissions/ownership: but it keeps reverting back to read-only, and my software will not allow updates or anything that has to do with writing into the file (like updating proxies).

    Since this was a recent infection I'm not sure if I need to run the 5 steps all over again, or if Broni has other suggestions (or anyone else). Please let me know ASAP as I've got to access these tools in order to work for my clients and my own projects.

    Just to be clear:

    I can reset permissions, or at least claim ownership of files/folders...what I can't do is to have my folders retain the permissions I set. They keep reverting to "read only" and every time I try to update my software or try to update proxies for the software I'm using, I get "Access Denied" errors.
  9. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Lets run the following tool. This will help determine which files need permissions restored.

    Please download and save Junction.zip

    Unzip it and place Junction.exe in the Windows directory (C:\Windows).
    Go to Start>Run (Vista and Windows 7 users use "Start search" box).
    Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system.
    Wait until a log file opens.
    Copy and paste the log in your next reply.
  10. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I entered that cmd line into the "start search" box and the DOS box remains blank with a blinking cursor.

    Then I entered the command into the cmd box (everything after /c), and was told that "/c" is not recognized as a command or folder (I can run it again and take a screenshot for the actual verbiage).

    About how long should the scan take to produce the log?
  11. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    You copy/paste a whole command not only something after "c".
     
  12. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    That was weird. I decided to uninstall and unzip/redo the installation, etc...and found this waiting for me:


    Junction v1.06 - Windows junction creator and reparse point viewer
    Copyright (C) 2000-2010 Mark Russinovich
    Sysinternals - www.sysinternals.com

    \\?\c:\\Documents and Settings: JUNCTION
    Print Name : C:\Users
    Substitute Name: C:\Users


    Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



    Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...\\?\c:\\ProgramData\Application Data: JUNCTION
    Print Name : C:\ProgramData
    Substitute Name: C:\ProgramData

    \\?\c:\\ProgramData\Desktop: JUNCTION
    Print Name : C:\Users\Public\Desktop
    Substitute Name: C:\Users\Public\Desktop

    \\?\c:\\ProgramData\Documents: JUNCTION
    Print Name : C:\Users\Public\Documents
    Substitute Name: C:\Users\Public\Documents

    \\?\c:\\ProgramData\Favorites: JUNCTION
    Print Name : C:\Users\Public\Favorites
    Substitute Name: C:\Users\Public\Favorites

    \\?\c:\\ProgramData\Start Menu: JUNCTION
    Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
    Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

    \\?\c:\\ProgramData\Templates: JUNCTION
    Print Name : C:\ProgramData\Microsoft\Windows\Templates
    Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ..
    Failed to open \\?\c:\\System Volume Information\WindowsImageBackup: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{54e9864c-fc4b-11e1-bdf1-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{5ca190f8-fd5b-11e1-8cdd-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c2b7-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c2ce-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c2f9-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c31a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c496-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c4ff-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c6be-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{a3c9c79a-fc70-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{ac868f97-fc4d-11e1-846d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{b9d9ba86-fde9-11e1-82ef-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c780029a-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c780047b-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c7800522-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c780084e-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c78008af-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c7800927-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c780095f-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{c7800978-fd34-11e1-a021-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.



    Failed to open \\?\c:\\System Volume Information\{ef0d1783-fc61-11e1-be6d-00269ec36d40}{3808876b-c176-4e48-b7ae-04046e6cc752}: Access is denied.


    .\\?\c:\\Users\All Users: SYMBOLIC LINK
    Print Name : C:\ProgramData
    Substitute Name: \??\C:\ProgramData

    \\?\c:\\Users\Default User: JUNCTION
    Print Name : C:\Users\Default
    Substitute Name: C:\Users\Default

    \\?\c:\\Users\All Users\Application Data: JUNCTION
    Print Name : C:\ProgramData
    Substitute Name: C:\ProgramData

    \\?\c:\\Users\All Users\Desktop: JUNCTION
    Print Name : C:\Users\Public\Desktop
    Substitute Name: C:\Users\Public\Desktop

    \\?\c:\\Users\All Users\Documents: JUNCTION
    Print Name : C:\Users\Public\Documents
    Substitute Name: C:\Users\Public\Documents

    \\?\c:\\Users\All Users\Favorites: JUNCTION
    Print Name : C:\Users\Public\Favorites
    Substitute Name: C:\Users\Public\Favorites

    \\?\c:\\Users\All Users\Start Menu: JUNCTION
    Print Name : C:\ProgramData\Microsoft\Windows\Start Menu
    Substitute Name: C:\ProgramData\Microsoft\Windows\Start Menu

    \\?\c:\\Users\All Users\Templates: JUNCTION
    Print Name : C:\ProgramData\Microsoft\Windows\Templates
    Substitute Name: C:\ProgramData\Microsoft\Windows\Templates



    ...

    ...

    ...\\?\c:\\Users\Default\Application Data: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming
    Substitute Name: C:\Users\Default\AppData\Roaming

    \\?\c:\\Users\Default\Local Settings: JUNCTION
    Print Name : C:\Users\Default\AppData\Local
    Substitute Name: C:\Users\Default\AppData\Local

    \\?\c:\\Users\Default\My Documents: JUNCTION
    Print Name : C:\Users\Default\Documents
    Substitute Name: C:\Users\Default\Documents

    \\?\c:\\Users\Default\NetHood: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    \\?\c:\\Users\Default\PrintHood: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

    \\?\c:\\Users\Default\Recent: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent

    \\?\c:\\Users\Default\SendTo: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo

    \\?\c:\\Users\Default\Start Menu: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu

    \\?\c:\\Users\Default\Templates: JUNCTION
    Print Name : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates
    Substitute Name: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates

    \\?\c:\\Users\Default\AppData\Local\Application Data: JUNCTION
    Print Name : C:\Users\Default\AppData\Local
    Substitute Name: C:\Users\Default\AppData\Local

    \\?\c:\\Users\Default\AppData\Local\History: JUNCTION
    Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\History
    Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\History

    \\?\c:\\Users\Default\AppData\Local\Temporary Internet Files: JUNCTION
    Print Name : C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files
    Substitute Name: C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files



    \\?\c:\\Users\Default\Documents\My Music: JUNCTION
    Print Name : C:\Users\Default\Music
    Substitute Name: C:\Users\Default\Music

    \\?\c:\\Users\Default\Documents\My Pictures: JUNCTION
    Print Name : C:\Users\Default\Pictures
    Substitute Name: C:\Users\Default\Pictures

    \\?\c:\\Users\Default\Documents\My Videos: JUNCTION
    Print Name : C:\Users\Default\Videos
    Substitute Name: C:\Users\Default\Videos

    \\?\c:\\Users\IdHusseys\Application Data: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming

    \\?\c:\\Users\IdHusseys\Cookies: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Cookies

    \\?\c:\\Users\IdHusseys\Local Settings: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Local
    Substitute Name: C:\Users\IdHusseys\AppData\Local

    \\?\c:\\Users\IdHusseys\My Documents: JUNCTION
    Print Name : C:\Users\IdHusseys\Documents
    Substitute Name: C:\Users\IdHusseys\Documents

    \\?\c:\\Users\IdHusseys\NetHood: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    \\?\c:\\Users\IdHusseys\PrintHood: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

    \\?\c:\\Users\IdHusseys\Recent: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Recent

    \\?\c:\\Users\IdHusseys\SendTo: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\SendTo

    \\?\c:\\Users\IdHusseys\Start Menu: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Start Menu

    \\?\c:\\Users\IdHusseys\Templates: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates
    Substitute Name: C:\Users\IdHusseys\AppData\Roaming\Microsoft\Windows\Templates

    \\?\c:\\Users\IdHusseys\AppData\Local\Application Data: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Local
    Substitute Name: C:\Users\IdHusseys\AppData\Local

    \\?\c:\\Users\IdHusseys\AppData\Local\History: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History
    Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\History

    \\?\c:\\Users\IdHusseys\AppData\Local\Temporary Internet Files: JUNCTION
    Print Name : C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files
    Substitute Name: C:\Users\IdHusseys\AppData\Local\Microsoft\Windows\Temporary Internet Files

    ...

    .
    Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



    Failed to open \\?\c:\\Users\IdHusseys\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


    ..

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...\\?\c:\\Users\IdHusseys\Documents\My Music: JUNCTION
    Print Name : C:\Users\IdHusseys\Music
    Substitute Name: C:\Users\IdHusseys\Music

    \\?\c:\\Users\IdHusseys\Documents\My Pictures: JUNCTION
    Print Name : C:\Users\IdHusseys\Pictures
    Substitute Name: C:\Users\IdHusseys\Pictures

    \\?\c:\\Users\IdHusseys\Documents\My Videos: JUNCTION
    Print Name : C:\Users\IdHusseys\Videos
    Substitute Name: C:\Users\IdHusseys\Videos



    ...

    \\?\c:\\Users\Public\Documents\My Music: JUNCTION
    Print Name : C:\Users\Public\Music
    Substitute Name: C:\Users\Public\Music

    \\?\c:\\Users\Public\Documents\My Pictures: JUNCTION
    Print Name : C:\Users\Public\Pictures
    Substitute Name: C:\Users\Public\Pictures

    \\?\c:\\Users\Public\Documents\My Videos: JUNCTION
    Print Name : C:\Users\Public\Videos
    Substitute Name: C:\Users\Public\Videos

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    .\\?\c:\\Windows\SysWOW64\config\systemprofile\Application Data: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Local Settings: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

    \\?\c:\\Windows\SysWOW64\config\systemprofile\My Documents: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\Documents
    Substitute Name: C:\Windows\system32\config\systemprofile\Documents

    \\?\c:\\Windows\SysWOW64\config\systemprofile\NetHood: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts

    \\?\c:\\Windows\SysWOW64\config\systemprofile\PrintHood: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Recent: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent

    \\?\c:\\Windows\SysWOW64\config\systemprofile\SendTo: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Start Menu: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Templates: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates

    \\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Local
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local

    \\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\History: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History

    \\?\c:\\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
    Substitute Name: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Music: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\Music
    Substitute Name: C:\Windows\system32\config\systemprofile\Music

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Pictures: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\Pictures
    Substitute Name: C:\Windows\system32\config\systemprofile\Pictures

    \\?\c:\\Windows\SysWOW64\config\systemprofile\Documents\My Videos: JUNCTION
    Print Name : C:\Windows\system32\config\systemprofile\Videos
    Substitute Name: C:\Windows\system32\config\systemprofile\Videos

    ..

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    .
  13. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    I don't see any permission issues in the above log.

    Try to create new admin account, switch to it and see if you have same problem.
  14. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    So I created a new administrator account and it couldn't access the internet, nor could I update my proxies on the tools I'm using. It's the same "Access Denied" error.
  15. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    How many folders, files are we talking about?
    Are those folders/files belong to some specific program(s)?
  16. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    There are 78 folders in the particular directory "Programs (x86)" but the "permissions" error seems to be happening on all my folders in the C: drive.

    I haven't checked "all" my folders, I just caught this error because I need to use 2 programs to make progress on client work and I can't get my software to update nor to change things like rotating proxies. Other software that doesn't require proxy rotation seems to be fine (*although I just checked and the "other software" I've used today resides in the /Programs folder, not /Programs (x86) - and it doesn't require proxies).

    They all reset to "read only" and even if I claim ownership I can't change that, it still reverts to "read only." I can use various document tools and save those to the desktop like normal; spreadsheets are fine, etc. But using and upgrading key software I can't escape the error nor can I use the software.

    I'm not sure if I can use the software if I reinstalled in another folder or not, but it's frustrating to say the least.
  17. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
  18. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    It's still working on the final step but unlike last time, there aren't as many "failed" fixes. Hopefully this gets it done, am I to upload any logs this time around?
  19. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    OK it's done but I don't see any files to show you if there were any.
  20. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    I checked to see if I can use my programs now, it's not fixed. Same access denied error. The "programs (x86)" file is still defaulting to 'read only' but if I check my permissions, my username/admin account has full permission/full control of the entire folder and its contents. It's also what I'm logged in under.
  21. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    It's weird: if I access the file from Windows Explorer > Computer > C > Programs x86, the permissions show I've got full control permissions. I checked the start menu and that folder showed permissions were "special permissions" only, so I set those to full control. That still didn't work, though. I can't use the tool.
  22. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    It's not just the /programs (x86) folder. I have software saved to my desktop in different folders, apart from the programs folders. That won't update, either. On the other hand, Avast will update just fine, as will Malwarebytes. It's just certain tools I use for my productivity that won't work - and I've tried uninstalling/re-installing.
  23. Broni

    Broni Malware Annihilator Posts: 46,321   +252

  24. CanHazTrojanz?

    CanHazTrojanz? TechSpot Enthusiast Topic Starter Posts: 106

    That took a while but it didn't change things. I even narrowed it down to the program folder of the particular software (there are 2 programs I'm trying to run) - no difference.
  25. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    We ran Windows repair program twice and it still lists number of errors.
    I'm fairly sure your Windows installation is simply beyond repair and fresh installation may be your only option.

    That's my opinion. If you wish you can always create new topic in Windows forum to see if others have some different ideas.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.