Troubles with Permissions Changes Preventing access to anything.

Page 1 of 3 123 LastLast

  1. pwrcat4000
    Posts : 13
    7 64 sp1
       New #1

    Troubles with Permissions Changes Preventing access to anything.


    I told my aunt that I could fix her dell computer windows 7 x 64sp1 went to see it the thing was unusable Activate Ultimate Protection popups now way to download or save anything no way to back anything up. I had an AVG rescue ROM and it found nothing so I loaded up the thing and took it home plugged it in and got the Black Screen cursor in every mode. using the recovery parttition that was set up on the Dell (no restore point found) I did boot repair multiple times to no avail.
    I figured it had something to do with permissions as I had heard of this before followed the instructions doing a bunch of icacls commands here Fix Permissions Changes Preventing Windows From Booting (Windows 7 / Vista) - Sysnative Forums
    Code:
    icacls Windows /t /c /grant "NT SERVICE\TrustedInstaller":(F) 
icacls Windows /t /c /grant SYSTEM:(M) 
icacls Windows /t /c /grant SYSTEM:(F)
icacls Windows /t /c /grant Administrators:(M) 
icacls Windows /t /c /grant Administrators:(F) 
icacls Windows /t /c /grant Users:(RX)
icacls Windows /t /c /grant Users:(GR,GE)
icacls Windows /t /c /grant "CREATOR OWNER":(F) 
icacls "Program Files" /t /c /grant"NT SERVICE\TrustedInstaller":(F) 
icacls "Program Files" /t /c /grant SYSTEM:(M)
icacls "Program Files" /t /c /grant SYSTEM:(F) icacls "Program Files" /t /c /grant Administrators:(M)
icacls "Program Files" /t /c /grant Administrators:(F)
icacls "Program Files" /t /c /grant Users:(RX) 
icacls "Program Files" /t /c /grant Users:(GR,GE) 
icacls "Program Files" /t /c /grant "CREATOR OWNER":(F) 
icacls "Program Files (x86)" /t /c /grant "NT SERVICE\TrustedInstaller":(F) 
icacls "Program Files (x86)" /t /c /grant SYSTEM:(M) 
icacls "Program Files (x86)" /t /c /grant SYSTEM:(F) 
icacls "Program Files (x86)" /t /c /grant Administrators:(M) 
icacls "Program Files (x86)" /t /c /grant Administrators:(F)
icacls "Program Files (x86)" /t /c /grant Users:(RX)
icacls "Program Files (x86)" /t /c /grant Users:(GR,GE)
icacls "Program Files (x86)' /t /c /grant"CREATOR OWNER":(F)
icacls Users /t /c /grant SYSTEM:(F)
icacls Users /t /c /grant Administrators:(F)
icacls Users /t /c /grant Users:(RX)
icacls Users /t /c /grant Users:(GR,GE)
icacls Users /t /c /grant Everyone:(RX)
icacls Users /t /c /grant Everyone:(GR,GE)
    A short 16 hrs later I rebooted in to safemode w network and ran malware bytes found this

    Code:
    Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
ruth :: RUTH-PC [administrator]

2/12/2014 10:35:48 AM
MBAM-log-2014-02-12 (10-41-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260483
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Windows  NT\CurrentVersion\Image File Execution Options\k9filter.exe  (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows  NT\CurrentVersion\Image File Execution Options\mpuxsrv.exe  (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows  NT\CurrentVersion\Image File Execution Options\msascui.exe  (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows  NT\CurrentVersion\Image File Execution Options\MSconfig.exe  (Security.Hijack) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows  NT\CurrentVersion\Image File Execution Options\msmpeng.exe  (Security.Hijack) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PrSft  (Rogue.FakeAV) -> Data: C:\Users\ruth\AppData\Roaming\svc-gbgt.exe  -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\ruth\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\ruth\AppData\Roaming\OpenCandy\A7567E0F27B548CABD222B28F112AB16 (PUP.Optional.OpenCandy) -> No action taken.

Files Detected: 5
C:\Users\ruth\AppData\Roaming\svc-gbgt.exe (Rogue.FakeAV) -> No action taken.
C:\Users\ruth\Local  Settings\Temporary Internet  Files\Content.IE5\E0JSFM4K\ab6202e78319b45adf9484a48a249c09[1].exe  (Rogue.FakeAV) -> No action taken.
C:\Users\ruth\Local  Settings\Temporary Internet  Files\Content.IE5\HUE5DQ7X\616b0bbfd25d47d1c83eee1f8de3cdc3[1].exe  (Rogue.FakeAV) -> No action taken.
C:\Users\ruth\AppData\Roaming\data.sec (Malware.Trace.E) -> No action taken.
C:\Users\ruth\AppData\Roaming\OpenCandy\A7567E0F27B548CABD222B28F112AB16\RealPlayerR71POC3_p2v2.exe  (PUP.Optional.OpenCandy) -> No action taken.

(end)
    I know the log says "no action Taken" but the log was made before I cleaned it.
    Ran it a second time found no infections
    I was able to boot in to regular old windows and ran a AVG PRO scan found nothing
    Did a rootkit scan and got this

    Code:
    "Anti-Rootkit scan"
"Medium priority";"9";"9";"0"
"Started:";"2/12/2014, 11:48:04 AM"
"Finished:";"2/12/2014, 11:50:13 AM"
"Total object scanned:";"205246"
"User who launched the scan:";"ruth"

"Name";"Description";"Result";"Status";"Priority"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_POWER -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_READ -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_PNP -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CLOSE -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_WRITE -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CREATE -> HIDCLASS.SYS +0x2710";"Secured";"Healed";"Medium"
    Took a break noticed alot of HDD activity came back after a couple hours told her I wanted to back up her stuff.
    Just in case, when I went to do that
    I think Permissions had been changed again by something.
    I was able to create myself an account, task manger will not show me all tasks, I have no access to the C: (OS) drive need some help. Long post sorry I usually don't need help but I am out of ideas on this one.
    Bill
    I just joined this forum and just read not to use combofix but that was after I ran it I have the log.
      My Computer
    Quote Quote

  3. AmericanPharaoh
    Posts : 2,171
    Win7, Win10, Win11
       New #2

    Restoring Your Dell Computer to Original Factory Installation with Dell DataSafe Local Backup 2.0 | Dell US
      My Computers
    Quote Quote

  4. pwrcat4000
    Posts : 13
    7 64 sp1
    Thread Starter
       New #3

    johnsmith45jock
    Thanks for the reply I am unsure if it would work the machine has a Vista COA on it.
    Excuse my ignorance I have been fixing xp machines for years but if i had a 7-x64 disc can a recovery install be done from the disk with out affecting the user files.
      My Computer
    Quote Quote

  6. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #4

    Windows 7 Universal Installation Disc - Create

    Take note of the download links.
    You might want to grab 32bit and 64bit while you can.
      My Computer
    Quote Quote

  7. pwrcat4000
    Posts : 13
    7 64 sp1
    Thread Starter
       New #5

    UsernameIssues,
    Thanks for your reply I got my Windows 7 Home Premium with Service Pack 1 (x64) - DVD (English) iso from my technet subscription but if people have made the Universal iso I would like to have one Although it would be kinda cool to make my own I don't have the time for the project right now. She is looking for her install dvd now
      My Computer
    Quote Quote

  8. pwrcat4000
    Posts : 13
    7 64 sp1
    Thread Starter
       New #6

    Re: Troubles with Permissions Changes Preventing access to anything.


    BTW Heres my combofix text
    What am I missing
    Troubles with Permissions Changes Preventing access to anything. Attached Files
      My Computer
    Quote Quote

  10. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #7

    We will need to wait on a member that deals with infections to pickup the thread.
      My Computer
    Quote Quote

  11. pwrcat4000
    Posts : 13
    7 64 sp1
    Thread Starter
       New #8

    Usernameissues,
    Thanks for the reply.
    Is there anyway to intice them? I am willing to strip down to my t-shirt if nessisary LOL
    I think if I could get Admin access again I have the tools to beat this infection. I am burning my Windows 7 Home Premium with Service Pack 1 (x64) - DVD (English) DVD right now
      My Computer
    Quote Quote

  12. UsernameIssues
    Posts : 10,485
    W7 Pro SP1 64bit
       New #9

    pwrcat4000 said:
    ~~~
    ...I am willing to strip down to my t-shirt if nessisary LOL
    ~~~
    Don't want to drive them away

    I don't see them online and I'll be away for a bit too.
      My Computer
    Quote Quote

  13. pwrcat4000
    Posts : 13
    7 64 sp1
    Thread Starter
       New #10

    attempting "Upgrade"
    Windows 7 Home Premium with Service Pack 1 (x64) <----infected
    to Windows 7 Home Premium with Service Pack 1 (x64) <----- Clean!
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
Hello: Once a month, I backup my laptop's files to an external hard drive. But, about three months ago, my company enabled Group Policy to where none of us employees are able to plug external hard drives into our USB ports. Is there a way of overriding this policy? If not, is there a way...
preventing access to drive
in System Security

Hi I want to stop my son accessing one of my drives on my pc which is always on because I use it for recording my cctv system. I don't want him to access my drives whilst its on how do I stop this as administrator?
IE9 won't let me in to the web control panel I use for web sites I run. I have uninstalled IE9 several times so I can work properly with IE8, but unfortunately it insists on re-installing as a 'critical update' every time I turn my computer on. 2 points - 1 - how can I stop IE9 downloading until...
Hi all, Nutshell version: Anybody know of any 3rd party software available that would make it impossible for the legal minors occasionally in my care to tap into my neighbours' unsecured wireless networks, either purposely or accidentally? Thanks in advance for any and all practical...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 04:01.
Find Us