Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pc 1 - infected by adwares & rogues + problems on sd/sdxc/micro sd cards, xubunt


  • This topic is locked This topic is locked
6 replies to this topic

#1 emig-tea

emig-tea

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 05 August 2017 - 01:52 AM

Hello,

 

i'm back on bleepingcomputer,

 

since  this topic locked here:

 

https://www.bleepingcomputer.com/forums/t/652529/windows-7-10-infecte-problems-on-xubuntu-live-usb-and-sd-cards/

 

because one topic by each pc, i retry again to post 2 topics: one by pc/one for each pc,

to make coherence,

 

i uninstalled the "dll care" & "smart pc utilities" optimizers,

 

i installed RegCure and Anvisoft apps on C:/program files/pc optimizer pro sub-directory, and copied that accidentally on downloads folder, it's theorical and bad intuitional, i go to begin clean now please;

 

my pc #1 is a Compaq Desktop by HP,

Antivirus/firewall: Comodo CIS

System: Win 7 x32

i have this pc since 2011

 

i have followed instructions on my other topics: adwcleaner/mbam/frst, but a improvization for mbam, because mbam don't launches on my pc (bug) in normal, safe mode, before, after reinstall, before and after use mbam cleaning tool, the problems persists,

 

i have now mb clean results, adwcleaner and frst logs,

 

****

 

the problem with my network disk on my laptop:

 

for my portableapps companion drbl bootable usb drive/network disk(s):
and my trouble on network device, the CustomUSB PortableApps.Com DRBL bootable Companion blue 32 GB stick plugged on my Orange Livebox, is actually the (Y:/) partition on my laptop, if i copy/modify/move a file/folder on it i have this error message in french:
Accès au dossier de destination refusé: Vous devez disposer d'une autorisation pour effectuer cette action",

 

 

the sd cards/usb problems and infections:

my laptop is infected by adwares and rogues, and i have sd cards/usb problems also;

 

 and the june 1st, i burned raspbian img to a 64 gb sd card, and then this card converted to a 10 mb partition, it's normal ?, and i can film with my camera with this card ?,
 
after makes bootables my sd:
-the sdxc 512 gb converted into "windows 7 password reset disk" -> the bug of this card after makes this card into "windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
-the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
-the sd 4 go converted into win 10 installation with win usb -> the bug of this card after makes this card into windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card
-the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint
becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,
 
because the norms for types of formats of theses drives to makes bootables and takes videos/photos,
 
because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)
 
when create the "password reset sd card" with Windows password tools the sd formated,
 
where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?
  
 Myy Samsung fit 128 usb key, is now xubuntu live usb, but at thé boot one "syslinux copyright 1994-2011, no default  UI or Boot" boot error message on Dos full créent

 

M'y SanDisk réversibles micro usb usb 16 go disk are multibootables but boot error at sardu/yumi menus

 

M'y raspbian sd 64 gb card are now 50 mb partitions/disks, suspicions boot errors, and suspicions for takes photos/videos with a camera, and à "no partition table on thèses disks" error messages when'i try to résine to 64 and 128 gb original sizes when I use im-magic résizer,  paragon, etc...

 

****

 

Thanks...

 

and now the adwcleaner, mbam cleanup log, and frst logs:

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 07 August 2017 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You have many entries in you log for BitDefender.
Did you remove that security program?

If yes then I suggest you download run their removal tool. It's compatible with Windows 10.
https://www.bleepingcomputer.com/download/bitdefender-uninstall-tool/
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\RunOnce: [mb-runtask] => [X]
GroupPolicy: Restriction <==== ATTENTION
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => Pas de fichier
CHR HKLM-x32\...\Chrome\Extension: [cfmjkokphadmhbenfjjecfbhbbonbjcb] - hxxps://clients2.google.com/service/update2/crx
S2  AnviStartupTime; C:\Program Files\PC Optimizer Pro\Anvisoft\StartupBooster\StartupTimeSrv.exe [X]
S2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [X]
S2 AnviStartupTime; C:\Program Files\PC Optimizer Pro\Anvisoft\StartupBooster\StartupTimeSrv.exe [X]
S3 Diskeeper; "C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe" [X]
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{004B49B7-11B9-5058-AA22-08DD0A3ADC4B}\InprocServer32 -> {1FDC8DC4-9468-D082-921D-ADEE85889A47} => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\CLSID\{DD0822AA-3A0A-4BDC-B749-4B00B9115850}\InprocServer32 -> {55434119-9468-D082-4FD1-32A485889A47} => Pas de fichier
ContextMenuHandlers1: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> Pas de fichier
ContextMenuHandlers1: [DaemonShellExtImage] -> {40966797-8FFE-46C8-9EF8-7003F33CCF0F} =>  -> Pas de fichier
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers2: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers2: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers2: [DaemonShellExtDrive] -> {A5415364-784A-41A5-B47A-D452909CA8FF} =>  -> Pas de fichier
ContextMenuHandlers3: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers3: [RSShellEx] -> {669E97EA-B566-410F-A33A-0EC20F234823} => C:\Program Files (x86)\Remo File Eraser 2.0\64\rsh64.dll -> Pas de fichier
ContextMenuHandlers4: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers4: [Auslogics Disk Defrag Professional Shell Context Menu 4.x] -> {CC89327D-D094-40B2-82CB-F989EE26FC51} =>  -> Pas de fichier
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers5: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll -> Pas de fichier
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} =>  -> Pas de fichier
ContextMenuHandlers1_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers2_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers4_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
ContextMenuHandlers5_S-1-5-21-4265624635-2019933758-61733912-1001: [AABdzCtx] -> {5B69A6B4-393B-459C-8EBB-214237A9E7AC} => C:\Program Files\Bandizip\bdzshl64.dll -> Pas de fichier
Task: {243C50DA-C0E0-47C1-B696-C3A29E4AB754} - \Auslogics\Disk Defrag Prof\Task {00000001-768F-4407-9F50-E9EADEE5F9F0} for jean- -> Pas de fichier <==== ATTENTION
Task: {80F8F6F7-AB06-4D42-8554-BCC6D3C5F35F} - \WiseCleaner\WJSSkipUAC -> Pas de fichier <==== ATTENTION
Task: {BF73AD02-7A9F-475E-95B0-7BF159E5BE86} - \Auslogics\Disk Defrag Prof\Task {00000001-B25E-476C-8612-71F182EB3FDE} for jean- -> Pas de fichier <==== ATTENTION
Task: {C4D5A7E0-11BD-4324-896C-753FAB0CA1DC} - \WiseCleaner\WMOSkipUAC -> Pas de fichier <==== ATTENTION
Task: {CE71B2D1-617A-47FC-B7F0-B9BE42E4ED22} - \Auslogics\Disk Defrag Prof\Task {00000001-BFBA-49BB-85C7-F7779F2C619C} for jean- -> Pas de fichier <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please let me know what problem persists with this computer.

#3 emig-tea

emig-tea
  • Topic Starter

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 07 August 2017 - 02:03 PM

hello, sorry of this erratum:

 

1) pc 1 is not compaq desktop, but is acer w7 laptop

 

2) because of this erratum i ran the frst fix on two computers, the fix done succesfull

y on my other pc 5pc 2) but blocks on pc 1 here (w7 acer) but i have fixlog file

 

3) the sd cards/xubuntu usb live/reversible pendrive sardu plugged on laptop:

--------------------------

the sd cards/usb problems and infections:

my laptop is infected by adwares and rogues, and i have sd cards/usb problems also;

 

 and the june 1st, i burned raspbian img to a 64 gb sd card, and then this card converted to a 10 mb partition, it's normal ?, and i can film with my camera with this card ?,
 
after makes bootables my sd:
-the sdxc 512 gb converted into "windows 7 password reset disk" -> the bug of this card after makes this card into "windows 7 password reset disk" is: suspiciout to takes videos/photos with my camera with this card
-the sdxc 64 gb converted into raspbian os for my future raspberry pi -> the bug of this card after makes this card into "raspbian" is: the 64 gb transformed to 10 MB partition + impossibility to takes videos/photos with my camera with this card
-the sd 4 go converted into win 10 installation with win usb -> the bug of this card after makes this card into windows installer is: suspicions to boot error & to takes videos/photos with my camera with this card
-the micro sdxc 128 Gb boots on framakey mint, but is suspicious to takes videos with my caméra with this card after makes this bootable into framakey mint
becauses i want to know if to simultaneous makes bootables and take pictures/videos with the same card,
 
because the norms for types of formats of theses drives to makes bootables and takes videos/photos,
 
because interests for the multi-work universal card (bootable + camera compatibility on same card simultaneous)
 
when create the "password reset sd card" with Windows password tools the sd formated,
 
where is the solutions ? for change sd formats without data loss/convert sd partition without formating ?
  
 Myy Samsung fit 128 usb key, is now xubuntu live usb, but at thé boot one "syslinux copyright 1994-2011, no default  UI or Boot" boot error message on Dos full créent

 

M'y SanDisk réversibles micro usb usb 16 go disk are multibootables but boot error at sardu/yumi menus

 

M'y raspbian sd 64 gb card are now 50 mb partitions/disks, suspicions boot errors, and suspicions for takes photos/videos with a camera, and à "no partition table on thèses disks" error messages when'i try to résine to 64 and 128 gb original sizes when I use im-magic résizer,  paragon, etc...

 

4) the network drive:

------------

the problem with my network disk on my laptop:

 

for my portableapps companion drbl bootable usb drive/network disk(s):
and my trouble on network device, the CustomUSB PortableApps.Com DRBL bootable Companion blue 32 GB stick plugged on my Orange Livebox, is actually the (Y:/) partition on my laptop, if i copy/modify/move a file/folder on it i have this error message in french:
Accès au dossier de destination refusé: Vous devez disposer d'une autorisation pour effectuer cette action",

 

thanks...

 

and now the fixlog (but no complete because of the bug on the fix) -:

Attached Files



#4 emig-tea

emig-tea
  • Topic Starter

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 07 August 2017 - 02:10 PM

...and since today i lost my raspbian sd card, in my chamber/bedroom



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 08 August 2017 - 07:04 AM

Hi

Do the same on this computer

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

#6 emig-tea

emig-tea
  • Topic Starter

  • Banned
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 08 August 2017 - 10:13 AM

i prouve totally this topic is for/pc 1 is "Windows 7 Acer Aspire One D255 Laptop x32";

 

pre-scan:

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair 2018 (v4.0.1) - Pre-Scan
│ Computer: YOUCAM8WAIT (Windows 7 Starter 6.1.7601.23862 Service Pack 1) (32-bit)
│ [Started Scan - 08/08/2017 16:26:06]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (08/08/2017 16:26:06)

│ No problems were found with the Packages Files.

│ Files Checked & Verified: 5 209

│ Done Scanning Windows Packages Files.(08/08/2017 16:33:23)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (08/08/2017 16:33:23)

│ Missing Default Reparse Point: (Original Path: C:\Users\Public\Documents\My Music) (Target Path: C:\Users\Public\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Public\Documents\My Pictures) (Target Path: C:\Users\Public\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Public\Documents\My Videos) (Target Path: C:\Users\Public\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\widen-finalis\Documents\My Music) (Target Path: C:\Users\widen-finalis\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\widen-finalis\Documents\My Pictures) (Target Path: C:\Users\widen-finalis\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\widen-finalis\Documents\My Videos) (Target Path: C:\Users\widen-finalis\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.

│ Files & Folders Searched: 241 957
│ Reparse Points Found: 121

│ Done Scanning Reparse Points.(08/08/2017 16:38:16)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (08/08/2017 16:38:17)

│ This folder in the 'Path' variable doesn't exist:

│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.

│ Done Checking Environment Variables. (08/08/2017 16:38:17)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 08/08/2017 16:38:17]

│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
└────────────────────────────────────────────────────────────────────────────────┘

reparse point repair:
┌───────────────────────────────┐
│[STARTED] [08/08/2017 16:40:32]│
└───────────────────────────────┘
Running Repair on C:\Users\Public\Documents\My Music

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\Public\Documents\My Music" "C:\Users\Public\Music"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\Public\Documents\My Music

Running Repair on C:\Users\Public\Documents\My Pictures

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\Public\Documents\My Pictures" "C:\Users\Public\Pictures"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\Public\Documents\My Pictures

Running Repair on C:\Users\Public\Documents\My Videos

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\Public\Documents\My Videos" "C:\Users\Public\Videos"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\Public\Documents\My Videos

Running Repair on C:\Users\widen-finalis\Documents\My Music

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Link Folder Does Exist, We need to remove it as we can't make Reparse Points for exisiting folders.
   [x] Setting Owner On Folder (So We Have A Better Chance For Permission To Remove It).
   [x] Calling RemoveDirectoryW (Only Removes Empty Folders, Just In Case)
   [x] RemoveDirectoryW Returned An Error, Error: 0 - Le répertoire n’est pas vide.
   [x] Even Though We Got An Error, Lets Keep Going.
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\widen-finalis\Documents\My Music" "C:\Users\widen-finalis\Music"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\widen-finalis\Documents\My Music

Running Repair on C:\Users\widen-finalis\Documents\My Pictures

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\widen-finalis\Documents\My Pictures" "C:\Users\widen-finalis\Pictures"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\widen-finalis\Documents\My Pictures

Running Repair on C:\Users\widen-finalis\Documents\My Videos

   [x] Command to Run: Create Default Reparse Point (This Is A Default Windows Reparse Point, Lets Put It Back The Way It Should Be)
   [x] Calling Checking If Link Folder Exists
   [x] Type is JUNCTION, Calling: mklink /J "C:\Users\widen-finalis\Documents\My Videos" "C:\Users\widen-finalis\Videos"
   [x] Setting Owner To System And Everyone Read Access To Denied (This Is The Default) To The Link Folder: C:\Users\widen-finalis\Documents\My Videos

┌────────────────────────────────┐
│[FINISHED] [08/08/2017 16:40:43]│
└────────────────────────────────┘

repairs:
Log:
Tweaking.com - Windows Repair 2018 (v4.0.1)
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Windows 7 Starter
OS Architecture: 32-bit
OS Version: 6.1.7601.23862
OS Service Pack: Service Pack 1
Computer Name: YOUCAM8WAIT
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\widen-finalis
Current Profile SID: S-1-5-21-4183021106-2149456055-877251859-1000
Current Profile Classes: S-1-5-21-4183021106-2149456055-877251859-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\widen-finalis\AppData\Local
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 01 Day 02:21:40

Process Count: 29
Commit Total: 967,60 MB
Commit Limit: 2,26 GB
Commit Peak: 1,99 GB
Handle Count: 9117
Kernel Total: 246,25 MB
Kernel Paged: 183,06 MB
Kernel Non Paged: 63,18 MB
System Cache: 356,95 MB
Thread Count: 336
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 1 013,09 MB
Memory Used: 763,22 MB(75,3355%)
Memory Avail.: 249,88 MB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 1 013,09 MB
Memory Used: 582,15 MB(57,4628%)
Memory Avail.: 430,94 MB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (08/08/2017 16:45:03)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 14
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (08/08/2017 16:45:07)


Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done,  0,63 seconds.


Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hku.7z
Done,  0,48 seconds.


Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\hklm.7z
Done,  16,74 seconds.

   Running Repair Under System Account
   Done (08/08/2017 16:51:38)

03 - Reset Service Permissions
   Start (08/08/2017 16:51:38)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 16:52:10)

04 - Register System Files
   Start (08/08/2017 16:52:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 16:53:05)

05 - Repair WMI
   Start (08/08/2017 16:53:05)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   No Antivirus Products Reported.

   Exporting AntiSpyware Info...
   No AntiSpyware Products Reported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (08/08/2017 16:58:21)

10 - Remove Policies Set By Infections
   Start (08/08/2017 16:58:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 16:58:30)

16 - Repair Windows Updates
   Start (08/08/2017 16:58:31)

Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0,39 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (08/08/2017 16:59:53)

17 - Repair CD/DVD Missing/Not Working
   Start (08/08/2017 16:59:53)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (08/08/2017 16:59:53)

20 - Repair MSI (Windows Installer)
   Start (08/08/2017 16:59:54)

Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0,36 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 17:00:33)

21 - Repair Windows Snipping Tool
   Start (08/08/2017 17:00:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 17:00:35)

25 - Restore Important Windows Services
   Start (08/08/2017 17:00:36)

Decompressing & Updating Windows Permission File C:\Program Files\Tweaking.com\Windows Repair (All in One)\files\permissions\7\services.7z
Done,  0,31 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 17:01:20)

26 - Set Windows Services To Default Startup
   Start (08/08/2017 17:01:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (08/08/2017 17:01:33)

27.02 - Repair Windows 8/10 App Store (Completely Reset App Store)
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1.7601.23862

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (08/08/2017 17:01:33)
   Total Repair Time: 00:16:33


...YOU MUST RESTART YOUR SYSTEM...


---------------

errors:

[08/08/2017 - 16:41:44] System Variables
[08/08/2017 - 16:41:44] --------------------------------------------------------------------------------
[08/08/2017 - 16:41:44] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[08/08/2017 - 16:41:44] VSS exe To Use: vss_7_8_2008_2012_32.exe
[08/08/2017 - 16:41:44] Windows Drive: C:
[08/08/2017 - 16:41:44] Windows Folder: Windows
[08/08/2017 - 16:41:44] Windows Path: C:\Windows
[08/08/2017 - 16:41:44] Registry File Location: C:\Windows\System32\Config
[08/08/2017 - 16:41:44] Current Profile: C:\Users\widen-finalis
[08/08/2017 - 16:41:44] Current Profile SID: S-1-5-21-4183021106-2149456055-877251859-1000
[08/08/2017 - 16:41:44] Current Profile Classes: S-1-5-21-4183021106-2149456055-877251859-1000_Classes
[08/08/2017 - 16:41:44] Profiles Location: C:\Users
[08/08/2017 - 16:41:44] Profiles Location 2: C:\Windows\ServiceProfiles
[08/08/2017 - 16:41:44] Local Settings AppData: AppData\Local
[08/08/2017 - 16:41:44] Computer Name: YOUCAM8WAIT
[08/08/2017 - 16:41:44] OS: Windows 7 Starter (32-bit)
[08/08/2017 - 16:41:44] OS Architecture: 32-bit
[08/08/2017 - 16:41:44] OS Version: 6.1.7601
[08/08/2017 - 16:41:44] OS Service Pack: Service Pack 1
[08/08/2017 - 16:41:44] --------------------------------------------------------------------------------

[08/08/2017 - 16:41:44] Backup Location: C:\RegBackup\

[08/08/2017 - 16:41:44] Silent command given, program will close after backup.

[08/08/2017 - 16:41:45] Auto Delete Old Backups Enabled, Working...
[08/08/2017 - 16:41:45] Delete backups 7 Days or older. Keep at least 5 Backups.
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------

[08/08/2017 - 16:41:45] Starting Backup...

[08/08/2017 - 16:41:45] Files To Backup:
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\components
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\default
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\sam
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\security
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\software
[08/08/2017 - 16:41:45] C:\Windows\System32\Config\system
[08/08/2017 - 16:41:45] C:\Users\Acronis Agent User\ntuser.dat
[08/08/2017 - 16:41:45] C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:41:45] C:\Users\Default\ntuser.dat
[08/08/2017 - 16:41:45] C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:41:45] C:\Users\Public\ntuser.dat
[08/08/2017 - 16:41:45] C:\Users\widen-finalis\ntuser.dat
[08/08/2017 - 16:41:45] C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:41:45] C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[08/08/2017 - 16:41:45] C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:41:45] C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[08/08/2017 - 16:41:45] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------

[08/08/2017 - 16:41:45] Backing Up Registry Files Security Descriptors (SDDL):
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------
[08/08/2017 - 16:41:45] "\\?\C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\ntuser.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\ntuser.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\ntuser.dat",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;WD)"
"\\?\C:\Users\Public\ntuser.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301ff;;;IU)(A;ID;0x1301ff;;;SU)(A;ID;0x1301ff;;;S-1-5-3)"
"\\?\C:\Users\Public\ntuser.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301ff;;;IU)(A;ID;0x1301ff;;;SU)(A;ID;0x1301ff;;;S-1-5-3)"
"\\?\C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\ntuser.dat",1,"O:S-1-5-21-4183021106-2149456055-877251859-1000G:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\ntuser.dat.old",1,"O:S-1-5-21-4183021106-2149456055-877251859-1000G:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\ntuser.dat",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\ntuser.dat",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\System32\Config\components",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\components.old",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\default",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\default.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\sam",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\sam.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\security",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\security.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\software",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\software.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\system",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\system.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"

[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------

[08/08/2017 - 16:41:45] Backing Up Files:
[08/08/2017 - 16:41:45] --------------------------------------------------------------------------------
[08/08/2017 - 16:41:45] Using Fallback Backup Method.

[08/08/2017 - 16:41:45] Backing Up File: C:\Windows\System32\Config\components
[08/08/2017 - 16:41:46] Result: Successful (34,30 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\components

[08/08/2017 - 16:41:46] Backing Up File: C:\Windows\System32\Config\default
[08/08/2017 - 16:41:46] Result: Successful (1,24 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\default

[08/08/2017 - 16:41:46] Backing Up File: C:\Windows\System32\Config\sam
[08/08/2017 - 16:41:46] Result: Successful (24,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\sam

[08/08/2017 - 16:41:46] Backing Up File: C:\Windows\System32\Config\security
[08/08/2017 - 16:41:47] Result: Successful (24,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\security

[08/08/2017 - 16:41:47] Backing Up File: C:\Windows\System32\Config\software
[08/08/2017 - 16:41:56] Result: Successful (46,31 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\software

[08/08/2017 - 16:41:56] Backing Up File: C:\Windows\System32\Config\system
[08/08/2017 - 16:42:00] Result: Successful (19,34 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\System32\Config\system

[08/08/2017 - 16:42:00] Backing Up File: C:\Users\Acronis Agent User\ntuser.dat
[08/08/2017 - 16:42:00] Result: Failed - Error: -1 (API Reg Save Failed (), Tried File Copy, File In use, Cannot copy.)

[08/08/2017 - 16:42:00] Backing Up File: C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:42:00] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat

[08/08/2017 - 16:42:00] Backing Up File: C:\Users\Default\ntuser.dat
[08/08/2017 - 16:42:01] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\Default\ntuser.dat

[08/08/2017 - 16:42:01] Backing Up File: C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:42:01] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat

[08/08/2017 - 16:42:01] Backing Up File: C:\Users\Public\ntuser.dat
[08/08/2017 - 16:42:01] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\Public\ntuser.dat

[08/08/2017 - 16:42:01] Backing Up File: C:\Users\widen-finalis\ntuser.dat
[08/08/2017 - 16:42:02] Result: Successful (3,07 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\widen-finalis\ntuser.dat

[08/08/2017 - 16:42:02] Backing Up File: C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:42:03] Result: Successful (3,72 MB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat

[08/08/2017 - 16:42:03] Backing Up File: C:\Windows\ServiceProfiles\LocalService\ntuser.dat
[08/08/2017 - 16:42:03] Result: Successful (244,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\ServiceProfiles\LocalService\ntuser.dat

[08/08/2017 - 16:42:03] Backing Up File: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:42:03] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat

[08/08/2017 - 16:42:03] Backing Up File: C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
[08/08/2017 - 16:42:03] Result: Successful (244,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\ServiceProfiles\NetworkService\ntuser.dat

[08/08/2017 - 16:42:03] Backing Up File: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
[08/08/2017 - 16:42:03] Result: Successful (256,00 KB) - C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\C\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat

[08/08/2017 - 16:42:03] Total Size: 110,00 MB

[08/08/2017 - 16:42:03] --------------------------------------------------------------------------------

[08/08/2017 - 16:42:04] Creating DOS restore bat file for use in the Windows Recovery Console:
[08/08/2017 - 16:42:04] --------------------------------------------------------------------------------
[08/08/2017 - 16:42:04] Already Exists: C:\Windows\tweaking.com-regbackup-YOUCAM8WAIT-Windows-7-Starter-(32-bit).dat for use in the dos_restore.cmd file
[08/08/2017 - 16:42:04] Done: C:\RegBackup\YOUCAM8WAIT\08.08.2017_16.41.44\dos_restore.cmd
[08/08/2017 - 16:42:04] --------------------------------------------------------------------------------


Computer: YOUCAM8WAIT (Windows 7 Starter (32-bit) 6.1.7601 Service Pack 1)
Windows Repair Auto Backup
Total Size: 110,00 MB



--

"\\?\C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\ntuser.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Acronis Agent User\ntuser.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1002)"
"\\?\C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\ntuser.dat",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;WD)"
"\\?\C:\Users\Default\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;WD)"
"\\?\C:\Users\Public\ntuser.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301ff;;;IU)(A;ID;0x1301ff;;;SU)(A;ID;0x1301ff;;;S-1-5-3)"
"\\?\C:\Users\Public\ntuser.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;BA)(A;ID;FA;;;SY)(A;ID;0x1301ff;;;IU)(A;ID;0x1301ff;;;SU)(A;ID;0x1301ff;;;S-1-5-3)"
"\\?\C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\ntuser.dat",1,"O:S-1-5-21-4183021106-2149456055-877251859-1000G:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Users\widen-finalis\ntuser.dat.old",1,"O:S-1-5-21-4183021106-2149456055-877251859-1000G:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-4183021106-2149456055-877251859-1000)"
"\\?\C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\ntuser.dat",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\LocalService\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\ntuser.dat",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.old",1,"O:BAG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\Windows\System32\Config\components",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\components.old",1,"O:BAG:SYD:AIAR(A;;FA;;;WD)(A;;FA;;;BA)(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\default",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\default.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\sam",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\sam.old",1,"O:BAG:S-1-5-21-4183021106-2149456055-877251859-513D:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\security",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\security.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\software",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\software.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\system",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\Windows\System32\Config\system.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"






for coherence this topic goes renamed soon to "pc 1: Acer Win 7 Laptop infected + problems on Xubuntu live usb/sd cards/multiboot sandisk usb key"



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:04 PM

Posted 09 August 2017 - 08:39 AM

Hi,

I Have been made aware of all you other topics and activities in this Forum and others.

I'm discontinuing the help on this topic.

My time and that of the other helpers is limited and will be well used to help others in need.

As far as I'm concerned, your repetitive actions and ignorance of the rules led to many forums to stop offering you assistance. This is the same here with me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users