Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"The Audio Service is not running" + error msg 0x8007000e


  • Please log in to reply
20 replies to this topic

#16 willis64

willis64
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 19 May 2018 - 12:04 AM

Wow, ok, we have restored access to Computer, Control Panel, etc off Start Menu. Whew! :) 

 

But the original issues that kicked all this off are still in place: " C:\Users\Rafa\(Folder Name Here) is not accessible  Access is denied "

That's the following folders: Application Data; Cookies; My Documents; Nethood; Printhood; Recent; Send To; Start Menu; Templates...

In C:, I get the same message trying to open Default User, and in All Users and Guillermo, the same file set are access denied.

 

I'm not sure when this happened exactly, but it wouldn't have been much time at all before I noticed this change. Any ideas, O Wise One? ;)

 

Thanks again! Will.



BC AdBot (Login to Remove)

 


#17 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,585 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 19 May 2018 - 01:11 AM

OK, good.  Do you have sound now?  I'm off to bed now and will have to think about how to proceed from here some more tomorrow, plus some more questions.  In the mean time let's see if we can get a good Speccy log.  Also go back to Post #2 and run MiniToolBox in the same way again except this time also check Flush DNS, Winsock Entries, Minidump files and Restore Points.

 

Not sure if we have WMI all the way back yet--we'll see.


The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#18 willis64

willis64
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 19 May 2018 - 09:29 PM

Yes, we have sound, sorry forgot to mention this..., logs below. Thanks again mate, have a good sleeptime!

 

Cheers, Willis

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Rafa (administrator) on 19-05-2018 at 21:24:45
Running from "C:\Users\Rafa\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Model: H81M-H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/19/2018 09:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error: (05/19/2018 08:07:37 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (456) SUS20ClientDataStore: Unable to read the header of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
 
System errors:
=============
Error: (05/19/2018 12:34:44 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (05/19/2018 09:34:07 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (05/18/2018 11:29:38 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (05/18/2018 10:14:05 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (05/18/2018 10:14:03 AM) (Source: Service Control Manager) (User: )
Description: The Intel® HD Graphics Control Panel Service service depends on the System Event Notification Service service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (05/18/2018 10:14:03 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%0 = The operation completed successfully.
 
 
Error: (05/18/2018 10:14:02 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service terminated with the following error: 
%%-2147024882 = Not enough storage is available to complete this operation.
 
 
Error: (05/17/2018 05:11:09 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
 
Error: (05/17/2018 05:11:05 PM) (Source: Service Control Manager) (User: )
Description: The Intel® HD Graphics Control Panel Service service depends on the System Event Notification Service service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (05/17/2018 05:11:05 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: 
%%0 = The operation completed successfully.
 
 
 
Microsoft Office Sessions:
=========================
Error: (05/19/2018 09:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 09:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:37:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
Error: (05/19/2018 08:07:37 PM) (Source: ESENT)(User: )
Description: wuaueng.dll456SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log-546
 
 
CodeIntegrity Errors:
===================================
  Date: 2018-05-19 12:34:36.582
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-19 12:34:36.566
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-19 09:33:58.800
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-19 09:33:58.800
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-18 23:29:31.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-18 23:29:31.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-18 10:13:59.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-18 10:13:59.395
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-17 17:11:02.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2018-05-17 17:11:02.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\IntcDAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.5.3.44396 - BitTorrent Inc.)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.4.0 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 59.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.3 (x64 en-US)) (Version: 59.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.7.0 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-US)) (Version: 52.7.0 - Mozilla)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (HKLM-x32\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.21.9613 - SoftEther VPN Project)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 59%
Total physical RAM: 8073.47 MB
Available physical RAM: 3266.68 MB
Total Virtual: 16145.09 MB
Available Virtual: 11143.57 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:488.18 GB) (Free:142.24 GB) NTFS
2 Drive d: (DATOS) (Fixed) (Total:443.23 GB) (Free:256.85 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RAFA-PC
 
Administrator            Guest                    Guillermo                
Rafa                     
 
========================= Minidump Files ==================================
 
C:\Windows\Minidump\051318-18220-01.dmp
C:\Windows\Minidump\051318-19609-01.dmp
C:\Windows\Minidump\051318-20404-01.dmp
========================= Restore Points ==================================
 
19-05-2018 06:07:31 Scheduled Checkpoint
 
**** End of log ****
 
 


#19 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,585 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 21 May 2018 - 12:10 AM

OK, not really sure what is going on with the access denied other than it seems to be confined mostly to your user profile folders--plus the all users and default user, the latter two of which is of especial concern.  The D drive problem may be related to the profiles, not sure right now.

 

My first thought is this--you mentioned looking at permissions on those folders, but did you look at ownership as well?  Let's do this--look at this list of folders and tell me who the owner of them is.  Before I write out the list, here is how you do that for each folder--I will start out with the Rafa profile folder as an example. 

 

Go to C:\Users\Rafa, right click the Rafa folder, select Properties, Security tab, Advanced button, Owner tab, in the text field under Current owner, write down exactly what appears there.  DO NOT change anything, just write down what's there, cancel out of properties and post who the owner is for each folder back here.

 

Users

All Users

Default User

Rafa

Guillermo

 

Not pleased to see you have only one restore point and it's too recent to do you any good.  In your first post you mentioned a failed attempt to run System Restore, so I assume you had it configured normally so that you had plenty of restore points to work with, so wondering how you lost them?  Did you reconfigure SR or delete restore points at any time since starting this topic?

 

Still see Driver Booster installed.  The error about your hard drive might be a result of running this software.  You can also safely uninstall SafeZone Stable--it's a "safe" browser designed by Avast and installed with it but they don't develop or support it anymore so it is basically useless.  Personally, I would uninstall Spybot S&D, or at least TeaTimer that really doesn't do much for you except possibly cause some problems when installing/uninstalling.

 

I'm looking at some other things, but this will do for now.  Still trying to figure out what caused these problems.


Edited by Papakid, 21 May 2018 - 12:11 AM.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#20 willis64

willis64
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted Yesterday, 12:01 PM

Ok, sorry the delay getting back to you, been managing a lot of stuff all at once here.

 

So owners as follows:

 

Users - Administrators (Rafa-PC Administrators)

All Users - System

Default Use - System

Rafa - System

Guillermo - System

 

These have a little lock looking icon associated with them I see.

 

As to reconfiguring or deleting restore points, I'm pretty sure I did not make any changes or reconfigs - I certainly didn't intentionally - during the many attempts I made to get to and start that function. All I could see was that it wasn't happening as if there was no restore point at all. However, it's not out of the realm of possibility. Yes, it was configured normally as I've had to use Restore a least 2x since I got this system IIRC. So I figured it would be a simple case of the same treatment. Not so this time :(

 

Looking in " D " drive, there is no change, the icons are all opaque and most don't work. The files/archives of my music, video, photos docs, etc saved there are nowhere to be seen, but properties for D show that the equivalent amount of space is still being taken up.

 

So I'll go ahead and remove these things as you've suggested.

 

Thanks for sticking with me on this mate! Cheers, Wills.

 

PS: In dealing with Avast's safezone I got a pop-up to the effect that I have 305 Gb of " System Junk " Now this is just about the size of the data gone missing on " D " after you include the stuff I've deleted off " C "... Could Avast have caused these issues? I looked, none of that stuff has been quarantined by Avast.


Edited by willis64, Yesterday, 02:46 PM.


#21 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,585 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted Today, 12:40 PM

No problem on the delay, Will--I'm busy, too, so know how it goes--and am a bit behind on answering some other threads.

 

Looks like ownership checks out when compared to my own computer's settings.  Let's see if getting WMI back has changed your ability to change permissions.  The lock icon should mean it's a permission or some other type of Access Control issue.  Go to this page:  Remove the Lock Icon from a Folder in Windows 7, 8, or 10.  Does the lock icon you are seeing look like the one pictured near the top of this page?  What I want you to do is follow the instructions there on your C:\Users folder.  When you open the Security tab, is there a Users(RAFA-PC/Users) listed under Group or user names?  If so, click on it to select then post back if its permissions in the box below are Read & execute, List folder contents, and Read are checked, and if not what permissions are?  If not there continue with the instructions on the page and give it the permissions I have just listed.  Then go back to the security tab and select SYSTEM, list the permissions checked for it, then do the same for Administrators(RAFA-PC/Administrators). 

 

I'm pressed for time today, so let's stop at this point--don't change any other permissions yet.

 

Not sure what is going on with Avast.  I've had it installed on this computer twice and had to get rid of it both times for causing some problems that were hard to nail down.  Not sure why a browser would warn about junk files.  Does the Avast interface have a junk files cleanup utility (I don't remember) and if so you might check it to see what it is considering junk.  Most likely it's a coincidence that the size is close to what you have problems with on D, but I've seen way weirder things happen.  But I'm hoping if we get your Access Controls corrected we will have access to those D files.  If not, then we can look at maybe migrating away from Avast.

 

Also, do me a favor.  When you have new info, make a new post.  I work off email notices but don't get one when you edit your post.  Use edit for typos and formatting and such.


The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users