HELP, FILES ARE INVISIBLE AGAIN, not sure if virus, external drive read only

Hello, I very much hope you can help me again. I’ve been very safe and paid close attention to the computer but files on the external hard drive have gone invisible again and can only be seen using an elevated command prompt and some minor knowledge of ATTRIB, not enough knowledge to help unfortunately.
For some reason, my external drive was treated as if it were part of the c: drive and locked down on Read Only. I have taken ownership, given full control to my 3 admins, and shared the drive with my characters and System (read/write) yet even McShield wont scan the drive, it acts like it’s not even there, I can not make changes to files on the drive, a large amount of hidden videos have gotten dumped into the J:\external drive’s $recycle.bin and I cannot access those files no matter what I do, I can’t even dump the bin, which i don’t want to do because something is apparently hiding things and throwing them away and I really would not like to lose a large amount of videos that are hiding inside that bin. When you go into the bin it shows as clean, yet when you click “select all” and “properties” you find many gigabits of invisible items hiding and I cannot get mcshield to access the drive to Unhide items. I have used command prompt ATTRIB to unhide remove Read Only, to no affect.
Please, I beg for your assistance again, I’m not sure what’s going on, I’m not good enough at this to know, but there['s somethingwrong.
Please help.

Luke Rivard
ps. I love your products for my android, I['ve become an Avast advocate lol

MCSHIELD REPORT (not scanning J:\external drive)

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<

3/22/2016 5:24:07 PM > Drive C: - scan started (OS ~582 GB, NTFS HDD )…

=> The drive is clean.

3/22/2016 5:24:07 PM > Drive I: - scan started (Transcend ~60240 MB, FAT32 flash drive )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<

3/22/2016 5:32:11 PM > Drive C: - scan started (OS ~582 GB, NTFS HDD )…

=> The drive is clean.

MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

v 3.0.5.28 / DB: 2016.2.21.1 / Windows 7 <<<

3/22/2016 5:33:24 PM > Drive I: - scan started (Transcend ~60240 MB, FAT32 flash drive )…

=> The drive is clean.

more information. there appear to be a whole lot of group policy restrictions for some reason. the external drive’s recycle bin cannot be emptied and says it’s corrupted, but thats the one thats full of gigs of vids and who knows what else. I am owner with full controll yet I cannot control the external and it’s contents, although I carried my full control down the line through every folder and file. the parent appears to be the J: drive itself, which i am owner of, and I just don’t know what to do.
thank you in advance for you help, you guys are much appreciated and I spread the name Avast wherever I can.

Luke :slight_smile:

Thank you for the logs. I think we need to back out some protection items and then we can get to the ‘root’ of the problem(s).

Please start CryptoPrevent and undo all the protection options. Start the program > click OK > select None and click Apply. Reboot your system to apply the changes.

Next, we need fresh FRST scans to be able to clean up what is left before moving onto repairing the system.

[*]If you still have the Addition.txt file on your desktop, please delete it now.
[*]Right click the FRST file on your desktop and select “Run as Administrator…” (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]If an update is available, the program will inform you and download the update. Allow it do this please. Otherwise, just wait for the “The tool is ready to use.” message.
[*]Please check the Addition.txt in the Option Scan section of FRST.
[*]Press the Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The tool will generate will another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thank you so much in advance, I don’t think i’ve seen such skill as i have here. Attached are Frst.txt and Additions.txt. Please request anything you need.
Sincerely,

Luke

Thanks for that; CryptoPrevent undid very cleanly and we can get to work now.

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Prism Video File Converter

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

- Right-click on 

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
- Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.

LAST >>>>
It looks like you just had some other malware removed; can I ask briefly what it was and you got a “clean bill of health” correct?

Yes, I was infected with some sort of malware and autorun.inf. My files kept getting moved and hidden leqaving beind a fake folder. After the process here, I believe I was completely cleaned up and protected. I don’t know what is going on now, I just don’t seem to have any control over my own computer.
But yes, i got a clean bill of health and i was happier than i had been in months. I hope you can fix my issues now, actually I’m certain of your abilities.

Please request anything further you may need.

sincerely

Luke

The last of the malware scans …

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

http://i1351.photobucket.com/albums/p785/dbreeze2/Scanners%20screens/AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don’t want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this

http://1.bp.blogspot.com/-vitKqfMQS4o/UEDylIQ7HJI/AAAAAAAABLc/Hx-IwqKoaxg/s1600/adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here’s Why and Here. You can always Reinstall it.

LAST >>>>

Malwarebytes’ Anti-Malware
Please start Malwarebytes’ Anti-Malware from either the START menu or the desktop shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/Main%20Screen_zpsnnwza0ky.png

Once the program has loaded and updated, select “Scan Now >>” to start the scan.

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

http://i1351.photobucket.com/albums/p785/dbreeze2/MBAM2_0/v2-1-4-1018/mbam21-removeselected_zpsg83p7wis.jpg

If any malware is found, make sure that everything is checked, and click Remove Selected.
When the scan is complete, click View detailed log >> to view the results.
The report screen will open.
At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN.
The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Luke (Administrator) on Wed 03/23/2016 at 11:20:08.10

File System: 4

Failed to delete: C:\ai_recyclebin (Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\Luke\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)

Registry: 0

Scan was completed on Wed 03/23/2016 at 11:23:00.18
End of JRT log

AdwCleaner v5.105 - Logfile created 23/03/2016 at 11:54:48

Updated 21/03/2016 by Xplode

Database : 2016-03-23.1 [Server]

Operating system : Windows 7 Home Premium Service Pack 1 (x64)

Username : Luke - LUKE-PC

Running from : C:\Users\Luke\Desktop\2ND MALWARE CLEANUP\adwCleaner\AdwCleaner.exe

Option : Clean

Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****


:: “Tracing” keys removed
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C1].txt - [952 bytes] - [23/03/2016 11:46:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [802 bytes] - [23/03/2016 11:54:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [791 bytes] - [23/03/2016 11:29:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [935 bytes] - [23/03/2016 11:51:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1018 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malware Protection, Starting,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malware Protection, Started,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Starting,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Started,
Update, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Manual, Remediation Database, 2016.2.12.1, 2016.3.18.1,
Update, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Manual, Domain Database, 2016.2.16.8, 2016.3.23.4,
Update, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Manual, Malware Database, 2016.2.16.6, 2016.3.23.5,
Update, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Refresh, Starting,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Refresh, Success,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Starting,
Protection, 3/23/2016 12:09 PM, SYSTEM, LUKE-PC, Protection, Malicious Website Protection, Started,
Scan, 3/23/2016 12:38 PM, SYSTEM, LUKE-PC, Manual, Start:3/23/2016 12:10 PM, Duration:28 min 7 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

I hope that was everything…

Lets move on to repairing the system …

If you have any questions at any point of this, stop and come back for more detailed help.

Please download “Windows Repair - All in One” from here. Please choose “Save file…” if you get options to open the file. Once the download is complete, run the file and install the program on your system. Please use the default settings for locations as it will help with log retrieval and fixing the registry should anything be needed.

Right click on the desktop shortcut for “Tweaking.com - Windows Repair” and select ‘Run as administrator’.

The program will run a self check to make sure that all the correct files are in place for it to run and then it will load the program. As you can see, there are many steps to take in using this program. Mainly, the first few steps involve checking for proper Windows files and backing up the system as a precaution.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step1_zpswsvkpwps.png
]

You can read the notes on the first screen but the important thing to do is click on “ReBoot to Safe Mode” and allow the system to restart itself. Once the system is started in safe mode and you have logged in (using an administrative level account), restart the program and move onto the Step2 screen.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step2_PreScan_Check_zpsz4jtz5na.png

Please click on “Open Pre-Scan” to load a utility to verify some Windows resource / build files and settings.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step2_PreScan_Start_zpsqsnaduax.png

Click on “Start Scan” and allow the routine to run. You can see the status of the checks in the window.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step2_PreScan_Finish_zpscticsthm.png

When the routine is finished, it will report on any problems found and you can click on the appropriate repair button if needed. Once this is done, you can close this window and click on Step3.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step3_CheckDisk_zpsn3dmzb3p.png

Click on the “Check” to see if a repair disk check routine needs to run. A Command Prompt window will open and you can view the status of the routine. If the routine finds that repairs need to be made, please select “Open Disk Check at Next Boot” and then click on the “Reboot To Safe Mode” button. Once the routine(s) completes, please select Step4.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step4_SFCscan_zpsrgf8dxrt.png

Please click on “Do It” to run a SFC /scannow routine. If the routine makes any repairs, please reboot your system (again into Safe Mode). If the routine does not make any repairs, please move onto Step5.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step5_Backup_zpsu1i9cqxu.png

Once there, click on “Backup” under the 1. Registry Backup. This will make a complete backup of the current registry which can be reloaded should anything go wrong with the repairs that are going to be made. Next, click on the “Create” under 2. System Restore. Once both of these backups are made, select Repairs.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step6_Repairs_Tips_zpspmp4g2yh.png

I would suggest that you read the Tips For The Best Repairs Results. Once this is done, click on “Open Repairs”.

http://i1351.photobucket.com/albums/p785/dbreeze2/Windows%20Repair%20All%20in%20One/WEAIO%20v3_5/Step6_Repairs_Start_zpsoiow1cxf.png

On this screen, click the following: Defaults. The screen and options should look very much like the picture above. Click “Start Repairs” and confirm that the program starts running the fixes. This will take a while to run, so you can let it run unattended if you like. Log files are being recorded as the repairs are being executed. Once the repairs are finished, reboot your system (normal boot now) and tell me how it is running now.

hey Debrisendine, I’ve run into a snag and cannot move further, I need your advice on how best to proceed.

Chkdsk scans Files,
File verification completed.
862 large file records processed.
0 bad file records processed.
0 EA records processed.
124 reparse records processed.

and Indexes but immediately stops at the completion of Indexes because two problems are found:

Index entry Local State in index $I30 of file 630973 is incorrect.
Index entry LOCALS~1 in index $I30 of file 630973 is incorrect.
27 percent complete. (768240 of 808388 index entries processed)
27 percent complete. (768859 of 808388 index entries processed)
27 percent complete. (769656 of 808388 index entries processed)
27 percent complete. (770075 of 808388 index entries processed)
27 percent complete. (770414 of 808388 index entries processed)
27 percent complete. (770843 of 808388 index entries processed)
27 percent complete. (771222 of 808388 index entries processed)
27 percent complete. (771633 of 808388 index entries processed)
27 percent complete. (772057 of 808388 index entries processed)
27 percent complete. (772250 of 808388 index entries processed)
27 percent complete. (772622 of 808388 index entries processed)
27 percent complete. (773776 of 808388 index entries processed)
27 percent complete. (774981 of 808388 index entries processed)
808388 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

I’ve read through Shane’s handbook on running Chkdsk but I’m afraid I’m just not savvy enough to understand well enough what my best course of action is at this time.

Would you mind advising me on this subject?

Thank you for all your help, it’s greatly appreciated.

Sincerely,
Luke

It looks like you are running Step3.1 which has found errors it can not fix in Read Only mode. Please move on to Step3.2 “Open Check Disk At Boot” and then click on the Reboot to Safe Mode.

Hi Dbrisendine, could you possibly help me again? I’ve had to run chkdsk 3-4 times, but only once after you gave me your advice. Problem is, I wasn’t around to see the finish and I cannot locate the report. Do you know where the chkdsk reports are saved to? It seems I saw mentioned in a post but I can’t seem to find the answer there either.

Please advise,

Thank you again,

Luke

I’m sorry, I just noticed this in the event viewer and wanted to advise you in case it’s important:

Log Name: Application
Source: TweakingRemoveSafeBoot
Date: 3/25/2016 1:27:13 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Luke-PC
Description:
The description for Event ID 0 from source TweakingRemoveSafeBoot cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

TweakingRemoveSafeBoot
TweakingRemoveSafeBoot is stopping and uninstalling itself.

Event Xml:



0
4
0
0x80000000000000

24693
Application
Luke-PC



TweakingRemoveSafeBoot
TweakingRemoveSafeBoot is stopping and uninstalling itself.

As well, I found this:

Log Name: Application
Source: TweakingRemoveSafeBoot
Date: 3/25/2016 1:27:12 PM
Event ID: 0
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Luke-PC
Description:
The description for Event ID 0 from source TweakingRemoveSafeBoot cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

TweakingRemoveSafeBoot
TweakingRemoveSafeBoot is calling bcdedit /deletevalue {current} safeboot

Event Xml:



0
4
0
0x80000000000000

24692
Application
Luke-PC



TweakingRemoveSafeBoot
TweakingRemoveSafeBoot is calling bcdedit /deletevalue {current} safeboot

It seems I made a mistake, I should have sent you these so that you could see what was done. These scans were done before I really new what I was doing and I assumed the latest report was all you needed. If these help you, I’m glad, and I apologize for overlooking them.
On the other hand the last scans have not produced a report like these and I can’t figure out why.

The last scan I performed was done in complete safe mode as advised but I don’t see a report, but I do recall seeing those two error messages as the scanned finished and stopped itself, even after these fixes were applied. Don’t know what they mean though.

Please advise as to how I should proceed when you get a moment.

Thank you,

Luke

This is the easiest way to get a log for Chkdsk:

Please download ListChkDskResult by SleepyDude and save it to your desktop.

  • Right-click on icon and select
    https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
    Run as Administrator to start the tool.
    • A message about checking Windows Event Log will pop-up. Click OK.
    • Wait patiently until a notepad window will open. This won’t take long.
    • The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.
      Please include the content of this file in your next reply.

Also, how is your system running now?

The log seems to show that several scans were run when 3/25 was the latest one that was run. I don’t understand why it suddenly started doing scans in Read Only mode eventually but it looks to me, if i’m not reading it wrong, that errors started popping up only after it started in Read only mode.

The computer seems to be running fine; i’ve regained access to my external drive and can now write to it and mcshield was able to scan it yesterday but that may have been a manual run started by me so i’m still not certain, it hasn’t scanned it today.

I’ve already run the System File checker but, once again, I can’t find the log. However, I was present when it completed and it had found no problems.
I’ve also run the Registry Backup and Restore programs. Please let me know if there is anything I need to do differently.

Thank you sincerely for all your help,

Luke

That log looks good and along with the Windows Repair All-In-One log, I would say that everything seems to have worked fine. Your files are no longer hidden / Read Only? If the system runs fine for you then let’s clean the malware tools off the system and get you on your way.

If you did not already do so, you can uninstall Tweaking.com’s Windows Repair utility. (It’s a great utility and it gets updated very frequently, so it is best to download a fresh copy should you need it later.)

If everything else if fine for you (Avast is running / scanning with no warnings, etc.) then I will remove our tools and get you on your way …

Clean up of Malware Removal Tools
Now that we are through using these tools, let’s clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

[]Download Delfix from here to your desktop and double click it to start the program
[*]Ensure Remove disinfection tools is ticked
Also tick:
[
]Activate UAC
[]Create registry backup
[
]Purge system restore
[*]Reset system settings

http://i1351.photobucket.com/albums/p785/dbreeze2/just%20stuff/DelFixSelectall_zps0f04cec4.png

[*]Click Run
[*]The program will run for a few moments and then notepad will open with a log. Note: Please save this log first before rebooting your system (if asked to); DelFix does not save the log as it is trying to remove all traces of our work on your system. Please attach the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

==Some Tools to consider to help keep your system safe ==

Consider a program that will check for out-of-date programs on your system
Some programs don’t have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).

Unchecky is a small service that runs in the background to help keep those “extra toolbars” and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won’t have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online


I’ll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!

It seems i’ve made a mistake. My external hard drive is still locked in the Read Only status and McShield is unable to scan it. I can force-scan it by using the right click menu, but that doesn’t exactly fix the overall problem, who knows what else can’t access that drive when it needs to? And it’s always that drive where files and folders turn up missing/hidden.
I simply dont know what to do, is there some way you can help with this? I am owner of the J:\external drive and it’s shared with my admins and standard user, as well as with System. This started when I first began playing with Ownership/Permissions, I had no idea what I was causing to happen, but now I can’t get it straightened out.

Can you please help me on this, it’s where all of my documents and important things are contained, along with a 64 gb flash drive.

Please advise, I really need total control of that drive and it’s contents.

Thank you once again for all your help, It’s appreciated

Luke

this is the cleanup log you requested, I look forward to finding out if there’s anything you can do to stop my external hard drive from being read only.

again, thank you for everything, its much appreciated,\

Luke