Windows startup problems and treatments

Please attempt this.

===================================================

Run Command as Administrator

--------------------

• Click Start, type cmd, then select Run as administrator
• Individually copy and paste the below lines after the Command Prompt then hit Enter. If/when prompted answer "Y"

icacls C:\Users\Kaique-Vidal\AppData\Local\Temp /save "%userprofile%\temp" /t /c
takeown /f C:\Users\Kaique-Vidal\AppData\Local\Temp /r
icacls C:\Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c
del C:\Users\Kaique-Vidal\AppData\Local\Temp (Type Y then hit Enter to confirm action)
icacls C:\Users\Kaique-Vidal\AppData\Local /restore "%userprofile%\temp"

• Reboot your computer and check the performance

===================================================

Things I would like to see in your next reply.

• Results?

first line (icacls C:\Users\Kaique-Vidal\AppData\Local\Temp /save "%userprofile%\temp" /t /c)

result: 165 files successfully processed; failed to process 0 files

 

second line(takeown /f C:\Users\Kaique-Vidal\AppData\Local\Temp /r)

result:C:\Windows\System32>icacls C: \Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c

Invalid parameter "\Users\Kaique-Vidal\AppData\Local\Temp"

 

third line (icacls C: \Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c)

result: C:\Windows\System32>icacls C: \Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c

Invalid parameter "\Users\Kaique-Vidal\AppData\Local\Temp"

 

fourth line (del C:\Users\Kaique-Vidal\AppData\Local\Temp)

result: The file is already being used by another process.

 

fifth line: C:\Windows\System32>icacls C:\ Users\Kaique-Vidal\AppData\Local /restore "%userprofile%\temp"

Invalid parameter "Users\Kaique-Vidal\AppData\Local"

 

 

When restarting, it is no longer opening any browser at first. several files appear at first.. when you locate them they are named: chrome_url_fetcher_2652_(random number) and within them is a crx file with the name extension_1_0_64. in addition to those that always appear. there is also a file called: SquirrelSetup. it looks like this:

 

023-09-14 23:52:02> Program: Starting Squirrel Updater: --uninstall --msiUninstall --source=default

2023-09-14 23:52:02> Program: Starting uninstall for app:

2023-09-14 23:52:02> Program: CheckAndTryDeleteInstallSource msiUninstall: True

2023-09-14 23:52:02> RegistryService: TryGetRegKey: HKEY_CURRENT_USER\Software\Microsoft\Office\Teams\InstallSource does not exist

2023-09-14 23:52:02> Program: CheckAndTryDeleteInstallSource isInstallSourceExpected: False

2023-09-14 23:52:02> Program: CheckAndTryDeleteInstallSource: MSI uninstall initiated, but no MSI-installed Teams found. Quitting

2023-09-14 23:52:02> Program: Uninstall: checkAndTryDeleteInstallSource? False

 

Finally, there is:__PSScriptPolicyTest_0acgf2dy.sgn.ps1. it says that the PowerShell test file to determine AppLocker lockdown mode.

 

just that.

Greetings.
 

second line(takeown /f C:\Users\Kaique-Vidal\AppData\Local\Temp /r)
result:C:\Windows\System32>icacls C: \Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c
Invalid parameter "\Users\Kaique-Vidal\AppData\Local\Temp"

third line (icacls C: \Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c)
result: C:\Windows\System32>icacls C: \Users\\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c
Invalid parameter "\Users\Kaique-Vidal\AppData\Local\Temp"

fifth line: C:\Windows\System32>icacls C: \Users\\Kaique-Vidal\AppData\Local /restore "%userprofile%\temp"
Invalid parameter "\Users\Kaique-Vidal\AppData\Local\Temp"

I am not sure what happened but there is an issue with the commands that are being either typed or copied and pasted after the command prompt. As you can see in the highlighted red portion, the extra spaces are preventing the proper processing of the commands.

Let's try and rerun the script again making sure the spaces aren't there. If this doesn't work there is a more complex step we will need to take. I am trying to avoid that.

Let me know what happens.

second line(takeown /f C:\Users\Kaique-Vidal\AppData\Local\Temp /r)

result: SUCCESS: the file (or directory): "C:\Users\..." is now owned by "DESKTOP-RTLM44P\Kaique"

 

third line (icacls C:\Users\Kaique-Vidal\AppData\Local\Temp /grant administrators:F /t /c)

result: Successfully processed 126 files; failed to process 0 files

 

fifth line (icacls C:\Users\Kaique-Vidal\AppData\Local /restore "%userprofile%\temp)

result:C:\Users\Kaique-Vidal\AppData\Local\Temp\0206cbe2-dedd-462a-8412-c2257ab47c06.tmp: The system cannot find the specified file.

Successfully processed 1 files; failed to process 1 files

I should have been more clear. We needed to run all the commands again including the line to delete the folder.

At the Administrator Command Prompt do this also,

del C:\Users\Kaique-Vidal\AppData\Local\Temp (Type Y then hit Enter to confirm action)

1.Successfully processed 139 files; failed to process 0 files

 

2.SUCCESS: The file (or directory): "C:\Users\Kaique-Vidal\AppData\Local\Temp" is now owned by "DESKTOP-RTLM44P\Kaique".

 

3.Successfully processed 140 files; failed to process 0 files

 

4.The file is already in use by another process.

Unable to find C:\Windows\System32\y

 

5.C:\Users\Kaique-Vidal\AppData\Local\Temp\AMDLinkDriverUpdate.xml: The system cannot find the specified file.

Successfully processed 32 files; failed to process 1 files

4.The file is already in use by another process.

Unable to find C:\Windows\System32\y

With the del command, type del C:\Users\Kaique-Vidal\AppData\Local\Temp then hit Enter. Following that it will ask you to confirm the action by typing Y. Type Y then hit enter again.

I understood it that way the first time. but they all give the same answer. "the file is already being used by another process"

Sorry I wasn't sure.

Please do this.

===================================================

UnLock IT by EMCO

--------------------

• Right click on UnLock IT, select Save Link As... and save the file onto your Desktop
• Right click on UnLockITSetup.exe then select Run as administrator
• Click Next
• Review the License Agreement if you would like, select I accept the License Agreement
• Click Next 3 times then Install
• Following installation select Finish to launch UnLockIT
• Click Unlock then select Unlock Folder
• Navigate to then select C:\Users\Kaique-Vidal\AppData\Local\Temp
• Click OK
• Left click on the folder below to highlight it
• Click Unlock and confirm the folder now indicates Unlocked (if not stop and let me know)
• Click Delete and confirm the folder has been removed

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Results?

I did it, at the end it asks to restart. After restarting, I opened the temp/InstallManagerApp folder and some others that appeared when restarting

Are there any files similar to C:\Users\KAIQUE~1\AppData\Local\Temp\42cb3e1d-5ee3-4473-93e1-925745030850.tmp?

There is one with this name:04c4a5b1-13c0-46b5-95bd-19fd3fa841c4.tmp

with 4mb

Please run this modified version of UnLockIT

===================================================

UnLock IT by EMCO - No Download

--------------------

• Right click on UnLockIT then select Run as administrator
• Click Unlock then select Unlock File
• Navigate to then select C:\Users\Kaique-Vidal\AppData\Local\Temp\04c4a5b1-13c0-46b5-95bd-19fd3fa841c4.tmp
• Click OK
• Left click on the file below to highlight it
• Click on the Locks Details tab
• Click on the Processes tab
• Take a screen shot of this window and attach it to your reply
• Click on the Permissions tab
• Take a screen shot of this window and attach it to your reply
• Click on the Shares tab
• Take a screen shot of this window and attach it to your reply
• Close the Locks Details window
• Click Unlock and confirm the folder now indicates Unlocked (if not stop and let me know)
• Click Delete and confirm the folder has been removed
• Click Log in the lower left hand corner of the window
• Above and to the right of the Time drop down arrow click on the 1st icon to Export the report
• Export the file to your Desktop and attach it to your reply
• Reboot and check for .tmp files

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Attached files
• Results?

I did the procedure.

  the tmp file always disappears when I put it in the program. it also doesn't show anything in the screenshots. When I go to delete it, it no longer exists. This happens with part of these files. On the other hand, it doesn't even let me do the process, they stay: not locked.

 

in screenshots 1-4: procedure done but without results.

5- file not locked

6- overview of the problem

Can you confirm all of those are being recreated upon boot up? So you successfully delete them and then they reappear after booting?