After downloading a file that appeared to be installing a free program (sonyvegas) i clicked cancel at the 25% progress
however after that my internet explorer was immediately infected with various popups and adverts and my pc was much slower - it even infected norton itself partially - the desktop button had its functionality removed so if i attempted to click it , it would not open and just do nothing - so i would have to use my windows 8 program list to launch norton
I have run full system scans and power eraser/reputation scans with bootable recovery tool and they failed to find any virus even if i scaned the file specifically
so i figured i would search my computer "sony vegas" and after that it showed a folder named C:\Users\kesug_000\AppData\Local\Microsoft\Windows\INetCache\IE\X2FA1DWM
This "INETCAHCE" folder is INVISIBLE in normal file browser even with hidden files enabled - it simply does not exist unless i directly copy paste in folder adress or find a item within it with search function like 'sony vegas'
I noticed there were many new files created on 9/23/2014 and i clicked on the png's and jpg's and noted they were the same popup and advert spam i had been seeing in internet explorer , there were also 'script files' and data files in there also - all created on the time i downloaded
so i attempted to delete them but i was denied access , it seems a new user account was created that blocked my access (other downloads did not have this user blocking me) , after changing ownership to mine i was able to delete them and the popups stopped
however this user has stayed in my system infecting SPECIFICALLY files or folders that adhere to user data such as the 'search' utility or 'public desktop' and 'user app data' with different authorization levels for each , public desktop and all of my desktop items had a special permission of "delete only" while search utility and user app data had "full control"
I attempted to go into safemode and manually change ownership of all the files i could find but after rebooting my computer was seriously bugged - internet explorer was extremely slow without any adverts and it refused to download ANYTHING off the internet such as firefox mozilla , my desktop wallpaper was black,my computer slower and i was extremely sad/frustrated
but today i changed all my security settings in norton and windows to maximum , then i attempted changing my entire C:/ drive folder ownership back to mine by overriding parent control of subfolders with various sub folders included and after that my desktop wall paper returned and internet explorer stopped being so slow and it seemed fix
however this user has stayed on my computer infecting the same user app data ,public desktop, search utlilty and who knows where else - i have ownership of the files now but this unknown user still has access to these files in the user bar found in the security tab section of a items properties
even if i delete the user from the security tab in all the files in folders , the user Reappears after computer restart! so there may be a script involved but i have no clue where
name of unknown user i know came from a virus
S-1-5-21-8077971-2639352479-2834690060-1001
the name does not show up in command prompts - net user command or user accounts in control panel or add permission entries tab that lists other users like SYSTEM (screenshot included)
can someone please help me!
i just need to permanently remove this unknown user which may be tracking my information
[spoiler]
[image] http://i60.tinypic.com/zsv8k8.jpg [/image]
[image] http://i60.tinypic.com/i2vzua.png [/image]
[/spoiler]