Jump to content
garioch7

Wise Care Defaults Cause System Resource Integrity Violations

Recommended Posts

I recently had an issue with my laptop when Malwarebytes Anti-Malware Premium could no longer complete an anti-rootkit scan successfully.  That issue is since resolved; however, in the process of trying to identify the cause, I ran an "sfc /scannow" from an elevated command prompt and it found eight errors that it could not fix.  WiseCare had, by default, eliminated the Windows Sample Pictures, a sampleres.dll file, and a desktop.ini file from that folder.  I found a source for the photos and copied them back and also found the .dll file and copied it back to the Sample Pictures folder.  The sfc errors persist.  Obviously WiseCare deleted some registry keys.

 

Can this be fixed?

 

I would like to recommend that WiseCare not take any actions, by default, that cause sfc resource integrity violations.

 

I hope someone has a cure for this issue and that WiseCare will correct this problem with a future release.

 

Thank you and have a great day.

 

Regards,

-Phil

Share this post


Link to post
Share on other sites

Xilolee:

 

The cbs.log is on my laptop, which I am not using right now.  I am on my main computer.  I will post the sfcdetail.txt file, plus the cbs.log file, on Friday, if not before.

 

Have a great day, and thanks for your interest.

 

Regards,

-Phil

Share this post


Link to post
Share on other sites

Hello again Phil,

 

After reviewing all the details of your issue (and those posted by my2cents), I believe you have the following options available:

 

1. Use a system restore point to revert (if available)

 

2. Check out this detailed procedure for fixing sfc /scannow errors in Windows 7:

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Note: This procedure will require you to have the original Win 7 installation disc.

 

3. Do a repair install:

http://www.sevenforums.com/tutorials/3413-repair-install.html

 

4. Do an OEM recovery (if applicable)

 

 

Good luck,

 

UCanFixit

Share this post


Link to post
Share on other sites

UCanFixit:  Thank you for your advice.  I have run the Windows System Update Readiness Tool and the checksur.log reports the same eight files missing.  It has been over a month since I first discovered this issue and I have no idea when WiseCare took out the files, so a system restore is not really an option for me.  I also am unwilling to attempt a Windows Repair, since it could sideswipe updated drivers, of which I have more than a few, at least not for the sake of some sample photos which are not affecting the functionality of the laptop.  When I get it fired up on Friday, I will check to see if the Windows Media features are turned on and report back with the sfcdetails.txt.  The checksur.log is now long gone, having been deleted by WiseCare I presume.

 

Not really happy that WiseCare creates SFC violations by default.  Should be the reverse.  WiseCare should be warning users if a proposed "clean" is going to cause SFC resource integrity violations.

 

Have a great day, and thanks again.

 

Regards,

-Phil

Share this post


Link to post
Share on other sites

Xilolee:

 

Per your request, I am attaching the cbs.log file and the sfcdetails.txt files.  The Forum told me I could not upload a cbs.log file, so I renamed it to cbs.txt.

 

Sorry for the delay in getting back to you, but it has been a very busy week for this old guy.

 

Have a great day.

 

Regards,

-Phil

sfcdetails.txt

CBS.txt

Share this post


Link to post
Share on other sites

Hello Phil,

 

I just reviewed your logs and it clearly looks like the files are missing but I thought you had recovered them. I see no evidence of any registry corruption so I extracted the missing files from my Win 7 SP1 (x64) Home Premium DVD and zipped them into an archive named phil.7z. I have sent that zipped file to your email address on record. Let me know if this works for you because I can't see anything else wrong in your logs. Good luck,

 

UCanFixit

 

PS: I sent it to your Yahoo address and it looks like it went there OK

Share this post


Link to post
Share on other sites

I just saw something important in your opening statement. You said "also found the .dll file and copied it back to the Sample Pictures folder." However, that dll belongs in the system32 folder (not the samples picture folder). Try moving it to there and see what happens.

Share this post


Link to post
Share on other sites

UCanFixit:

 

I copied your version of the sample photos into the Public Pictures\Samples Pictures folder.  I copied your version of sampleres.dll to the System32 folder.  Turns out there was already a copy with the same time and date in the System32 folder, but I let it overwrite with your version.  There is one missing file "desktop.ini" which was not in your 7z package and which sfc is reporting as corrupt or missing.

 

I am attaching the latest cbs.log file and the sfcdetails.txt file that I created this afternoon, which report no improvement in the situation, despite your best efforts, which were, and are, much appreciated.  I tried to rename the cbs.log file to "cbs.txt" since the Forum won't accept to upload ".log" files, but it exceeded the 2 MB limit, so I have zipped it.  I had to download PeaZip to open your 7z file.  I use Secure Zip and I guess my version is getting on in years, because it wouldn't touch your 7z file.  From what I can see, the latest version supports .RAR, but no mention of 7z.

 

I became aware of this issue when Malwarebytes Antimalware Premium 2.0.2 could no longer successfully complete a scan when Anti-Rootkit scanning was enabled; otherwise it ran fine.  Windows would report that MBAM had stopped working and it was checking for a solution.  I ran an sfc and discovered these errors.  I had run Wise Care the week before and had not run MBAM since.  Prior to that MBAM worked just fine.  I must have forgotten to uncheck not to delete all the Windows Sample Pictures, which I normally do, and which, as I have stated, I regarded as a nuisance, even more so now that it is provoking resource integrity violations,

 

I first posted in the MBAM Help Forum and they had me run FARBAR scans and post the results.  It was their opinion that either ParetoLogic or Wise Care had damaged my registry.  There have been no Paretologic products on my computers in well over a year, before I even purchased MBAM, so that leaves Wise Care as a suspect.

 

I was then referred to the MBAM Malware Removal Forum to determine if the laptop might be infected.  After much scanning and testing and posting of results, the conclusion was that the computer was clean.  The problem of  MBAM not completing an anti-rootkit scan was resolved by me downloading and installing their latest beta version last week.

 

I am certain that the computer is not in any way infected.  I am running Windows 7 HP x64 SP1 fully updated, Bitdefender 2015 Total Security, MBAM Premium (Beta), and Malwarebytes Anti-Exploit Premium, all updated to the latest databases/versions.

 

I continue to think that somehow in removing the sample pictures, WiseCare deleted, or modified, registry entries relating to the pictures.  The only other cause I can think of right now is that the missing "desktop.ini" is causing sfc to fail because it contains pointers to the pictures and the .dll.

 

Any further suggestions would be greatly appreciated.  The laptop is fully functional.  I just don't like having Windows report errors with my OS.

 

Have a great day.

 

Regards,

-Phil

sfcdetails.txt

CBS.zip

Share this post


Link to post
Share on other sites

Phil,

 

The desktop.ini file was actually included in the zip file I sent. Maybe you need to turn on "view hidden files" to see it... but it is there. Anyway, it appears that is not your issue as everything looks the same. At this point I am convinced the only way to fix this issue is to look towards the registry. Now, if I am correct, someone will have to identify every registry entry that was deleted by the WRC part of Wise Care, so they can be individually restored. I think xilolee is running Win7; yes?

 

In any event, I am going to yield to xilolee until he either finds a solution or exhausts all efforts in doing so; however, I think the logs are useless at this point and that is why I want to see where that leads. In summary, if all efforts are exhausted, and xilolee does not have Win 7 loaded, I will reload Win 7 on my laptop and find all those missing registry entries.

 

Good luck and I'll be watching,

 

UCanFixit

 

Screenshot_18.png

Share this post


Link to post
Share on other sites

Thank you for all of your assistance.  This being the Thanksgiving weekend in Canada and I am committed to other priorities for the next day, I will get back with a checksur.log on Wednesday.  I really do appreciate your help.  I am convinced that

the registry is damaged and I do have hidden files unchecked.  If you say the desktop.ini file is there, UCanFixit, I will unhide even protected operating system files to see the desktop.ini file is there since you say it was included and re-run the sfc if it finds the desktop.ini.file.

 

It is good to have such support and it is much appreciated.  Unfortunately, due to timing, I am unable to respond as quickly as I would like.

 

Have a great day.  Will report back on Wednesday.

 

Regards,

-Phil

Share this post


Link to post
Share on other sites

Xilolee:

 

The original checksur.log did show the sample pictures and associated .dll and ini files missing, but it is long gone (think Wise Care deleted that too).

 

On my main computer, the checksur.log shows no errors, but after following the advice provided by UCanFixit, sfc still can't resolve the "desktop.ini" file.  You can tell from the attached "sfcdetails.txt" files that I have been running scans most of the day, trying to fix the problem.

 

On my laptop, after I deleted "desktop.ini", checksur reports that file is missing and it cannot be repaired by sfc.  I will reinstate that file, but restoring it will result in the previous condition that sfc reports the desktop.ini file is an uncorrectable system resource integrity violation.  I am guessing some registry keys were hit by Wise Care that will have to be discovered and restored.

 

I am most grateful to UCanFixit for all of his help, and I deleted the laptop "desktop.ini" file as his request to see if Windows would recreate a good version, but it hasn't so I will put it back for now.

 

Wise Care needs to deal with this serious issue on a priority basis.

 

Have a great day.

 

Regards,

-Phil

sfcdetails.txt

Share this post


Link to post
Share on other sites

Well, good job to both of you!

MS should not have included those files in its protections anyway...

Have you and ucanfixit got the same exact OS?

Have you got the windows installation cd?

Yes, I loaded a clean install of windows SP1 and I also extracted the files from the Win 7 SP1 installation CD/DVD. The funny thing is that I was able to duplicate Phil's issue (on my Win 7 clean install) by using Wise Disc Cleaner to just delete the Photo Samples. Specifically, the sfc failures looked exactly like Phil's. Once done, I extracted those missing files (from the installation CD) and restored them to both the Photo Samples folder and the winsxs folder and that fixed all related sfc issues. Then I zipped those files to Phil and he was able to improve his sfc results where only the desktop.ini was causing an issue; however, his second computer did not fare as well because it still showed all related errors in the sfcdetails log. Any ideas would be appreciated. I think I covered it all.

Share this post


Link to post
Share on other sites

Xilolee:

 

With respect, it is unacceptable for reputable software to cause system resource integrity violations in Windows 7 by default.  The opposite should occur.  The software should warn the user that removing those files will cause sfc /scannow violations and Windows System Readiness Tool checksur.log violations.

 

UCanFixit (thank you) and I have spent hours trying to resolve the issue that Wise Care caused to my laptop and my main tower computer.  We still have not solved the "desktop.ini" system resource integrity violation affecting both of them.

 

I have a friend's computer in here for virus (boot sector) and antimalware removal.  I received it yesterday.  I have had his computer here before and resolved his issues and also previously installed Wise Care on it.  I have removed Wise Care from his computer today and I will removing it from all other computers that I come in contact with unless Lespeed fixes this problem.  It is too dangerous for the average user.

 

It is difficult enough to diagnose what viruses and malware have done to Windows system resource integrity without having to examine cbs.log and checksur.log files for unnecessary violations caused by Wise Care.  The amount of space saved by deleting those Sample files is not at all commensurate with the consequences to the user and to those trying to assist the user.

 

I will leave Wise Care 365 Pro on both my computers for the time being (I have three licences), but it will be uninstalled if the programmers think that the current behaviour of their program does not need to be corrected.  I am certain that UCanFixit and I would both like to be reimbursed for our time and trouble trying to fix the damage done by Wise Care ... and we are not there yet.

 

The program obviously has authority to remove files from protected areas of the Windows system.  To copy the files back, I had to take ownership way down in the bowels of the winsxs folder.  This is well beyond the knowledge of your average user who is obviously trusting that if Wise Care recommends something, like deleting the Samples, it is safe to do.

 

I don't think Windows is at fault.  We could have a philosophical discussion forever on whether Microsoft should have made those files so important to system integrity, but the bottom line is that they did and the Wise Care programmers should have known that and not offered to remove them, by default.

 

I realize that you are a Moderator and not a representative of Lespeed, but I am sure you would not be happy if it happened to your computer.  I only learned of this "default behaviour" because it was identified to me as a possible cause of Malwarebytes Anti-Malware (MBAM) not successfully completing an anti-rootkit scan on my laptop.  Windows would report that MBAM had stopped working.  Ultimately, the missing Sample Pictures turned out not to be cause but it wasted a lot of time for me and the Malwarebytes Anti-Malware removal experts, and it still is.    After exhaustive analysis in the Malwarebytes Anti-Malware Removal Forum, it was ascertained that my laptop was not infected and that it seemed to be related to an "architectural" issue with my particular DELL model of laptop.  An MBAM beta release solved the issue and it had been reported to them from some other users with a similar issue and they fixed the issue.

 

That is what one expects.  If a problem is identified, then the company should respond.  As UCanFixit has stated, the programmers at Wise Care can replicate this issue on any Windows 7 computer if they take the time.  There is a huge base of Windows 7 users out there, like myself, who want nothing to do with Windows 8/8.1.

 

I publicly commend UCanFixit for his contributions to this Forum and also for taking hours of his time, behind the scenes, in private messages, to try to help me repair the damage incurred to my two computers because I trusted Wise Care's defaults.

 

I have several licences for Piriform CCleaner Pro and that will be my cleaner of choice for now, as it was until someone I respected suggested that Wise Care was better.  CCleaner has never caused any Windows system resource integrity violations in the years that I have used it.

 

In my humble opinion, Wise Care needs to fix this issue, pronto.  Their cleaning defaults are just too aggressive.

 

Respectfully Submitted,

-Phil

Share this post


Link to post
Share on other sites

Additional information for xilolee, wise admin and the wise development team:
 
Hello all,
 
I have already provided the attached information to Phil via a private email; however, I want to make sure I share my findings with anyone that can help. So, I did another clean install of Win 7 SP1 Home Premium, downloaded WiseCare365 Free, and ran "only" the Sample Photos removal option/process. I also had the System Internals Process Monitoring program running to capture all Wise activities during same. The captured results are attached in a csv format as this was the best choice available for exporting the activities. Here's hoping whatever you use to open the results will format properly so you can get an idea of what's going on.
 
In summary, I saw very little registry activity (if any) and most (if not all) activity was restricted to the two folders we have already identified (eg, sample photos and the winsxs folder). Maybe a review of these results by some fresh eyes might yield something that I have missed. Moreover, an even better solution might be for a Wise developer to step in here with some recommendations or a fix for this issue. BTW, the capture starts right after Wise created a system restore point.
 
Cheers,
 
UCanFixit
 
 
PS: The csv filetype is not permitted to be uploaded so you can get it here:

 

http://www.filedropper.com/wisecare365-logfile

Share this post


Link to post
Share on other sites

Hello Phil (and all),

OK, I have found a solution that should work for all. Here are the steps involved:

1. Create a backup system image as a precaution.

 

2. Search your C drive for the keyphrase "photosamples" (without quotes) and delete all referenced files and folders.

Note: To delete these files and folders, you must take ownership of each one and assign admin priviledges to each delete process.
deleted.jpg
Note: This registry mod might make it easier to take ownership as it adds the right-click option to explorer: 

http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/

 

3. Next, use regedit to search the registry for "photosamples" (without quotes) and delete all found references (about 15 or so if I remember correctly).

Note: All of these references point to the deleted files and folders found in step 2. Here is an example of what you will find:

reg_delete1.jpg

 

4. Reboot and run sfc /scannow again. It should now be clean of those nagging Photo Samples issues because they no longer exist (anywhere).

 

5. You are done!

 

 

UCanFixit

Share this post


Link to post
Share on other sites

Hi ucanfixit and Phil (and all Readers).

I'm agree on everything already said by you.

Ucanfixit: Did you check if the system restore point created by Wcare365 or WDC solve the issue?

Hi xilolee,

 

With so much going on, I cannot conclusively confirm (eg, remember) if my system restore attempt fixed the sfc /scannow issue but I know it restored the Photo Samples properly. In this case, the system restore was a good first option to try; however, as in Phil's case (and most likely many others), he had no idea when he initiated that slimdown option and his subsequent sfc /scannow run could have been a year (or more) after the fact. However, I do remember that WiseCare365 did label the restore point properly so it could be identified and used (if available).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×