Malware Fun Moods and Snap.do refuse to go away,
- Thread starter MidniteQue
- Start date
- Status
Hi and welcome to the malwaretips.com forums!
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
The OTL Log you Send to me is not the full logs.. Some of the log file are missing...... Please save the Log files into a Notepad file and Attach those LogFIles in your next replay.......
I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
<hr />
The OTL Log you Send to me is not the full logs.. Some of the log file are missing...... Please save the Log files into a Notepad file and Attach those LogFIles in your next replay.......
[attachment=3439]Kuttus, Hi and thank you for help.
Sorry about paste. I can see where attachment is and is it possible for me to just delete the pasted log?
Sorry about paste. I can see where attachment is and is it possible for me to just delete the pasted log?
No Problem. No need to delete the past logs... 
I will check your new log files later and update you... Now please try the following steps...
Please download AdwCleaner by Xplode onto your desktop.
<hr />
You should be able to run both scans while in Normal mode...
STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode
<ol>
<li>Download <>Malwarebytes Chameleon from <a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">here</a> </>and extract it to a folder in a convenient location</li>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>
<hr />
I will check your new log files later and update you... Now please try the following steps...Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt
<hr />
You should be able to run both scans while in Normal mode...
STEP 2: Run a scan with Malwarebytes Anti-Malware in Chamelon mode
<ol>
<li>Download <>Malwarebytes Chameleon from <a title="External link" href="http://downloads.malwarebytes.org/file/chameleon" rel="nofollow external">here</a> </>and extract it to a folder in a convenient location</li>
<li>Make certain that your PC is connected to the internet and then open the folder where you extracted Chameleon to and double-click on the Chameleon help file and then follow the onscreen instructions to use it.</li>
<li>If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window <em><>Note:</> Do not attempt to open <>mbam-killer</> as that is not a Chameleon executable and serves a different purpose)</em></li>
<li>Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for yo</li>
<li>Once it has done this, it will attempt to update Malwarebytes Anti-Malware, click <>OK</> when it says that the database was updated successful</li>
<li>Next, Malwarebytes Anti-Malware will automatically open and perform a Quick scan</li>
<li>Upon completion of the scan, if anything has been detected, click on <>Show Result</></li>
<li>Have Malwarebytes Anti-Malware remove any threats that are detected and click <>Yes</> if prompted to reboot your computer to allow the removal process to complete</li>
<li>After your computer restarts, open <>Malwarebytes Anti-Malware</> and perform a Full System scan to verify that there are no remaining threats</li>
Please add both logs in your next reply.
</ol>
<hr />
Last edited by a moderator:
Here are logs. I'm guessing that they need to be inserted into post. Am a bit overwhelmed as to how much nasty looking stuff was in my computer and how the malware that was suppose to have been removed by "professionals' is still there. Once you give the okay I will scan and remove anything on my HP restore section of HD and wipe USB restore, recovery and backup.
The MBAM's are before and after.
The 2 PUP's that Malwarebytes didn't remove was successfully removed but didn't produce a log.
[attachment=3442]
[attachment=3443]
[attachment=3444]
The MBAM's are before and after.
The 2 PUP's that Malwarebytes didn't remove was successfully removed but didn't produce a log.
[attachment=3442]
[attachment=3443]
[attachment=3444]
Hi Good Evening,
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chn...=305888902
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9473EF54-95E6-4CC8-84CF-5C4DE560EA75}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=VertiTech...archTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF
IE - HKLM\..\SearchScopes\{5F516597-8372-FF9C-F10E-07CAB465FE53}: "URL" = http://dts.search-results.com/sr?src=ieb...archTerms}
IE - HKLM\..\SearchScopes\{9473EF54-95E6-4CC8-84CF-5C4DE560EA75}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Sea...archTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-...archTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms...s&o=HPNTDF
IE - HKCU\..\SearchScopes\{9473EF54-95E6-4CC8-84CF-5C4DE560EA75}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?...archTerms}
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:commands
[emptytemp]
[reboot]<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
Last edited by a moderator:
Here is the log. I had to rename the log by changing .log to.txt because attachment wouldn't accept it.
[attachment=3448]
[attachment=3448]
Okay Cool.
STEP 1: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 1: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
Last edited by a moderator:
H Kuttusi. Hope all is well. Finally have the one log but many hours of work. A clean computer is worth it.
I set Eset to include potential damaging or unwanted files programs. Eset scan process took about 7 hours. The first scan slowed to a crawl at 44% and at 47% it took about 1 and ½ hours to get through there. The area was around Wild Tangent games in the App data\Local Low. I wrote the area files down but need to find it. Let me know if you want it. It began with WTA followed by numbers and letters. Eset flagged 5 threats in this area, two of them were OpenCandy files the other two I never got names of because the computer crashed at 50% while I was away from screen. I checked events and it was a minidump caused by S&D update . I thought I had S&D shut down but, guess I didn’t.
Getting Eset to continue was impossible as it refused to do anything because it needed to update and wanted the settings for my proxy. I don’t have a proxy nor am I set up for one. Weird? After several hours of trouble shooting I gave up and did an uninstall and reinstall of Eset. It took 3 hours and slowed at same area and same way as the other scan did but it finished the scan and found no threats . As for the 5 threats I’m guessing that they are somewhere quarantined in Eset’s modules unreadable for me but, removed. I stil have those modules and figure I should just destroy them?
Wild Tangent came preinstalled on my notebook. I’ve tried to remove both it with it's games and remove OpenCandy . No luck so I just deleted what I could of OpenCandy.
I’ve had HitmanPro on my computer for some time and am past the 30 days for it to remove stuff. It seems that all I have on computer are some cookies from safe sites. The two other traces are SearchQue. SearchQue along with Incredibar, Claro and Smart bar haunted me for some time.
There is something I want to check with you on. One of my scans over last 6 weeks from I believe TDSS said I had Trojan:JS/IframeRef . I don’t think I did anything except figure it was a false positive because it never showed up again in any scam. I still have scan logs and they are from multiple programs.
Because one of the programs you had me use removed C:\user.js from the computer. User.js was somthing I had wondered where the file came from. Also had wondered why in different directories my permissions keep changing and were not how I sat them. New users get added. This changes depending on the directory or file. The S-1-5-18 that Hitman Pro flagged is one of them. I read that Windows does this so my suspicions may be needless. My next connection is that I also have this directory that is full of a dumped js and htm files. They were a website page of a book I was looking . This is in my download directory. I don’t think there wasn’t anything I did to download that page. So this all may be unrelated as I am a bit malware spooked at the moment.
Log attached
[attachment=3475]
I set Eset to include potential damaging or unwanted files programs. Eset scan process took about 7 hours. The first scan slowed to a crawl at 44% and at 47% it took about 1 and ½ hours to get through there. The area was around Wild Tangent games in the App data\Local Low. I wrote the area files down but need to find it. Let me know if you want it. It began with WTA followed by numbers and letters. Eset flagged 5 threats in this area, two of them were OpenCandy files the other two I never got names of because the computer crashed at 50% while I was away from screen. I checked events and it was a minidump caused by S&D update . I thought I had S&D shut down but, guess I didn’t.
Getting Eset to continue was impossible as it refused to do anything because it needed to update and wanted the settings for my proxy. I don’t have a proxy nor am I set up for one. Weird? After several hours of trouble shooting I gave up and did an uninstall and reinstall of Eset. It took 3 hours and slowed at same area and same way as the other scan did but it finished the scan and found no threats . As for the 5 threats I’m guessing that they are somewhere quarantined in Eset’s modules unreadable for me but, removed. I stil have those modules and figure I should just destroy them?
Wild Tangent came preinstalled on my notebook. I’ve tried to remove both it with it's games and remove OpenCandy . No luck so I just deleted what I could of OpenCandy.
I’ve had HitmanPro on my computer for some time and am past the 30 days for it to remove stuff. It seems that all I have on computer are some cookies from safe sites. The two other traces are SearchQue. SearchQue along with Incredibar, Claro and Smart bar haunted me for some time.
There is something I want to check with you on. One of my scans over last 6 weeks from I believe TDSS said I had Trojan:JS/IframeRef . I don’t think I did anything except figure it was a false positive because it never showed up again in any scam. I still have scan logs and they are from multiple programs.
Because one of the programs you had me use removed C:\user.js from the computer. User.js was somthing I had wondered where the file came from. Also had wondered why in different directories my permissions keep changing and were not how I sat them. New users get added. This changes depending on the directory or file. The S-1-5-18 that Hitman Pro flagged is one of them. I read that Windows does this so my suspicions may be needless. My next connection is that I also have this directory that is full of a dumped js and htm files. They were a website page of a book I was looking . This is in my download directory. I don’t think there wasn’t anything I did to download that page. So this all may be unrelated as I am a bit malware spooked at the moment.
Log attached
[attachment=3475]
Okay..
STEP 1: Download and Run Windows Repair (all in one)
Download Windows Repair (all in one)
STEP 1: Download and Run Windows Repair (all in one)
Download Windows Repair (all in one)
- Install the program then run it.
- Go to step 2 and allow it to run Disc check by clicking Do It
- Go to step 3 and allow it to run SFC
- Go to start repairs tab select advanced mode and click start.
- Check the box next to "Restart/Shutdown system when finished" and ensure the following is checked along with the default checks
- Reset File Permissions
- Register System Files
- Repair WMI
- Remove Policies Set By Infections
- Remove Temp Files
- Then click Start.
I get a message that says this version is not compatible with the version of windows I have. It is Windows 8
Should I go ahead and run it?
Should I go ahead and run it?
WOW, that Windows repair is one major heavy duty program! I'm going to make sure to leave him/her feedback at website.
The repair is done and all went well. I can see a lot of changes. One is a program named Secunia PSI that is in tray but never worked. It's a program that watches and updates programs. When I got back to windows it pops up and showed 0 insecure 0 end of life and 91 patched. Then it pops up more info like registry patched and others.
Windows repair didn't make a log but it has a folder that has txt files of all that was done. Do you want me to send/upload a copy of the folder with files in?
Another thing is that all my desktop personal programs refused to work. That would be email, skydrive and one note. I thought perhaps I'd messed up the permissions or something and just set up online ones.
Was it Trojan or RootKit or both or something else that is/has done so much damage to my system? Is it still active? I have copies of backups and registry back ups I made just before I ran the Windows repair. I'm guessing they should be destroyed.
I cannot thank you enough, you guys are like angels of mercy..........of course I'm going to donate and will again in month or so.
The repair is done and all went well. I can see a lot of changes. One is a program named Secunia PSI that is in tray but never worked. It's a program that watches and updates programs. When I got back to windows it pops up and showed 0 insecure 0 end of life and 91 patched. Then it pops up more info like registry patched and others.
Windows repair didn't make a log but it has a folder that has txt files of all that was done. Do you want me to send/upload a copy of the folder with files in?
Another thing is that all my desktop personal programs refused to work. That would be email, skydrive and one note. I thought perhaps I'd messed up the permissions or something and just set up online ones.
Was it Trojan or RootKit or both or something else that is/has done so much damage to my system? Is it still active? I have copies of backups and registry back ups I made just before I ran the Windows repair. I'm guessing they should be destroyed.
I cannot thank you enough, you guys are like angels of mercy..........of course I'm going to donate and will again in month or so.
Secunia PSI just displayed a message saying that 2 programs were just installed. They were Tweaking Registry Backup1.x (Patched) and Sysinterals PsExe1.x (patched). I have been online just reading some information. I don't have anything active on computer besides virus checker and browser. I haven't used the browser for anything except to get some information. There may be something going on. Can that thing in my computer be working at reginerating itself and environment?
It seems this issue may not be a problems with any root kits... It is a problems with Windows File permissions.....
If possible send me those logfiles on the desktop folder. (.txt files).
Are you still facing issue with the Desktop programs? What exactly happening when you try to open the Desktop programs? If you are getting any pop up or something sens me the Screen shots of that one........
If possible send me those logfiles on the desktop folder. (.txt files).
Are you still facing issue with the Desktop programs? What exactly happening when you try to open the Desktop programs? If you are getting any pop up or something sens me the Screen shots of that one........
Not worrying about Rootkits and Trojans is a relief. It looked like the Windows Repair was rebuilding my hard drive.
I'm sending the file folder from Windows Repair. It is registry files and the closest I can come with some sort of record of the programs' result. Folder labeled files is a 1k txt file of each process but, it turns out that they are very small files that just say what each does but not what it did. If you want me to send this one let me know. Or let me know if you know of any logs the program creates that logs what was done. I did several deep searches if my C drive.
I've included several pics of skydrive and OneNotes error message.
Here is a record I wrote about what is in skydrive permissions which seems very messed up and another of the Audit. The Boss is my administration account and my account is Brenda. I am only person who uses this computer and both accounts should be okayed. Don't know how the odd ones happened.
Brenda(New Note\Brenda) Full Control
Account Unknown(S-1-5-21-549929245-2321386884-388439088-1003) all checked except for full control and special permissions
The Boss(NewNote\The Boss) Full Control
Administrators (New Note\Administrators) Full Control
There is the accounts above plus an extra one labled Everyone in Auditing Share. Two of them in Allow. They are Administrators (NewNote\Administrators)
and Everyone. Both have Access full control
Effective Access has The Boss (NewNote\The Boss) as the owner.
As for mail, Windows 8 doesn't seem to support outlook express anymore. It has a new tile email that dropped all the old mail. I have an old computer that I'm booting up and find my old mail as the old mail should be on SkyDrive.
Ca
I'm sending the file folder from Windows Repair. It is registry files and the closest I can come with some sort of record of the programs' result. Folder labeled files is a 1k txt file of each process but, it turns out that they are very small files that just say what each does but not what it did. If you want me to send this one let me know. Or let me know if you know of any logs the program creates that logs what was done. I did several deep searches if my C drive.
I've included several pics of skydrive and OneNotes error message.
Here is a record I wrote about what is in skydrive permissions which seems very messed up and another of the Audit. The Boss is my administration account and my account is Brenda. I am only person who uses this computer and both accounts should be okayed. Don't know how the odd ones happened.
Brenda(New Note\Brenda) Full Control
Account Unknown(S-1-5-21-549929245-2321386884-388439088-1003) all checked except for full control and special permissions
The Boss(NewNote\The Boss) Full Control
Administrators (New Note\Administrators) Full Control
There is the accounts above plus an extra one labled Everyone in Auditing Share. Two of them in Allow. They are Administrators (NewNote\Administrators)
and Everyone. Both have Access full control
Effective Access has The Boss (NewNote\The Boss) as the owner.
As for mail, Windows 8 doesn't seem to support outlook express anymore. It has a new tile email that dropped all the old mail. I have an old computer that I'm booting up and find my old mail as the old mail should be on SkyDrive.
Ca
If there be no RootKits it is such a relief. Windows Repair looked like it was rebuilding my whole hard drive. Had me a bit worried.
I was going to send the file folder from Windows Repair. It is a folder with about 30 1k files in it and I cannot upload the whole folder. They are registry files and the closest I can come to some sort of record of the programs' result. It turns out that they are very small files that just say what each does but not what it did. Let me know if you know of any logs the program creates. I did several deep searches if my C drive.
I've included several pics of skydrive and OneNote error message. It wants me (Brenda) account to re-install but, not the administrator (The Boss) who is able to access them. My computer is named NewNote.
Here is a record I wrote about what is in skydrive permissions which seems very messed up and another of the Audit. I am only person who uses this computer and both Brenda and Administrator accounts should have full permission in these files. Don't know how the odd accounts happened. Skydrive permissions has four accounts named;
Brenda(New Note\Brenda) with Full Control
Account Unknown(S-1-5-21-549929245-2321386884-388439088-1003) all checked except for full control and special permissions
The Boss(NewNote\The Boss) Full Control
Administrators (New Note\Administrators) Full Control
There are the four accounts above plus an extra one labeled Everyone in Auditing Share. Two of accounts in Allow. They are Administrators (NewNote\Administrators)
and Everyone. Both have Access full control
Effective Access has The Boss (NewNote\The Boss) as the owner.
As for mail, Windows 8 doesn't seem to support outlook express anymore. It has a new tile email that dropped all the old mail. I have an old computer that I'm booting up and find my old mail in it as the mail should be on SkyDrive.
[attachment=3494] [attachment=3495]
I was going to send the file folder from Windows Repair. It is a folder with about 30 1k files in it and I cannot upload the whole folder. They are registry files and the closest I can come to some sort of record of the programs' result. It turns out that they are very small files that just say what each does but not what it did. Let me know if you know of any logs the program creates. I did several deep searches if my C drive.
I've included several pics of skydrive and OneNote error message. It wants me (Brenda) account to re-install but, not the administrator (The Boss) who is able to access them. My computer is named NewNote.
Here is a record I wrote about what is in skydrive permissions which seems very messed up and another of the Audit. I am only person who uses this computer and both Brenda and Administrator accounts should have full permission in these files. Don't know how the odd accounts happened. Skydrive permissions has four accounts named;
Brenda(New Note\Brenda) with Full Control
Account Unknown(S-1-5-21-549929245-2321386884-388439088-1003) all checked except for full control and special permissions
The Boss(NewNote\The Boss) Full Control
Administrators (New Note\Administrators) Full Control
There are the four accounts above plus an extra one labeled Everyone in Auditing Share. Two of accounts in Allow. They are Administrators (NewNote\Administrators)
and Everyone. Both have Access full control
Effective Access has The Boss (NewNote\The Boss) as the owner.
As for mail, Windows 8 doesn't seem to support outlook express anymore. It has a new tile email that dropped all the old mail. I have an old computer that I'm booting up and find my old mail in it as the mail should be on SkyDrive.
[attachment=3494] [attachment=3495]
Attachments
Do you try to re install SkyDrive and One Notes? Try the Following steps and if it is not fix the issue with one note try to re install it. Check if you have free space in C Drive......
STEP a: Run Temp File Cleaner by OldTimer
<ol>
<li>You can download the TFC utility from the below link
<a title="External link" href="http://oldtimer.geekstogo.com/TFC.exe" rel="nofollow
external"><>TFC DOWNLOAD LINK</></a> <em>(This link will automatically
download Temp File Cleaner on your computer)</em></li>
<li>Please double-click <>TFC.exe</> to run it.
(<>Note:</> If you are running on Vista or 7, right-click on the file and
choose <>Run As Administrator</>).</li>
<li>It <>will close all programs</> when run, so make sure you have
<>saved all your work</> before you begin.</li>
<li>Click the <>Start</> button to begin the process. Depending on
how often you clean temp files, execution time should be anywhere from a few seconds to
a minute or two. <>Let it run uninterrupted to completion</>.</li>
<li>Once it's finished it should <>reboot your machine</>. If it
does not, please <>manually reboot the machine</> yourself to ensure a
complete clean.</li>
</ol>
<hr />
STEP a: Run Temp File Cleaner by OldTimer
<ol>
<li>You can download the TFC utility from the below link
<a title="External link" href="http://oldtimer.geekstogo.com/TFC.exe" rel="nofollow
external"><>TFC DOWNLOAD LINK</></a> <em>(This link will automatically
download Temp File Cleaner on your computer)</em></li>
<li>Please double-click <>TFC.exe</> to run it.
(<>Note:</> If you are running on Vista or 7, right-click on the file and
choose <>Run As Administrator</>).</li>
<li>It <>will close all programs</> when run, so make sure you have
<>saved all your work</> before you begin.</li>
<li>Click the <>Start</> button to begin the process. Depending on
how often you clean temp files, execution time should be anywhere from a few seconds to
a minute or two. <>Let it run uninterrupted to completion</>.</li>
<li>Once it's finished it should <>reboot your machine</>. If it
does not, please <>manually reboot the machine</> yourself to ensure a
complete clean.</li>
</ol>
<hr />
Last edited by a moderator:
Ran TFC and it cleaned 800 megabytes. My C drive properties say that I have 823 gigs of empty space. I do need to defragment it and will do that tonight.
Sky drive is same even though I have added share and full control for me. Think I'll just change over to google drive.
AdwCleaner had an update so I used it and it found, on my default browser Chrome, Babylon and two Snap.Do lines. I ran the program several times and rebooted. The 2 Babylon are gone but Snap.do remains. I uploaded below the small AdwCleaner last log.
Then I went to the folder mentioned in Log and am going through \Default Preferences. I find several "homepage": "http://feed.snap.do/?publisher=Verti so on.
I also found lines for Incredibar
Lines that concern me are ones with more adds sites and quite a few mentioning different torrent stuff like "http://ads.torrentco.com.
I know torrent is real dangerous. Could they be using my p2pn?
Is it Ok for me to delete sections referring to this stuff?
[attachment=3518]
Sky drive is same even though I have added share and full control for me. Think I'll just change over to google drive.
AdwCleaner had an update so I used it and it found, on my default browser Chrome, Babylon and two Snap.Do lines. I ran the program several times and rebooted. The 2 Babylon are gone but Snap.do remains. I uploaded below the small AdwCleaner last log.
Then I went to the folder mentioned in Log and am going through \Default Preferences. I find several "homepage": "http://feed.snap.do/?publisher=Verti so on.
I also found lines for Incredibar
Lines that concern me are ones with more adds sites and quite a few mentioning different torrent stuff like "http://ads.torrentco.com.
I know torrent is real dangerous. Could they be using my p2pn?
Is it Ok for me to delete sections referring to this stuff?
[attachment=3518]
- Status
You may also like...
-
-
Analyzing the Impact of the Operation Endgame Takedown on Rhadamanthys & the MaaS Ecosystem- Started by Khushal
- Replies: 1
-
GhostChat Spyware Targets Android Users Through WhatsApp, Steals Sensitive Data- Started by Brownie2019
- Replies: 5
-
-
Hackers Weaponize AppleScript to Creatively Deliver macOS Malware Mimic as Zoom/Teams Updates
- Started by Brownie2019
- Replies: 1