Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Won't let me open or save files or documents [Solved]


  • This topic is locked This topic is locked

#16
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

It is hard for me to do all of these steps in one post, I have to do it in stages.

Here are the screen shots and Malwarebytes report:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/19/21
Scan Time: 2:51 PM
Log File: d3925c28-0126-11ec-be47-401c83b831f1.json

-Software Information-
Version: 4.4.4.126
Components Version: 1.0.1413
Update Package Version: 1.0.44238
License: Free

-System Information-
OS: Windows 10 (Build 19042.1165)
CPU: x64
File System: NTFS
User: LAPTOP-DDK31LC2\User

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 303060
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 6 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Attached Thumbnails

  • security needs action.png
  • no action needed.png
  • avast and spybot.png

  • 0

Advertisements


#17
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Here is the AdwCleaner Clean log. The only preinstalled software was just a couple Lenovo controllers that I think I need for the laptop to run right, so I left those. AdwCleaner didn't find much.

 

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2775 octets] - [19/08/2021 13:16:57]
AdwCleaner[S01].txt - [2836 octets] - [19/08/2021 15:05:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########


  • 0

#18
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Here is the ESET log. Sorry it took me a while.

8/19/2021 18:25:22 PM
Files scanned: 285026
Detected files: 0
Cleaned files: 0
Total scan time: 01:38:23
Scan status: Finished


  • 0

#19
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Okay, last one, here is FRST and Addition

Attached Files


  • 0

#20
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

The only preinstalled software was just a couple Lenovo controllers that I think I need for the laptop to run right, so I left those.

 
As I said, your computer, your decision. :)
 

Here is the AdwCleaner Clean log.

 
Something is missing from the log. Please, find it and attach it for me.
 

Can you tell me how to disable the live protection with Spybot?

 

Have you tried the link I gave to you? How do I disable Live Protection? - Spybot Anti-Malware and Antivirus : Spybot Anti-Malware and Antivirus (safer-networking.org)

I never used this program so I don't know how it works and my internet search didn't help a lot, since Spybot pages about this feature are removed. You can also go to the Task Manager (right click on an empty area on the Taskbar, choose Task Manager, choose the Startup tab, find anything related with Spybot and click on the Disable button at the bottom right corner)

 

 

About the yellow exclamation:

 

Try these:

 

1. Go to Virus & threat protection and then to the Windows Defender antivirus options. Turn the periodic scan to ON. If a pop up window appears, click yes and scroll down the list until you'll see an icon with a red X. You should also see a dismiss button next to it. Click on dismiss to get rid of that yellow exclamation mark. You can then turn periodic scanning OFF, if you want. The same pop-up will appear. Click yes. Restart and check if the yellow exclamation is gone.

 

2. Go to Virus & threat protection, scroll down to Ransomware Protection and click on Manage ransomware protection. In the Ransomware data recovery section, check if there is an option about setting One Drive. Click on the Dismiss option. Restart and check if the yellow exclamation is gone.

 

Let me know about the result.


  • 0

#21
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Here is the AdwareCleaner log attached. There doesn't seem to be much to it.


  • 0

#22
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Here is the AdwareCleaner log attached. There doesn't seem to be much to it.

 

Not much, but important for removal.

 

Please attach the log and let me know about the other actions' result.


  • 0

#23
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Sorry about that, I really thought I attached the log. I guess I missed the "Attach File" button. Oops.

 

Apparently, since we have the free version of Spybot, it does not include Live Protection, so I cannot disable it. I followed your steps to the task manager, and Spybot was enabled, so I disabled it.

 

I followed your steps to check out the exclamation. I turned the periodic scan to ON. Other than the "Do you want this app to make changes?" pop up, nothing popped up, there was nothing to scroll down, and there were no red Xs. However, I did find the Ransomware thing that wanted her to set up One Drive, and it did have an exclamation. I dismissed it, restarted, and the exclamation is gone!

 

But, Mom says she thinks she did this already, and the exclamation keeps coming back. Is there anyway to disable this for good? Will we just have to wait and see?

 

Do you think the gray.plan.../life thing that Avast said was dangerous at first, but couldn't fix, so I did nothing about it, and now can't find it, is nothing to worry about?

Attached Files


  • 0

#24
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

It's strange, because the first time you ran AdwCleaner 8 items were found. Now I see only 6, without doing anything in the meantime. 
 

I followed your steps to the task manager, and Spybot was enabled, so I disabled it.

 
Good.
 

But, Mom says she thinks she did this already, and the exclamation keeps coming back. Is there anyway to disable this for good? Will we just have to wait and see?

 
Since the OneDrive was still needing setting up, it means that either she did something else or something brought it to that condition again. Yes, check the computer for a few days and let me know if the warning returns.
 

Do you think the gray.plan.../life thing that Avast said was dangerous at first, but couldn't fix, so I did nothing about it, and now can't find it, is nothing to worry about?

 
I don't see anything to worry about in the logs, and the scans we made didn't reveal anything relative. 
 
Let's complete the procedure:
 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0 [430]
AlternateDataStreams: C:\ProgramData\TEMP:45936E12 [486]
AlternateDataStreams: C:\ProgramData\TEMP:4C1D9362 [196]
AlternateDataStreams: C:\ProgramData\TEMP:5164A01F [496]
AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F [203]
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [446]
AlternateDataStreams: C:\ProgramData\TEMP:6FF14C72 [456]
AlternateDataStreams: C:\ProgramData\TEMP:8732B03A [490]
AlternateDataStreams: C:\ProgramData\TEMP:9EDA68BD [478]
AlternateDataStreams: C:\ProgramData\TEMP:BF9D6105 [486]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [478]
FirewallRules: [{05497EFE-1E85-46E6-88EB-1AFF1353D08A}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F406400E-1821-465F-B85A-313216D7A2B9}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
C:\ProgramData\IObit\Advanced SystemCare
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Upgrade Windows
 
You are an upgrade behind, running version 20H2, while the latest one is 21H1. If there isn't any reason you didn't upgrade yet, please do the following:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

In your next reply please post:

  1. The fixlog.txt
  2. If you decided to upgrade now, report if the procedure went on smoothly
  3. Feedback: Any remaining issues/questions/concerns

 

P.S. In case you go on for the upgrade, there is a possibility for the OneDrive setting to need fixing again. Have this in mind. 


  • 0

#25
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

The second time you had me do AdwCleaner, you had me check things to get rid of, and told me to keep things if I thought I needed them. I tried my best, but perhaps there are less because I didn't check one? I am not familiar enough with AdwCleaner and reading logs to know.

 

Is there someway to just remove One Drive from her laptop?

 

If there is no malware or anything to be worried about, what are we fixing with FRST? I'd just like to understand.

 

Thanks


  • 0

Advertisements


#26
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

The second time you had me do AdwCleaner, you had me check things to get rid of, and told me to keep things if I thought I needed them.

 
I told you to choose if you want to keep or not to keep the Preinstalled Software, not the detected potentially unwanted programs/adware.
 

Is there someway to just remove One Drive from her laptop?

 
You can uninstall it as any other program, but why not just let it there and not use it? It is a useful cloud service and perhaps your mother would want to save something there one day, if you explain to her what it is.
 

If there is no malware or anything to be worried about, what are we fixing with FRST? I'd just like to understand.

 

Those entries have to be removed. I included the things that were supposed to be removed by AdwCleaner. 


  • 0

#27
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Okay, thanks. I got confused about which list was which, thinking "potentially unwanted" could also be "possibly wanted".

 

Those entries have to be removed. I included the things that were supposed to be removed by AdwCleaner.

I guess my question is better summarized as: Why?

 

I am trying to learn.

Thanks for your patience.


  • 0

#28
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

I guess my question is better summarized as: Why?
I am trying to learn.

 

The first lines are regarding Alternate Data Streams and you can read about the subject here:

https://blog.malware...e-data-streams/

 

Two lines are referring to non existing items.

 

And the other two, are referring to a potentially unwanted program (Advanced System Care), which probably was installed by the other IOBit program you have installed, without your permission. It has to be removed, and this is not optional. 


  • 0

#29
Keyboardclick

Keyboardclick

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Thank you, that is very helpful. I am trying to learn what I am doing, instead of blindly following instructions at the mercy of whoever is feeding them to me :)

 

 

You are right about the Advanced System Care. I probably saw the IObit with AdwCleaner and unchecked it, assuming I wanted it because I used IObit.

 

I have to step away for a minute, I will update you later.

 

Thanks for all your help.


  • 0

#30
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Thank you, that is very helpful. I am trying to learn what I am doing, instead of blindly following instructions at the mercy of whoever is feeding them to me :)

 

I would like to clarify something to you:

 

All the Malware Experts in this Forum and in any other Forum like this are trained on the malware removal subject in special intensive training programs which can take years. They are all volunteers, and they all provide help to the Users for free, taking time from their free time and from their families' time, not because they feel sorry for them, but because helping others inspires them. We want to help people and not to make them feel that they follow instructions "at the mercy of whoever". The most important, we do not force anyone to follow anything. 

 

It's good to have the curiosity to ask why and how, but please note that malware removal it's not just running a tool, removing some things and that's it. In your case, the fix was simple. In other cases the fixes are huge, and we can't give explanations about any line included in them. 

 

I'm sorry if you felt that "you have been fed with instructions at the mercy of DR M". You are always free to ask for help elsewhere, if you think we are not able to help you here.


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP