Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User Name Change. Corrupted Files?


  • Please log in to reply
11 replies to this topic

#1 oldstyle_allstar

oldstyle_allstar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 11:29 AM

Hello All - 

 

Well I have been working on this for the past 24 hrs in fear that it was a virus, but all scans seem to be coming back clean. Here is the issue...not even a chat with Microsoft Help Desk could give me an resolution.

 

I have two user accounts on a PC and upon login everything appears to be fine. The names and passwords all work to log into either account. Once logged in a check of the Users folder in the C drive shows that the account names have some how been altered.

 

Prior to this occurring the structure looked like: C:\Users\Bob and C:\Users\Admin however now when logged in under Bob it is C:\Users\Admin and C:\Users\Admin_2

 

So all of Bob's files are now under Admin and the Admin account changed to Admin_2 

 

This has me totally stump and I would truly appreciate and insight or help with this. I haven't been able to find any information anywhere to help out with this issue.


Edited by hamluis, 19 November 2014 - 04:31 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 19 November 2014 - 12:33 PM

You can change the profile folder names as shown here. I would start with BOB first. The steps are involved and if you are not comfortable editing the registry, I would not do it. If you create another account called BOB1 does the profile folder show correctly under users?


Edited by JohnC_21, 19 November 2014 - 12:34 PM.


#3 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 12:47 PM

Thanks John...

 

I guess my hesitation is just changing the name back to BOB is that I am unsure of what caused this and am trying to determine if it is a bigger problem that needs more attention than just a name change.  As I mentioned I haven't found any viruses, but this happened to 3 computer on the same network and others were not effected. If I knew it was a Windows update or something like that that caused it I would feel better about just changing the name and going about my day.



#4 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 19 November 2014 - 01:01 PM

I would have no idea why 3 computers on the network had their profile names changed. Was BOB an admin account or a USER account when created? Have you tried scanning the computer with HitmanPro?



#5 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 01:30 PM

They were both Administrator accounts.

Hit man Pro turned up some adware stuff but no major viruses

#6 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 19 November 2014 - 01:47 PM

I would say you are okay then. If BOB still points to USERS/admin then I wouldn't worry too much about it. The only other scan I would suggest is TDSS. If it detects anything, don't clean it. Just post back with the  results.



#7 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 02:08 PM

No Threats found on TDSSkiller

 

I checked the event logs to try to determine what was going on when it appeared this took place. Would it help if I post that info here?



#8 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 02:14 PM

This is what HitmanPro found:

 

Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   askws
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
   search.tb.ask.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.afy11.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.healthline.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.newtarget.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:afaservice.122.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:giftscom.122.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:hyatt.112.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:img-cdn.mediaplex.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:marketlive.122.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nationalassociationofrealtors.112.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pd0.imp.revsci.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:rcci.122.2o7.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.optijob.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\CCH-Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\0P1S2GZ4.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\0RUM3BS1.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\12EWTUUU.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\1GAW2GRR.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\1UWXQ9LV.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\2LSILEDR.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\2M5SZUW0.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\2MI1Q0GN.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\32XLOFUV.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\36AMR414.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\3AANBJ3N.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\3FJ3ZXSP.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\47U23ELT.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\4JP915BE.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\4WGHY9DQ.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\51UVTHD8.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\5K46XHJB.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\5RETOZ0B.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\6AMU3WGD.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\6ILNTCZU.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\6M8Z4BTB.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\6Y05ZUX1.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\7B7IEM9U.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\803BXF2W.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\BDPXPHAF.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\BFL29KCQ.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\BTGLJZGJ.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\CC95DS4Q.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\D3Y5UZ8Y.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\DQEYZ0QX.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\DZMXF0GN.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\F2JI0DS3.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\FSX99F6O.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\HHE2CNXP.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\HJ1WXFYT.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\I7361ASY.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\I8RVQWY3.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\IARRW5IC.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\IMKWW71E.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\JT102NW7.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\KGTN0I5Q.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\KWU1G5XO.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\LT5GU7LZ.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\MT8FUTZN.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\NVEN2SVV.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\ONU9KGD5.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\OSJWW9AH.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\OYUJTP6O.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\P9PG9XYE.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\PJKTGRC6.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\PXAMKOU4.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q0M1HWDM.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q7MQEM3Y.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\QGCD137J.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\R2AE2A7U.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\RGBXOM1A.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\T34D373R.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\T9NHPEDS.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\TFLSTLUS.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\TX5YAIO0.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\USRZI2I8.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\W401QL82.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\W4FZSWE7.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\WDII9ZON.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\XBIKFDJP.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\XRG355SW.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\XSXMWTNL.txt
   C:\Users\CCH-Admin\AppData\Roaming\Microsoft\Windows\Cookies\YOAFH62Q.txt
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:247realmedia.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ad.360yield.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ad.studio.adglue.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:adlegend.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.ad4game.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.al.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.mlive.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.newtarget.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.nola.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.paper.li
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.pointroll.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.referlocal.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.undertone.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ads.yahoo.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:adtechus.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:advertising.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:apmebf.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ar.atwola.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:at.atwola.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:atdmt.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:atwola.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:burstnet.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:c.atdmt.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:casalemedia.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:collective-media.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:cruisecritic.112.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:dmtracker.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:doubleclick.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:emjcd.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:fastclick.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:g2.112.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ihire.122.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:img-cdn.mediaplex.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:interclick.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:journalregistercompany.122.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:media6degrees.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:mediaplex.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:network.realmedia.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:overture.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:pointroll.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:questionmarket.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:rcci.122.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:realmedia.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:revsci.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ru4.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:serving-sys.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:smartadserver.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:specificclick.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:statcounter.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:stats.adotube.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:stats.g.doubleclick.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:stats.paypal.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:timeinc.122.2o7.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:track.adform.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:tribalfusion.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:www.googleadservices.com
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:yieldmanager.net
   C:\Users\CCH-Admin\AppData\Roaming\Mozilla\Firefox\Profiles\89t4jztc.default\cookies.sqlite:zedo.com
   C:\Users\CCH-Admin_2\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\CCH-Admin_2\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com


#9 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 19 November 2014 - 02:17 PM

I would say you look okay. Most of the things are cookies or PUP's. Do you notice anything in the event log about the time the problem occured?



#10 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 02:36 PM

This is typical of what type of things I see happening at that time:
 
EventData 
 
  SubjectUserSid S-1-5-18 
  SubjectUserName SYSTEM 
  SubjectDomainName NT AUTHORITY 
  SubjectLogonId 0x3e7 
  PrivilegeList SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege 
 
 
It is also strange to me that there are no restore points before this happened. Other machines on the same network that have not had this issue have more restore points available.

Edited by oldstyle_allstar, 19 November 2014 - 02:38 PM.


#11 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 19 November 2014 - 02:42 PM

I don't have enough experience to decypher the event log you showed. I did a search and it appears it is nothing to worry about. See the following links.

 

https://social.technet.microsoft.com/Forums/windows/en-US/5da34061-586e-4b9f-a50f-c45b07e92e30/should-this-event-concern-me?forum=w7itprosecurity

 

http://www.tomshardware.com/forum/63944-63-please-analyze-event



#12 oldstyle_allstar

oldstyle_allstar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 November 2014 - 02:50 PM

Thanks so much for you help on this one John...

 

I have yet to find any information about a profile name changing and I have even contacted a Microsoft Windows Tech and they have no clue. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users