Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Scan of my mothers computer [Solved]

Started by Wolfie , May 31 2013 01:55 AM

  • This topic is locked This topic is locked

#1
Wolfie
Posted 31 May 2013 - 01:55 AM

Wolfie

    Member

  • Member
  • PipPip
  • 74 posts
OTL logfile here. Only thing changed in it is her name changed to 'parentalUnit', for privacy reasons.

I very recently uninstalled SB S&D (like a few minutes before doing this scan). Computer is a bit sluggish. I'm sure part of the problem is due to unnecessary items running, but before going through those, want to make sure there aren't any infections/etc.

Spoiler

  • 0

Advertisements

#2
Satchfan
Posted 31 May 2013 - 05:31 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello Wolfie and welcome to Geeks To Go.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Satchfan
  • 0

#3
Wolfie
Posted 31 May 2013 - 05:45 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hello Wolfie and welcome to Bleeping Computer.

I think you are confused. ;)
  • 0

#4
Satchfan
Posted 31 May 2013 - 05:57 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
That was a sloppy error - my apologies.

There does seem to be some unsavoury stuff on this PC so let’s start cleaning it and see if there is anything else lurking.

===================================================

Disable Spybot’s TeaTimer and Windows Defender

Spybot’s TeaTimer and Windows Defender can sometimes prevent some things from being fixed.

Please disable TeaTimer and Windows Defender for now: they can be re-activated once your log is clean.

  • open Spybot Search & Destroy
  • in the Mode menu click "Advanced mode" if not already selected
  • choose "Yes" at the Warning prompt
  • expand the "Tools" menu
  • click "Resident"
  • uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box
  • in the File menu click "Exit" to exit Spybot Search & Destroy.
To disable Windows Defender:

  • open Windows Defender
  • click on Tools, General Settings
  • scroll down and uncheck Turn on real-time protection (recommended)
  • after you uncheck this, click on the Save button and close Windows Defender.
===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Please run OTL again after you’ve completed the above.

A few added observations:

  • there was no Extras log: can you also include Extras.txt which will be found in the same location as the first run of OTL
  • there is no hosts file. Do you know anything about this?
  • please copy/paste your logs in the post.
Logs to include in the next post:

AdwCleaner log
JRT.txt
New OTL log
Extras.txt

Thanks

Satchfan
  • 0

#5
Wolfie
Posted 31 May 2013 - 06:18 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

That was a sloppy error - my apologies.

I got a nice chuckle from it. ;)



There does seem to be some unsavoury stuff on this PC so let’s start cleaning it and see if there is anything else lurking.

===================================================

Disable Spybot’s TeaTimer and Windows Defender

Per my initial post, SB S&D was uninstalled just a few minutes prior to the scan. Windows Defender wasn't even active (I paused Kaspersky's protection though).


Download and run AdwCleaner

Here is the log from it.

Spoiler


Following the rest of your instructions and will reply with more when done.

Edited by Wolfie, 31 May 2013 - 06:19 AM.

  • 0

#6
Wolfie
Posted 31 May 2013 - 07:28 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Download and run Junkware Removal Tool

I am including two Junkware logs. The first, I did a regular open (oops), the second is 'run as admin'.

First:
Spoiler


Second:
Spoiler




Please run OTL again after you’ve completed the above.

A few added observations:

  • there was no Extras log: can you also include Extras.txt which will be found in the same location as the first run of OTL
  • there is no hosts file. Do you know anything about this?
  • please copy/paste your logs in the post.

I had previously run OTL on her computer, but that was a long time ago. It didn't generate an Extras file this time and I never could figure out how to force a new one to generate. Would be more than happy to include it if it can be forced to generate one.

The hosts file may have been deleted by uninstalling SB S&D, not quite sure though.


New OTL file:
Spoiler

  • 0

#7
Satchfan
Posted 31 May 2013 - 08:05 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
That’s already looking better.

You are still not copying and pasting the logs into the post – please do so.

SB S&D was uninstalled just a few minutes prior to the scan. Windows Defender, (WD), wasn't even active

I should have checked the date of the scan because TeaTimer was running then.

You say that WD wasn’t active but this says differently:

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

Please follow the previous instructions to disable it because some of our scans may not work with Windows Defender running.


Remove remnants of Norton

You have remnants of Norton on your computer

  • download the Norton Removal Tool from here and save it to your desktop.
  • double click on Norton_Removal_Tool.exe to run the tool.
  • follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

====================================================

Run OTL

Let’s get a log with the Extras.
  • open OTL again, click on Extra Registry -> Use Safelist
  • then click Run Scan
Post back with the 2 logfiles

====================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.
Please include the following in your next post :

OTL.txt
Extras.txt
aswMBR log

Thanks

Satchfan
  • 0

#8
Wolfie
Posted 01 June 2013 - 03:21 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

That’s already looking better.

You are still not copying and pasting the logs into the post – please do so.

I've been including the logs, inside the spoiler tags. I re-ran everything again, this time making sure to 'Run As Administrator', and even when using the Extras option you told me to, it still didn't show an Extras.txt file. I tried multiple times.


SB S&D was uninstalled just a few minutes prior to the scan. Windows Defender, (WD), wasn't even active

I should have checked the date of the scan because TeaTimer was running then.

You say that WD wasn’t active but this says differently:

Okay I made a booboo here. I clicked on the wrong Start menu button (mine instead of the on via RDP), thus seeing Defender not active. Turned it off before I did these scans.

OTL (before)
Spoiler


ADW
Spoiler


Junkware
Spoiler


OTL (after)
Spoiler

  • 0

#9
Satchfan
Posted 01 June 2013 - 04:40 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

You are still not copying and pasting the logs into the post


I've been including the logs, inside the spoiler tags

I want them posted normally please.

Between "Spoiler tags" is not the way we post things here and makes our efforts more difficult.

If you want help, please respect the instructions and include the logs as requested in future posts.


I will look at what you have posted as soon as I can.

Satchfan
  • 0

#10
Satchfan
Posted 02 June 2013 - 07:14 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

I clicked on the wrong Start menu button (mine instead of the on via RDP), thus seeing Defender not active. Turned it off before I did these scans.

:) It happens.

Can you post the aswMBR log and Extras.txt. Extras.txt should be here:

C:\Users\parentalUnit\Downloads

Thanks

Satchfan
  • 0

Advertisements

#11
Wolfie
Posted 02 June 2013 - 11:01 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Can you post the aswMBR log and Extras.txt. Extras.txt should be here:

I used an elevated cmd prompt and did a search for both of the files. No aswMBR file and the only Extras.txt file is over a year old. I did this command at the root of the system drive: dir /a /s extras.txt *aswmbr*

:-\
  • 0

#12
Satchfan
Posted 03 June 2013 - 02:33 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Download and run ComboFix

Let's try a different scan.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report
  • please post the C:\ComboFix.txt in your next reply.

Thanks

Satchfan
  • 0

#13
Wolfie
Posted 03 June 2013 - 07:17 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the copied/pasted contents of the combo fix log file.
Spoiler


For what it's worth, I ran it as administrator.
  • 0

#14
Satchfan
Posted 04 June 2013 - 01:08 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
I don’t think there is any malware on this computer but a couple of final scans should verify that and if they are clear, we can tidy up.


Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button.
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop.

  • check Yes, I accept the Terms of Use
  • click the Start button.
  • accept any security warnings from your browser.
  • check Scan archives and Remove found threats.
  • click Advanced settings and select the following:


    o Scan potentially unwanted applications
    o Scan for potentially unsafe applications
    o Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
  • push the back button.
  • push Finish
If a log has been produced post it in your next reply.

Can you tell me if there are any outstanding problems.

Satchfan
  • 0

#15
Wolfie
Posted 06 June 2013 - 06:55 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Run Malwarebytes’ Anti-Malware

Spoiler


Run ESET Online Scan

Spoiler


Can you tell me if there are any outstanding problems.

Computer tends to be a bit sluggish, but that could be due to what she has installed. Might be time to use the recovery options so it's like new again (pre-built system). Would prefer to avoid that though, as it would be a headache at the moment to do that.

I'm actually rather good with computers, but with the ever evolving world of computer crap emerging, I prefer to 'outsource' the cleaning to those more up-to-date with what to do rather than doing a half-baked job myself.. or messing something up. :lol:

Edited by Wolfie, 06 June 2013 - 06:59 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP