|
Post by kschlada on Jul 13, 2015 16:23:05 GMT -8
Ok, I followed the steps listed and here are the files you requested: JRT log: JRT.txt (3.71 KB) Adwcleaner log: AdwCleanerS0.txt (2.16 KB) aswMBR: aswMBR.txt (568 B) The only thing I was unable to figure out was where the mbrdump file labeled MBR.dat was. The other file saved directly to the desktop, as have as all the others due to my settings as per the instructions. I will send it to you right away if you can help me locate it. I have a side question that popped up after I ran the AdwCleaner--what are PUP's? It said I should enable PUP's (or something like that) in my antivirus software, and I don't know what they are or how to follow the suggestion (which I'm sure is sound advice). Thanks for the continuing help!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 14, 2015 17:27:05 GMT -8
The aswMBR scan did not finish; can you run it again? Delete the log file on your desktop first. PUPs are Potentially Unwanted Programs; not sure were the setting is for this is in Lavasoft AV but the following program will take care of these and it is free. Malwarebytes' Anti-MalwarePlease download the latest version of Malwarebytes' Anti-Malware from Here. Double Click on the mbam-setup.exe file to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link Once the program has loaded and updated, select " Scan Now >>" to start the scan. The scan may take some time to finish, so please be patient. If any malware is found, you will be presented with a screen like the one below. If any malware is found, make sure that everything is checked, and click Remove Selected. When the scan is complete, click View detailed log >> to view the results. The report screen will open. At the bottom click on Export and select as txt file, save the file to your desktop and click OK. When the export is complete, select OPEN. The log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.
|
|
|
Post by kschlada on Jul 16, 2015 22:43:42 GMT -8
Here are the correct docs from aswmbr: aswMBR.txt (2.2 KB) MBR.dat (512 B) I downloaded Malwarebytes and followed your instructions, except after the scan was completed it said I needed to restart my computer to finish. Should I have waited to restart, or was that ok? There was a protection log and a scan log listed, but I assume you only want the scan log (let me know if you need the other one too). Here it is: Malwarebytes Anti-Malware www.malwarebytes.orgScan Date: 7/17/2015 Scan Time: 1:21 AM Logfile: Malwarebytes.ScanResults1.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.17.01 Rootkit Database: v2015.07.16.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Katie Scan Type: Threat Scan Result: Completed Objects Scanned: 417882 Time Elapsed: 9 min, 10 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 PUP.Optional.OpenCandy, C:\Users\Katie\AppData\Local\Temp\HYD62D9.tmp.1436795972\HTA\install.1436795972.zip, Quarantined, [4e87459dddad70c6dbcd98c0d72ec937], PUP.Optional.OpenCandy, C:\Users\Katie\AppData\Local\Temp\HYD62D9.tmp.1436795972\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [7362c51d612932046840e870ed180bf5], PUP.Optional.APNToolBar.A, C:\Users\Katie\Downloads\SFInstaller_SFFZ_filezilla_8706467_.exe, Quarantined, [7c59a53d553567cf7ed3ddcada27817f], PUP.Optional.Mindspark.A, C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_magdmbkcibdnnfmnamahibddledomccn_0.localstorage, Quarantined, [2ea7c220a0ea40f694a977c93ec5728e], PUP.Optional.Mindspark.A, C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_magdmbkcibdnnfmnamahibddledomccn_0.localstorage-journal, Quarantined, [27aee8fa3456c175182554ec0300e21e], Physical Sectors: 0 (No malicious items detected) (end)
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 17, 2015 15:55:05 GMT -8
This next step may take a while (just to warn you) ..... ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier. You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Hold down Control key and click on the following link to open ESET OnlineScan in a new window. Link =>> ESET Online Scanner << Click the Run ESET Online Scanner located on the left side of the page (not the free trial). For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step) Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop. Double click on the icon on your desktop. Check (accept) the Terms of Use. Click the START button. Accept any security warnings from your browser. Now in the Computer scan settings window that appears:- Make sure that the option Enable detection of potentially unwanted applications is selected. Now click on Advanced Settings and configure the options as follows: Remove found threats is Not checkedScan archives is checkedScan for potentially unsafe applications is checkedEnable Anti-Stealth Technology is checkedNow click on: StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats. At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry). Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish. Attach the saved log file in your next reply please. Thanks.
|
|
|
Post by kschlada on Jul 20, 2015 19:20:32 GMT -8
I think you may have found the root of my problem! Here are the 3 potential threats ESET found via the doc you requested: ESETscan_threatsfound.txt (880 B) I was away over the weekend, which is the reason for the delay in my response. Thank you for your patience.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 21, 2015 22:53:58 GMT -8
Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txtNOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemStart FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
|
|
|
Post by kschlada on Jul 22, 2015 6:04:36 GMT -8
Before I click the Fix button, I notice your picture of FRST64 has the Addition.txt box checked. Mine does not, but that is the only difference between the picture of FRST you posted and my tool. Should the checkboxes be identical to what you have shown? I assume yes, but I want to make sure.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 22, 2015 20:32:54 GMT -8
The check boxes are for scans not running scripts; all the needed commands are in the script text file (Fixlist.txt).
You did OK by asking and not just blindly going on. You are good to go however.
|
|
|
Post by kschlada on Jul 23, 2015 7:00:30 GMT -8
Ok, as per instructions, here is FRST's fixlog: Fixlog.txt (2.33 KB) Not sure if it's related to what I just did with FRST, but thought it might be relevant for you to know: my computer was exceptionally slow on the restart. There was a full minute before the Windows logo appeared on the startup screen. Additionally, after I logged into my Windows user account the screen went black with only a cursor for another 40-50 seconds before loading my background, taskbar, desktop icons, etc. Normally that part of the process--even recently with the slowness issues--takes a few seconds, and never with a blank screen. This was the first time that has happened.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Jul 23, 2015 15:27:51 GMT -8
Let's get a fresh looksee, ok? First, delete the FRST64.exe that is on your desktop along with any logs (FRST.txt / Addition.txt). Next, please download Farbar Recovery Scan Tool 64bit and save it to your Desktop. Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)! Start FRST64 that is on your Desktop by right clicking on it and selecting "Run as Administrator..." .The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or pastebin.com to upload the file and then post the download link here in your reply post.
|
|