|
|
Post by jholland1964 on Oct 2, 2017 21:47:56 GMT -5
I went thru the whole thing again--step by step & line by line and it is not there. I apologize, they have changed the location of the logs and how to look for them, here are the new instructions. I am So Sorry  To view the log file, Show hidden files and folders must be enabled. In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results.
Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.
The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt Where it says %userprofile% this would likely be the name or user name your friend has designated on the computer |
|
acker1
Member
Posts: 220 
Former World Start Member: Yes
|
Post by acker1 on Oct 2, 2017 22:25:15 GMT -5
16:48:34 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=
# end=init
# utc_time=2017-10-02 21:48:32
# local_time=2017-10-02 16:48:32 (-0600, Central Daylight Time)
# country="United States"
# osver=10.0.15063 NT
16:48:47 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=b3f2f35b81cc9745bfe01187b5058372
# end=init
# utc_time=2017-10-02 21:48:46
# local_time=2017-10-02 16:48:46 (-0600, Central Daylight Time)
# country="United States"
# osver=10.0.15063 NT
16:49:32 Updating
16:49:32 Update Init
16:49:43 Update Download
16:58:13 esets_scanner_reload returned 0
16:58:13 g_uiModuleBuild: 34931
16:58:13 Update Finalize
16:58:13 Call m_esets_charon_send
16:58:13 Call m_esets_charon_destroy
16:58:13 Updated modules version: 34931
16:58:32 Call m_esets_charon_setup_create
16:58:32 Call m_esets_charon_create
16:58:32 m_esets_charon_create OK
16:58:32 Call m_esets_charon_start_send_thread
16:58:32 Call m_esets_charon_setup_set
16:58:32 m_esets_charon_setup_set OK
16:58:32 Scanner engine: 34931
19:48:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=b3f2f35b81cc9745bfe01187b5058372
# engine=34931
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2017-10-03 00:48:28
# local_time=2017-10-02 19:48:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=10.0.15063 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7358251 17034704 0 0
# scanned=2
# found=4
# cleaned=0
# scan_time=10213
sh=AE984559E3AD9DF39DA8FD9767A0BC6578BF35E6 ft=1 fh=0000000000000000 vn="a variant of Win32/GT32SupportGeeks.I potentially unwanted application" ac=I fn="C:\Users\Dave&Toni\AppData\Local\Microsoft\Windows\INetCache\IE\X87LS0OF\wntsetup[1].exe"
sh=AE984559E3AD9DF39DA8FD9767A0BC6578BF35E6 ft=1 fh=0000000000000000 vn="a variant of Win32/GT32SupportGeeks.I potentially unwanted application" ac=I fn="C:\Users\Dave&Toni\AppData\Local\Temp\~qbpaopb.tmp\wntsetup.exe"
sh=490BF71886511EB1A072326B6A4382049C84C74D ft=1 fh=0000000000000000 vn="a variant of Win32/GT32SupportGeeks.I potentially unwanted application" ac=I fn="C:\Users\Dave&Toni\Downloads\wintonic (1).exe"
sh=490BF71886511EB1A072326B6A4382049C84C74D ft=1 fh=0000000000000000 vn="a variant of Win32/GT32SupportGeeks.I potentially unwanted application" ac=I fn="C:\Users\Dave&Toni\Downloads\wintonic.exe"
19:53:09 Call m_esets_charon_send
19:53:09 Call m_esets_charon_destroy
21:34:15 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=b3f2f35b81cc9745bfe01187b5058372
# end=init
# utc_time=2017-10-03 02:34:14
# local_time=2017-10-02 21:34:14 (-0600, Central Daylight Time)
# country="United States"
# osver=10.0.15063 NT
21:34:28 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.17.0
# EOSSerial=b3f2f35b81cc9745bfe01187b5058372
# end=init
# utc_time=2017-10-03 02:34:27
# local_time=2017-10-02 21:34:27 (-0600, Central Daylight Time)
# country="United States"
# osver=10.0.15063 NT
21:36:56 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Dave&Toni\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
|
|
|
|
Post by jholland1964 on Oct 2, 2017 22:33:12 GMT -5
Oh brother, it did not clean, You DO have to tell it to clean as shown in the sample picture in my attachment. Did you do this? Attachments:
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 2, 2017 22:36:42 GMT -5
Yes, hit 'clean all'. I didn't hit 'select all' but did each one individually.
|
|
|
|
Post by budgall on Oct 2, 2017 22:39:51 GMT -5
I just ran it on my computer, the program downloaded when I told it to do an online scan. I clicked the downloaded file and it ran but did not generate any log files and did not install itself on my computer. It also did not clean what it found, the program just froze. It didn't find anything that I would be concerned about.
Ok, I didn't read all the messages and did find the log file. It still did not clean and had boxed selected correctly
|
|
|
|
Post by jholland1964 on Oct 2, 2017 22:44:30 GMT -5
I just ran it on my computer, the program downloaded when I told it to do an online scan. I clicked the downloaded file and it ran but did not generate any log files and did not install itself on my computer. It also did not clean what it found, the program just froze. It didn't find anything that I would be concerned about. I am so confused now I am not certain what to say. So ESET told you that YOUR computer had infected files and you are not concerned about them?  ?? ESET is a well known top of the line online scanner, has been for years. If ESET says there is infection on a computer then there is an infection on a computer. If you are not concerned about infected files on your computer then I think I will advise that you take both computers to a good, reliable computer shop and pay to have them both cleaned. |
|
|
|
Post by budgall on Oct 2, 2017 22:57:42 GMT -5
The files it found on my computer were both in downloaded zip files which I downloaded over a year ago while beta testing another antivirus program. I had forgotten they were still on the computer. In zip format they are harmless. I did delete them as I no longer needed them.
|
|
|
|
Post by jholland1964 on Oct 2, 2017 23:07:00 GMT -5
The files it found on my computer were both in downloaded zip files which I downloaded over a year ago while beta testing another antivirus program. I had forgotten they were still on the computer. In zip format they are harmless. I did delete them as I no longer needed them. Thanks for the explanation. That explanation would have been nice in your original post since all you said you weren't worried about the files found. Could make others not as knowledgeable as you to also decide just to ignore files found by some sort of scan that they may think are ok files because they had chosen to download them when in reality they ARE dangerous files. |
|
|
|
Post by jholland1964 on Oct 2, 2017 23:10:19 GMT -5
Don't know what has happened to the OP, Dick. Hopefully he will read the full instructions on this page,beginning on the section headed How do I run the Online Scanner? including the use of Advanced settings.
I have to sign off.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 2, 2017 23:19:02 GMT -5
I did answer you in reply #93:
"Yes, hit 'clean all'. I didn't hit 'select all' but did each one individually."
Somebody else jumped in there so you probably didn't see it.
|
|
|
|
Post by budgall on Oct 2, 2017 23:21:48 GMT -5
I just ran it on my computer, the program downloaded when I told it to do an online scan. I clicked the downloaded file and it ran but did not generate any log files and did not install itself on my computer. It also did not clean what it found, the program just froze. It didn't find anything that I would be concerned about. If you are not concerned about infected files on your computer then I think I will advise that you take both computers to a good, reliable computer shop and pay to have them both cleaned. Frankly I am stunned. Please read all of the instructions on this page concerning the use of the ESET Online Scanner, including Advanced Settings and let me know if you followed all of those instructions. I truly have never known an ESET Scan not clean infected files and now to have that happen on two computers, it is something that must be reported to them for sure. I will get in touch with them ASAP. They may want to contact you about this, is this OK? I am/was a good reliable computer shop and have been told my computer shop is/was (retired now, except for a few select clients) one of the oldest in California. You have higher regard for ESET than I do, I ran it with the default settings. Findings were pre-selected, I did check the select all box perhaps having the found items individually selected and the select all box both also checked cancelled the removal process and froze the program. Both the Eset program and its logs logs are now long gone. I have no interest in being contacted by ESET. |
|
|
|
Post by jholland1964 on Oct 2, 2017 23:33:00 GMT -5
I am/was a good reliable computer shop and have been told my computer shop is/was (retired now, except for a few select clients) one of the oldest in California. You have higher regard for ESET than I do, I ran it with the default settings. Findings were pre-selected, I did check the select all box perhaps having the found items individually selected and the select all box both also checked cancelled the removal process and froze the program. Both the Eset program and its logs logs are now long gone. I have no interest in being contacted by ESET. I sincerely apologize, I certainly was not implying that you didn't know what you were talking about or know how to help folks. That was not my intention. I will no longer recommend ESET that is for sure. I think maybe if you could or would be willing to help Dick it would be a good idea. I am an amateur and you can offer more suggestions than I am qualified to do. I believe he is still here and I am sure he'd appreciate if you could give him some suggestions. |
|
|
|
Post by budgall on Oct 2, 2017 23:50:21 GMT -5
I have been following along here and have no problems with your directions or suggestions you have made. You and I both approach malware/viruses the same way and we both use the same tools. I think the big problem here is that adwcleaner is failing and I am not aware of any other program that will/can do what adwcleaner does. I saw where the Malwarebytes website says it has fixed the issues but it may be a couple weeks before they release the fixed version of adwcleaner. I saw that you were in the support forums, I wonder if they would let you download a preview of the unreleased version since you are dealing with a live need.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 12:51:07 GMT -5
Any more ideas for me to try?
|
|
|
|
Post by jholland1964 on Oct 3, 2017 13:08:33 GMT -5
Any more ideas for me to try? Basically some "shots in the dark" because the tool we need is not available. Do this: Download Junkware Removal Tool
www.malwarebytes.com/junkwareremovaltool/Double click on the new icon to start the program Right click and select Run as Administrator Follow the directions in the Black box and the program will run. Be aware that during the scan your Desktop may disappear and a Windows Explorer window may open. These actions are Normal, DON’T PANIC. Your computer will not be rebooted, but a logfile will be produced Please copy/paste it back here – |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 13:38:12 GMT -5
It never put an icon on the desktop, so couldn't run as admin. When I clicked the exe for the program it immediatley opned the black box. BUT, it did run.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Dave&Toni (Administrator) on Tue 10/03/2017 at 13:22:42.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Dave&Toni\AppData\Roaming\Mozilla\Firefox\Profiles\na48me8h.default\extensions\iobitascsurfingprotection@iobit.com (Folder)
Successfully deleted: C:\Users\Dave&Toni\AppData\Roaming\Mozilla\Firefox\Profiles\na48me8h.default\user.js (File)
Successfully deleted: C:\Users\Dave&Toni\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Dave&Toni) (Task)
Registry: 4
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1DE9E7AE-1530-4C6C-B17C-E6DFDE30E3FE} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{506CC071-72B0-4C86-866E-3B75A12F6CE7} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B46DB9C7-3366-4A1B-9F2B-1CD229681193} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFFCD0AA-AB63-4B0B-A20B-D2B72F9C97F5} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/03/2017 at 13:33:06.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Post by jholland1964 on Oct 3, 2017 13:54:10 GMT -5
Well Hallelujah!!!!!!!!!!!! None of the stuff that AdwCleaner found and won't remove but at least somethings are gone. Is SUPERAntispyware on the computer? If not please download it, install it and run a Complete Scan with it. Ordinarily a Quick Scan is more than enough but this time....well, you know. Run the scan and of course have it clean all it finds and come back here and copy/paste the log. Of course hit the RED button on this page to download the Free Edition www.superantispyware.com/ |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 16:03:11 GMT -5
SUPERAntiSpyware Scan Log www.superantispyware.comGenerated 10/03/2017 at 02:48 PM Application Version : 6.0.1248 Database Version : 14009 Scan type : Complete Scan Total Scan Time : 00:43:22 Operating System Information Windows 10 Home 64-bit (Build 10.00.15063) UAC On - Limited User Memory items scanned : 1103 Memory items detected : 0 Registry items scanned : 65646 Registry items detected : 0 File items scanned : 22746 File items detected : 12538 PUP.MyWay C:\Users\Dave&Toni\AppData\Local\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\HTTP_HP.MYWAY.COM_0.LOCALSTORAGE Adware.Tracking Cookie C:\Users\Dave&Toni\AppData\Local\Microsoft\Windows\INetCookies\N0RWH3AJ.cookieC:\Users\Dave&Toni\AppData\Local\Microsoft\Windows\INetCookies\N0RWH3AJ.cookie [ /inspectlet.com ] .wtp101.com\cookie_born [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .servesharp.net\UUID [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .servesharp.net\UREGION [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .iasds01.com\AC [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .iasds01.com\DMADT [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .tru.am\__cfduid [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .bcp.crwdcntrl.net\__ar_v4 [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] s.thebrighttag.com\btpdb.KSNUeWE.YnJpZ2h0dGFnIHVzZXIgaWQ [ C:\USERS\DAVE&TONI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 16:21:12 GMT -5
I lost track of where I was when copy/paste. Might take awhile for me to find it.
|
|
|
|
Post by jholland1964 on Oct 3, 2017 16:22:46 GMT -5
I lost track of where I was when copy/paste. Might take awhile for me to find it. Find what? If you mean in the log, don't bother. Nothing found but tracking cookies. While those are not something we want this really just says your friend doesn't have her browsers configured correctly. Virtually all of those were from Chrome and "some of it" has been removed. It all has not been removed because if that were the case there wouldn't be anything left to remove from it. So it at least partially still remains. |
|
|
|
Post by jholland1964 on Oct 3, 2017 16:31:30 GMT -5
STOP! you are posting the same things over and over. We don't need to see anymore of the log. It only shows tracking cookies. Please Stop.
*****************************
For all of those reading an explanation, rather than leaving the "umpteen" posts listing the 12538 File items detected, which were tracking cookies, I had Dick stop and I have deleted all those except the first portion of the SUPERAntispyware log posted.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 16:34:26 GMT -5
Thank you!!!!!!!!!!!!!!!!!!!!!!!! I kept getting lost.
|
|
|
|
Post by jholland1964 on Oct 3, 2017 16:39:32 GMT -5
Thank you!!!!!!!!!!!!!!!!!!!!!!!! I kept getting lost. No kidding!  I am going to delete all of those posts so that so much room isn't used. We know what was there...tracking cookies. Do this please: Make sure Show hidden files and folders is enabled. In the search box on the taskbar, type folder, and then select Show hidden files and folders from the search results. Under Advanced settings, select Show hidden files, folders, and drives, and then select OK. C:\Users\Dave&Toni\AppData\Local\Google Look in the Google folder for Chrome and delete that Chrome folder, nothing else, just the Chrome folder. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 16:47:29 GMT -5
Done. There is also a folder labeled "Chrome Cleanup Tool"
|
|
|
|
Post by jholland1964 on Oct 3, 2017 16:54:19 GMT -5
Done. There is also a folder labeled "Chrome Cleanup Tool" You can remove that also. That is a tool that will scan and remove software that may cause problems with Chrome but since Chrome is gone it is not needed. You also might Open CCleaner, go to Tools, Uninstall, and make sure that Google Chrome is not listed there, if it is then scroll down and highlight it and use CCleaner to uninstall the rest of it by clicking the Uninstall button on the right at the top. |
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 17:01:53 GMT -5
It wasn't there.
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 17:09:28 GMT -5
My eyes are burning. Gonna have to take a break & have my wife put the prescription in my eyes. It's a gel and blurs my vision. Won't be able to see very good for about 1 or 2 hours.
|
|
|
|
Post by jholland1964 on Oct 3, 2017 17:09:41 GMT -5
Good. I want you to do a Custom Scan with Malwarebytes 3 so open the program and click on the Scan button on the Left side. This will bring you to the Scan options section. Click on Custom Scan. Then at the bottom click on the Blue Configure Scan button at the bottom. When that opens be sure the selections shown on my 2nd attachment are also the ones chosen on your program. Then click the Scan Now button. This custom scan may take longer than the recommended Threat Scans because more is being scanned. When it finishes be absolutely sure that you DO make certain that ALL items found are chosen to be cleaned/quarantined. If the program wants to reboot please do so. Post back with the log No problem at all. Take your time. Attachments:
|
|
acker1
Member
Posts: 220
Former World Start Member: Yes
|
Post by acker1 on Oct 3, 2017 20:31:00 GMT -5
I am running it now --- for the lasr hour!
|
|
|
|
Post by jholland1964 on Oct 3, 2017 20:56:28 GMT -5
I am running it now --- for the lasr hour! Just let it run. It WILL run much longer because many more items are scanned. The default scan is the Threat Scan & is the scan method recommended. While it will not scan every file on your computer, it will scan the locations which most commonly are the launch point for a malware attack. The Custom scans many more areas and it does include the option to scan for rootkits, which IS important for sure in cases like this one. Rootkits can and do often stop security programs from either seeing infection or stop the infection from being removed. You ran one rootkit scanner the TDSSKiller and it was clean, that tested for just the most common rootkits but there are many other types that would not have been seen by this scanner, hence use Malwarebytes 3 custom scan to also look for rootkits. I am not saying it is a rootkit causing trouble but with the option available to look then why not take it. Just let it run. Go ahead and just play on your own computer until this finishes. |
|
?? ESET is a well known top of the line online scanner, has been for years. If ESET says there is infection on a computer then there is an infection on a computer. 
I am going to delete all of those posts so that so much room isn't used. We know what was there...tracking cookies.
