Hi–That was my plan… to just let it run without anyone touching it… but when we do that, the screen goes dark (asleep?). I think everything keeps running in the background, but I just wasn’t sure.
J
The fix should not taker longer than 10 minutes to run (unless the temp files are full) You can move the mouse to keep the screen active and monitor the bar at the bottom as it progresses through the fix
Hi-Just checking in.
The fix is still running. Started it about 40 minutes ago. The first part went quickly–it’s been sitting at the last two lines (emptytemp and reboot) for about 20 minutes so far. Is that normal? I’ll just let it keep going…
JB
Hmmmmmm…Essexboy is UK so not sure if he is a sleep.
If you’ve never emptied your TEMP then perhaps…I’d wait a good 30 minutes more.
If nothing happens then I’d hold off for Essexboy in morning to post.
Reporting back again. So two hours later, the Run Fix is stopped in the same place.
I’ll just leave it as is, until I hear back.
Please do not change the topic of a thread.
I’m sorry–do you mean in the subject line? The original subject is always there–"Re: Virus “symptoms” still present after removal. I was just trying to focus the subject line further for those helping…I didn’t think the subject line would matter much once the thread was established (otherwise, why would there still be a subject line), since everything is contained in this thread… but perhaps this is not good practice.
The topic hasn’t changed (other than the people who asked questions about the MCShield product (not the 404) I was instructed in this thread to run MCShield, and it came up 404. It seemed to me to be important…
So, if the comment was meant for me–and you mean the subject line–… it won’t happen again. :-[
Essexboy:
After three hours of being stuck on those last two lines, something happened, albeit accidentally. The screen had gone dark, I touched the power to reactivate. The same screen was still there (run fix), but then it suddenly disappeared, and the laptop shutdown. On reboot, there was a log opened on the screen. I’ve attached. It.
So, to be clear, this is the log that appeared at the end of the OTL Run Fix.
I’ll wait until I hear from you before I do anything else, as I don’t know if the “fix” completed successfully.
Thanks,
JB
While we wait for Essexboy how does the laptop work ?
I think one of the initial problems was downloading files…can you now ?
It was the size of the temp files plus the removal of AVG that caused the delay, sorry about that it is unusual for it to take that long. Can you now download ?
Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
One more question – I did just install Malwarebytes, as part of this whole cleaning process–about 30 days ago, and it is updated.
Do I need to uninstall, and reinstall a clean version–or is it ok as is?
No problems with the delay. Thanks for letting me know the “why.”
Will check the download and report back.
J.
If you already have it just make sure to update the database before you run.
It should do this when you launch but if not go to the update tab within MBAM.
Also, as a FYI…I am by far no expert but I have both Avast & MBAM Pro on my PCs.
The MBAM Pro is one time charge (~$24) for lifetime.
MBAM & A/Vs (eg. Avast) play nice with each other and you can have both real-time shields running.
I schedule a system scan from each once a night (different times).
You’ll have tons of folks with tons of different opinions on what to use…some are too light, some overkill.
It really depends on type of user you are (what you do with PC) and techy sophistication (for tweaking).
I’ve personally found the middle road of ease of use + safety is Avast + MBAM Pro.
Again, my disclaimer is I’m no expert…especially on security software…just a techy been around PCs for 20+ years.
I only mention since you have MBAM loaded.
You do have the choice of running MBAM from time to time without paying…like you are now…but you have to do this manually…the paid version has the scheduler.
No use the current copy but ensure it is updated. The main thing is to check whether or not you can download any programmes/files
Essexboy, I saw in your OTL fix where you removed old AVG Search.
This rang a bell with me: http://forum.avast.com/index.php?topic=81045.15 …see last post of thread.
Seems that this does not get uninstalled with their uninstaller.
SUCCESS!! On downloading an exe file. Thank you!
Now… I think I have two tasks remaining:
- Run Malwarebytes Quick Scan
- Download and run MCShield.
Essexboy–Is the MCShield scan still needed/advisable? And, is it possible to tell me in a sentence or two, what the problem was? A file that just refused to be removed by Avast or Malwarebytes? Something else?
thekochs–thank you for the suggestion. The investment is small, and the autoscheduler is worth it, especially for said spouse in question, who does almost zero to safeguard anything!! (I have scheduled scans to run when he’s at work.)
JB
I’ll let Essexboy comment on your questions but I think the culprit is you had AVG (A/V) on this machine prior and not all its items were uninstalled. Not your fault (or spouse)…these A/Vs don’t always uninstall cleanly so when you change over you really need to clean these old items…Avast has a FAQ on it: http://www.avast.com/faq.php?article=AVKB11#artTitle
Most typically people “uninstall” thru the Windows Programs or via Windows where the program has an uninstaller…makes sense…of course…but for A/Vs there are “remover” utils to get rid of all remnants. For most software this is a don’t care…for A/Vs a different story.
This was the problem :
IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=F4Ohn6C-M-oPlcU5DzTcfMvYbJw?q={searchTerms} IE - HKU\S-1-5-21-3334157229-1843940417-2705372315-1002\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=wp4geEaPqFbgGrkkgy2vaDNcg6A?q={searchTerms}A proxy had been inserted to redirect all your searches and they would only allow you to use their DNS server, hence no tools are able to download
I would use MCShield if you use USB drives in the computer or you insert camera SD cards
Essexboy, thx for the explanation…I’m in learning mode out of curiosity.
I saw your OTL script and the AVG & McAfee items…did not see nor clue in with the SearchScopes item with IP address.
Of course, that is why you are the expert and I’m not. 
Unfortunately this is one area that very few tools look at so it does need the human eye
Log from the Malwarebytes Quick Scan, as requested. Attached.