Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Desktop Computer infected / Possibly a program called Vosteran

vosteran desktop asus windows 8.1 64 bit virus malware spyware

  • This topic is locked This topic is locked
6 replies to this topic

#1 NicoleD

NicoleD

    Authentic Member

  • Authentic Member
  • PipPip
  • 225 posts
  • Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 05 January 2015 - 07:35 PM

Hello, Just yesterday my computer was fine, and now it's acting up.  Every time I open IE I get the Internet Explorer Security popup telling me Google toolbar wants to open (see screen shot).  I've been saying no even though I know Google Toolbar is legit - Yesterday, I received a pop up that looked like it was from microsoft saying I had 11 out dated drivers.  I clicked on it to update them, but I think what I got was way more than I bargined for.  Something by the name of Vosteran keeps popping up.  Maybe this is the virus.  Any help would be appreciated.  Thank you

 

below the screen shot is the hijack report.

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:23:35 PM, on 1/5/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 34.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Nicole\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39bar.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Nuance PDF Toolbar Helper - {940361F8-7F16-4498-AB43-2EFFE0235AFA} - C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll
O2 - BHO: PlusIEEventHelper Class - {9D137966-2E29-45C5-9B12-29D5427F8F66} - C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O3 - Toolbar: Nuance PDF - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe
O4 - HKLM\..\Run: [MapsGalaxy_39 Browser Plugin Loader 64] C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon64.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [PowerPDF Registry Controller] "C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe"
O4 - HKLM\..\Run: [Nuance Power PDF Advanced-reminder] "C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\Power PDF Advanced\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PowerPDFInboxMonitor] "C:\Program Files (x86)\Nuance\Power PDF\InboxMonitor.exe" /run
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [NuanPowerPdf1NPDFLM] "C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe"
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_18F9ED406E377D72992EE1809DE354B5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Open with Convert Assistant - res://C:\Program Files (x86)\Nuance\Power PDF\cnvres_eng.dll /100
O8 - Extra context menu item: Open with Power PDF - res://C:\Program Files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://ttnauthihspro...ary.state.nj.us
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.app...ex/qtplugin.cab
O16 - DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} (Mail Migration) - https://col0-sec.mai...px?n=1547480989
O16 - DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} (Cisco Secure Desktop / HostScan Web Control) - https://vpn1.judicia...ies/instweb.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MapsGalaxyService (MapsGalaxy_39Service) - COMPANYVERS_NAME - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18722 bytes
 


    Advertisements

Register to Remove


#2 NicoleD

NicoleD

    Authentic Member

  • Authentic Member
  • PipPip
  • 225 posts
  • Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 05 January 2015 - 07:59 PM

Here is the aswMBR log

 

sorry, I posted the log, but the scan wasn't finished.  I will post as soon as it's complete.  thanks


Edited by nikid506, 05 January 2015 - 08:01 PM.


#3 NicoleD

NicoleD

    Authentic Member

  • Authentic Member
  • PipPip
  • 225 posts
  • Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 05 January 2015 - 08:05 PM

I just noticed that this software or program called Vosteran has hijacked my search engine.  Every time I change my default search engine to google, it redirects to Vosteran.



#4 NicoleD

NicoleD

    Authentic Member

  • Authentic Member
  • PipPip
  • 225 posts
  • Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 05 January 2015 - 08:59 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-05 20:39:52
-----------------------------
20:39:52.052    OS Version: Windows x64 6.2.9200
20:39:52.052    Number of processors: 4 586 0x2502
20:39:52.052    ComputerName: HOME  UserName:
20:39:53.537    Initialize success
20:39:53.584    VM: initialized successfully
20:39:53.599    VM: Intel CPU supported
20:39:59.625    VM: disk I/O storahci.sys
20:41:51.041    AVAST engine defs: 15010501
20:42:07.418    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
20:42:07.418    Disk 0 Vendor: WDC_WD10EZEX-60ZF5A0 80.00A80 Size: 953869MB BusType: 11
20:42:07.496    Disk 0 MBR read successfully
20:42:07.496    Disk 0 MBR scan
20:42:07.589    Disk 0 Windows 7 default MBR code
20:42:07.605    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
20:42:07.636    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953517 MB offset 718848
20:42:07.683    Disk 0 scanning C:\Windows\system32\drivers
20:42:18.075    Service scanning
20:42:20.216    Service BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys **LOCKED** 5
20:42:20.247    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
20:42:20.310    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
20:42:38.954    Modules scanning
20:42:38.954    Disk 0 trace - called modules:
20:42:38.985    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
20:42:38.985    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001ab3894a0]
20:42:39.001    3 CLASSPNP.SYS[fffff8009e802170] -> nt!IofCallDriver -> \Device\00000028[0xffffe001ab0ab060]
20:42:40.845    AVAST engine scan C:\Windows
20:42:43.377    AVAST engine scan C:\Windows\system32
20:45:48.118    AVAST engine scan C:\Windows\system32\drivers
20:46:01.574    AVAST engine scan C:\Users\Nicole
20:57:36.583    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
20:57:36.708    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-05 20:39:52
-----------------------------
20:39:52.052    OS Version: Windows x64 6.2.9200
20:39:52.052    Number of processors: 4 586 0x2502
20:39:52.052    ComputerName: HOME  UserName:
20:39:53.537    Initialize success
20:39:53.584    VM: initialized successfully
20:39:53.599    VM: Intel CPU supported
20:39:59.625    VM: disk I/O storahci.sys
20:41:51.041    AVAST engine defs: 15010501
20:42:07.418    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
20:42:07.418    Disk 0 Vendor: WDC_WD10EZEX-60ZF5A0 80.00A80 Size: 953869MB BusType: 11
20:42:07.496    Disk 0 MBR read successfully
20:42:07.496    Disk 0 MBR scan
20:42:07.589    Disk 0 Windows 7 default MBR code
20:42:07.605    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
20:42:07.636    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953517 MB offset 718848
20:42:07.683    Disk 0 scanning C:\Windows\system32\drivers
20:42:18.075    Service scanning
20:42:20.216    Service BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys **LOCKED** 5
20:42:20.247    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
20:42:20.310    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
20:42:38.954    Modules scanning
20:42:38.954    Disk 0 trace - called modules:
20:42:38.985    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
20:42:38.985    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001ab3894a0]
20:42:39.001    3 CLASSPNP.SYS[fffff8009e802170] -> nt!IofCallDriver -> \Device\00000028[0xffffe001ab0ab060]
20:42:40.845    AVAST engine scan C:\Windows
20:42:43.377    AVAST engine scan C:\Windows\system32
20:45:48.118    AVAST engine scan C:\Windows\system32\drivers
20:46:01.574    AVAST engine scan C:\Users\Nicole
20:57:36.583    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
20:57:36.708    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"
20:57:50.851    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
20:57:50.929    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"


aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-05 20:39:52
-----------------------------
20:39:52.052    OS Version: Windows x64 6.2.9200
20:39:52.052    Number of processors: 4 586 0x2502
20:39:52.052    ComputerName: HOME  UserName:
20:39:53.537    Initialize success
20:39:53.584    VM: initialized successfully
20:39:53.599    VM: Intel CPU supported
20:39:59.625    VM: disk I/O storahci.sys
20:41:51.041    AVAST engine defs: 15010501
20:42:07.418    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
20:42:07.418    Disk 0 Vendor: WDC_WD10EZEX-60ZF5A0 80.00A80 Size: 953869MB BusType: 11
20:42:07.496    Disk 0 MBR read successfully
20:42:07.496    Disk 0 MBR scan
20:42:07.589    Disk 0 Windows 7 default MBR code
20:42:07.605    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
20:42:07.636    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953517 MB offset 718848
20:42:07.683    Disk 0 scanning C:\Windows\system32\drivers
20:42:18.075    Service scanning
20:42:20.216    Service BdfNdisf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys **LOCKED** 5
20:42:20.247    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
20:42:20.310    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
20:42:38.954    Modules scanning
20:42:38.954    Disk 0 trace - called modules:
20:42:38.985    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
20:42:38.985    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001ab3894a0]
20:42:39.001    3 CLASSPNP.SYS[fffff8009e802170] -> nt!IofCallDriver -> \Device\00000028[0xffffe001ab0ab060]
20:42:40.845    AVAST engine scan C:\Windows
20:42:43.377    AVAST engine scan C:\Windows\system32
20:45:48.118    AVAST engine scan C:\Windows\system32\drivers
20:46:01.574    AVAST engine scan C:\Users\Nicole
20:57:36.583    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
20:57:36.708    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"
20:57:50.851    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
20:57:50.929    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"
21:00:14.841    File: C:\Users\Nicole\AppData\Local\Microsoft\Windows\INetCache\IE\WRJV9LX1\java_setup.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
21:56:29.398    AVAST engine scan C:\ProgramData
21:58:26.380    Disk 0 statistics 6720953/0/0 @ 0.90 MB/s
21:58:26.395    Scan finished successfully
21:59:19.420    Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Desktop\MBR.dat"
21:59:19.499    The log file has been saved successfully to "C:\Users\Nicole\Desktop\aswMBR.txt"

 



#5 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2015 - 08:21 AM

Sorry for the delay but when you post multiple times to your topic it looks like someone has answered.

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 NicoleD

NicoleD

    Authentic Member

  • Authentic Member
  • PipPip
  • 225 posts
  • Interests:Social Media, Marketing, IT, Graphic Design, Real Estate

Posted 08 January 2015 - 07:04 PM

HI Juliet,

Thank you for helping me.  I figured I added this post wrong, so I started a new one not knowing how to delete the old one.  I've been working with someone on the other post already.  Thank you for offering your help anyway. 



#7 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2015 - 07:15 PM

thank you for updating me.

I'll close this one.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics




Also tagged with one or more of these keywords: vosteran, desktop, asus, windows 8.1, 64 bit, virus, malware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users