Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vosteran Infected - Help Please! [Solved]

Vosteran

  • This topic is locked This topic is locked
40 replies to this topic

#1 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 13 January 2015 - 07:02 PM

I got Voseran on my computer somehow. I have never had such a thing happen before and I automatically did a scan with Nortan and I deleted it, or so I thought, but it is still here and I don't know what to do. Help please!!


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 January 2015 - 08:13 PM

:welcome:

 

Run this program please, it wont remove anything , I just want to see the reports, it will produce 2 reports FRST and Additions, post them both, I dont know if you need the 32 bit or 64 bit version as you provided no information

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 13 January 2015 - 08:50 PM

    Both my computer and norton is giving me trouble with downloading it. My computer is dell with windows 8. 



    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 13 January 2015 - 09:07 PM

    Your going to have to disable Norton , a lot of antivirus software flags our tools as bad but there not, you can usually just right click on Norton in the System Tray and disable it 

     

    http://www.bleepingc...lware-programs/



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 13 January 2015 - 09:32 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
    Ran by Elisha (administrator) on ELISHA on 13-01-2015 22:23:02
    Running from C:\Users\Elisha\Downloads
    Loaded Profile: Elisha (Available profiles: Elisha)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
    () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
    () C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe
    () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    (DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe
    () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    () C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe" 
    AppInit_DLLs-x32: C:/PROGRA~3/{2809C~1/171~1.0/rala.dll => C:/PROGRA~3/{2809C~1/171~1.0/rala.dll [649216 2015-01-13] ()
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://vosteran.com/...=1776513807&ir=
    HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> DefaultScope {CC4D05F4-2294-4BD0-8E80-0FD611DAA551} URL = http://vosteran.com/...=1776513807&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {CC4D05F4-2294-4BD0-8E80-0FD611DAA551} URL = http://vosteran.com/...=1776513807&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> DefaultScope {CC4D05F4-2294-4BD0-8E80-0FD611DAA551} URL = http://vosteran.com/...=1776513807&ir=
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {CC4D05F4-2294-4BD0-8E80-0FD611DAA551} URL = http://vosteran.com/...=1776513807&ir=
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
     
    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-13]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://vosteran.com/?f=7&a=vst_dnldastr_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtC0Czyzy0Azz0E0CyD0EtN0D0Tzu0StCtCtDzztN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzzyEyEzy0CyB0CtG0AtA0DyDtG0CyEzytBtGtA0B0BtAtGyCyCtCtC0EtDyEtCzyzztC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyD0AtCyBtDtGyB0FtCzytGyEyC0CzztG0AzztC0BtG0A0EtC0ByC0AtBzztBtDyDtD2Q&cr=1776513807&ir="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
    CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
    CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
    CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
    CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
    CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
    CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]
    CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
    CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-10]
    CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]
    R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2014-10-15] (Coupons.com Inc.)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
    R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
    R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
    R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
    R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [529656 2015-01-13] ()
    R2 Util Solution Real; C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe [529656 2015-01-13] ()
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
    S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
    R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
    R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-12-09] (Symantec Corporation)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)
    R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150107.001\IDSvia64.sys [637656 2015-01-07] (Symantec Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.001\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150113.001\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)
    R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R1 {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64; C:\Windows\System32\drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys [48792 2015-01-13] (StdLib)
    S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-13 22:23 - 2015-01-13 22:23 - 00022680 _____ () C:\Users\Elisha\Downloads\FRST.txt
    2015-01-13 22:21 - 2015-01-13 22:23 - 00000000 ____D () C:\FRST
    2015-01-13 22:21 - 2015-01-13 22:21 - 02124288 _____ (Farbar) C:\Users\Elisha\Downloads\FRST64.exe
    2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG
    2015-01-13 19:36 - 2015-01-13 19:36 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-01-13 19:02 - 2015-01-13 07:42 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys
    2015-01-13 19:01 - 2015-01-13 19:01 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Vosteran
    2015-01-13 18:55 - 2015-01-13 21:55 - 00000310 _____ () C:\Windows\Tasks\WSE_Vosteran.job
    2015-01-13 18:55 - 2015-01-13 18:55 - 00002648 _____ () C:\Windows\System32\Tasks\WSE_Vosteran
    2015-01-13 18:54 - 2015-01-13 19:34 - 00000000 ____D () C:\Program Files (x86)\Solution Real
    2015-01-13 18:54 - 2015-01-13 18:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\WSE_Vosteran
    2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe
    2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}
    2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
    2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe
    2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
    2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
    2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
    2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
    2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
    2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton
    2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
    2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe
    2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
    2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON
    2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
    2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
    2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
    2014-12-17 09:10 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2014-12-17 09:10 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-13 22:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-01-13 21:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-13 21:51 - 2014-10-23 12:33 - 01436814 _____ () C:\Windows\WindowsUpdate.log
    2015-01-13 19:57 - 2014-12-03 20:23 - 00004968 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha
    2015-01-13 19:43 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-01-13 19:41 - 2014-11-28 20:25 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002
    2015-01-13 19:39 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-13 19:37 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive
    2015-01-13 19:36 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-13 19:35 - 2013-08-22 09:46 - 00022758 _____ () C:\Windows\setupact.log
    2015-01-13 19:35 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-13 19:35 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
    2015-01-13 19:34 - 2014-03-18 04:44 - 00015100 _____ () C:\Windows\PFRO.log
    2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-01-13 19:33 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
    2015-01-13 19:33 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-13 19:32 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update
    2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files
    2015-01-13 17:20 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-01-13 16:23 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}
    2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity
    2015-01-10 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-01-10 00:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity
    2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website
    2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee
    2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages
    2014-12-27 14:09 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps
    2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-12-19 23:07 - 2014-10-23 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2014-12-19 23:03 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha
    2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
    2014-12-17 09:24 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-08 13:29
     
    ==================== End Of Log ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
    Ran by Elisha at 2015-01-13 22:24:31
    Running from C:\Users\Elisha\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Norton AntiVirus (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
    AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{7B4E3572-BAC5-E8FF-3AD6-ACD316726FE2}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
    Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.12.0 - Synaptics Incorporated)
    Dell Update (HKLM-x32\...\{C87ADBDA-EF36-4A53-B05C-DBCD98D3A2CA}) (Version: 1.4.2000.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
    DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
    My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
    Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
    Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.6.0.27 - Symantec Corporation)
    OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.16.010 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
    Solution Real (HKLM\...\Solution Real) (Version: 2015.01.13.202328 - Solution Real) <==== ATTENTION!
    WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    Winrar and Options (HKLM\...\Winrar_and_Options) (Version: 1.0 - Winrar)
    WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-647248783-2239493058-3912521117-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Elisha\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
     
    ==================== Restore Points  =========================
     
    13-01-2015 17:18:23 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {031EBA63-98A4-4414-A1AF-76A5B99AF9D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {1A199A1B-332D-4907-99AA-4CCD26661CDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-03] (Google Inc.)
    Task: {219BBD05-AC9D-44FD-A791-DEED3241E43E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {25D9ADD9-F642-4741-9078-39088B912669} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
    Task: {475C5035-7E01-4734-9969-790FD58AEE93} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
    Task: {476FC4C4-1B6E-4E09-AB95-EB88001024FE} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {6610EA2C-F0B0-45B4-84A6-6F8AC34C909E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {6B06A9A7-FB9C-465B-AE46-928DFE5A1AA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {71E46980-95B6-420D-A4F8-F8FAA651E31E} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
    Task: {7641035F-6807-4B4E-B881-56CA09F683CB} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {7AD9E783-E83B-44B9-8FFB-21ECAAE15126} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
    Task: {814F8C7C-ECAD-4E58-89DB-5245D2B2C522} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {8688D240-4F5C-4C73-8325-72B064B2D683} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
    Task: {89AD526E-5457-47DB-9D70-02E1F1C264A5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
    Task: {89C95FEF-CB1C-481B-9830-7773B274B7E9} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
    Task: {8B73009E-BA65-4C79-BC07-642A0C7B6E58} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {8E5E3D97-FD2A-469D-BF53-88A763C5EB42} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-04-26] (Synaptics Incorporated)
    Task: {B7690992-B4AE-4EBA-B07B-DC24676F058B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-647248783-2239493058-3912521117-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
    Task: {C92271FF-5189-437B-8114-B81D707BA40D} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
    Task: {D96137CA-75FC-4534-8050-CF72323DFB26} - System32\Tasks\WSE_Vosteran => C:\Users\Elisha\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2015-01-13] () <==== ATTENTION
    Task: {E0782FDF-F747-4444-A19F-B2606BD8D010} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
    Task: {EE995459-2BBC-4BC3-94C7-792A78A50F33} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Elisha\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-06-24 08:54 - 2014-06-24 08:54 - 00140288 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
    2014-06-24 08:53 - 2014-06-24 08:53 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2014-12-03 20:18 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2015-01-13 15:25 - 2015-01-13 15:25 - 00529656 _____ () C:\Program Files (x86)\Solution Real\updateSolutionReal.exe
    2015-01-13 19:00 - 2015-01-13 19:00 - 00529656 _____ () C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe
    2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
    2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
    2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
    2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
    2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
    2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
    2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
    2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
    2014-12-03 20:19 - 2014-12-04 06:58 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-10-23 12:44 - 2014-06-04 17:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2014-10-23 12:44 - 2014-06-04 17:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2014-10-23 12:44 - 2014-06-04 17:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
    2014-04-29 05:28 - 2014-04-29 05:28 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2014-04-29 05:23 - 2014-04-29 05:23 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2015-01-13 19:02 - 2015-01-13 08:23 - 00104184 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter.exe
    2015-01-13 19:02 - 2015-01-13 08:23 - 00121592 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.BrowserAdapter64.exe
    2015-01-13 19:02 - 2015-01-13 07:47 - 00101624 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe
    2014-04-29 05:31 - 2014-04-29 05:31 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    2014-06-24 08:53 - 2014-06-24 08:53 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-06-24 08:54 - 2014-06-24 08:54 - 00016896 _____ () c:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
    2014-10-23 12:44 - 2014-07-02 23:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
    2015-01-13 19:02 - 2015-01-13 07:42 - 00353016 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.PurBrowse64.exe
    2014-10-23 05:54 - 2014-06-24 21:45 - 00371200 _____ () C:\Windows\SYSTEM32\newhsacore64.DLL
    2014-10-23 05:54 - 2014-06-24 21:46 - 02047488 _____ () C:\Windows\SYSTEM32\hsaservices64.DLL
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-01-13 19:02 - 2015-01-13 07:47 - 00082168 _____ () C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll
    2015-01-13 19:02 - 2015-01-13 08:23 - 00197368 _____ () C:\Program Files (x86)\Solution Real\bin\693a0a5baa084a3cb7e8.dll
    2015-01-13 19:25 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-13 19:25 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2014-12-03 20:19 - 2014-12-04 06:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
    2014-10-23 12:44 - 2014-07-30 19:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
    2014-10-23 12:44 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
    2014-10-23 12:43 - 2012-11-26 01:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
    2015-01-13 19:25 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-13 19:25 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
    2015-01-13 19:25 - 2015-01-08 19:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\Elisha\OneDrive:ms-properties
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-647248783-2239493058-3912521117-500 - Administrator - Disabled)
    Elisha (S-1-5-21-647248783-2239493058-3912521117-1002 - Administrator - Enabled) => C:\Users\Elisha
    Guest (S-1-5-21-647248783-2239493058-3912521117-501 - Limited - Disabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/13/2015 07:35:41 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8
     
    Error: (01/13/2015 05:21:10 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8d98ce2-d8d6-4dfb-a185-e4d44fbd81da.dmp
     
    Error: (01/13/2015 04:54:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database
     
    Error: (01/13/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005
     
    Error: (01/12/2015 09:51:53 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161
     
    Error: (01/12/2015 07:11:14 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2a393615-b9ae-4905-903c-e9380a268f47.dmp
     
    Error: (01/12/2015 00:43:37 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ad5f5e9b-0df5-431d-9389-87f9d4b8c546.dmp
     
    Error: (01/11/2015 09:51:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161
     
    Error: (01/11/2015 05:28:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1469
     
    Error: (01/11/2015 05:28:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1469
     
     
    System errors:
    =============
    Error: (01/10/2015 00:01:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The My Dell Client Framework service failed to start due to the following error: 
    %%1053
     
    Error: (01/10/2015 00:01:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the My Dell Client Framework service to connect.
     
    Error: (01/05/2015 09:21:55 PM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (01/05/2015 09:21:55 PM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (01/04/2015 02:51:40 AM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (01/04/2015 02:51:40 AM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (12/31/2014 02:08:04 AM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (12/31/2014 02:08:04 AM) (Source: DCOM) (EventID: 10010) (User: ELISHA)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
     
    Error: (12/29/2014 08:20:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Wyse PocketCloud service terminated unexpectedly.  It has done this 3 time(s).
     
    Error: (12/29/2014 05:34:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Wyse PocketCloud service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/13/2015 07:35:41 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8
     
    Error: (01/13/2015 05:21:10 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\a8d98ce2-d8d6-4dfb-a185-e4d44fbd81da.dmp
     
    Error: (01/13/2015 04:54:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
    Description: -2147024883
     
    Error: (01/13/2015 04:52:19 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005
     
    Error: (01/12/2015 09:51:53 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161
     
    Error: (01/12/2015 07:11:14 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2a393615-b9ae-4905-903c-e9380a268f47.dmp
     
    Error: (01/12/2015 00:43:37 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
    Description: Chrome has encountered a fatal error.
    ver=39.0.2171.95;lang=;guid=69B861D2B30D4A368A88A6A22E7A2179;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ad5f5e9b-0df5-431d-9389-87f9d4b8c546.dmp
     
    Error: (01/11/2015 09:51:52 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073415161
     
    Error: (01/11/2015 05:28:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1469
     
    Error: (01/11/2015 05:28:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1469
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G 
    Percentage of memory in use: 32%
    Total physical RAM: 7110.01 MB
    Available physical RAM: 4822.22 MB
    Total Pagefile: 8262.01 MB
    Available Pagefile: 5733.87 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.81 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:922.76 GB) (Free:883.23 GB) NTFS
    Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
    Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
    Drive y: (PBR Image) (Fixed) (Total:7.37 GB) (Free:0.74 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 236A857C)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 13 January 2015 - 10:37 PM

    Hi,

     

    How are ya doing ?  Looks like you got FRST to run, good

     

    I see vosteran all over the place plus a few others, what I like to do is run a few removal tools and then when where done I will need a new FRST and Additions log and check for leftovers

     

    Run these in the order listed please, these should get the better part of the infection

     

     
     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
     
    Do not click on any links in the top Advertisment.
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes
  •  
     
     
    1. Post the log from AdwCleaner
    2. Post the log from Junkware Removal
    3. Post the log from Malwarebytes
    4. Run a new scan with FRST , checkmark Additions and post both new logs
     
     
    I prefer you post the logs like you did previously in lieu of attaching them, they most likely wont fit all in one post so take as many replies as you need to post them all


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 13 January 2015 - 10:57 PM

    # AdwCleaner v4.107 - Report created 13/01/2015 at 23:49:03
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-13.2 [Live]
    # Operating System : Windows 8.1  (64 bits)
    # Username : Elisha - ELISHA
    # Running from : C:\Users\Elisha\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    Service Deleted : CouponPrinterService
    [#] Service Deleted : Update Solution Real
    [#] Service Deleted : Util Solution Real
    Service Deleted : {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    Folder Deleted : C:\Program Files (x86)\WSE_Vosteran
    Folder Deleted : C:\Program Files (x86)\Coupons
    [!] Folder Deleted : C:\Program Files (x86)\Solution Real
    Folder Deleted : C:\Users\Elisha\AppData\Local\Temp\Solution Real
    Folder Deleted : C:\Users\Elisha\AppData\Local\Vosteran
    Folder Deleted : C:\Users\Elisha\AppData\Roaming\WSE_Vosteran
    File Deleted : C:\Windows\System32\drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
    File Deleted : C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
    Task Deleted : WSE_Vosteran
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Solution Real
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Solution Real
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC4D05F4-2294-4BD0-8E80-0FD611DAA551}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC4D05F4-2294-4BD0-8E80-0FD611DAA551}
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Vosteran Browser
    Key Deleted : HKCU\Software\WSE_Vosteran
    Key Deleted : HKCU\Software\Solution Real
    Key Deleted : HKLM\SOFTWARE\InstallCore
    Key Deleted : HKLM\SOFTWARE\Solution Real
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Solution Real
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vosteran.com
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17416
     
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
     
    -\\ Google Chrome v39.0.2171.99
     
    [C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldastr_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtC0Czyzy0Azz0E0CyD0EtN0D0Tzu0StCtCtDzztN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzzyEyEzy0CyB0CtG0AtA0DyDtG0CyEzytBtGtA0B0BtAtGyCyCtCtC0EtDyEtCzyzztC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyD0AtCyBtDtGyB0FtCzytGyEyC0CzztG0AzztC0BtG0A0EtC0ByC0AtBzztBtDyDtD2Q&cr=1776513807&ir=
    [C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldastr_15_03_ch&cd=2XzuyEtN2Y1L1Qzu0CtDtAzzzyyCtC0Czyzy0Azz0E0CyD0EtN0D0Tzu0StCtCtDzztN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDzzyEyEzy0CyB0CtG0AtA0DyDtG0CyEzytBtGtA0B0BtAtGyCyCtCtC0EtDyEtCzyzztC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FtDyD0AtCyBtDtGyB0FtCzytGyEyC0CzztG0AzztC0BtG0A0EtC0ByC0AtBzztBtDyDtD2Q&cr=1776513807&ir=
     
    *************************
     
    AdwCleaner[R0].txt - [8086 octets] - [13/01/2015 23:44:50]
    AdwCleaner[S0].txt - [6631 octets] - [13/01/2015 23:49:03]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6691 octets] ##########


    #8 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 13 January 2015 - 11:07 PM

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 x64
    Ran by Elisha on Tue 01/13/2015 at 23:57:46.05
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\pcdr"
    Successfully deleted: [Folder] "C:\Users\Elisha\AppData\Roaming\pcdr"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/14/2015 at  0:05:10.70
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    #9 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 13 January 2015 - 11:53 PM

    I'm at malwarebytes' anti-malware and I scanned, but when it finished it listen all the ones they caught with quarantine selected beside it and had apply at the bottom. I pushed it and it said it need to restart so it did,but I have no idea how to get to view detail log!?



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 January 2015 - 06:33 AM

    Good Morning,

     

    Try this

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread
     
     
     
    With or without the Malwarebytes log go ahead and run a new scan with FRST, be sure to checkmark Additions and post both logs


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 14 January 2015 - 03:34 PM

    I woke up this morning and when I got on my computer to finish what you said. I could not connect to the internet. It does not show that its even avalible T_T

    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 January 2015 - 04:15 PM

    Hi,

     

    There is nothing that was removed that would affect your internet access, try this

     

     

    1. Turn off your computer
    2. Turn off your  router by unplugging the power cord on the back of the unit
    3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
     
            Leave everything off for about 5 minutes, this lets it all reset 
     
    Then
     
    1. Plug in your Cable / DSL modem and wait until all the lights come back on
    2. Now do the same thing with your router
    3. Turn your computer back on and see if it made a difference


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 14 January 2015 - 09:35 PM

    Thank you for all the help. I have been doing the FRST, but it was running for more the 4 hours and seemed to be stuck on listing installed programs, so I was going to start it over again since it took so much longer then it did the first time, but it would not let me exit out of it, so I restarted the computer and started it again and it has been over an hour. I don't know it this is normal or what I should do?
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 1/14/2015
    Scan Time: 12:14:51 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.01.14.02
    Rootkit Database: v2015.01.07.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Elisha
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 325810
    Time Elapsed: 25 min, 31 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 2
    PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [49012acd34551e18d52c7f6512f009f7], 
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [49012acd34551e18d52c7f6512f009f7], 
     
    Registry Values: 1
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [e169da1def9af83e3420c82afc08e818]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 2
    PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real, Quarantined, [84c67285464354e21dea3337d82bd030], 
    PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin, Quarantined, [84c67285464354e21dea3337d82bd030], 
     
    Files: 4
    PUP.Optional.DownloadAssistant, C:\Users\Elisha\Downloads\Winrar_Installer.exe, Quarantined, [c08ad324038682b4f84b9a5055ac31cf], 
    PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.exe, Quarantined, [84c67285464354e21dea3337d82bd030], 
    PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expext.zip, Quarantined, [84c67285464354e21dea3337d82bd030], 
    PUP.Optional.SolutionReal.A, C:\Program Files (x86)\Solution Real\bin\SolutionReal.expextdll.dll, Quarantined, [84c67285464354e21dea3337d82bd030], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 January 2015 - 04:46 AM

    Good Morning

     

    FRST normally should not take more that 5 or 10 min and at this point dont know whats hanging it up

     

    Make sure your antivirus is disabled

    http://www.bleepingc...lware-programs/

     

    Then try running it in Safemode with Networking but with Windows 8/8.1 is not enabled so we will have to enable it

    http://www.bleepingc...y-in-windows-8/

     

    I linked you to instructions but basically all you have to do is press the Windows Key and the X key on your keyboard and when it opens select Command Prompt ( Admin ) and when it loads you will be at C:\Windows\System32> prompt

    Copy and paste this in after the prompt and hit enter 

     

    bcdedit /set {default} bootmenupolicy legacy

     

    Like the instructions state you should get a message that it completed successfully

     

    Then reboot your computer , as it starts to boot up tap the F8 key somewhat rapidly ( dont just hold it down) when the screen comes up use your up and down arrows to go to Safemode with Networking and press enter on your keyboard

     

    Then try running FRST again

     

     

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 15 January 2015 - 04:53 PM

    Ok I did what you said, but now I can't find FRST anywhere on my computer v_v

    Related Topics




    Also tagged with one or more of these keywords: Vosteran

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users