Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vosteran Infected - Help Please! [Solved]

Vosteran

  • This topic is locked This topic is locked
40 replies to this topic

#31 jadeseef

jadeseef

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 17 January 2015 - 06:06 PM

I did the TDSSkiller and no threats were found. I don't know where to find the log if you need one.


    Advertisements

Register to Remove


#32 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 January 2015 - 04:25 AM

Thats good, as long as no threats where found I dont need the log.

 

See if you can run FRST in Safemode with Networking, checkmark Additions and post both logs

 

To Enter Safemode
  • Go to  Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  •   this will bring up a menu.
  • Use the  Up and Down Arrow Keys to scroll up to  Safemode with Networking
  • Then press the  Enter Key on your Keyboard
  • Tutorial if you need it How to boot into Safemode


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #33 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 19 January 2015 - 10:51 PM

    :wall:  it did the same. It will not finish the addition. 



    #34 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 20 January 2015 - 05:48 AM

    Go ahead and post the FRST log only then....Is vosteran gone ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #35 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 21 January 2015 - 05:59 PM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
    Ran by Elisha (administrator) on ELISHA on 19-01-2015 22:41:24
    Running from C:\Users\Elisha\Desktop
    Loaded Profiles: Elisha (Available profiles: Elisha)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Windows\System32\userinit.exe
    (Microsoft Corporation) C:\Windows\HelpPane.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5792584 2014-04-21] (Dell Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-06-24] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-04-29] ( (Qualcomm®Atheros®))
    HKU\S-1-5-21-647248783-2239493058-3912521117-1002\...\MountPoints2: {59488375-8df7-11e4-8269-c038961c99a8} - "E:\VZW_Software_upgrade_assistant.exe" 
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-647248783-2239493058-3912521117-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
     
    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-12-29]
    FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
    FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-01-19]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "https://www.google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-03]
    CHR Extension: (Google Docs) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-03]
    CHR Extension: (Google Drive) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-03]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-03]
    CHR Extension: (YouTube) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-03]
    CHR Extension: (Google Search) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-03]
    CHR Extension: (Google Sheets) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-03]
    CHR Extension: (Hatsune Miku Theme9) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcapoelehikcajegemncolnibideepep [2014-12-03]
    CHR Extension: (Google Wallet) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-03]
    CHR Extension: (Gmail) - C:\Users\Elisha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-03]
    CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-01-15]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-06-24] () [File not signed]
    S2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-24] (Advanced Micro Devices, Inc.) [File not signed]
    S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-04-29] (Windows ® Win 7 DDK provider)
    S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
    S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [203128 2014-12-12] (Dell Inc.)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
    S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
    S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
    S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
    S2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    S2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
    S2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3893248 2014-04-03] (Qualcomm Atheros Communications, Inc.)
    S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices)
    S1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-04-29] (Qualcomm Atheros)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    S1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
    S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
    R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-28] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-28] (Symantec Corporation)
    S1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150119.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    S3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150119.003\ENG64.SYS [129752 2014-12-28] (Symantec Corporation)
    S3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150119.003\EX64.SYS [2137304 2014-12-28] (Symantec Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-26] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-26] (Synaptics Incorporated)
    S3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    S1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-12-29] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\NAVx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    S1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 22:41 - 2015-01-19 22:42 - 00015067 _____ () C:\Users\Elisha\Desktop\FRST.txt
    2015-01-19 19:57 - 2015-01-19 19:57 - 01115648 _____ (Farbar) C:\Users\Elisha\Downloads\frst.exe
    2015-01-19 13:55 - 2015-01-19 13:55 - 00000000 ___RD () C:\Users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-01-17 19:01 - 2015-01-17 19:01 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Elisha\Downloads\tdsskiller.exe
    2015-01-17 16:44 - 2015-01-17 16:44 - 00000000 ____D () C:\Users\Elisha\Desktop\mbar
    2015-01-17 16:43 - 2015-01-17 16:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Elisha\Downloads\mbar-1.08.2.1001.exe
    2015-01-14 17:55 - 2015-01-14 17:55 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\PCDr
    2015-01-14 17:54 - 2015-01-14 17:54 - 00000000 ____D () C:\ProgramData\PCDr
    2015-01-14 17:32 - 2015-01-15 18:28 - 00000000 ____D () C:\Users\Elisha\Downloads\FRST-OlderVersion
    2015-01-14 00:12 - 2015-01-19 22:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-14 00:11 - 2015-01-19 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-14 00:11 - 2015-01-17 18:43 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-14 00:11 - 2015-01-14 00:11 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-14 00:11 - 2015-01-14 00:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-14 00:11 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-01-14 00:11 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2015-01-14 00:08 - 2015-01-14 00:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Elisha\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-14 00:05 - 2015-01-14 00:05 - 00000813 _____ () C:\Users\Elisha\Desktop\JRT.txt
    2015-01-13 23:57 - 2015-01-13 23:57 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-13 23:56 - 2015-01-13 23:57 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (2).exe
    2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT.exe
    2015-01-13 23:55 - 2015-01-13 23:55 - 01707939 _____ (Thisisu) C:\Users\Elisha\Downloads\JRT (1).exe
    2015-01-13 23:44 - 2015-01-13 23:49 - 00000000 ____D () C:\AdwCleaner
    2015-01-13 23:43 - 2015-01-13 23:43 - 02191360 _____ () C:\Users\Elisha\Downloads\AdwCleaner.exe
    2015-01-13 22:24 - 2015-01-15 17:18 - 00000930 _____ () C:\Users\Elisha\Downloads\Addition.txt
    2015-01-13 22:23 - 2015-01-15 17:14 - 00034755 _____ () C:\Users\Elisha\Downloads\FRST.txt
    2015-01-13 22:21 - 2015-01-19 22:41 - 00000000 ____D () C:\FRST
    2015-01-13 22:21 - 2015-01-14 17:32 - 02125312 _____ (Farbar) C:\Users\Elisha\Desktop\FRST64.exe
    2015-01-13 19:55 - 2015-01-13 19:55 - 00000046 _____ () C:\Users\Elisha\AppData\Roaming\WB.CFG
    2015-01-13 18:54 - 2015-01-13 18:54 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word (1).exe
    2015-01-13 18:54 - 2015-01-13 18:54 - 00000000 ____D () C:\ProgramData\{2809C0CA-788B-114C-C90D-61CE198FB240}
    2015-01-13 18:51 - 2015-01-13 18:51 - 00791840 _____ (%PROD_NAME%) C:\Users\Elisha\Downloads\microsoft_word.exe
    2015-01-13 16:27 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-13 16:27 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-13 16:27 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-01-13 16:27 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-13 16:27 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-01-13 16:27 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-01-13 16:27 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-13 16:27 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-13 16:27 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-01-13 16:27 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-01-13 16:27 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-01-13 16:27 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-13 16:27 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-01-13 16:27 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-01-13 16:27 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-01-13 16:27 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-01-13 16:27 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-01-13 16:27 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-01-13 16:27 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-01-13 16:27 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-01-13 16:27 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-13 16:27 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-13 16:27 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-10 00:10 - 2015-01-10 00:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
    2015-01-05 18:47 - 2015-01-05 18:47 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
    2014-12-29 13:01 - 2015-01-10 00:01 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2014-12-29 13:01 - 2015-01-10 00:01 - 00002419 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2014-12-29 13:01 - 2015-01-01 01:43 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
    2014-12-29 13:01 - 2014-12-29 13:01 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2014-12-29 13:01 - 2014-12-29 13:01 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\NCOTEMP
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-12-29 13:01 - 2014-12-29 13:01 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
    2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
    2014-12-29 12:59 - 2015-01-10 00:01 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
    2014-12-29 12:59 - 2014-12-29 13:02 - 00000000 ____D () C:\ProgramData\Norton
    2014-12-29 12:59 - 2014-12-29 12:59 - 00000000 ____D () C:\Program Files (x86)\Norton AntiVirus
    2014-12-29 12:57 - 2014-12-29 12:59 - 218966928 ____N (Symantec Corporation) C:\Users\Elisha\Downloads\NAV-TW-21.1.0-EN-US.exe
    2014-12-28 21:47 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Public\Documents\Verizon2.0_Log
    2014-12-27 14:06 - 2014-12-27 14:06 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\VERIZON
    2014-12-27 13:56 - 2014-12-27 13:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2014-12-22 19:37 - 2014-12-22 19:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2014-12-21 13:10 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
    2014-12-21 13:10 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
    2014-12-21 01:31 - 2014-12-21 01:33 - 04237884 _____ () C:\Users\Elisha\Downloads\Castle in the Air (9-12) (pdf,rtf,epub,lit,lrf,mobi,fb2,pdb).rar
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-19 22:40 - 2014-10-23 12:35 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
    2015-01-19 22:40 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-19 22:39 - 2014-12-03 20:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-19 22:39 - 2013-08-22 09:46 - 00024150 _____ () C:\Windows\setupact.log
    2015-01-19 22:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2015-01-19 22:02 - 2014-10-23 12:33 - 01121247 _____ () C:\Windows\WindowsUpdate.log
    2015-01-19 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-01-19 21:55 - 2014-12-03 20:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-01-19 20:28 - 2014-11-28 20:22 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AF14F380-52D9-4DE2-823A-660D94AAEF7A}
    2015-01-19 20:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
    2015-01-19 19:54 - 2014-12-03 20:23 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ELISHA-Elisha Elisha
    2015-01-19 19:26 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Update
    2015-01-19 19:26 - 2014-10-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
    2015-01-19 13:55 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\OneDrive
    2015-01-19 13:52 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha
    2015-01-18 19:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-01-18 00:10 - 2014-11-28 20:25 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-647248783-2239493058-3912521117-1002
    2015-01-17 23:56 - 2014-11-28 20:21 - 00000000 ____D () C:\Users\Elisha\Documents\Bluetooth Folder
    2015-01-17 16:51 - 2014-03-18 04:44 - 00021566 _____ () C:\Windows\PFRO.log
    2015-01-17 16:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-01-17 13:43 - 2014-11-29 23:35 - 00000000 ____D () C:\Users\Elisha\AppData\Local\CrashDumps
    2015-01-16 21:09 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-01-15 20:34 - 2014-03-18 04:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-15 17:18 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-01-14 21:18 - 2014-12-02 20:48 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-14 21:09 - 2014-12-02 20:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-14 00:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\DesktopTileResources
    2015-01-13 23:42 - 2013-08-22 08:25 - 00000194 _____ () C:\Windows\win.ini
    2015-01-13 19:34 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-01-13 19:25 - 2014-12-03 20:52 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-01-13 19:12 - 2014-12-07 21:16 - 00000000 ____D () C:\Users\Elisha\Documents\Outlook Files
    2015-01-11 23:54 - 2014-12-01 15:41 - 00000000 ____D () C:\Users\Elisha\AppData\Roaming\Audacity
    2015-01-09 15:51 - 2014-12-01 15:40 - 00000000 ____D () C:\Program Files (x86)\Audacity
    2015-01-05 19:08 - 2014-12-10 17:05 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-05 19:08 - 2014-12-10 17:05 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-29 23:01 - 2014-11-30 15:52 - 00000000 ____D () C:\Users\Elisha\Downloads\website
    2014-12-28 22:10 - 2014-10-23 12:45 - 00000000 ____D () C:\ProgramData\McAfee
    2014-12-27 17:28 - 2014-11-28 20:19 - 00000000 ____D () C:\Users\Elisha\AppData\Local\Packages
    2014-12-23 19:08 - 2014-12-03 20:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
     
    Some content of TEMP:
    ====================
    C:\Users\Elisha\AppData\Local\Temp\Quarantine.exe
    C:\Users\Elisha\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    #36 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 21 January 2015 - 06:33 PM

    Hi,

     

    When I post you need to read what I posted, I asked if Vosteran is gone, it will save us both a lot of time and trouble if you keep me up to date as to whats going on

     

    I am going to Attach a Fixlist file, save it to your desktop where your running FRST from, then open FRST and click on FIX, after it reboots your system you will find a Fixlog on your desktop, post it please

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #37 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 21 January 2015 - 09:35 PM

    I think vosteran is gone. Thank you for all your time and patience.

     

     Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015

    Ran by Elisha at 2015-01-21 22:26:53 Run:1
    Running from C:\Users\Elisha\Desktop
    Loaded Profiles: Elisha (Available profiles: Elisha)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    Task: {D96137CA-75FC-4534-8050-CF72323DFB26} - System32\Tasks\WSE_Vosteran => C:\Users\Elisha\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2015-01-13] () <==== ATTENTION
    Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Elisha\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End


    #38 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 January 2015 - 05:17 AM

    Again you didnt post the entire log, Fixlog is on your desktop, open it and on the top left click on EDIT > SELECT ALL       Then EDIT > COPY then come back and right click in a new reply and select PASTE



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #39 jadeseef

    jadeseef

      Authentic Member

    • Authentic Member
    • PipPip
    • 21 posts

    Posted 22 January 2015 - 04:30 PM

    Last time it really was all that there was, but this time it was my fault sorry v_v

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by Elisha at 2015-01-21 22:26:53 Run:1
    Running from C:\Users\Elisha\Desktop
    Loaded Profiles: Elisha (Available profiles: Elisha)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-647248783-2239493058-3912521117-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
    Task: {D96137CA-75FC-4534-8050-CF72323DFB26} - System32\Tasks\WSE_Vosteran => C:\Users\Elisha\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2015-01-13] () <==== ATTENTION
    Task: C:\Windows\Tasks\WSE_Vosteran.job => C:\Users\Elisha\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
     
     
     
     
    *****************
     
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-647248783-2239493058-3912521117-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
    HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96137CA-75FC-4534-8050-CF72323DFB26} => Key not found. 
    C:\Windows\System32\Tasks\WSE_Vosteran not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => Key not found. 
    C:\Windows\Tasks\WSE_Vosteran.job not found.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1 GB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog 22:27:29 ====


    #40 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 22 January 2015 - 04:44 PM

    Great, looks like your good to go

     

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button
  •  
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #41 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 23 January 2015 - 11:47 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics




    Also tagged with one or more of these keywords: Vosteran

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users