Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vosteran Removal


  • Please log in to reply
11 replies to this topic

#1 Ratzinger

Ratzinger

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 December 2014 - 05:25 PM

Hi - I cannot get rid of the Vosteran virus. I can see that this is a common problem. Could someone help please?

 

Thanks

 

 



BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2014 - 05:37 PM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.
 
:step1: Please download MiniToolBox to your desktop
  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop
  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.
How to get the log.
  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.
:step3: Please download Security Check to your desktop
  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.
:step4: Non-malware removal steps
 
Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Mod Edit ..removed improper instruction.
Thanks and good luck!

Edited by boopme, 29 December 2014 - 08:23 PM.


#3 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 21 December 2014 - 05:40 PM

Thanks for your prompt reply.

Here is my log for MiniToolbox. I am working through the other steps now.

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by James (administrator) on 21-12-2014 at 22:39:14
Running from "C:\Users\James\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/21/2014 09:50:08 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcCan continue stopping. [1008]
 
Error: (12/20/2014 10:49:06 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]
 
Error: (12/20/2014 10:49:05 PM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcCan continue stopping. [18]
 
Error: (12/20/2014 02:32:28 PM) (Source: Microsoft Security Client Setup) (User: BIGBADBELL)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (12/19/2014 08:05:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: FarCry4.exe, version: 0.1.0.1, time stamp: 0x547c8f31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x00000000000360b7
Faulting process id: 0x1a64
Faulting application start time: 0xFarCry4.exe0
Faulting application path: FarCry4.exe1
Faulting module path: FarCry4.exe2
Report Id: FarCry4.exe3
Faulting package full name: FarCry4.exe4
Faulting package-relative application ID: FarCry4.exe5
 
Error: (12/19/2014 07:35:13 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e7c
 
Start Time: 01d01bc231a1077e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 25904511-87b6-11e4-826c-80fa5b08497a
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/19/2014 06:35:24 PM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a60
 
Start Time: 01d01bb9cfe8ac34
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: c45576d8-87ad-11e4-826c-80fa5b08497a
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/19/2014 05:41:00 PM) (Source: Application Hang) (User: )
Description: The program HelpAndTips.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2564
 
Start Time: 01d01bb2e8d2289a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe\HelpAndTips.exe
 
Report Id: 3030a72b-87a6-11e4-826c-80fa5b08497a
 
Faulting package full name: Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: HelpAndTips
 
Error: (12/19/2014 05:40:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: BIGBADBELL)
Description: App Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe+HelpAndTips did not launch within its allotted time.
 
Error: (12/14/2014 02:34:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: BIGBADBELL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (12/21/2014 10:03:43 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/21/2014 09:53:45 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (12/21/2014 09:47:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8.1 for x64-based Systems (KB2920189).
 
Error: (12/21/2014 03:39:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0922: Security Update for Windows 8.1 for x64-based Systems (KB2920189).
 
Error: (12/14/2014 02:34:53 PM) (Source: DCOM) (User: BIGBADBELL)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.415616Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4UnavailableUnavailable
 
Error: (12/14/2014 02:34:53 PM) (Source: DCOM) (User: BIGBADBELL)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.415616Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.4UnavailableUnavailable
 
Error: (12/14/2014 11:05:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.189.2118.0).
 
Error: (12/12/2014 08:51:59 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (12/12/2014 08:51:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (12/21/2014 09:50:08 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcCan continue stopping. [1008]
 
Error: (12/20/2014 10:49:06 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [0]
 
Error: (12/20/2014 10:49:05 PM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcCan continue stopping. [18]
 
Error: (12/20/2014 02:32:28 PM) (Source: Microsoft Security Client Setup)(User: BIGBADBELL)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements.  <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.
 
Error: (12/19/2014 08:05:02 PM) (Source: Application Error)(User: )
Description: FarCry4.exe0.1.0.1547c8f31ntdll.dll6.3.9600.17031530895afc000000500000000000360b71a6401d01bc52d042046C:\Program Files (x86)\R.G. Mechanics\Far Cry 4\bin\FarCry4.exeC:\Windows\SYSTEM32\ntdll.dll50e9abdc-87ba-11e4-826c-80fa5b08497a
 
Error: (12/19/2014 07:35:13 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20689e7c01d01bc231a1077e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe25904511-87b6-11e4-826c-80fa5b08497amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/19/2014 06:35:24 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.206891a6001d01bb9cfe8ac344294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exec45576d8-87ad-11e4-826c-80fa5b08497amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/19/2014 05:41:00 PM) (Source: Application Hang)(User: )
Description: HelpAndTips.exe0.0.0.0256401d01bb2e8d2289a4294967295C:\Program Files\WindowsApps\Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe\HelpAndTips.exe3030a72b-87a6-11e4-826c-80fa5b08497aMicrosoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbweHelpAndTips
 
Error: (12/19/2014 05:40:57 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: BIGBADBELL)
Description: Microsoft.HelpAndTips_6.3.9654.20559_x64__8wekyb3d8bbwe+HelpAndTips
 
Error: (12/14/2014 02:34:58 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: BIGBADBELL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009280
 
 
 
=========================== Installed Programs ============================
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.37251 - BitTorrent Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.10.16.3_WHQL (HKLM\...\Elantech) (Version: 11.10.16.3 - ELAN Microelectronic Corp.)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
GIGABYTE Smart USB Backup 2.0.20131205 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 2.0.20131205 - GIGABYTE TECHNOLOGY CO.,LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey 2.24.28 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.24.28 - )
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team)
NVIDIA Control Panel 332.60 (Version: 332.60 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.60 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.65 (Version: 16.13.65 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.65 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.26 (Version: 1.2.26 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.800.800.121813 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0239 - )
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Smart Switch v1.5.2 (HKLM-x32\...\Smart Switch) (Version: v1.5.2 - GIGABYTE TECHNOLOGY CO.,LTD.)
Smart Update v2.0.3 (HKLM-x32\...\Smart Update) (Version: v2.0.3 - GIGABYTE TECHNOLOGY CO.,LTD.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.03 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
========================= Restore Points ==================================
 
12-12-2014 21:19:10 Installed DirectX
15-12-2014 23:11:31 Installed DirectX
19-12-2014 18:31:40 Installed DirectX
21-12-2014 17:46:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
21-12-2014 17:47:01 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
 
**** End of log ****


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 PM

Posted 21 December 2014 - 05:45 PM

I'd also suggest running ADWcleaner
Also do not do this step until the end.
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup
As it can remove all restore points and I'd rather have an infected one to fall back on, than none, should something go wrong during malware removal.
 
ADW Cleaner
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 21 December 2014 - 05:47 PM

SECURITY CHECK LOG:

 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#6 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 December 2014 - 06:03 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 21/12/2014 22:42:50, SYSTEM, BIGBADBELL, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1, 
Update, 21/12/2014 22:42:50, SYSTEM, BIGBADBELL, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 21/12/2014 22:42:53, SYSTEM, BIGBADBELL, Manual, Malware Database, 2014.11.20.6, 2014.12.21.5, 
 
(end)

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/12/2014
Scan Time: 22:43:06
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.21.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: James
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316463
Time Elapsed: 16 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [463376efa0dc0135170f65f35ca7659b], 
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [5e1b93d23c40f93d969099bfb2514bb5], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1237338266-3719423733-2616613826-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [73066401522afa3cf4332038f50e53ad], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1237338266-3719423733-2616613826-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [f5841d48106c49edddf415840df611ef], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1237338266-3719423733-2616613826-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [c2b74520c6b6e1557c72c3ec8480ad53], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1237338266-3719423733-2616613826-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, , [c2b74520c6b6e1557c72c3ec8480ad53]
 
Registry Data: 1
PUP.Optional.Vosteran.A, HKU\S-1-5-21-1237338266-3719423733-2616613826-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://Vosteran.com/?f=1&a=vst_frg01_14_50_ch&cd=2XzuyEtN2Y1L1QzuzztD0F0AyD0BtDzzyEzyyB0A0C0F0D0AtN0D0Tzu0StCtDyByBtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0DtBzyyE0FtDyBtGzz0Dzy0CtGtC0FtC0CtGzytA0DyBtGtB0BtDyCzy0E0DyD0C0FyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDyB0CyBzyyDyEtGyB0BtAyBtGyE0E0D0CtGzztAyEyDtG0Fzz0AzytD0C0D0D0Bzy0A0A2Q&cr=1826572620&ir=, Good: (www.google.com), Bad: (http://Vosteran.com/?f=1&a=vst_frg01_14_50_ch&cd=2XzuyEtN2Y1L1QzuzztD0F0AyD0BtDzzyEzyyB0A0C0F0D0AtN0D0Tzu0StCtDyByBtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0DtBzyyE0FtDyBtGzz0Dzy0CtGtC0FtC0CtGzytA0DyBtGtB0BtDyCzy0E0DyD0C0FyC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtDyB0CyBzyyDyEtGyB0BtAyBtGyE0E0D0CtGzztAyEyDtG0Fzz0AzytD0C0D0D0Bzy0A0A2Q&cr=1826572620&ir=),,[d1a868fdceaec3735f7941380ff69070]
 
Folders: 1
Rogue.Multiple, C:\ProgramData\1837308050, , [f78274f12d4f71c5e0fdc54d0af99e62], 
 
Files: 1
Rogue.Multiple, C:\ProgramData\1837308050\BITD276.tmp, , [f78274f12d4f71c5e0fdc54d0af99e62], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 December 2014 - 07:06 AM

Hi there - has anyone been able to review my logs?

 

Best regards



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 23 December 2014 - 07:17 AM

Hello there,

 

Sorry for the late reply. From the Security Check log, it seems as if you don't have an anti-virus installed. I recommend you install Avast Free Antivirus.

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • BitTorrent

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.


#9 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 29 December 2014 - 02:10 PM

RKILL LOG:
 
Rkill 2.6.9 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/29/2014 07:05:16 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 12/29/2014 07:06:45 PM
Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)


#10 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 29 December 2014 - 02:21 PM

ADW CLEANER LOG:
 
# AdwCleaner v4.106 - Report created 29/12/2014 at 19:13:52
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : James - BIGBADBELL
# Running from : C:\Users\James\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\James\Documents\Optimizer Pro
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A8CC935B-2D6B-43A7-8C29-3DAF9F26E83F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8CC935B-2D6B-43A7-8C29-3DAF9F26E83F}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [1836 octets] - [29/12/2014 19:09:52]
AdwCleaner[S0].txt - [1617 octets] - [29/12/2014 19:13:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1677 octets] ##########


#11 Ratzinger

Ratzinger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 29 December 2014 - 02:25 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by James on 29/12/2014 at 19:22:31.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/12/2014 at 19:24:14.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,562 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:38 PM

Posted 29 December 2014 - 02:40 PM

Hello.. On the first log, Malwarebytes Anti-Malware, it does not say anything was removed or quarantined.
Please run it again and select "remove " for anything it finds.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users