Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Vosteran.....unable to get rid of


  • Please log in to reply
16 replies to this topic

#1 sweetcarolinesue

sweetcarolinesue

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:08:11 PM

Posted 01 January 2015 - 10:09 PM

This computer has been infected by Vosteran. I ran safe mode malware bytes, thought it was removed but is still showing several infections when running in regular mode. Very slow browser - Firefox 33.0.2.

 

Acer Travelmate 5744, Windows 7 professional service pack 1, Intel ® Core ™ i3 CPU M370 @ 2.40GHz  2.40GHz, 2.0 GB RAM (1.74 usable) 64 bit operating system. 

 

Please help.

 

Thank you.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 02 January 2015 - 02:47 AM

From what I can find it seems to be a "regulation" Browser Hijacker.

Take each step 1 at a time, and do not rush beyond what you can do (ask if you have any problems)

Do not download Spy-Hunter or other Registry Cleaners as some sites ask you to do.............

 

Always look in Programs and Features for any mention of this or a Similar installed program ..

VPlay has been mentioned as a likely suspect for including this Hijacker.

 

 

Right click on your F/fox shortcut and select Properties,. Please remove the extension after Mozilla Firefox

Any other browsers will show the similar extensions (Internet Explorer or Google Chrome)

 

Please download  avast! Browser Cleanup
This tool serves to delete pesky and unwanted toolbars and plug-ins from your browser(s).

Simply download and run the Browser Cleanup utility. Once you run the utility, you will see a list of bad and good toolbars and plug-ins and be able to disable or to remove them.
More general info here: http://www.avast.com/faq.php?article=AVKB115

 

Now - Please download RKill by Grinler to your desktop

  • If you have an old version, please delete it first
  • Right click on the new Red icon and select Run as Administrator
  • A black DOS box will appear for a short time and then disappear.
  • This is normal and indicates the tool ran successfully.
  • At most the tool will usually run for about 2 minutes
  • Please Copy and Paste the small log back here.

Do not reboot your computer until you complete the next step.

Next :If you have this program installed, open it and hit Uninstall first.

  • Download AdwCleaner by Xplode from Here or Here and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
     * Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button (only once)
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button only once for accuracy.
  • A report (AdwCleaner[R0].txt) will open in Notepad for your review.
  • Check the listed removals and see if you are OK with them.
  • If you have questions, post the Report log back here.
     Next
  • Click on the Clean button only once for accuracy
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
  • After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
  • **Copy and Paste the contents of that log in your next reply.**
  • To restore an item that has been deleted by accident : Open the program again,
  • Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.

Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.

 

 

After the reboot and posting the logs please continue .....

 

Please download Malwarebytes Anti-Malware

  • If you have the program installed, you must update it prior to any scan, and only scan in Normal Mode.

    Follow the simple directions to install the program to desktop

  • Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
  • Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
  • If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
  • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

 

If you’re having problems with Firefox, resetting it can help. The reset feature fixes many issues by restoring Firefox to its factory default state while saving your essential information like bookmarks, passwords, web form auto-fill information, browsing history and open tabs.

In the upper-right corner of the Firefox window, click the Firefox menu button (Firefox-menu-button.png), then click on the Help ( ? ) button.

 

From the Help menu, choose "Troubleshooting Information".
If you’re unable to access the Help menu, type "about:support" in your address bar to bring up the Troubleshooting information page.

Click the “Reset Firefox” button in the upper-right corner of the “Troubleshooting Information” page.
To continue, click on the “Reset Firefox” button in the new confirmation window that opens.

Firefox will close itself and will revert to its default settings. When it’s done, a window will list the information that was imported. "Click on the Finish“.

Note: Your old Firefox profile will be placed on your desktop in a folder named “Old Firefox Data“. If the reset didn’t fix your problem you can restore some of the information not saved by copying files to the new profile that was created. If you don’t need this folder any longer, you should delete it as it contains sensitive information.

 

If you have problems with Internet Explorer, or Chrome, these should be reset to original settings.

 

This should be done with Internet Explorer open, not Firefox
Click Tools or the Gear icon at the top of the browser > Go down the list to click on Internet Options > Go across to the last tab that should be Advanced >  Click on Advanced and then Reset (near the bottom) > You should get a Confirm box pop up > Tick Delete Personal Settings and now Reset.
This last part may be where the infection changed things -
Once the settings have all been reset, Close that box. Close any other open boxes. Now close I.E. and Reboot your computer.

 

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives and Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
 

 

Now, please report back with the Logs (they can be in individual posts) and if the computer is any better.

 

Thank You -



#3 sweetcarolinesue

sweetcarolinesue
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:08:11 PM

Posted 02 January 2015 - 08:09 PM

Thank you so much. Here are the logs:

 

RKill:

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/02/2015 06:44:26 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/02/2015 06:46:50 PM
Execution time: 0 hours(s), 2 minute(s), and 24 seconds(s)
 

 

AdwCleaner scan:

 

# AdwCleaner v4.106 - Report created 02/01/2015 at 18:52:41
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Field7 - FIELD7-W7
# Running from : C:\Users\Field7\Desktop\virus programs\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Field7\AppData\Roaming\Mozilla\Firefox\Profiles\01rztvzl.default\searchplugins\ask-search.xml
File Found : C:\Users\Field7\AppData\Roaming\Mozilla\Firefox\Profiles\01rztvzl.default\user.js
File Found : C:\Users\Field7\Uninstall.exe
Folder Found : C:\ProgramData\apn

***** [ Scheduled Tasks ] *****

Task Found : DSite
Task Found : UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www1.delta-search.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=www.google.com&OSP=hxxp%3A%2F%2FVosteran.com%2Fresults.php%3Ff%3D4%26q%3D%7BsearchTerms%7D%26a%3Dvst%5Fcoinis%5F14%5F48%5Fff%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCyC0A0DtByC0ByDtGtA0EtD0EtGzz0Dzz0EtG0AyD0FtCtGtCzz0DtAzz0E0AtAyE0Dzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyE0Fzy0EtDyEtBtGyE0CzzyCtGyEyEtB0AtGzztAtAyBtGyDtD0DyCyD0BzyzytD0D0C0A2Q%26cr%3D395940672%26ir%3D

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[01rztvzl.default] - Line Found : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDy[...]
[01rztvzl.default] - Line Found : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzyt[...]
[01rztvzl.default] - Line Found : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[01rztvzl.default] - Line Found : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[01rztvzl.default] - Line Found : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBz[...]

-\\ Google Chrome v


*************************

AdwCleaner[R5].txt - [3246 octets] - [02/01/2015 18:52:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [3306 octets] ##########
 

AdwCleaner After cleaning:

 

# AdwCleaner v4.106 - Report created 02/01/2015 at 19:01:11
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Field7 - FIELD7-W7
# Running from : C:\Users\Field7\Desktop\virus programs\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
File Deleted : C:\Users\Field7\Uninstall.exe
File Deleted : C:\Users\Field7\AppData\Roaming\Mozilla\Firefox\Profiles\01rztvzl.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Field7\AppData\Roaming\Mozilla\Firefox\Profiles\01rztvzl.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : DSite
Task Deleted : UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www1.delta-search.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[01rztvzl.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDy[...]
[01rztvzl.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzyt[...]
[01rztvzl.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[01rztvzl.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[01rztvzl.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_14_48_ff&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0CyE0F0CzytAyBtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBz[...]

-\\ Google Chrome v


*************************

AdwCleaner[R5].txt - [3394 octets] - [02/01/2015 18:52:41]
AdwCleaner[R6].txt - [3454 octets] - [02/01/2015 18:59:07]
AdwCleaner[S5].txt - [2793 octets] - [02/01/2015 19:01:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2853 octets] ##########
 

 

Now I will run Malwarebytes again.

 



#4 sudsy

sudsy

  • Members
  • 452 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:08:11 PM

Posted 02 January 2015 - 09:12 PM

we are both in the same boat. watching this one closely.


UFO pilot

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 02 January 2015 - 10:37 PM

Thank You, run Malwarebytes again.

From what I see please remove any items found.

 

Next -

Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE

  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
  • If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

 

After you post MBAM and MBAR logs follow this with - Empty your temp folders using TFC (Temporary File Cleaner)

  • Please download TFC by Old Timer and save it to your desktop.
  • Alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • If TFC prompts you to reboot, do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally to ensure a complete clean.

 

Please tell us if the computer has improved, or the specific problems you now have.

 

Thank You -

 

@ sudsy
You are welcome to start your own topic, as each computer is not quite the same



#6 sudsy

sudsy

  • Members
  • 452 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:08:11 PM

Posted 02 January 2015 - 10:41 PM

following instruction from Boopme now. I do have my own topic. titled "Hijacked Browsers and Vosteran' here.

 

Steve


UFO pilot

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 03 January 2015 - 05:04 PM

Next -
Please download  JRT - Junkware Removal Tool to your desktop.
* Temporarily Disable your Antivirus now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

 

Run ESET Online Scanner.

  • For Internet Explorer users only, hold down Control  (Ctrl) and click on This Link to open ESET OnlineScan in a new window.
  • Click the ESET Online button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu. to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives and Remove Threats"
  • Click Advanced settings and select the following:
    Scan potentially unwanted applications
     Scan for potentially unsafe applications
     Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • Please be patient as this will take some time (2 hours is not unusual for a first scan).
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ""ESETScan"". Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.

At this stage there is no reason to tick the "Remove Program" box, as it will sit quietly in Programs and features unless needed later.

 

Thank You -



#8 sweetcarolinesue

sweetcarolinesue
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:08:11 PM

Posted 04 January 2015 - 01:27 PM

I was having difficulties getting the malware bytes log copied but here it is now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/2/2015
Scan Time: 7:14:50 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.09
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Field7

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345004
Time Elapsed: 31 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 04 January 2015 - 02:48 PM

Once completed please click on the History > Application Logs and find your scan log and open it, and then click on the "copy to clipboard" button and post back the results on your next reply.

You seem to have sorted out how to post the log back here now , but ...........

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

 

 

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

-- Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

Ok some extra details above if needed.

Please run JRT - ESET On line scanner - MBAR - (posts #5 and #7)

Or Copy and Paste any logs if you have done them.

 

Add a report of Better or Worse with each reply please, so I know how we are doing.

 

Thank You -



#10 sweetcarolinesue

sweetcarolinesue
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:08:11 PM

Posted 04 January 2015 - 04:42 PM

Here is the Eset log from your initial instructions:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9cf72418abbc9d48b3433ee7a3deff04
# engine=21815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-04 08:43:07
# local_time=2015-01-04 02:43:07 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9110690 43276581 0 0
# scanned=149151
# found=0
# cleaned=0
# scan_time=6080
 

I have reset Firefox browser settings to original - running 34.0.5

 

I also reset Internet Explorer to it's original settings even tho it is not used. But I am concerned about it's home path/shortcut. I tried to do a print screen but am not able to post it. Any suggestions?

 

 

 

 

Computer is still a little slow - I will go to your next set of instructions now. Thank you so much.

 



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 04 January 2015 - 06:02 PM

ESET Smart Installer seems to be clear now, so I will wait for other replies.

 

MBAR and JRT logs.

 

 

Rather than me posting a full page of information, please follow This Page for how to use Windows Repair All in One tool.

You can see the log produced and posted by Member sudsy -

 

 

Only then we can run this => Please download Temp File Cleaner by Old Timer
Usage Instructions:

1.Download TFC from the download link above and save the file on your desktop.
2.Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
3.Double-click on the TFC icon.
4.When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
5.When done, press OK > Exit, and reboot your computer and finish the cleanup..............
Note: After removing temp files, the computer may show to be slow than usual, but it will improve once the cache is rebuild.

 

Thank You -


Edited by noknojon, 04 January 2015 - 06:16 PM.


#12 sudsy

sudsy

  • Members
  • 452 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:08:11 PM

Posted 04 January 2015 - 06:21 PM

I would like to be dropped from this thread please.

 

Sudsy


Edited by Chris Cosgrove, 04 January 2015 - 06:35 PM.
PM sent

UFO pilot

#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 05 January 2015 - 02:57 AM

These are the given tutorials >

Reset Firefox – easily fix most problems
Reset Internet Explorer settings

Lastly - Always make sure you have included your normal Home Page when finished.

 

I always use http://www.google.com and I can navigate anywhere from there .............



#14 sweetcarolinesue

sweetcarolinesue
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wisconsin
  • Local time:08:11 PM

Posted 05 January 2015 - 01:08 PM

Here is the Eset log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9cf72418abbc9d48b3433ee7a3deff04
# engine=21815
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-04 08:43:07
# local_time=2015-01-04 02:43:07 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9110690 43276581 0 0
# scanned=149151
# found=0
# cleaned=0
# scan_time=6080
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9cf72418abbc9d48b3433ee7a3deff04
# engine=21821
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-05 03:56:41
# local_time=2015-01-05 09:56:41 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9179904 43345795 0 0
# scanned=148133
# found=0
# cleaned=0
# scan_time=6033
 

 

 

Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Field7 on Mon 01/05/2015 at 11:47:14.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1487071001-1948303029-2592833991-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{0700F6F5-10BC-49B8-9706-8508B16B66E0}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{10932B4C-36E0-460C-B86E-713D651CBEAE}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{19EA7F3B-DB1B-4B39-9A85-D8DABA3D9E8E}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{2BBD6374-84D3-4D1E-A094-2EC88C1FA8DC}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{48CCDAC8-455C-4A21-883E-C56E186F352A}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{BADEE48F-421D-4272-A197-7275E4855363}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{CF64F118-58A7-4457-9134-1E5ED5725566}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{D431DFDE-97F3-4245-A22D-F5345418D889}
Successfully deleted: [Empty Folder] C:\Users\Field7\appdata\local\{F94E18F9-21F6-42E9-975A-D741FB09281D}



~~~ FireFox

Emptied folder: C:\Users\Field7\AppData\Roaming\mozilla\firefox\profiles\01rztvzl.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/05/2015 at 11:50:13.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malware bytes anti root did not find anything

TFC did not create a log that I can find but it did clear out the temporary files

 

Computer is operating faster, does not seem to be bogged down. Programs are loading a little faster.



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:11 AM

Posted 05 January 2015 - 02:42 PM

According to your logs the computer seems clean (Vostron was removed), but this is a last check to be sure in Internet Explorer.

 

Reset Internet Explorer settings

 

Click on Alt, release it, then Tools, or the Gear icon > Click on the Drop-down menu > Open Internet Options > On the first page (General), do you see your normal Home page listed ??

If not then delete what is there, and insert your normal home page or use http://www.google.com as your home page. Now go across to Connections and down to LAN Settings > Click to open the page and make sure the only box ticked is Automatically Detect Settings (Untick any others) > Click Apply > OK > OK to exit .

 

Reboot your computer, and recheck the settings again. If any have changed from what I have listed above, then repeat those steps, and tell us the result.

 

Thank You -


Edited by noknojon, 05 January 2015 - 02:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users