Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 Laptop unable to navigate Web


  • This topic is locked This topic is locked
8 replies to this topic

#1 TheSentinel

TheSentinel

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 23 January 2015 - 03:46 PM

Every time I try to navigate using a browser i'm unable to this goes for both WiFi and Wired. Maybe something is effecting WiFi too?

 

Farbar logs and attached Summary:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Valentina (administrator) on NANA on 23-01-2015 12:38:18
Running from C:\Users\Valentina\Desktop
Loaded Profiles: Valentina (Available profiles: Valentina)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Run: [Spotify] => C:\Users\Valentina\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Run: [Spotify Web Helper] => C:\Users\Valentina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Run: [Google Update] => C:\Users\Valentina\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2015-01-07] (Google Inc.)
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Run: [Amazon Music] => C:\Users\Valentina\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\MountPoints2: {46668395-8540-11e4-be82-40167ee18d15} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
AppInit_DLLs-x32: c:/progra~3/{6a078~1/171~1.0/dara.dll => "c:/progra~3/{6a078~1/171~1.0/dara.dll" File Not Found
Startup: C:\Users\Valentina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> DefaultScope {6A1806CD-94D4-4689 URL = 
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://vosteran.com/?f=1&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0CtC0FyDyE0CtG0AtCyD0AtGtCtCyDyEtGyE0F0AtBtGyEtBtCtCzy0DyE0AyEtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=429158991&ir=
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1784483915-372123886-1970123426-1001: @tools.google.com/Google Update;version=8 -> C:\Users\Valentina\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll (Google Inc.)
FF user.js: detected! => C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\user.js
FF SearchPlugin: C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\searchplugins\Vosteran.xml
FF Extension: Set Search Settings - C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482} [2015-01-17]
FF Extension: NoScript - C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-13]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-06]
CHR Extension: (Google Docs) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-06]
CHR Extension: (Google Search) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-06]
CHR Extension: (ShopAtHome.com) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-06]
CHR Extension: (Google Sheets) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-06]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-09-06]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-09-06]
CHR Extension: (FileShareFanatic) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpdkopnmfngmoklamkhdodopkomekfb [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (Gmail) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-09-06] (Adobe Systems) [File not signed]
S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 {f81878fa-25e9-442d-8ada-79658b6520f2}Gw64; C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys [48792 2015-01-11] (StdLib)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 12:38 - 2015-01-23 12:38 - 00018399 _____ () C:\Users\Valentina\Desktop\FRST.txt
2015-01-23 12:38 - 2015-01-23 12:38 - 00000000 ____D () C:\FRST
2015-01-23 12:38 - 2015-01-23 12:37 - 02126848 _____ (Farbar) C:\Users\Valentina\Desktop\FRST64.exe
2015-01-23 12:27 - 2015-01-23 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-23 12:14 - 2015-01-23 12:14 - 00000000 ____D () C:\WINDOWS\pss
2015-01-23 11:48 - 2015-01-23 11:48 - 08035700 _____ () C:\Users\Valentina\Desktop\Summary.nfo
2015-01-17 20:04 - 2015-01-17 20:04 - 00000000 ____D () C:\Users\Valentina\AppData\Local\WSE_Vosteran
2015-01-17 19:53 - 2015-01-17 20:37 - 00001252 _____ () C:\Users\Valentina\Desktop\Amazon Music.lnk
2015-01-17 19:51 - 2015-01-17 19:52 - 39565896 _____ (Amazon) C:\Users\Valentina\Downloads\AmazonMusicInstaller.exe
2015-01-13 18:20 - 2015-01-13 18:20 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Intel_Corporation
2015-01-13 18:18 - 2015-01-13 18:18 - 00000000 ____D () C:\Users\Valentina\AppData\Roaming\Mozilla
2015-01-13 18:18 - 2015-01-13 18:18 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Mozilla
2015-01-13 18:17 - 2015-01-13 18:17 - 00001133 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-13 18:17 - 2015-01-13 18:17 - 00001121 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-13 18:17 - 2015-01-13 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-13 17:42 - 2015-01-13 17:42 - 00000000 ____D () C:\Users\Valentina\Documents\American Express
2015-01-11 20:51 - 2015-01-11 20:51 - 00000049 ____H () C:\Users\Valentina\Documents\.picasa.ini
2015-01-11 20:27 - 2015-01-17 20:06 - 00001084 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-11 20:27 - 2015-01-11 20:27 - 00000000 ____D () C:\Users\Valentina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2015-01-11 19:57 - 2015-01-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-11 19:55 - 2015-01-11 16:38 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys
2015-01-11 19:54 - 2015-01-11 19:54 - 00000000 ____D () C:\Users\Valentina\Documents\Optimizer Pro
2015-01-11 19:50 - 2015-01-23 11:59 - 00000316 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-01-11 19:50 - 2015-01-11 19:50 - 00002654 _____ () C:\WINDOWS\System32\Tasks\WSE_Vosteran
2015-01-11 19:48 - 2015-01-11 19:43 - 17660184 _____ (Google Inc.) C:\Users\Valentina\Desktop\PicasaSetup.exe
2015-01-11 19:42 - 2015-01-17 20:03 - 00846104 _____ ( ) C:\Users\Valentina\Downloads\Picasa_Setup.exe
2015-01-07 14:07 - 2015-01-23 12:12 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001UA.job
2015-01-07 14:07 - 2015-01-23 11:59 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001Core.job
2015-01-07 14:07 - 2015-01-07 14:07 - 00003786 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001UA
2015-01-07 14:07 - 2015-01-07 14:07 - 00003406 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001Core
2015-01-06 13:27 - 2015-01-08 09:27 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Deployment
2015-01-06 13:19 - 2015-01-06 13:19 - 00000000 __SHD () C:\Users\Valentina\AppData\Local\EmieBrowserModeList
2015-01-06 11:36 - 2015-01-06 11:38 - 00000000 ____D () C:\Users\Valentina\Documents\CSHM
2015-01-03 07:44 - 2015-01-03 07:44 - 00001485 _____ () C:\Users\Valentina\AppData\Local\recently-used.xbel
2015-01-03 07:43 - 2015-01-03 07:43 - 00000094 _____ () C:\Users\Valentina\.gtk-bookmarks
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 12:19 - 2014-09-06 05:38 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1784483915-372123886-1970123426-1001
2015-01-23 12:19 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-23 12:19 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-23 12:09 - 2014-09-06 05:09 - 00000074 _____ () C:\Users\Valentina\AppData\Roaming\sp_data.sys
2015-01-23 12:08 - 2014-11-25 08:07 - 00000000 ____D () C:\Users\Valentina\AppData\Roaming\Spotify
2015-01-23 12:05 - 2014-09-06 05:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-23 11:59 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-23 11:58 - 2014-09-23 23:03 - 00010122 _____ () C:\WINDOWS\PFRO.log
2015-01-23 11:37 - 2014-09-23 23:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-23 11:36 - 2013-08-22 06:46 - 00293047 _____ () C:\WINDOWS\setupact.log
2015-01-23 11:23 - 2014-11-06 16:18 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FE1D668C-79C1-4594-B0AC-9539505D947F}
2015-01-23 11:23 - 2014-10-22 10:38 - 01707856 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-22 07:11 - 2014-11-25 08:08 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Spotify
2015-01-19 15:40 - 2014-10-27 10:34 - 00088576 ___SH () C:\Users\Valentina\Desktop\Thumbs.db
2015-01-12 11:28 - 2012-07-25 21:26 - 00000226 _____ () C:\WINDOWS\win.ini
2015-01-11 20:27 - 2014-09-06 05:25 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Google
2015-01-11 19:58 - 2014-09-06 05:09 - 00000000 ____D () C:\Users\Valentina\AppData\Local\Packages
2015-01-11 19:58 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-08 09:13 - 2014-09-06 05:10 - 00000000 ____D () C:\Users\Valentina\AppData\Roaming\Adobe
2015-01-07 18:40 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-06 13:26 - 2014-11-06 16:00 - 00770048 ___SH () C:\Users\Valentina\Downloads\Thumbs.db
2015-01-06 13:17 - 2013-05-01 01:39 - 00000000 ____D () C:\Program Files (x86)\WildGames
2015-01-06 13:16 - 2013-05-01 01:39 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-06 11:46 - 2014-12-13 12:29 - 00000000 ____D () C:\Users\Valentina\Documents\Art
2015-01-06 11:26 - 2014-10-01 22:03 - 00000000 ____D () C:\Users\Valentina\Documents\Finance Council
2015-01-05 20:29 - 2014-11-20 13:44 - 00004972 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nana-Valentina Nana
2015-01-05 14:07 - 2014-10-01 16:40 - 00000000 ____D () C:\Users\Valentina\Documents\F&A
2015-01-04 18:41 - 2014-10-03 17:08 - 00000000 ____D () C:\Users\Valentina\Documents\Blue Shield
2015-01-03 07:44 - 2014-12-01 17:20 - 00000000 ____D () C:\Users\Valentina\AppData\Local\gtk-2.0
2015-01-03 07:44 - 2014-10-08 17:59 - 00000000 ____D () C:\Users\Valentina\.gimp-2.8
2015-01-03 07:43 - 2014-10-22 10:17 - 00000000 ____D () C:\Users\Valentina
2014-12-24 19:56 - 2014-10-22 09:06 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-24 19:45 - 2014-11-25 09:21 - 00000000 ____D () C:\Users\Valentina\Documents\Recipes
 
==================== Files in the root of some directories =======
2014-09-06 05:09 - 2015-01-23 12:09 - 0000074 _____ () C:\Users\Valentina\AppData\Roaming\sp_data.sys
2015-01-03 07:44 - 2015-01-03 07:44 - 0001485 _____ () C:\Users\Valentina\AppData\Local\recently-used.xbel
2014-10-22 10:10 - 2014-10-22 10:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 01:34 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 01:34 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 01:34 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Valentina\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Valentina\AppData\Local\Temp\optprosetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-17 23:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Valentina at 2015-01-23 12:39:39
Running from C:\Users\Valentina\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WSE_Vosteran (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1784483915-372123886-1970123426-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Valentina\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
03-01-2015 10:15:42 Scheduled Checkpoint
12-01-2015 12:27:09 Scheduled Checkpoint
20-01-2015 17:07:17 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2015-01-12 12:53 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1C198874-E500-4A79-AC90-D39E9D6B4C14} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {2AF30CD0-23C7-4DE2-92D6-EF6EFC572C94} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {4CE75340-880B-49B8-8F5E-783B48A0B782} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-01-15] ()
Task: {55F10D36-1DB9-4E13-83C1-4BF4229C24E7} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {663B5E16-C219-4506-8A77-9DEFE1D2D3E1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nana-Valentina Nana => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {689D6422-D7FA-40CD-99BF-17201231DA37} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {6B2748AE-FF54-4618-91D0-50A78AEA5BE9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {7773658B-EB67-4EBE-8CCE-C4BC81F774E3} - System32\Tasks\WSE_Vosteran => C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {77895862-29BC-4641-9CB9-88B67BFC575B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001UA => C:\Users\Valentina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {8DF5DB2C-0837-452D-A6CD-23B001E443D6} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {A5B7EE9B-1B34-450F-AB24-0F9C07AA69D2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-01-15] ()
Task: {A6930477-F461-409B-9388-697208881043} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-12] (AsusTek)
Task: {A6986A75-6CF5-4B0F-A2D0-3294AC821BC4} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {C6390883-BE46-4EF9-BD9E-DB7BE13D0F7B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001Core => C:\Users\Valentina\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-07] (Google Inc.)
Task: {DD01E123-A427-46E9-AA95-1524087246FF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {E23486E5-2A2E-4612-9E2B-BC02B637F08C} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1784483915-372123886-1970123426-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001Core.job => C:\Users\Valentina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1784483915-372123886-1970123426-1001UA.job => C:\Users\Valentina\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-22 08:50 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: TabletInputService => 2
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1784483915-372123886-1970123426-500 - Administrator - Disabled)
Guest (S-1-5-21-1784483915-372123886-1970123426-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1784483915-372123886-1970123426-1003 - Limited - Enabled)
Valentina (S-1-5-21-1784483915-372123886-1970123426-1001 - Administrator - Enabled) => C:\Users\Valentina
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 00:05:08 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'
 
Error: (01/23/2015 11:46:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7953
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7953
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6735
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6735
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 07:11:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5438
 
Error: (01/22/2015 07:11:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5438
 
 
System errors:
=============
Error: (01/23/2015 00:39:45 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/23/2015 00:39:45 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:45 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:42 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:42 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:40 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:40 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:20 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:20 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (01/23/2015 00:39:20 PM) (Source: DCOM) (EventID: 10005) (User: Nana)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 00:05:08 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT AUTHORITY)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)
 
Error: (01/23/2015 11:46:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7953
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7953
 
Error: (01/22/2015 07:11:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6735
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6735
 
Error: (01/22/2015 07:11:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/22/2015 07:11:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5438
 
Error: (01/22/2015 07:11:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5438
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-13 11:55:53.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 11:55:53.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 11:55:53.418
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 11:55:53.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 11:55:52.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-13 11:55:52.824
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 11%
Total physical RAM: 6029.68 MB
Available physical RAM: 5325.93 MB
Total Pagefile: 7565.68 MB
Available Pagefile: 6918.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:147.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS
Drive f: (AIDA) (Removable) (Total:0.95 GB) (Free:0.63 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 979 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 25 January 2015 - 11:19 AM




Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Remove this program from the Add/Remove Programs list.

WSE_Vosteran (HKU\S-1-5-21-1784483915-372123886-1970123426-1001\...\WSE_Vosteran) (Version: - WSE_Vosteran) <==== ATTENTION!
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

AppInit_DLLs-x32: c:/progra~3/{6a078~1/171~1.0/dara.dll => "c:/progra~3/{6a078~1/171~1.0/dara.dll" File Not Found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_15_02_ie&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=1747130659&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_15_02_ie&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=1747130659&ir=
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_15_02_ie&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=1747130659&ir=
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0CtC0FyDyE0CtG0AtCyD0AtGtCtCyDyEtGyE0F0AtBtGyEtBtCtCzy0DyE0AyEtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=429158991&ir=
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://vosteran.com/?f=1&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0CtC0FyDyE0CtG0AtCyD0AtGtCtCyDyEtGyE0F0AtBtGyEtBtCtCzy0DyE0AyEtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&cr=429158991&ir=
FF user.js: detected! => C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\user.js
FF SearchPlugin: C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\searchplugins\Vosteran.xml
FF Extension: Set Search Settings - C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482} [2015-01-17]
CHR Extension: (ShopAtHome.com) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-06]
CHR Extension: (FileShareFanatic) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpdkopnmfngmoklamkhdodopkomekfb [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
S1 {f81878fa-25e9-442d-8ada-79658b6520f2}Gw64; C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys [48792 2015-01-11] (StdLib)
Task: {7773658B-EB67-4EBE-8CCE-C4BC81F774E3} - System32\Tasks\WSE_Vosteran => C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Valentina\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Valentina\AppData\Local\Temp\optprosetup.exe
C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#3 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 25 January 2015 - 11:49 AM

Looking and running much better.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Valentina at 2015-01-25 08:36:34 Run:2
Running from C:\Users\Valentina\Desktop
Loaded Profiles: Valentina (Available profiles: Valentina)
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

AppInit_DLLs-x32: c:/progra~3/{6a078~1/171~1.0/dara.dll =&amp;gt; "c:/progra~3/{6a078~1/171~1.0/dara.dll" File Not Found
ShellIconOverlayIdentifiers: [ SkyDrive1] -&amp;gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&amp;gt; No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -&amp;gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&amp;gt; No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -&amp;gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&amp;gt; No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -&amp;gt; {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&amp;gt; No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -&amp;gt; {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&amp;gt; No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -&amp;gt; {BBACC218-34EA-4666-9D7A-C78F2274A524} =&amp;gt; No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction &amp;lt;======= ATTENTION
SearchScopes: HKLM -&amp;gt; DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&amp;amp;q={searchTerms}&amp;amp;a=vst_ggbg_15_02_ie&amp;amp;cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&amp;amp;cr=1747130659&amp;amp;ir=
SearchScopes: HKLM -&amp;gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&amp;amp;q={searchTerms}&amp;amp;a=vst_ggbg_15_02_ie&amp;amp;cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&amp;amp;cr=1747130659&amp;amp;ir=
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -&amp;gt; DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -&amp;gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/results.php?f=4&amp;amp;q={searchTerms}&amp;amp;a=vst_ggbg_15_02_ie&amp;amp;cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtDyCtN1L2XzutAtFyBtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByB0ByE0ByB0AyDtG0B0C0CzytGyEyByE0EtG0Czz0EzztGtAzy0F0EyB0FyD0ByCyE0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&amp;amp;cr=1747130659&amp;amp;ir=
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -&amp;gt; {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1784483915-372123886-1970123426-1001 -&amp;gt; {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://vosteran.com/results.php?f=4&amp;amp;q={searchTerms}&amp;amp;a=vst_ggbg_15_03_other&amp;amp;cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0CtC0FyDyE0CtG0AtCyD0AtGtCtCyDyEtGyE0F0AtBtGyEtBtCtCzy0DyE0AyEtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&amp;amp;cr=429158991&amp;amp;ir=
FF SelectedSearchEngine: Vosteran
FF Homepage: hxxp://vosteran.com/?f=1&amp;amp;a=vst_ggbg_15_03_other&amp;amp;cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzz0CtC0FyDyE0CtG0AtCyD0AtGtCtCyDyEtGyE0F0AtBtGyEtBtCtCzy0DyE0AyEtAzyyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtCtBzyyB0CyC0CtG0DzztD0DtGyE0DtD0FtGzytAzzyCtG0ByBtC0EtB0FtDyE0F0CtDyD2Q&amp;amp;cr=429158991&amp;amp;ir=
FF user.js: detected! =&amp;gt; C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\user.js
FF SearchPlugin: C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\searchplugins\Vosteran.xml
FF Extension: Set Search Settings - C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482} [2015-01-17]
CHR Extension: (ShopAtHome.com) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-06]
CHR Extension: (FileShareFanatic) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpdkopnmfngmoklamkhdodopkomekfb [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
S1 {f81878fa-25e9-442d-8ada-79658b6520f2}Gw64; C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys [48792 2015-01-11] (StdLib)
Task: {7773658B-EB67-4EBE-8CCE-C4BC81F774E3} - System32\Tasks\WSE_Vosteran =&amp;gt; C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE &amp;lt;==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job =&amp;gt; C:\Users\VALENT~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE &amp;lt;==== ATTENTION
C:\Users\Valentina\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Valentina\AppData\Local\Temp\optprosetup.exe
C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys

End
*****************

Processes closed successfully.
"c:/progra~3/{6a078~1/171~1.0/dara.dll" =&amp;gt; Value Data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 =&amp;gt; Key not found.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&amp;gt; Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 =&amp;gt; Key not found.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&amp;gt; Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 =&amp;gt; Key not found.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} =&amp;gt; Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 =&amp;gt; Key not found.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} =&amp;gt; Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 =&amp;gt; Key not found.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =&amp;gt; Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 =&amp;gt; Key not found.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} =&amp;gt; Key not found.
HKLM\SOFTWARE\Policies\Google =&amp;gt; Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&amp;gt; Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} =&amp;gt; Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} =&amp;gt; Key not found.
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope =&amp;gt; Value not found.
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} =&amp;gt; Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} =&amp;gt; Key not found.
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} =&amp;gt; Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} =&amp;gt; Key not found.
HKU\S-1-5-21-1784483915-372123886-1970123426-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} =&amp;gt; Key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} =&amp;gt; Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\user.js not found.
"C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\searchplugins\Vosteran.xml" =&amp;gt; not found.
C:\Users\Valentina\AppData\Roaming\Mozilla\Firefox\Profiles\6nh4i1qk.default\Extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482} not found.
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc directory not found.
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpdkopnmfngmoklamkhdodopkomekfb directory not found.
C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda directory not found.
{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64 =&amp;gt; Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7773658B-EB67-4EBE-8CCE-C4BC81F774E3}" =&amp;gt; Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7773658B-EB67-4EBE-8CCE-C4BC81F774E3}" =&amp;gt; Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Vosteran =&amp;gt; Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran" =&amp;gt; Key deleted successfully.
C:\WINDOWS\Tasks\WSE_Vosteran.job =&amp;gt; Moved successfully.
C:\Users\Valentina\AppData\Local\Temp\MSETUP4.EXE =&amp;gt; Moved successfully.
C:\Users\Valentina\AppData\Local\Temp\optprosetup.exe =&amp;gt; Moved successfully.
C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys =&amp;gt; Moved successfully.


The system needed a reboot.

==== End of Fixlog 08:36:35 ====


Edited by TheSentinel, 25 January 2015 - 11:52 AM.


#4 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 25 January 2015 - 11:56 AM

As a bonus I was able to install Google chrome browser again.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 26 January 2015 - 08:42 AM

Good news.

Now run this tool to remove any remant items of Vosteran in the registry.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#6 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 28 January 2015 - 02:55 PM

Forgot to post results...

 

# AdwCleaner v4.108 - Report created 27/01/2015 at 23:37:21
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Local]
# Operating System : Windows 8.1  (64 bits)
# Username : Valentina - NANA
# Running from : C:\Users\Valentina\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\VALENT~1\AppData\Local\Temp\Dynamo Combo
Folder Deleted : C:\Users\Valentina\Documents\Optimizer Pro
Folder Deleted : C:\Users\Valentina\Documents\Updater
File Deleted : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valentina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v35.0 (x86 en-US)
 
[6nh4i1qk.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytD[...]
[6nh4i1qk.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzy[...]
[6nh4i1qk.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[6nh4i1qk.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[6nh4i1qk.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_ggbg_15_03_other&cd=2XzuyEtN2Y1L1QzuyDyEtAyDtAtDyB0C0AyCyE0C0A0EyDtDtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtB[...]
 
-\\ Google Chrome v40.0.2214.93
 
 
*************************
 
AdwCleaner[R0].txt - [4012 octets] - [27/01/2015 23:30:54]
AdwCleaner[S0].txt - [3936 octets] - [27/01/2015 23:37:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3996 octets] ##########
 
 

 Results of screen317's Security Check version 0.99.94  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.13 Adobe Reader out of Date!  
 Mozilla Firefox (35.0) 
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 29 January 2015 - 09:42 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 TheSentinel

TheSentinel
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 29 January 2015 - 05:11 PM

Sounds good, It seems to be performing Much better.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:38 PM

Posted 30 January 2015 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users