Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 25, 2015 18:39:32 GMT -8
"for pastebin.com do I need to register? " NO
Quads
|
|
apehf
New Helpee
Posts: 16
|
Post by apehf on Jan 25, 2015 18:46:01 GMT -8
|
|
apehf
New Helpee
Posts: 16
|
Post by apehf on Jan 26, 2015 15:35:10 GMT -8
Hello Did I miss something? Did I do something wrong?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 26, 2015 21:12:04 GMT -8
Press the + R Keys on your keyboard at the same time. Type notepad and click OK. Copy the entire content of the codebox below and paste into the notepad (Including start and end) start HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1494440855-882454630-2908024227-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Hector\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-1494440855-882454630-2908024227-1000\...\MountPoints2: {0d4fdf51-dfd3-11df-9343-485b39f5c698} - G:\sldim\sldim.exe HKU\S-1-5-21-1494440855-882454630-2908024227-1000\...\MountPoints2: {d546e789-c57a-11df-9cbc-806e6f6e6963} - E:\AUTORUN.EXE HKU\S-1-5-21-1494440855-882454630-2908024227-1000\...\MountPoints2: {dbbabd27-d72e-11df-ad5c-485b39f5c698} - E:\SETUP.EXE HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-1494440855-882454630-2908024227-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_52_other&cd=2XzuyEtN2Y1L1QzuyEzzyD0BtAzy0FyD0CyCzyzztBtA0B0DtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StCtBzy0CyD0AtA0CtGyCtB0FtCtG0E0EzztCtG0C0DyD0CtGtB0EtAyEtBtBtDtB0DzyyEtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0A0CzyyEtB0FtBtGyD0EtDtAtGyE0CtCtBtG0BzytCtCtGtCyBtBzyyBzzzyzzzy0DtDtB2Q&cr=1004913814&ir= SearchScopes: HKU\S-1-5-21-1494440855-882454630-2908024227-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP5500E02E-B7B1-4053-AC0A-B535DBA59BD5&q={searchTerms}&SSPV= FF SearchPlugin: C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\ayrp4kd3.default-1408445490318\searchplugins\Vosteran.xml S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X] S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [X] U3 afwn71ob; C:\Windows\System32\Drivers\afwn71ob.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) C:\Windows\System32\Drivers\afwn71ob.sys 2014-12-26 07:02 - 2014-12-26 07:03 - 00000000 ____D () C:\Users\Hector\AppData\Local\Vosteran 2014-12-26 07:01 - 2014-12-26 07:01 - 00000000 ____D () C:\Users\Hector\AppData\Roaming\WSE_Vosteran C:\Windows\Tasks\{BD5B1542-1B51-4C3E-9FCC-CFAA5F0BA1F1}.job Reboot: end Click File, Save As and type fixlist (.txt may be seen on the end depending on the system setup) as the File Name. Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start FRST. (XP users click run after receipt of Windows Security Warning - Open File). Press the button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop, called Fixlog.txt. To paste or attach back here Quads
|
|
apehf
New Helpee
Posts: 16
|
Post by apehf on Jan 27, 2015 4:22:21 GMT -8
Hello As requested. Thank You! apehf Attachments:Fixlog.txt (4.69 KB)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 15:22:46 GMT -8
Read carefully
Download Adwcleaner www.bleepingcomputer.com/download/adwcleaner/ on to your desktop The Blue Download Now @bleeping Computer button and run a scan ( Scan Button). It will create a log after. Or there is a Report button, ONE SCAN ONLY
Attach or paste the log back here Quads
|
|
apehf
New Helpee
Posts: 16
|
Post by apehf on Jan 27, 2015 18:30:44 GMT -8
Good Evening Quads As requested... Thanks again! Good night! Apehf Attachments:AdwCleanerR0.txt (3.74 KB)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 27, 2015 18:48:56 GMT -8
a) Click the Scan Button and wait for the scan to finish,. (already done if Adwcleaner is left pending) b) Make sure all of the items under each TAB are to be ticked. c) Click the Clean Button and Adwcleaner will process all the items ticked / checked and then may ask for the system to be restarted.[/span] d) It should create a new log afterwards (with S0 in the name). Here is a Screenshot example Quads
|
|
apehf
New Helpee
Posts: 16
|
Post by apehf on Jan 28, 2015 5:27:07 GMT -8
Hello Quads I deducted that you wished to see that last log, so here it is... Thanks Attachments:AdwCleanerS0.txt (3.86 KB)
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Jan 28, 2015 21:00:53 GMT -8
Now Vosteran is in pieces your browser should be free of it On with step 4, Complete system check for any file and cleanup of items and tools used. Special attention to the different settings I have asked for below You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.
Please download Online Scanner and save it to your Desktop. Start with administartor privileges. Select the option Yes, and click on . Choose the following settings: NO!! for Remove found threats (reason for this is we don't want something deleted and then Windows won't load). Click on Start. The virus signature database will begin to download. This may take some time. When completed the Online Scan will begin automatically. Note: This scan might take a long time! Please be patient.When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first! (List found Threats)Now click on Finish Quads
|
|