snadler Posted January 2, 2015 ID:925180 Share Posted January 2, 2015 Hello, from reading a prior topic I believe I have removed the Vosteran Malware, but I wanted to ask for some help to make sure.I'd also like to thank you (in advance) as well as Malwarebytes for making such an outstanding product and providing such a great service. My first MWB log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/1/2015Scan Time: 11:04:47 PMLogfile: MWB Log 1.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2015.01.02.03Rootkit Database: v2014.12.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: snadle01 Scan Type: Threat ScanResult: CompletedObjects Scanned: 435493Time Elapsed: 8 min, 17 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Then I downloaded and ran Adware Cleaner and here is that log: # AdwCleaner v4.106 - Report created 01/01/2015 at 23:16:28# Updated 21/12/2014 by Xplode# Database : 2015-01-01.1 [Live]# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : snadle01 - BLB7CW1# Running from : C:\Users\snadle01\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : PCKeeper2ServiceService Deleted : PCKeeperOcfService ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\apnFolder Deleted : C:\ProgramData\Driver SupportFolder Deleted : C:\ProgramData\KromtechFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpenerFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KromtechFolder Deleted : C:\Program Files (x86)\TweaksFolder Deleted : C:\Program Files (x86)\Driver SupportFolder Deleted : C:\Users\snadle01\AppData\Local\Temp\apnFolder Deleted : C:\Users\snadle01\AppData\Local\Temp\Framed DisplayFolder Deleted : C:\Program Files\KromtechFolder Deleted : C:\Users\snadle01\AppData\Local\KromtechFolder Deleted : C:\Users\snadle01\AppData\Roaming\DigitalSitesFolder Deleted : C:\Users\snadle01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver SupportFolder Deleted : C:\Users\snadle01\Documents\Optimizer ProFile Deleted : C:\Users\snadle01\AppData\Local\Temp\DriverSupport.exeFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorageFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journalFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorageFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journalFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorageFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journalFile Deleted : C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** Task Deleted : Driver Support-RTMRulesTask Deleted : Driver Support-RTMScanTask Deleted : Driver Support-RTMUpdaterTask Deleted : LaunchSignup ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62C968DD-0E2A-43E2-B93F-EADB45AA9C0F}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}Key Deleted : HKCU\Software\Bitberry SoftwareKey Deleted : HKCU\Software\BitberryKey Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\Framed DisplayKey Deleted : HKCU\Software\DriverSupportKey Deleted : HKCU\Software\VosteranKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\InstallCoreKey Deleted : HKLM\SOFTWARE\Framed DisplayKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener PackagesKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupportKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16592 -\\ Google Chrome v39.0.2171.95 [C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf[C:\Users\snadle01\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce ************************* AdwCleaner[R0].txt - [4513 octets] - [01/01/2015 23:15:21]AdwCleaner[s0].txt - [4245 octets] - [01/01/2015 23:16:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4305 octets] ########## Then I downloaded and ran Junkware Removal Tool (JRT) and here is that log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Professional x64Ran by snadle01 on Thu 01/01/2015 at 23:21:17.75~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\snadle01\appdata\local\pc_drivers_headquarters" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 01/01/2015 at 23:23:52.24End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Then I ran MalwareBytes again following prior instruction to another user to:- Enable Scan for rootkit- Set both PUP and PUM to Treat detections as malware Here is the MWB log after that: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 1/1/2015Scan Time: 11:28:18 PMLogfile: MWB Log 2.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2015.01.02.03Rootkit Database: v2014.12.30.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: snadle01 Scan Type: Threat ScanResult: CompletedObjects Scanned: 436857Time Elapsed: 7 min, 42 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 2PUP.Optional.AceRace.A, HKU\S-1-5-21-1216698204-1542668753-1093625069-611774-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{68182220-3C75-49D9-A9C4-4093D3986279}, Quarantined, [e12082e7acd095a16db028b2cc3636ca], PUP.Optional.AceRace.A, HKU\S-1-5-21-1216698204-1542668753-1093625069-611774-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{68182220-3C75-49D9-A9C4-4093D3986279}, Quarantined, [e12082e7acd095a16db028b2cc3636ca], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) That is as far as I have gone and everything seems to be clean and the system appears to operating normally. I look forward to your response and any further suggestions. By the way, I believe I obtained this from downloading a .zip program to open .rar files Thanks,Steve Link to post Share on other sites More sharing options...
snadler Posted January 2, 2015 Author ID:925255 Share Posted January 2, 2015 Hello, I see there has been no reply to my topic yet all of the posts after mine have received replies.Will I be able to receive a review of my situation? Either way, I would appreciate someone letting me know. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 2, 2015 ID:925271 Share Posted January 2, 2015 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following:Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Let's check your PC: Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
snadler Posted January 2, 2015 Author ID:925275 Share Posted January 2, 2015 Thank you for your help. Attached are both log files you requested. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 2, 2015 ID:925284 Share Posted January 2, 2015 Multiple Resident Protection warning! Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:System Center Endpoint ProtectionTrend Micro Client/Server Security Agent AntivirusUninstallation procedure:Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search for each uninstalled entry, right-click it and select Uninstall.This should be done until any other steps will be taken. Beside this, your PC seems clean. Link to post Share on other sites More sharing options...
snadler Posted January 2, 2015 Author ID:925291 Share Posted January 2, 2015 Thank you again. Donation has been made. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2015 Root Admin ID:925480 Share Posted January 3, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts