system
January 10, 2015, 3:04pm
1
I followed the instructions on the “Logs to assist in cleaning malware” and am including the logs.
I ran all of the scans, and want to note that the aswMBR log seemed to be finished, but after I had saved it, continued to run, and did so yet another time, both times showing infections. So I’m hoping that the log I’m including actually is the full/final scan results.
After running the scans, I came back to the computer to find the blue screen of death. I rebooted, opened the browser, only to be greeted with the Avast message “Bad browsers detected…”.
I’m hopeful that you can help me get rid of this crap! Thank you.
Regards,
Let me know how the computer is after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1447836366-1137654849-3782855257-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} -> No File
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_coinis_15_02_ie&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzzyCyCtByB0A0E0E0B0D0DtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0FtDtCtCyD0FtCtGyD0B0DyEtG0EtByBtBtG0CzzyCtDtGtCtDyD0CyEzyyDzz0E0C0CyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyBtAyC0DtD0CyBtGyEyBzyyEtGyEzzyC0BtG0A0F0FtDtGyC0F0AzztAtCtAtD0AyD0Dzy2Q&cr=246058583&ir=
CHR DefaultSearchKeyword: Default -> vosteran.com
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
2015-01-09 17:27 - 2015-01-09 18:56 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear
2015-01-09 17:27 - 2015-01-09 17:27 - 00000000 ____D () C:\Users\Rita\AppData\Roaming\Spyware Clear
2015-01-09 16:31 - 2015-01-09 16:31 - 00330984 _____ (INSTALLER Technology Co) C:\Users\Katie\Downloads\SoftwareUpdater.exe
2015-01-08 22:58 - 2015-01-08 22:58 - 00628496 _____ (CMI Limited) C:\Users\Rita\AppData\Local\nsbE6A0.tmp
2015-01-08 22:16 - 2015-01-08 22:16 - 00000000 ____D () C:\Program Files (x86)\predm
2015-01-08 22:13 - 2015-01-08 22:13 - 00000000 ____D () C:\Users\Rita\Documents\Optimizer Pro
2015-01-08 22:11 - 2015-01-09 01:07 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-08 22:11 - 2015-01-09 00:50 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-08 22:11 - 2015-01-09 00:50 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-08 22:11 - 2015-01-09 00:48 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-08 22:11 - 2015-01-09 00:48 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-08 22:11 - 2015-01-09 00:48 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-08 22:10 - 2015-01-08 22:09 - 00613057 _____ (CMI Limited) C:\Users\Rita\AppData\Local\nsoBCA7.tmp
2015-01-08 22:09 - 2015-01-08 22:09 - 00000000 __SHD () C:\Users\Rita\AppData\Roaming\AnyProtectEx
2015-01-08 21:58 - 2015-01-09 00:49 - 00000000 ____D () C:\Users\Rita\AppData\Local\SmartWeb
2015-01-08 21:58 - 2015-01-08 21:58 - 00002175 _____ () C:\Windows\patsearch.bin
2015-01-08 21:44 - 2015-01-09 00:49 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-08 21:44 - 2015-01-08 21:44 - 00000064 _____ () C:\Users\Rita\AppData\Local\026917dab9ae4d79f21beb64d61a7123
2015-01-08 21:44 - 2015-01-08 21:44 - 00000000 ____D () C:\Users\Rita\AppData\Local\globalUpdate
2015-01-08 21:43 - 2015-01-08 21:43 - 00003466 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-08 21:43 - 2015-01-08 21:43 - 00000000 ____D () C:\Users\Rita\Documents\ProPCCleaner
2015-01-08 21:43 - 2015-01-08 21:43 - 00000000 ____D () C:\Users\Rita\AppData\Local\Pro_PC_Cleaner
2015-01-08 21:40 - 2015-01-08 21:40 - 00000000 ____D () C:\ProgramData\makulitsidwe
2014-12-28 20:19 - 2014-12-28 20:20 - 00000000 ____D () C:\Users\Will\AppData\Local\{07713E40-DE29-4C6A-AD42-AEE036496C06}
2014-12-12 05:54 - 2014-12-12 05:54 - 00000000 __SHD () C:\Users\Rita\AppData\Local\EmieBrowserModeList
Task: {2797C5BD-B306-4C7A-A440-EF68F2F66C50} - \Voo Update No Task File <==== ATTENTION
Task: {45361A69-4973-42AB-A931-2D87B6168C07} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {49DC2FE7-F553-43DF-BA8A-AF2384FA8959} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {D719DB68-44C0-45EA-9073-911C8A618A7D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FDA532AF-15F9-4390-AB91-B77D5410FF11} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Users\Rita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0G04C06
C:\Program Files (x86)\AnyProtectEx
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
THEN
Please download AdwCleaner
[*]Close all open programs and internet browsers.AdwCleaner.exe to run the tool.Scan .Ok .C:\AdwCleaner[S1].txt as well.
system
February 17, 2015, 2:55am
3
Thank you for your great instructions. I’ve run them and am attaching the FRST Fixlog.txt file, as well as two log files from AdwCleaner.
I will repost in a few days to let you know if the problems appear to be fixed. Thank you!!