Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

vosteran search engine [Solved]


  • This topic is locked This topic is locked

#1
canadianchicklet

canadianchicklet

    Member

  • Member
  • PipPipPip
  • 338 posts

hello i tried downloading a program and it was a mistake and i guess something was hidden inside. now my computer is acting up and i have a vosteran search thing i cant get rid of id appreciate help in removing it thanks:)


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello canadianchicklet,

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#3
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

ok thanks.. here are the logs!

Attached Files


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello again canadienchicklet,

Please copy and past your logs into the thread. Much easier to analyze. :)

Now

Please uninstall the following adware related program:

Search App by Ask

After that

 

Download the attached fixlist.txt file.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

Finally in this post

Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

So when you return please post

  • Fixlog.txt
  • AdwCleaner log
  • JRT.txt

 


  • 0

#5
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

im sorry im confused as to what to do with the fixlist... it looks like a log... 


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Don't worry what it looks like. :)

 

I take that it has downloaded to your Download folder?

 

Assuming it has then please follow the instruction i.e. run FRST64 and press the fix button.

 

Tell me if you strike any problems. 


  • 0

#7
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
# AdwCleaner v4.102 - Report created 26/11/2014 at 17:02:29
# Updated 23/11/2014 by Xplode
# Database : 2014-11-26.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : THE USER - THEUSER-PC
# Running from : C:\Users\THE USER\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Vosteran
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
[q2e0u2a5.default-1356360644627\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[q2e0u2a5.default-1356360644627\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
 
-\\ Google Chrome v36.0.1985.125
 
[C:\Users\THE USER\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\THE USER\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
 
*************************
 
AdwCleaner[R0].txt - [4373 octets] - [22/11/2014 11:44:05]
AdwCleaner[R1].txt - [1604 octets] - [26/11/2014 17:00:00]
AdwCleaner[S0].txt - [3931 octets] - [22/11/2014 11:45:30]
AdwCleaner[S1].txt - [1521 octets] - [26/11/2014 17:02:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1581 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x64
Ran by THE USER on Wed 11/26/2014 at 17:13:58.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{0E33944B-57DB-4938-ABCB-3893A6182F75}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{105684A2-8D07-4C7B-B11B-58D877D46317}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{149C9AD0-AD86-4B70-8277-EF18D5B92A18}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{27EBA28F-5E85-4DAB-89AC-321F83604C2A}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{2E6289FF-DD23-4CBD-BD37-BF44781D820D}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{360F1446-FE93-4028-805C-6A2B7D0E23D8}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{47F08B6A-F194-4B5B-BC31-9C4A701DD711}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{5B8483DC-580C-4CD0-81BD-CD09A19B822C}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{5BD99004-476E-48D7-9655-50B0DAA2A334}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{8F355155-D97A-41AE-B3BE-B2708CBC42FE}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{957CAAC8-768B-4BC0-A882-99A53976CFA4}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{9CE5BADE-30E1-4EA7-96C4-BFEA414FC1FF}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{A3295C2C-DEDA-455E-9231-CFD8CB65312B}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{C1E0B0B3-9427-421B-BC96-588051D1A3CF}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{C8AF0969-DF6E-494D-978D-D4278A53FF39}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{D5608DF1-5186-4AA2-9C2C-5CC35E1137D8}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{D5F42495-3025-48D3-9B3C-C970AB4DACD5}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{E3C419AA-6FEE-4607-99E0-CF485614455F}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{E7D15DFD-6B8F-4E42-ABB7-AFA8AAC6E63E}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{FC7D6D62-7A19-4D60-BD7A-F8E4B00C0763}
Successfully deleted: [Empty Folder] C:\Users\THE USER\appdata\local\{FEF96B3E-0A46-4A02-8598-97E959D76D75}
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\THE USER\AppData\Roaming\mozilla\firefox\profiles\q2e0u2a5.default-1356360644627\minidumps [164 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/26/2014 at 17:18:00.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
i cant find the fixlog anywhere tho im sorry

  • 0

#8
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by THE USER at 2014-11-26 16:54:51 Run:1
Running from C:\Users\THE USER\Downloads
Loaded Profile: THE USER (Available profiles: THE USER)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
FF SearchEngineOrder.1: Ask Search
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF SearchPlugin: C:\Users\THE USER\AppData\Roaming\Mozilla\Firefox\Profiles\q2e0u2a5.default-1356360644627\searchplugins\Vosteran.xml
S4 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
S4 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]
C:\Program Files (x86)\Free Ride Games
AlternateDataStreams: C:\ProgramData\TEMP:05F547A9
AlternateDataStreams: C:\ProgramData\TEMP:28819F45
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA
AlternateDataStreams: C:\ProgramData\TEMP:CEE4A457
EmptyTemp:
*****************
 
Firefox SearchEngineOrder.1 deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget" => Key deleted successfully.
C:\Users\THE USER\AppData\Roaming\Mozilla\Firefox\Profiles\q2e0u2a5.default-1356360644627\searchplugins\Vosteran.xml => Moved successfully.
X5XSEx => Service deleted successfully.
X5XSEx_Pr143 => Service deleted successfully.
"C:\Program Files (x86)\Free Ride Games" => File/Directory not found.
C:\ProgramData\TEMP => ":05F547A9" ADS removed successfully.
C:\ProgramData\TEMP => ":28819F45" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":5C0940F1" ADS removed successfully.
C:\ProgramData\TEMP => ":751D6870" ADS removed successfully.
C:\ProgramData\TEMP => ":7D288858" ADS removed successfully.
C:\ProgramData\TEMP => ":A2B3764A" ADS removed successfully.
C:\ProgramData\TEMP => ":B6E6C4EA" ADS removed successfully.
C:\ProgramData\TEMP => ":CEE4A457" ADS removed successfully.
EmptyTemp: => Removed 499.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
i found it lol

  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello again canadianchicklet,

 

Making good progress I think. :)

 

Now

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 

 

 

 


  • 0

#10
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

ok i did that.. im very sorry it wouldnt let me copy and paste to this message i had to attach it.. i hope thats ok... im rebooting now to see how it works

Attached Files


  • 0

#11
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

hi everything seems to be just fine now!! yay.. your the best ty so much!


  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello canadianchicklet,
 

hi everything seems to be just fine now!!


Excellent news. :)

I think you are good to go.

We have a couple of last steps to perform and then you're all set.

To clear away the tools we have been using download Delfix from here.

Put a check (tick) in the following boxes:
 

  • Remove disinfection tools
  • Purge System Restore
  • Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

------------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
 

 


  • 0

#13
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
C:\drew\Program Files (x86)\BfgBar\bfg.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application deleted - quarantined
C:\drew\Program Files (x86)\BfgBar\bfgbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application deleted - quarantined
C:\drew\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Users\THE USER\AppData\Local\Microsoft\Windows Live Mail\Hotmail (ca 7b3\Junk email\04B10D00-00000062.eml HTML/Phishing.Agent.A trojan cleaned by deleting - quarantined
C:\Users\THE USER\Downloads\avc-free_inst (1).exe a variant of Win32/InstallCore.PL potentially unwanted application deleted - quarantined
C:\Users\THE USER\Downloads\avc-free_inst.exe a variant of Win32/InstallCore.PL potentially unwanted application deleted - quarantined
C:\Users\THE USER\Downloads\instsf450_inst.exe a variant of Win32/InstallCore.QW potentially unwanted application deleted - quarantined
E:\Pictures\Downloads\cbsidlm-cbsi213-Awesome_Duplicate_Photo_Finder-SEO-75206819.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
E:\Pictures\Downloads\rcp_dcomnew_sec_728 (1).exe Win32/Systweak.D potentially unwanted application deleted - quarantined
E:\Pictures\Downloads\rcp_dcomnew_sec_728.exe Win32/Systweak.D potentially unwanted application deleted - quarantined
E:\Pictures\Downloads\REGSERVO_Installer.exe a variant of Win32/AdWare.ErrorEND.A application cleaned by deleting - quarantined
E:\Pictures\Downloads\winzip18-lan_en.exe a variant of Win32/InstallCore.PP potentially unwanted application deleted - quarantined
 
 
ok here you go!!

  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Yes, that's the ESET one. I caught up with that from the attachment on your earlier post.

 

I guess you are following the cleanup guide in my last post now?


  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP