Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malawarebytes removed Astromenda but what damage has been left?

21 Oct 2014   #11
Jay1978

Windows 7 Professional
 
 

extras file attached




Attached Files
File Type: txt Extras.Txt (49.8 KB, 4 views)
My System SpecsSystem Spec
.
21 Oct 2014   #12
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Thank you. Now attach the Extras.txt log. It should be found on your desktop somewhere. You can also find it by typing Extras.txt into your Start Search field.

Give a moment to review the OTL log.
My System SpecsSystem Spec
21 Oct 2014   #13
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Ooops! My bad! Ignore the request for the Extras.txt.
My System SpecsSystem Spec
.

21 Oct 2014   #14
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hey Jay,

Couple of questions. Did you intentionally install the following:

Glary Utilities 5
TuneUp Software

I advise not to use this or any registry cleaner as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

I suggest that you uninstall these programs from Programs and Features. Let me know if you choose to do so and I will include the removal of the files and folders in the fix that I am preparing.
My System SpecsSystem Spec
21 Oct 2014   #15
Jay1978

Windows 7 Professional
 
 

I will uninstall Glary immediately. As for the TuneUp program I believe that is part of an HP support package or AVG?? Otherwise I cannot locate it for removal. FYI previously I installed AVG as well to remedy the problem. I have since uninstalled that as well.
My System SpecsSystem Spec
21 Oct 2014   #16
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Please execute my instructions in the following order:

Since you did install AVG, let's use the removal tool to anihilate whatever files might have been left behind. The Tuneup Software directory was created within the same time frame as AVG was. Not sure if the removal tool will get rid of that so I will add it to my fix. If it belonged to anything HP, it would be located within an HP folder.

Please download the AVG Removal tool from here. Installation and execution of the tool is self explanatory. Please follow the onscreen instructions.

It appears that McAfee was installed when you purchased the computer and since I found a hint of a leftover, let's use the McAfee Removal tool as well. You can download that from here. As above, please follow the onscreen instructions.

Now for our OTL fix:

  • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following that is highlighted in blue

    Quote:

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    PRC - [2014/10/13 01:32:56 | 000,795,936 | ---- | M] (Glarysoft Ltd) -- C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    MOD - [2014/10/13 01:33:50 | 000,080,160 | ---- | M] () -- C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
    DRV:64bit: - [2014/10/19 20:34:06 | 000,020,160 | ---- | M] (Glarysoft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GUBootStartup.sys -- (GUBootStartup)
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0D0F0E0DyEzz0D tBtAyCtN0D0Tzu0StCtDtBtAtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtAyB0A tCyCzy0DtGyB0B0F0FtG0D0AtDtBtGzy0ByEtBtGyDyE0F0E0A0DyEtAtCtD0Ezy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0CyDyE yByCyEtG0A0ByBtBtGyEzz0E0AtG0AyBtB0EtG0E0EtA0E0A0BtByCtA0AtDtD2Q&cr=1215502795&ir=
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [GUDelayStartup] C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe (Glarysoft Ltd)
    [2014/10/19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
    [2014/10/19 21:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2014/10/19 21:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jason Mayor\AppData\Local\AvgSetupLog
    [2014/10/19 21:17:47 | 000,000,000 | ---D | C] -- C:\Users\Jason Mayor\AppData\Local\Avg
    [2014/10/11 19:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2014/10/19 20:34:07 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    [2014/10/19 20:34:06 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize 5.job

    :Files
    C:\Program Files (x86)\AVG
    C:\Program Files (x86)\Glary Utilities 5
    ipconfig /flushdns /c


    :Commands
    [resethosts]
    [emptytemp]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.


Please post the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt

If you have any questions or concerns, please do not hesitate to ask.
My System SpecsSystem Spec
21 Oct 2014   #17
Jay1978

Windows 7 Professional
 
 

I have a work meeting but will do it soon as I return. Standby please!
My System SpecsSystem Spec
21 Oct 2014   #18
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Sure will! No problem there!
My System SpecsSystem Spec
21 Oct 2014   #19
Jay1978

Windows 7 Professional
 
 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named Integrator.exe was found!
Error: No service named GUBootStartup was found to stop!
Service\Driver key GUBootStartup not found.
File C:\Windows\SysNative\drivers\GUBootStartup.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GUDelayStartup not found.
File C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe not found.
C:\ProgramData\Avg folder moved successfully.
Folder C:\Program Files (x86)\AVG\ not found.
C:\Users\Jason Mayor\AppData\Local\AvgSetupLog folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg\log\zen1 folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg\log\setup1 folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg\log\fmw1\Local Storage folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg\log\fmw1 folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg\log folder moved successfully.
C:\Users\Jason Mayor\AppData\Local\Avg folder moved successfully.
Folder C:\ProgramData\McAfee\ not found.
File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk not found.
File C:\Windows\tasks\GlaryInitialize 5.job not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\AVG not found.
File\Folder C:\Program Files (x86)\Glary Utilities 5 not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason Mayor\Desktop\cmd.bat deleted successfully.
C:\Users\Jason Mayor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 2343792 bytes
->Temporary Internet Files folder emptied: 172264 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 28327 bytes

User: Jason Mayor
->Temp folder emptied: 7206209788 bytes
->Temporary Internet Files folder emptied: 250072167 bytes
->Java cache emptied: 316727 bytes
->FireFox cache emptied: 11079650 bytes
->Flash cache emptied: 39669 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12041721 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55203677 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,188.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212014_185026
Files\Folders moved on Reboot...
C:\Users\Jason Mayor\AppData\Local\Temp\2c60\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT moved successfully.
C:\Users\Jason Mayor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JASONMAYOR-HP-20141021-1441.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(201410211441145E0).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(201410211441145E0).log not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
My System SpecsSystem Spec
21 Oct 2014   #20
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Perfect Jay! Now all I need is the Quick Scan log. Just open OTL and click on Quick Scan. Please post the log.
My System SpecsSystem Spec
Reply

 Malawarebytes removed Astromenda but what damage has been left?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Astromenda virus
I did something bad. Somehow I downloaded the Astromenda virus that is installed in my Startups and has attached itself to Chrome. I uninstalled Chrome and reinstalled it. I tried to track it down and came up with the attached info. I finally found it in msconfig/Startup and unchecked it; it's...
System Security
Want Related Items pop up at left side of screen removed.
Hi, I have a problem.......every time I go on to a page or thread (on any forum) I get a pop up at the left side of the screen that says "related searches" and contains about 4 or 5 items probably related to the thread I'm viewing but do not want to have as it blocks out at least 1/5 of the screen....
General Discussion
malawarebytes antimalware will not start up
I have found the program Malawarebytes Antimalware to be most useful and I bought the full version. This morning I gave a technician access to my computer and he reviewed my files and offered me a service for $190, which I declined. He looked at my Malawarebytes antimalware set up and remarked it...
System Security
Desktop shifted left and cutoff on left side Win7 64bit Raedon HD 46xx
Hello, I have a strange problem. I recently had to move my graphics card from one slot to another on my motherboard. When I did so, my desktop appeared to be shifted over to the left and that the left most part of the desktop would not display. I tried to use my TV controls to shift the...
Hardware & Devices
Login name removed after ransom virus removed
Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user...
General Discussion
White noise on left speakers/left side of headphone
There's this annoying white noise on my left speakers(Logitech X-540 Speakerset), though I think it's not my speakers that are causing it, but something else, because when I connect my iPod to my speakers there's no white noise. So I was wondering if anyone could tell me how to get rid of this...
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App