Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malawarebytes removed Astromenda but what damage has been left?

20 Oct 2014   #1
Jay1978

Windows 7 Professional
 
 
Malawarebytes removed Astromenda but what damage has been left?

I just used the latest version of Malwarebytes to remove (I hope??) Astromenda PUP.

But now I need guidance on...
  • Is it completely gone?
  • What damage has it done?
  • What services did it shut down?
  • Did it damage my registry?
  • Can I restore my registry and services default settings?
Someone help please!!!


My System SpecsSystem Spec
.
20 Oct 2014   #2
andrew129260

Windows 10 Pro
 
 

Quote   Quote: Originally Posted by Jay1978 View Post
I just used the latest version of Malwarebytes to remove (I hope??) Astromenda PUP.

But now I need guidance on...
  • Is it completely gone?
  • What damage has it done?
  • What services did it shut down?
  • Did it damage my registry?
  • Can I restore my registry and services default settings?
Someone help please!!!
The only way to be sure you are clean is to visit our security section or a help forum like bleeping computer.

here is some info on the pup:

Malware scan of astromenda.crx efde8da26d97da2e05d92d1d6fa593421f66aca9 - herdProtect
My System SpecsSystem Spec
21 Oct 2014   #3
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Jay1978,

I would be more than happy to see if there are any residuals a lurking in the shadows. I'd like to see the Malwarebytes (MBAM) log to see what all was found. To find the log:
  • Click to open your Malwarewarebytes (MBAM) program then click on the History tab found at the top.
  • In the left hand column, click to open Application Logs.
  • Look for the Scan Log (not the Protection Log) with the date and time that you ran MBAM and double click to open.
  • Click on Copy to clipboard found at the bottom of the window.
  • Navigate back here to your topic and Right click into the reply box and choose Paste.

    Next:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

      Next:

      Please download OTL to your Desktop
      • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
      • Make sure all other windows are closed and to let it run uninterrupted.
      • Click the Scan All Users checkbox
        and
      • Check the option for All under the Extra Registry section
      • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.

      Please post the contents of both OTL.txt and Extras.txt files in your next reply.

      In your next reply I'll need the following logs:

      • MBAM
      • C:\AdwCleaner\AdwCleaner[R0].txt
      • OTL.txt
      • Extras.txt


      You may have to attach the logs if too large or copy and paste into separate posts of their own.

      Thank you,
      Donna
My System SpecsSystem Spec
.

21 Oct 2014   #4
Jay1978

Windows 7 Professional
 
 

Thanks so much Donna! I ran Malwarebytes, AdwCleanerer and JRT. I have included the available logs below. I feel as if my services and processes are all messed up whether enabled, disabled or automatic. Plus my startup time is longer now and my fan runs higher all the time.

But now I have Malwarebytes blocking an IP address and FFE5ee.com warnings constantly!!

# AdwCleaner v4.001 - Report created 20/10/2014 at 22:50:42
# DB v2014-10-20.3
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jason Mayor - JASONMAYOR-HP
# Running from : C:\Users\Jason Mayor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42RDVT03\adwcleaner_4.001.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Jason Mayor\AppData\Roaming\UpdaterEX
File Deleted : C:\Users\Jason Mayor\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : UpdaterEX
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v

*************************
AdwCleaner[R0].txt - [7011 octets] - [20/10/2014 22:48:05]
AdwCleaner[S0].txt - [6703 octets] - [20/10/2014 22:50:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6763 octets] ##########
My System SpecsSystem Spec
21 Oct 2014   #5
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Jay1978,

Quote:
I ran Malwarebytes, AdwCleanerer and JRT.
I would like to see the MBAM log that you mentioned in your 1st post to remove Astromenda PUP. It is important for me to see what else may have been found and removed.

AdwCleanerer > My instructions were just execute the Scan option, not Clean. I like to be cautious. False positives do happen with ALL removal tools and I like to see what is found be it is removed to prevent any files from being removed that are vital to the system. Yours looks fine though, so no harm done

As for JRT, I did not instruct you to run a scan with JRT because it clears out the Event Viewer logs. Those can be most helpful at times. I always save that tool and run it at a later time.

If you ran OTL before JRT, we should be good since OTL will display entries from the Event Viewer logs in the Extras.log.

Please post the rest of the logs requested.

Thank you,
Donna
My System SpecsSystem Spec
21 Oct 2014   #6
Jay1978

Windows 7 Professional
 
 

Yes I tried to remove it last night following the instructions from somewhere else. I see several logs available. Is there one in particular you want to see? Most recent? First one?
My System SpecsSystem Spec
21 Oct 2014   #7
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Click to open each MBAM Scan Log. Post the one that removed Astromenda PUP, I want to see what else it removed. Is that the last scan you ran with MBAM?

Also, if you have not done so, please follow the OTL instructions in post #3 and post the 2 logs it produces. Those logs are very important to me as they will show me how to proceed with removal of any leftover files.

My System SpecsSystem Spec
21 Oct 2014   #8
Jay1978

Windows 7 Professional
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/20/2014
Scan Time: 7:42:21 PM
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.20.07
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jason Mayor
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359764
Time Elapsed: 7 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, 1312, Delete-on-Reboot, [00f72cea8eee77bfc23f56bb18eb6c94]
Modules: 0
(No malicious items detected)
Registry Keys: 5
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [708728eeb3c92a0c0b094cd01ee58779],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3646598615-2048303781-4201143034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [9166e82e2c50b3830f052bf94bb8c63a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3646598615-2048303781-4201143034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [05f2bb5bc9b3fc3aae0dc98a37ccae52],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3646598615-2048303781-4201143034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [fef97a9c9be1d85eff0f64067391847c],
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
Registry Values: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3646598615-2048303781-4201143034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [fef97a9c9be1d85eff0f64067391847c]
PUP.Optional.Astromenda, HKU\S-1-5-21-3646598615-2048303781-4201143034-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BRS, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94]
Registry Data: 0
(No malicious items detected)
Folders: 14
Rogue.Multiple, C:\PROGRAMDATA\374311380, Quarantined, [ca2d9d79087460d6f37ac7177c86b64a],
PUP.Optional.Updater.A, C:\Users\JASON MAYOR\AppData\Roaming\UPDATEREX\UPDATEPROC, Quarantined, [cd2a7d99fa828aac98f4759648bb12ee],
PUP.Optional.Astromenda, C:\PROGRAM FILES (X86)\WSE_ASTROMENDA, Delete-on-Reboot, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\PROGRAM FILES (X86)\WSE_ASTROMENDA\bh, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\PROGRAM FILES (X86)\WSE_ASTROMENDA\BRS, Delete-on-Reboot, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\WSE_ASTROMENDA, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\WSE_ASTROMENDA\icons_3.2.1.5, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\WSE_ASTROMENDA\UpdateProc, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\EXTENSIONS\{AD7CE998-A77B-4062-9FFB-1D0B7CB23183}, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\EXTENSIONS\{AD7CE998-A77B-4062-9FFB-1D0B7CB23183}\content, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\EXTENSIONS\{AD7CE998-A77B-4062-9FFB-1D0B7CB23183}\content\browser, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\EXTENSIONS\{AD7CE998-A77B-4062-9FFB-1D0B7CB23183}\content\external, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\ASTRMNDANT, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\JASON MAYOR\AppData\Roaming\Mozilla\Firefox\Profiles\UDJ8EU2J.DEFAULT\ASTRMNDANT\fav_thumbs, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
Files: 48
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_ASTROMENDA, Quarantined, [ca2d1ef81e5e7fb718bd61baaf541be5],
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_ASTROMENDA.JOB, Quarantined, [cc2ba373126adf57e4f24ad11ae948b8],
PUP.Optional.Astromenda, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\searchplugins\ASTROMENDA.XML, Quarantined, [e51282940775e65019ae879d2ad90ef2],
Rogue.Multiple, C:\ProgramData\374311380\BIT7B8B.tmp, Quarantined, [ca2d9d79087460d6f37ac7177c86b64a],
PUP.Optional.Updater.A, C:\Users\Jason Mayor\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [cd2a7d99fa828aac98f4759648bb12ee],
PUP.Optional.Updater.A, C:\Users\Jason Mayor\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [cd2a7d99fa828aac98f4759648bb12ee],
PUP.Optional.Updater.A, C:\Users\Jason Mayor\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, Quarantined, [cd2a7d99fa828aac98f4759648bb12ee],
PUP.Optional.Updater.A, C:\Users\Jason Mayor\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, Quarantined, [cd2a7d99fa828aac98f4759648bb12ee],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Delete-on-Reboot, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, [00f72cea8eee77bfc23f56bb18eb6c94],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [17e035e1d7a5ad8970aa1cf58083db25],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\bootstrap.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\chrome.manifest, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\icon.png, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\icon64.png, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\install.rdf, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\astr.1.2.jsm, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\astr.1.2h.jsm, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\background.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\browser.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\header.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\browser\timer.jsm, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\aes.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\hmac-md5.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\jsencrypt.min.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\md5.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\string.min.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\extensions\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}\content\external\underscore-min.js, Quarantined, [1fd802145428a4923a9dd145a85bd62a],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav-groups, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\favs##07b12abff24d7cbb8d4 2bac54e471a86, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\1fb8919008e5c8 68d7c7a2624941689f, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\6e3f6f82e41751 3bcc0358b6c88b2db1, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\72e5b926b440fa de1142c93d481714d4, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\76a4ca424ffb10 071a2f399ddbcafcc7, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\7a398e061f52e0 4cd334c54509affa19, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\8581aa69928efe 8ce72ef27bc5273d2a, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\a8696a51a57690 f99c2ae631cecb4d66, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\b17f88319be9f6 7b349f716299b33e3d, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\b300f245c1ad4b 7013624e6d2427d74c, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\b9cd05ae022a32 98e0cfd60d39530bbe, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
PUP.Optional.Astromenda.A, C:\Users\Jason Mayor\AppData\Roaming\Mozilla\Firefox\Profiles\udj8eu2j.default\astrmndant\fav_thumbs\e65bc59b708a85 2ad6f7b798defb12a1, Quarantined, [f007cb4b76062a0ca9be3cdc778c47b9],
Physical Sectors: 0
(No malicious items detected)

(end)
My System SpecsSystem Spec
21 Oct 2014   #9
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Excellent! Thank you!

All I need now is the 2 logs produced by OTL to proceed.

OTL.txt
Extras.txt
My System SpecsSystem Spec
21 Oct 2014   #10
Jay1978

Windows 7 Professional
 
 

I have attached the TXT file since it was too big to post.


Attached Files
File Type: txt OTL.Txt (140.4 KB, 7 views)
My System SpecsSystem Spec
Reply

 Malawarebytes removed Astromenda but what damage has been left?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Astromenda virus
I did something bad. Somehow I downloaded the Astromenda virus that is installed in my Startups and has attached itself to Chrome. I uninstalled Chrome and reinstalled it. I tried to track it down and came up with the attached info. I finally found it in msconfig/Startup and unchecked it; it's...
System Security
Want Related Items pop up at left side of screen removed.
Hi, I have a problem.......every time I go on to a page or thread (on any forum) I get a pop up at the left side of the screen that says "related searches" and contains about 4 or 5 items probably related to the thread I'm viewing but do not want to have as it blocks out at least 1/5 of the screen....
General Discussion
malawarebytes antimalware will not start up
I have found the program Malawarebytes Antimalware to be most useful and I bought the full version. This morning I gave a technician access to my computer and he reviewed my files and offered me a service for $190, which I declined. He looked at my Malawarebytes antimalware set up and remarked it...
System Security
Desktop shifted left and cutoff on left side Win7 64bit Raedon HD 46xx
Hello, I have a strange problem. I recently had to move my graphics card from one slot to another on my motherboard. When I did so, my desktop appeared to be shifted over to the left and that the left most part of the desktop would not display. I tried to use my TV controls to shift the...
Hardware & Devices
Login name removed after ransom virus removed
Please help! After a ransom virus was removed from our desktop computer (originally a display model at Sam's), my administrator account is no longer visible...Only "Kiosk" and "Other User" . I have checked to see that net user administrator /active yes is successful but still do not see my user...
General Discussion
White noise on left speakers/left side of headphone
There's this annoying white noise on my left speakers(Logitech X-540 Speakerset), though I think it's not my speakers that are causing it, but something else, because when I connect my iPod to my speakers there's no white noise. So I was wondering if anyone could tell me how to get rid of this...
Sound & Audio


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:21.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App