Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware removal


  • Please log in to reply
20 replies to this topic

#16 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 January 2015 - 06:27 PM

seems to be it.  Thank you for the help. 

 

I would like to tip you, please advise how.

 

Also, I would like to find a few tweeks to speed up this computer.  it should be fairly fast and it's kind of sluggish.  i'll post a new topic in the correct area unless you are an expert in this area and would like to assist. 

 

Thank you.



BC AdBot (Login to Remove)

 


#17 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:53 PM

Posted 06 January 2015 - 11:08 PM

Thanks for the offer... I do not accept donations nor does BC.. But I will recommend, if you'd like to contribute to something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers or are ajust hard workers.

Click on a name below, say JSntgRvr, Now scroll down their post and you will see a PayPal link.

I am still adding to this list.

farbar
fireman4it
JSntgRvr
m0le
myrti
sempai
Thunder
SweetTech

>>>>

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
>>>>

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#18 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 10 January 2015 - 07:56 PM

I have not used this computer since the last post.  I logged in today to apply the windows typs you suggested and malware bytes started its normal scan.  Unfortunatly It found more malware.

 

I'm supprised at this because as stated above I have not done anything that should of brought malware into the computer and it makes me concerned that thiere is something on the computer like a trojan that is installing stuff.

 

anyway here is the log from the malware bytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/10/2015
Scan Time: 6:44:27 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.19
Rootkit Database: v2015.01.07.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370592
Time Elapsed: 8 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-21-981513293-3589179944-910583008-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\astromenda, Quarantined, [ac1fb4419eeb191d5265dd8bb15236ca],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#19 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 10 January 2015 - 09:34 PM

Windows repair log

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1 Pro
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: PEACEFREEDOM
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Admin
Current Profile SID: S-1-5-21-981513293-3589179944-910583008-1002
Current Profile Classes: S-1-5-21-981513293-3589179944-910583008-1002_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Admin\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:22:16

Process Count: 75
Commit Total: 2.28 GB
Commit Limit: 9.18 GB
Commit Peak: 2.95 GB
Handle Count: 25589
Kernel Total: 660.37 MB
Kernel Paged: 489.62 MB
Kernel Non Paged: 170.75 MB
System Cache: 6.07 GB
Thread Count: 1043
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.93 GB
Memory Used: 1.96 GB(24.6929%)
Memory Avail.: 5.97 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.93 GB
Memory Used: 1.54 GB(19.3936%)
Memory Avail.: 6.39 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (1/10/2015 7:30:16 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 102
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (1/10/2015 7:30:17 PM)

Decompressing & Updating Windows 8 Permission File hkud.txt
Done,  0.2 seconds.


Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.21 seconds.


Decompressing & Updating Windows 8 Permission File hkcr.txt
Done,  0.67 seconds.


Decompressing & Updating Windows 8 Permission File hklm.txt
Done,  1.34 seconds.

   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (1/10/2015 7:33:32 PM)

03 - Reset Service Permissions
   Start (1/10/2015 7:33:32 PM)
   Running Repair Under System Account
   Done (1/10/2015 7:33:39 PM)

04 - Register System Files
   Start (1/10/2015 7:33:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:34:12 PM)

05 - Repair WMI
   Start (1/10/2015 7:34:12 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Windows Defender Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (1/10/2015 7:36:55 PM)

06 - Repair Windows Firewall
   Start (1/10/2015 7:36:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:37:15 PM)

07 - Repair Internet Explorer
   Start (1/10/2015 7:37:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:37:52 PM)

08 - Repair MDAC/MS Jet
   Start (1/10/2015 7:37:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:38:08 PM)

09 - Repair Hosts File
   Start (1/10/2015 7:38:08 PM)
   Running Repair Under System Account
   Done (1/10/2015 7:38:09 PM)

10 - Remove Policies Set By Infections
   Start (1/10/2015 7:38:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:38:12 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (1/10/2015 7:38:12 PM)
   Running Repair Under System Account
   Done (1/10/2015 7:38:13 PM)

12 - Repair Icons
   Start (1/10/2015 7:38:13 PM)
   Running Repair Under Current User Account
   Done (1/10/2015 7:38:14 PM)

13 - Repair Winsock & DNS Cache
   Start (1/10/2015 7:38:14 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:38:27 PM)

15 - Repair Proxy Settings
   Start (1/10/2015 7:38:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:38:29 PM)

17 - Repair Windows Updates
   Start (1/10/2015 7:38:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/10/2015 7:39:00 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (1/10/2015 7:39:00 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (1/10/2015 7:39:00 PM)

19 - Repair Volume Shadow Copy Service
   Start (1/10/2015 7:39:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:25 PM)

21 - Repair MSI (Windows Installer)
   Start (1/10/2015 7:39:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:37 PM)

23.01 - Repair bat Association
   Start (1/10/2015 7:39:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:39 PM)

23.02 - Repair cmd Association
   Start (1/10/2015 7:39:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:42 PM)

23.03 - Repair com Association
   Start (1/10/2015 7:39:42 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:44 PM)

23.04 - Repair Directory Association
   Start (1/10/2015 7:39:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:47 PM)

23.05 - Repair Drive Association
   Start (1/10/2015 7:39:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:50 PM)

23.06 - Repair exe Association
   Start (1/10/2015 7:39:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:52 PM)

23.07 - Repair Folder Association
   Start (1/10/2015 7:39:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:54 PM)

23.08 - Repair inf Association
   Start (1/10/2015 7:39:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:39:56 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (1/10/2015 7:39:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:00 PM)

23.10 - Repair msc Association
   Start (1/10/2015 7:40:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:02 PM)

23.11 - Repair reg Association
   Start (1/10/2015 7:40:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:05 PM)

23.12 - Repair scr Association
   Start (1/10/2015 7:40:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:08 PM)

24 - Repair Windows Safe Mode
   Start (1/10/2015 7:40:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:10 PM)

25 - Repair Print Spooler
   Start (1/10/2015 7:40:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:19 PM)

26 - Restore Important Windows Services
   Start (1/10/2015 7:40:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:28 PM)

27 - Set Windows Services To Default Startup
   Start (1/10/2015 7:40:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 7:40:32 PM)

28 - Repair Windows 8 App Store
   Start (1/10/2015 7:40:32 PM)

Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.21 seconds.

   Running Repair Under Current User Account
   Done (1/10/2015 7:40:50 PM)

29 - Repair Windows 8 Component Store
   Start (1/10/2015 7:40:50 PM)
   Running Repair Under Current User Account
   Done (1/10/2015 8:16:29 PM)

30 - Restore Windows 8 COM+ Unmarshalers
   Start (1/10/2015 8:16:29 PM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

   Done (1/10/2015 8:16:30 PM)

31 - Repair Windows 'New' Submenu
   Start (1/10/2015 8:16:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/10/2015 8:16:32 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/10/2015 8:16:32 PM)
   Total Repair Time: 00:46:17


...YOU MUST RESTART YOUR SYSTEM...



#20 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 10 January 2015 - 10:09 PM

Scanned malware bytes again after above and nothing malicious was found.



#21 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:53 PM

Posted 11 January 2015 - 04:52 PM

Did you install something new? Astromenda commonly comes bundled with third-party installers.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users