diurnal

October 21, 2014

hi,

yes i think thats what happened is i install 3rd party software and that got the malware. everything is working great!

Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Shortcut Cleaner can be found at this link:

http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1

Program started at: 10/21/2014 06:36:44 PM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Mitch\Desktop

0 bad shortcuts found.

Program finished at: 10/21/2014 06:36:45 PM

Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

October 20, 2014

hi,

sorry i did the fix after i scanned with malwarebytes. but it seems to be working good. here's the log

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/20/2014

Scan Time: 3:45:30 PM

Logfile:

Administrator: No

Version: 2.00.3.1025

Malware Database: v2014.10.20.07

Rootkit Database: v2014.10.17.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Mitch

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 301960

Time Elapsed: 14 min, 44 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 22

PUP.Optional.AdvanceElite.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util AdvanceElite, Quarantined, [12e59680a8d4b5819a7913b44cb52ad6],

PUP.Optional.AdvanceElite.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update AdvanceElite, Quarantined, [8c6b30e6df9da096dc37f9ce4db4ea16],

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [4aad27ef96e63afc00a8b426ee145ea2],

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [4aad27ef96e63afc00a8b426ee145ea2],

PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64, Quarantined, [55a2eb2b57251c1ab8123c4d3aca08f8],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdvanceElite, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\AdvanceElite, Quarantined, [0becfb1baece79bd9fa0414efa0aba46],

PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [40b7f81e8eeebb7b1afaa17b7b8835cb],

PUP.Optional.AdvanceElite.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AdvanceElite, Quarantined, [6493fc1aa6d64aec5ae63a55dc28d927],

PUP.Optional.Astromenda.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [f4030d097dfffd39ba5a889cb84bb14f],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d522f32394e893a36358e96afa09bd43],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [9c5b03137a02ca6ce5291a50df25dd23],

PUP.Optional.SuperFish.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [b0476aac275566d051f20d2361a29b65],

PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [d5222aece696a98dd32e9e73bc470000],

Registry Values: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [9c5b03137a02ca6ce5291a50df25dd23]

Registry Data: 0

(No malicious items detected)

Folders: 9

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\TEMP, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

Files: 46

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe, Quarantined, [12e59680a8d4b5819a7913b44cb52ad6],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe, Quarantined, [8c6b30e6df9da096dc37f9ce4db4ea16],

PUP.Optional.Sambreel.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.FirstRun.exe, Quarantined, [d81f58be97e553e3f7377af04ab7e11f],

PUP.Optional.Sanbreel.A, C:\Program Files (x86)\AdvanceElite\AdvanceEliteBrowserFilter.exe, Quarantined, [35c27f97e399d75f2ab13f5612ef39c7],

PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [9e5937df7903171f7c59849717ec9e62],

PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [c63172a4c5b71e188e48b16a8b7808f8],

PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64.sys, Quarantined, [55a2eb2b57251c1ab8123c4d3aca08f8],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.ico, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\7za.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.BrowserFilter.Helper.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceEliteUninstall.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\02bbe9dfd3b043f48dcb.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\02bbe9dfd3b043f48dcb64.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\7za.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.zip, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse.zip, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\BrowserAdapter.7z, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.InstallState, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}64.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BOAS.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Bromon.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BroStats.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BrowserAdapter.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.CompatibilityChecker.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.FFUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.GCUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.IEUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.PurBrowse.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\astcnfg.dat, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, [d5222aece696a98dd32e9e73bc470000],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe, Quarantined, [63945eb8bebef640ad6dfb16659e926e],

Physical Sectors: 0

(No malicious items detected)

(end)

October 20, 2014

hi,

Thanks for the help! While I was waiting for a reply i tried a system restore. The entry changed to:

CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_40_ie&cd=2XzuyEtN2Y1L1QzuzztDzzyC0FtB0CyCzytAyCtAyDyC0AyDtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0Dzy0C0DyD0EzztG0BtAyEyBtG0EyDyD0CtGzyzyyEtAtGtA0Bzz0A0B0AtByCyByD0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0DtBtCzz0A0ByEtGzz0C0EtDtGyEyEtAtBtG0A0B0AtDtGyByD0ByCtA0C0FyCyBtAzyyD2Q&cr=561858551&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3330556&octid=EB_ORIGINAL_CTID&ISID=ME193494C-F688-41C4-AD2E-1316AA544975&SearchSource=55&CUI=&UM=6&UP=SPEAB85333-B2B2-42D7-A3E0-5166E66B5E4E&SSPV="

So I put the entry in for your fix. I was about to reformat my harddrive to fix this. Your fix seems to be working now. I will update you in a couple of hours on the progress.

Fixlog.txt

October 16, 2014

Hi,

I used Malwarebytes but i still have issues with redirection of my home page. also i cant get into my gmail account from this computer. here are the logs

Addition.txt

FRST.txt

Sign In

diurnal

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by diurnal

trovi search engine malware

trovi search engine malware

trovi search engine malware

trovi search engine malware

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information