diurnal

hi, yes i think thats what happened is i install 3rd party software and that got the malware. everything is working great! Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: http://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 8.1 Program started at: 10/21/2014 06:36:44 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Mitch\Desktop 0 bad shortcuts found. Program finished at: 10/21/2014 06:36:45 PM Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

hi, sorry i did the fix after i scanned with malwarebytes. but it seems to be working good. here's the log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/20/2014Scan Time: 3:45:30 PMLogfile: Administrator: No Version: 2.00.3.1025Malware Database: v2014.10.20.07Rootkit Database: v2014.10.17.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Mitch Scan Type: Threat ScanResult: CompletedObjects Scanned: 301960Time Elapsed: 14 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 22PUP.Optional.AdvanceElite.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util AdvanceElite, Quarantined, [12e59680a8d4b5819a7913b44cb52ad6], PUP.Optional.AdvanceElite.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update AdvanceElite, Quarantined, [8c6b30e6df9da096dc37f9ce4db4ea16], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [4aad27ef96e63afc00a8b426ee145ea2], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [4aad27ef96e63afc00a8b426ee145ea2], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64, Quarantined, [55a2eb2b57251c1ab8123c4d3aca08f8], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdvanceElite, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\AdvanceElite, Quarantined, [0becfb1baece79bd9fa0414efa0aba46], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [40b7f81e8eeebb7b1afaa17b7b8835cb], PUP.Optional.AdvanceElite.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AdvanceElite, Quarantined, [6493fc1aa6d64aec5ae63a55dc28d927], PUP.Optional.Astromenda.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [f4030d097dfffd39ba5a889cb84bb14f], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d522f32394e893a36358e96afa09bd43], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [9c5b03137a02ca6ce5291a50df25dd23], PUP.Optional.SuperFish.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [b0476aac275566d051f20d2361a29b65], PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [d5222aece696a98dd32e9e73bc470000], Registry Values: 1PUP.Optional.InstallCore.A, HKU\S-1-5-21-2827587175-320770035-3572455552-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [9c5b03137a02ca6ce5291a50df25dd23] Registry Data: 0(No malicious items detected) Folders: 9PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\TEMP, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [63945eb8bebef640ad6dfb16659e926e], Files: 46PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.exe, Quarantined, [12e59680a8d4b5819a7913b44cb52ad6], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe, Quarantined, [8c6b30e6df9da096dc37f9ce4db4ea16], PUP.Optional.Sambreel.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.FirstRun.exe, Quarantined, [d81f58be97e553e3f7377af04ab7e11f], PUP.Optional.Sanbreel.A, C:\Program Files (x86)\AdvanceElite\AdvanceEliteBrowserFilter.exe, Quarantined, [35c27f97e399d75f2ab13f5612ef39c7], PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [9e5937df7903171f7c59849717ec9e62], PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [c63172a4c5b71e188e48b16a8b7808f8], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}w64.sys, Quarantined, [55a2eb2b57251c1ab8123c4d3aca08f8], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.ico, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\7za.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.BrowserFilter.Helper.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceEliteUninstall.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\02bbe9dfd3b043f48dcb.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\02bbe9dfd3b043f48dcb64.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\7za.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOAS.zip, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASHelper.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BOASPRT.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.BrowserAdapter64.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse.zip, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\AdvanceElite.PurBrowse64.exe, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\BrowserAdapter.7z, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\utilAdvanceElite.InstallState, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}64.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BOAS.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.Bromon.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BroStats.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.BrowserAdapter.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.CompatibilityChecker.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.FFUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.GCUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.IEUpdate.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\bin\plugins\AdvanceElite.PurBrowse.dll, Quarantined, [886f1006c1bb3303e15dd5bab64e1de3], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\astcnfg.dat, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninstall.exe, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, [d5222aece696a98dd32e9e73bc470000], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\icons_3.2.1.5\ctr.ico, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, [63945eb8bebef640ad6dfb16659e926e], PUP.Optional.Astromenda.A, C:\Users\Mitch\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe, Quarantined, [63945eb8bebef640ad6dfb16659e926e], Physical Sectors: 0(No malicious items detected) (end)

hi, Thanks for the help! While I was waiting for a reply i tried a system restore. The entry changed to: CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_40_ie&cd=2XzuyEtN2Y1L1QzuzztDzzyC0FtB0CyCzytAyCtAyDyC0AyDtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyE0Dzy0C0DyD0EzztG0BtAyEyBtG0EyDyD0CtGzyzyyEtAtGtA0Bzz0A0B0AtByCyByD0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0DtBtCzz0A0ByEtGzz0C0EtDtGyEyEtAtBtG0A0B0AtDtGyByD0ByCtA0C0FyCyBtAzyyD2Q&cr=561858551&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3330556&octid=EB_ORIGINAL_CTID&ISID=ME193494C-F688-41C4-AD2E-1316AA544975&SearchSource=55&CUI=&UM=6&UP=SPEAB85333-B2B2-42D7-A3E0-5166E66B5E4E&SSPV=" So I put the entry in for your fix. I was about to reformat my harddrive to fix this. Your fix seems to be working now. I will update you in a couple of hours on the progress. Fixlog.txt

Hi, I used Malwarebytes but i still have issues with redirection of my home page. also i cant get into my gmail account from this computer. here are the logs Addition.txt FRST.txt