Tech Problem Aggregator

PUP.Optional.YourFileDownloader and PUP.Optional.InstalleRex believed rootkits?!

Q: PUP.Optional.YourFileDownloader and PUP.Optional.InstalleRex believed rootkits?!

  OK I am a moderate security guy trying to learn more from the REAL Security PROs. I was looking for server 2012 Installing and Configuring study material FOR FREE of course and got in a little to deep. I use Zone alarm firewall Free version and Malwarebytes religiously. As well as MSE as my regular day to day antivirus. Now normally I would not dig as deep as I did this time to get so ROOTKIT infected.
  Recently I ran GMER and found a lot of RED in the registry; Files and other important places so I figured I need to reimage my machine......! I also ran Kaspersky's TDSSKiller and it came back clean?? I will attach the Kaspersky log below... Now I also use CMS Product Ultimate BounceBack version 11.4.0.29, I believe so I can make all this go away with a backup reimage. But I am pursuing my Server 2012 MCSA and eventually want to become Security focused. So I have all the Rootkit tools and have played with them in the past but in my experience it has always been best to completely reinstall the OS version, Whatever the OS may be at the time, and move forward because otherwise you are never going to completely clean the machine. Not to mention, the time saved by doing this speaks for itself. All that being said I would still like to get a better understanding of this from a Security standpoint..... I am running a Windows 7 Professional Elitebook 8650p laptop with 240GB Crucial SSD and 16GB RAM.This time around I am going to use a HIPS such as Winpatrol but want a solid baseline first so will do this after reimaging the machine. My first question is can I run zonealarm alongside or are they going to fight for resources and best to stick with one as opposed to two applications that both do similar things. I assume the HIPS will detect and prevent the attacks in most cases so WinPatrol is probably enough but I want to make sure.
  So I have quarantined all the PUP files with Malwarebytes but according to GMER some are possibly already affecting the system files in Windows folder specifically system 32 amongst others. If I am not totally reading it wrong.
 
TDSSKiller log file:
 
15:42:51.0306 0x0e54  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
15:43:14.0527 0x0e54  ============================================================
15:43:14.0527 0x0e54  Current date / time: 2014/06/12 15:43:14.0527
15:43:14.0527 0x0e54  SystemInfo:
15:43:14.0527 0x0e54  
15:43:14.0527 0x0e54  OS Version: 6.1.7601 ServicePack: 1.0
15:43:14.0527 0x0e54  Product type: Workstation
15:43:14.0527 0x0e54  ComputerName: YINGYANG-PC
15:43:14.0528 0x0e54  UserName: Ying Yang
15:43:14.0528 0x0e54  Windows directory: C:\Windows
15:43:14.0528 0x0e54  System windows directory: C:\Windows
15:43:14.0528 0x0e54  Running under WOW64
15:43:14.0528 0x0e54  Processor architecture: Intel x64
15:43:14.0528 0x0e54  Number of processors: 4
15:43:14.0528 0x0e54  Page size: 0x1000
15:43:14.0528 0x0e54  Boot type: Normal boot
15:43:14.0528 0x0e54  ============================================================
15:43:14.0610 0x0e54  KLMD registered as C:\Windows\system32\drivers\98499222.sys
15:43:14.0731 0x0e54  System UUID: {60BEB63D-90BE-6233-87C7-2EF0E12E6DB5}
15:43:18.0960 0x0e54  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:18.0967 0x0e54  Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:43:18.0970 0x0e54  ============================================================
15:43:18.0970 0x0e54  \Device\Harddisk0\DR0:
15:43:18.0970 0x0e54  MBR partitions:
15:43:18.0970 0x0e54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:43:18.0971 0x0e54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
15:43:18.0971 0x0e54  \Device\Harddisk1\DR1:
15:43:18.0971 0x0e54  MBR partitions:
15:43:18.0971 0x0e54  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
15:43:18.0971 0x0e54  ============================================================
15:43:18.0973 0x0e54  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:19.0381 0x0e54  E: <-> \Device\Harddisk1\DR1\Partition1
15:43:19.0381 0x0e54  ============================================================
15:43:19.0381 0x0e54  Initialize success
15:43:19.0381 0x0e54  ============================================================
15:43:35.0752 0x1740  ============================================================
15:43:35.0752 0x1740  Scan started
15:43:35.0752 0x1740  Mode: Manual;
15:43:35.0752 0x1740  ============================================================
15:43:35.0752 0x1740  KSN ping started
15:43:37.0897 0x1740  KSN ping finished: true
15:43:39.0150 0x1740  ================ Scan system memory ========================
15:43:39.0150 0x1740  System memory - ok
15:43:39.0151 0x1740  ================ Scan services =============================
15:43:39.0199 0x1740  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:43:39.0205 0x1740  1394ohci - ok
15:43:39.0218 0x1740  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
15:43:39.0220 0x1740  Accelerometer - ok
15:43:39.0230 0x1740  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:43:39.0237 0x1740  ACPI - ok
15:43:39.0240 0x1740  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:43:39.0241 0x1740  AcpiPmi - ok
15:43:39.0247 0x1740  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:39.0248 0x1740  AdobeARMservice - ok
15:43:39.0273 0x1740  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:39.0278 0x1740  AdobeFlashPlayerUpdateSvc - ok
15:43:39.0291 0x1740  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:39.0303 0x1740  adp94xx - ok
15:43:39.0313 0x1740  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:39.0321 0x1740  adpahci - ok
15:43:39.0328 0x1740  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:39.0333 0x1740  adpu320 - ok
15:43:39.0339 0x1740  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:39.0341 0x1740  AeLookupSvc - ok
15:43:39.0348 0x1740  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
15:43:39.0350 0x1740  AESTFilters - ok
15:43:39.0363 0x1740  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:39.0374 0x1740  AFD - ok
15:43:39.0378 0x1740  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:43:39.0380 0x1740  agp440 - ok
15:43:39.0385 0x1740  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:43:39.0388 0x1740  ALG - ok
15:43:39.0392 0x1740  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:43:39.0393 0x1740  aliide - ok
15:43:39.0401 0x1740  [ CFB48BC8B4A5A43075F8363D8B8E34C0, ECED24FF09EAE0B186F19F60217A9A5D710D5E3784620672470772331CA475E5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:43:39.0404 0x1740  AMD External Events Utility - ok
15:43:39.0408 0x1740  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:43:39.0409 0x1740  amdide - ok
15:43:39.0413 0x1740  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:39.0415 0x1740  AmdK8 - ok
15:43:39.0609 0x1740  [ E4ADB0BFC3F2F878FA1BAA3187A48F42, 22134766075BBAA764E5DEC09EC73038223289C29B9B35576D6C30BD66E5EF05 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:39.0884 0x1740  amdkmdag - ok
15:43:39.0902 0x1740  [ 6B68035CEA83015C055E6621669C1CAA, 2DDFEC64AB531F872A7260FD6F82C4D3141369BC6196BD0CE8DD5798BA3A05E5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:43:39.0909 0x1740  amdkmdap - ok
15:43:39.0913 0x1740  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:39.0915 0x1740  AmdPPM - ok
15:43:39.0920 0x1740  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:43:39.0923 0x1740  amdsata - ok
15:43:39.0930 0x1740  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:39.0935 0x1740  amdsbs - ok
15:43:39.0939 0x1740  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:43:39.0940 0x1740  amdxata - ok
15:43:39.0945 0x1740  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:39.0947 0x1740  AppID - ok
15:43:39.0951 0x1740  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:39.0952 0x1740  AppIDSvc - ok
15:43:39.0957 0x1740  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:39.0959 0x1740  Appinfo - ok
15:43:39.0965 0x1740  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:39.0966 0x1740  Apple Mobile Device - ok
15:43:39.0977 0x1740  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:43:39.0982 0x1740  AppMgmt - ok
15:43:39.0987 0x1740  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:39.0990 0x1740  arc - ok
15:43:39.0994 0x1740  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:39.0997 0x1740  arcsas - ok
15:43:40.0013 0x1740  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:43:40.0015 0x1740  aspnet_state - ok
15:43:40.0019 0x1740  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:40.0020 0x1740  AsyncMac - ok
15:43:40.0024 0x1740  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:43:40.0025 0x1740  atapi - ok
15:43:40.0032 0x1740  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:43:40.0035 0x1740  AtiHDAudioService - ok
15:43:40.0053 0x1740  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:40.0068 0x1740  AudioEndpointBuilder - ok
15:43:40.0086 0x1740  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:43:40.0098 0x1740  AudioSrv - ok
15:43:40.0106 0x1740  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:40.0109 0x1740  AxInstSV - ok
15:43:40.0122 0x1740  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:40.0133 0x1740  b06bdrv - ok
15:43:40.0142 0x1740  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:40.0148 0x1740  b57nd60a - ok
15:43:40.0158 0x1740  [ E183E096AB69C601006AAEB125EE5315, 866FD32C16BB61D47F0EA593349C684B5DD98A594919CFCF32C15029FCD4D60D ] BBWatcherService C:\Program Files (x86)\CMS Products\BounceBack Ultimate\BBWatcherService.exe
15:43:40.0160 0x1740  BBWatcherService - ok
15:43:40.0163 0x1740  [ CCABEAC61E8D8ADD9DA16E319ED6BF07, AD6D3ADC19108E2B95968174334367E12F2805E5517BC59896934690DE8FB948 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
15:43:40.0164 0x1740  BCM42RLY - ok
15:43:40.0233 0x1740  [ 0E7A9264576B40638A3FBC804DE1FF76, D307179E6FA5D39E03175F37D297E4D0DA86CF0FC6EFA6CFCFAA0E8713489BC5 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:43:40.0300 0x1740  BCM43XX - ok
15:43:40.0311 0x1740  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:40.0315 0x1740  BDESVC - ok
15:43:40.0319 0x1740  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:40.0320 0x1740  Beep - ok
15:43:40.0340 0x1740  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:43:40.0356 0x1740  BFE - ok
15:43:40.0378 0x1740  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:43:40.0397 0x1740  BITS - ok
15:43:40.0402 0x1740  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:40.0404 0x1740  blbdrive - ok
15:43:40.0417 0x1740  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:43:40.0425 0x1740  Bonjour Service - ok
15:43:40.0430 0x1740  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:40.0433 0x1740  bowser - ok
15:43:40.0438 0x1740  [ 5896C1DBD423673B2A6FA9783EABE712, BBA958C4BC04E94B0CBE9E9E9DDB589BDDA6A52BA68B59F8512EDDD04868A05F ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
15:43:40.0451 0x1740  BoxSyncUpdateService - ok
15:43:40.0454 0x1740  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:40.0456 0x1740  BrFiltLo - ok
15:43:40.0458 0x1740  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:40.0460 0x1740  BrFiltUp - ok
15:43:40.0465 0x1740  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:43:40.0469 0x1740  Browser - ok
15:43:40.0478 0x1740  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:40.0485 0x1740  Brserid - ok
15:43:40.0489 0x1740  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:40.0491 0x1740  BrSerWdm - ok
15:43:40.0495 0x1740  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:40.0496 0x1740  BrUsbMdm - ok
15:43:40.0499 0x1740  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:40.0500 0x1740  BrUsbSer - ok
15:43:40.0505 0x1740  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:43:40.0507 0x1740  BthEnum - ok
15:43:40.0511 0x1740  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:40.0514 0x1740  BTHMODEM - ok
15:43:40.0519 0x1740  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:43:40.0522 0x1740  BthPan - ok
15:43:40.0537 0x1740  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:43:40.0549 0x1740  BTHPORT - ok
15:43:40.0555 0x1740  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:40.0557 0x1740  bthserv - ok
15:43:40.0562 0x1740  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:43:40.0564 0x1740  BTHUSB - ok
15:43:40.0574 0x1740  [ 7A2CE8C1BF4DAA1F2766E21E9CA11078, 2AF02D206F60F95185894D829D7CC322C4986847153269DE186E11EE2353FBBC ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
15:43:40.0583 0x1740  btwampfl - ok
15:43:40.0588 0x1740  [ A75BF6802A967F5AACECC3C67FEBDF55, 7FD561C3817ABE48121926361ED12943A1EF5C0006689DCE3813697868D763B4 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:43:40.0591 0x1740  btwaudio - ok
15:43:40.0597 0x1740  [ D895DC213EDBDA5FCC53AAD1F1E0E63B, FF3B483752E45911C267367B102EA0901BE13840FDBA083D0B7FF3379C37B898 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:43:40.0601 0x1740  btwavdt - ok
15:43:40.0626 0x1740  [ 692F8648D7686D91E34A65AC698019D8, CC7544513AA089BDB0FCE74156C88CBB4182C96F97785A64ED5D3061B039516E ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:43:40.0643 0x1740  btwdins - ok
15:43:40.0647 0x1740  [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:43:40.0649 0x1740  btwl2cap - ok
15:43:40.0653 0x1740  [ 6D7AA2BDE0135599C5F230D69DB3B420, 5179F57976B3903B5D45C5B383C691BCB26411B5C98296F99C1F79EF863E1E0A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:43:40.0654 0x1740  btwrchid - ok
15:43:40.0666 0x1740  [ B6EA7E4E23C43DB6E722E9D0B18FE3C3, C7AD98FB71E7A4017EE88D20DA835883E7CE6C48D914578D939DA0C6632F7CD9 ] cbfs4           C:\Windows\system32\drivers\cbfs4.sys
15:43:40.0675 0x1740  cbfs4 - ok
15:43:40.0680 0x1740  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:40.0683 0x1740  cdfs - ok
15:43:40.0689 0x1740  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:40.0692 0x1740  cdrom - ok
15:43:40.0698 0x1740  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:40.0700 0x1740  CertPropSvc - ok
15:43:40.0704 0x1740  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:40.0706 0x1740  circlass - ok
15:43:40.0717 0x1740  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
15:43:40.0725 0x1740  CLFS - ok
15:43:40.0733 0x1740  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:40.0736 0x1740  clr_optimization_v2.0.50727_32 - ok
15:43:40.0745 0x1740  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:40.0748 0x1740  clr_optimization_v2.0.50727_64 - ok
15:43:40.0759 0x1740  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:40.0762 0x1740  clr_optimization_v4.0.30319_32 - ok
15:43:40.0767 0x1740  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:40.0769 0x1740  clr_optimization_v4.0.30319_64 - ok
15:43:40.0773 0x1740  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:40.0774 0x1740  CmBatt - ok
15:43:40.0777 0x1740  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:43:40.0778 0x1740  cmdide - ok
15:43:40.0791 0x1740  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:40.0800 0x1740  CNG - ok
15:43:40.0804 0x1740  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:40.0806 0x1740  Compbatt - ok
15:43:40.0810 0x1740  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:43:40.0812 0x1740  CompositeBus - ok
15:43:40.0814 0x1740  COMSysApp - ok
15:43:40.0819 0x1740  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:40.0820 0x1740  crcdisk - ok
15:43:40.0829 0x1740  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:40.0834 0x1740  CryptSvc - ok
15:43:40.0848 0x1740  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:43:40.0860 0x1740  CSC - ok
15:43:40.0878 0x1740  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:43:40.0893 0x1740  CscService - ok
15:43:40.0909 0x1740  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:40.0921 0x1740  DcomLaunch - ok
15:43:40.0930 0x1740  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:40.0938 0x1740  defragsvc - ok
15:43:40.0943 0x1740  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:40.0945 0x1740  DfsC - ok
15:43:40.0955 0x1740  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:40.0963 0x1740  Dhcp - ok
15:43:40.0967 0x1740  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:43:40.0968 0x1740  discache - ok
15:43:40.0972 0x1740  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:40.0975 0x1740  Disk - ok
15:43:40.0982 0x1740  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:40.0987 0x1740  Dnscache - ok
15:43:40.0995 0x1740  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:41.0001 0x1740  dot3svc - ok
15:43:41.0008 0x1740  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:43:41.0013 0x1740  DPS - ok
15:43:41.0016 0x1740  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:41.0017 0x1740  drmkaud - ok
15:43:41.0027 0x1740  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:43:41.0034 0x1740  dtsoftbus01 - ok
15:43:41.0061 0x1740  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:41.0082 0x1740  DXGKrnl - ok
15:43:41.0096 0x1740  [ BA01A130D2B850CA87483CE6AC1A2BBA, DFF760DB1A6F60A856D64F01C67B8FC075ABED9DD80FFA50AA681296FF56FCE0 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
15:43:41.0107 0x1740  e1cexpress - ok
15:43:41.0113 0x1740  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:41.0116 0x1740  EapHost - ok
15:43:41.0190 0x1740  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:43:41.0261 0x1740  ebdrv - ok
15:43:41.0269 0x1740  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
15:43:41.0270 0x1740  EFS - ok
15:43:41.0289 0x1740  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:41.0305 0x1740  ehRecvr - ok
15:43:41.0314 0x1740  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:41.0318 0x1740  ehSched - ok
15:43:41.0337 0x1740  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:41.0352 0x1740  elxstor - ok
15:43:41.0356 0x1740  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:41.0357 0x1740  ErrDev - ok
15:43:41.0375 0x1740  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:43:41.0386 0x1740  EventSystem - ok
15:43:41.0395 0x1740  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:41.0400 0x1740  exfat - ok
15:43:41.0514 0x1740  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:41.0529 0x1740  fastfat - ok
15:43:41.0565 0x1740  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:43:41.0585 0x1740  Fax - ok
15:43:41.0589 0x1740  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:41.0591 0x1740  fdc - ok
15:43:41.0594 0x1740  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:41.0595 0x1740  fdPHost - ok
15:43:41.0599 0x1740  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:41.0600 0x1740  FDResPub - ok
15:43:41.0605 0x1740  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:41.0607 0x1740  FileInfo - ok
15:43:41.0610 0x1740  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:41.0612 0x1740  Filetrace - ok
15:43:41.0615 0x1740  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:41.0617 0x1740  flpydisk - ok
15:43:41.0625 0x1740  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:41.0632 0x1740  FltMgr - ok
15:43:41.0660 0x1740  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
15:43:41.0685 0x1740  FontCache - ok
15:43:41.0690 0x1740  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:41.0691 0x1740  FontCache3.0.0.0 - ok
15:43:41.0695 0x1740  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:41.0697 0x1740  FsDepends - ok
15:43:41.0700 0x1740  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:41.0702 0x1740  Fs_Rec - ok
15:43:41.0710 0x1740  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:41.0714 0x1740  fvevol - ok
15:43:41.0719 0x1740  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:41.0732 0x1740  gagp30kx - ok
15:43:41.0735 0x1740  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:41.0737 0x1740  GEARAspiWDM - ok
15:43:41.0757 0x1740  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:41.0774 0x1740  gpsvc - ok
15:43:41.0782 0x1740  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:41.0784 0x1740  gupdate - ok
15:43:41.0789 0x1740  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:41.0791 0x1740  gupdatem - ok
15:43:41.0795 0x1740  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:41.0797 0x1740  hcw85cir - ok
15:43:41.0807 0x1740  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:41.0815 0x1740  HdAudAddService - ok
15:43:41.0821 0x1740  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:43:41.0824 0x1740  HDAudBus - ok
15:43:41.0827 0x1740  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:41.0829 0x1740  HidBatt - ok
15:43:41.0833 0x1740  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:41.0837 0x1740  HidBth - ok
15:43:41.0840 0x1740  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:41.0843 0x1740  HidIr - ok
15:43:41.0846 0x1740  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:43:41.0848 0x1740  hidserv - ok
15:43:41.0852 0x1740  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:41.0853 0x1740  HidUsb - ok
15:43:41.0858 0x1740  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:41.0861 0x1740  hkmsvc - ok
15:43:41.0869 0x1740  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:41.0875 0x1740  HomeGroupListener - ok
15:43:41.0882 0x1740  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:41.0887 0x1740  HomeGroupProvider - ok
15:43:41.0892 0x1740  [ 7265EA277DE1F4CD7F270AF3DA01F203, 87E055AA4E1E8B66DE7B3A6F65F4A12572D8A4BAD4CFB3D30AE7146231C50316 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:43:41.0894 0x1740  HPDrvMntSvc.exe - ok
15:43:41.0898 0x1740  [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
15:43:41.0900 0x1740  hpdskflt - ok
15:43:41.0909 0x1740  [ 0ADC6AFAB2B17FFC9C6E24DD1583F888, 328D8353F06C7D24CFBF1264640C58315ECC7575B0FADB6DB1528D0C1085C383 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
15:43:41.0914 0x1740  hpHotkeyMonitor - ok
15:43:41.0918 0x1740  [ B98EE5D4535A685634B90F7E04DE0DF7, E37D26EF83B70E84742498D2F53037F83BE13F0E01484D85A20C872F1F02ADDA ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:43:41.0919 0x1740  HpqKbFiltr - ok
15:43:41.0939 0x1740  [ DB3072C61D56F5CEA4AEBE3042CD76A1, 8C03BF6B5AC3830DBB71C7E53B8177B57E14F2D5054168722D7138170935EFB6 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:43:41.0953 0x1740  hpqwmiex - ok
15:43:41.0958 0x1740  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:41.0961 0x1740  HpSAMD - ok
15:43:41.0964 0x1740  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv           C:\Windows\system32\Hpservice.exe
15:43:41.0966 0x1740  hpsrv - ok
15:43:41.0984 0x1740  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:42.0000 0x1740  HTTP - ok
15:43:42.0004 0x1740  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:42.0005 0x1740  hwpolicy - ok
15:43:42.0011 0x1740  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:43:42.0014 0x1740  i8042prt - ok
15:43:42.0027 0x1740  [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:42.0034 0x1740  iaStor - ok
15:43:42.0038 0x1740  [ 117FF657E0D9BBD61B5C3E71E63D3919, F8AD1C861F018754A9BF348C9F1D6503854ED9D7DEEBF40E6B4E2FEA9FC6E56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:43:42.0039 0x1740  IAStorDataMgrSvc - ok
15:43:42.0051 0x1740  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:42.0060 0x1740  iaStorV - ok
15:43:42.0082 0x1740  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:42.0101 0x1740  idsvc - ok
15:43:42.0105 0x1740  IEEtwCollectorService - ok
15:43:42.0109 0x1740  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:42.0111 0x1740  iirsp - ok
15:43:42.0132 0x1740  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:42.0151 0x1740  IKEEXT - ok
15:43:42.0156 0x1740  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:42.0158 0x1740  intelide - ok
15:43:42.0162 0x1740  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:42.0163 0x1740  intelppm - ok
15:43:42.0168 0x1740  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:42.0171 0x1740  IPBusEnum - ok
15:43:42.0176 0x1740  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:42.0179 0x1740  IpFilterDriver - ok
15:43:42.0194 0x1740  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:43:42.0206 0x1740  iphlpsvc - ok
15:43:42.0211 0x1740  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:42.0214 0x1740  IPMIDRV - ok
15:43:42.0219 0x1740  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:42.0222 0x1740  IPNAT - ok
15:43:42.0239 0x1740  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:43:42.0251 0x1740  iPod Service - ok
15:43:42.0255 0x1740  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:42.0256 0x1740  IRENUM - ok
15:43:42.0260 0x1740  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:42.0261 0x1740  isapnp - ok
15:43:42.0270 0x1740  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:42.0277 0x1740  iScsiPrt - ok
15:43:42.0283 0x1740  [ DF4265062DB60A2A72E8E04C358BD3D1, B97E719F4E68D508BB715BDEAB0C347CD107E21BA1D322FB10EC00CED878C17D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
15:43:42.0288 0x1740  JMCR - ok
15:43:42.0291 0x1740  [ 885B4A3134E8F35A272DA63496F6E789, 97941212D0561F9EED5956C4FFE7CBFDAFFD04BF4E5942E20DA0A39D9ADCEFD8 ] johci           C:\Windows\system32\DRIVERS\johci.sys
15:43:42.0293 0x1740  johci - ok
15:43:42.0296 0x1740  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:42.0298 0x1740  kbdclass - ok
15:43:42.0301 0x1740  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:42.0303 0x1740  kbdhid - ok
15:43:42.0306 0x1740  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
15:43:42.0308 0x1740  KeyIso - ok
15:43:42.0313 0x1740  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:42.0316 0x1740  KSecDD - ok
15:43:42.0323 0x1740  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:42.0327 0x1740  KSecPkg - ok
15:43:42.0330 0x1740  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:43:42.0332 0x1740  ksthunk - ok
15:43:42.0342 0x1740  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:42.0352 0x1740  KtmRm - ok
15:43:42.0361 0x1740  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:42.0367 0x1740  LanmanServer - ok
15:43:42.0373 0x1740  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:42.0377 0x1740  LanmanWorkstation - ok
15:43:42.0388 0x1740  [ D186AAAE72691136BDE00BBB41F48D12, C64885A726C0642C92BC4993667696DFEC8D284C20872D58E49786EE280A01ED ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:43:42.0396 0x1740  LBTServ - ok
15:43:42.0403 0x1740  [ 015BABFCD2E911C505204257DAB5ADC5, 94239919E967ABA12394D445E2D126447B5B7FB042DB95B1CCB280AF02D93833 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:43:42.0405 0x1740  LEqdUsb - ok
15:43:42.0408 0x1740  [ 20A23B8863AAA8A23EEB9E2919F529FD, 5DD7C780346DA6A36AB55B38109167B3BE138713C5A7C913BFED2B61F34E8BA1 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:43:42.0409 0x1740  LHidEqd - ok
15:43:42.0415 0x1740  [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:43:42.0417 0x1740  LHidFilt - ok
15:43:42.0424 0x1740  [ FCBDCC6F1801E32244235608E1277752, 8CC8E22E412645F4A534C51FB550AB22410AE90FA266D75498827EB922E8191E ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:43:42.0426 0x1740  LightScribeService - ok
15:43:42.0430 0x1740  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:42.0432 0x1740  lltdio - ok
15:43:42.0442 0x1740  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:42.0449 0x1740  lltdsvc - ok
15:43:42.0452 0x1740  lmab_device - ok
15:43:42.0455 0x1740  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:42.0457 0x1740  lmhosts - ok
15:43:42.0461 0x1740  [ F84023FB2E3DEA06103501974A2EDB44, 38144EB7DE7F0B33F9C3E637715834CD0860CCE11915C77065000949767D98DF ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:43:42.0463 0x1740  LMouFilt - ok
15:43:42.0474 0x1740  [ DE75F2EA497DA4B3A764D4EAC43135E9, D3F610AB375E8789DF8203BDE2E4D437BD5F0F91A22BA39DC518912A6A9AB7FD ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:43:42.0479 0x1740  LMS - ok
15:43:42.0486 0x1740  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:42.0490 0x1740  LSI_FC - ok
15:43:42.0495 0x1740  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:42.0498 0x1740  LSI_SAS - ok
15:43:42.0502 0x1740  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:42.0504 0x1740  LSI_SAS2 - ok
15:43:42.0510 0x1740  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:42.0513 0x1740  LSI_SCSI - ok
15:43:42.0518 0x1740  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:42.0521 0x1740  luafv - ok
15:43:42.0527 0x1740  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:43:42.0530 0x1740  MBAMSwissArmy - ok
15:43:42.0535 0x1740  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:42.0538 0x1740  Mcx2Svc - ok
15:43:42.0542 0x1740  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:42.0544 0x1740  megasas - ok
15:43:42.0553 0x1740  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:42.0560 0x1740  MegaSR - ok
15:43:42.0564 0x1740  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:43:42.0566 0x1740  MEIx64 - ok
15:43:42.0570 0x1740  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:42.0573 0x1740  MMCSS - ok
15:43:42.0576 0x1740  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:42.0578 0x1740  Modem - ok
15:43:42.0581 0x1740  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:42.0582 0x1740  monitor - ok
15:43:42.0587 0x1740  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:42.0588 0x1740  mouclass - ok
15:43:42.0592 0x1740  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:42.0593 0x1740  mouhid - ok
15:43:42.0598 0x1740  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:42.0601 0x1740  mountmgr - ok
15:43:42.0606 0x1740  [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:42.0610 0x1740  MozillaMaintenance - ok
15:43:42.0619 0x1740  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:43:42.0625 0x1740  MpFilter - ok
15:43:42.0632 0x1740  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:42.0636 0x1740  mpio - ok
15:43:42.0641 0x1740  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:42.0643 0x1740  mpsdrv - ok
15:43:42.0664 0x1740  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:42.0682 0x1740  MpsSvc - ok
15:43:42.0689 0x1740  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:42.0693 0x1740  MRxDAV - ok
15:43:42.0699 0x1740  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:42.0703 0x1740  mrxsmb - ok
15:43:42.0712 0x1740  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:42.0719 0x1740  mrxsmb10 - ok
15:43:42.0725 0x1740  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:42.0728 0x1740  mrxsmb20 - ok
15:43:42.0732 0x1740  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:42.0733 0x1740  msahci - ok
15:43:42.0739 0x1740  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:42.0742 0x1740  msdsm - ok
15:43:42.0748 0x1740  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:42.0753 0x1740  MSDTC - ok
15:43:42.0759 0x1740  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:42.0760 0x1740  Msfs - ok
15:43:42.0763 0x1740  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:42.0765 0x1740  mshidkmdf - ok
15:43:42.0768 0x1740  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:42.0769 0x1740  msisadrv - ok
15:43:42.0776 0x1740  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:42.0780 0x1740  MSiSCSI - ok
15:43:42.0783 0x1740  msiserver - ok
15:43:42.0786 0x1740  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:42.0788 0x1740  MSKSSRV - ok
15:43:42.0792 0x1740  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:43:42.0792 0x1740  MsMpSvc - ok
15:43:42.0795 0x1740  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:42.0796 0x1740  MSPCLOCK - ok
15:43:42.0799 0x1740  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:42.0800 0x1740  MSPQM - ok
15:43:42.0812 0x1740  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:42.0821 0x1740  MsRPC - ok
15:43:42.0826 0x1740  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios     &#

A: PUP.Optional.YourFileDownloader and PUP.Optional.InstalleRex believed rootkits?!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/537537 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

4 more replies
Answer Match 83.1%

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer. 
Free Trial Avast comes up clean.
Free Trial Malwarebytes is a bit different:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d], 
 
Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2... Read more

A:PUP.Optional.Spigot.A, PUP.Optional.MyEmoticons.A, PUP.Optional.SearchProtection

Update:
Malwarebytes blocked PUP.RiskwareTool.CK from doing something (this was outside of a scan). 
A quick Google search has led me to understand that this particular PUP is not an issue? Is this true?

3 more replies
Answer Match 103.74%

Hi there
 
Noticed my laptop was running a bit slow tonight so did a Malwarebytes scan - it found the aforementioned threats.
 
I quarantined them after the first scan and rebooted, did a further scan and they're still there.
 
Any help on removing them would be much appreciated.
 
Have enclosed a Hijackthis log... do you need the DDS logs as per the thread at the top of this forum?
 
Thanks in advance!
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:10:26, on 22/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Digiguide TV Guide\digiguide.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome... Read more

A:Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Good evening.
 

do you need the DDS logs as per the thread at the top of this forum?

 
Yes, that's why it's there. HijackThis has not been seriously updated in some time and so is not considered worth the hard drive space, although I suppose that it acts as cheap advertising for Trend Micro.
 
Will you also let me have a copy of the detections that MBAM is finding. You can paste them into your next reply from the Logs Tab in MBAM.

2 more replies
Answer Match 102.06%

Hi Folks-
Been trying to eradicate PUP.Optional.Spigot virus. Now the Outbrowse has shown up.
Have tried to use Malawarebytes, Kaspersky Rootkit killer, AdWdleaner. Gets rid of it but shows up almost immediately. 
Seems to be in this location-
 
 PUP.Optional.Spigot.A, C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "https://search.yahoo.com/?type=994519&fr=spigot-yhp-ch",), Replaced,[267b049c215a3006d998c51aa4607a86]
 
______________________________________  
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by Ericsun at 16:14:01 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1494 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Micr... Read more

A:Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543666 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

8 more replies
Answer Match 98.28%

Hello,
I ran Malawarebyes and it said that some of my registry keys are infected. It quarantined them but I just want to make that there isn't another step I have to do to make sure its gone. Below is the log. Thanks!
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Tisha :: TISHA-HP [administrator]
12/11/2013 7:24:11 PM
mbam-log-2013-12-11 (19-24-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214460
Time elapsed: 11 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Op... Read more

A:PUP.Optional.Bandoo & PUP.Optional.Searchqu

Welcome JoRayne, to be sure we can do these.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.A... Read more

8 more replies
Answer Match 98.28%

this is a work computer, so I'll only be around 10a-5:30p EST.  "Computer guy" came about 6 weeks ago, ran Combofix, left.  After that, I  noticed that Conduit hijaked the browsers.  Uninstalled what toolbars I could find, changed settings in IE and Chrome, seemed to be gone. Still no symptoms.  Last week I saw the unsupported or unfound file image in the shortcuts next to the start menu, ran MBAM again, found this, deleted. ran other scans in safe mode w/networking, seemed clean.  Ran a scan just because today, no symptoms, 45 objects found.  Deleted again.  ran TDSS, found a partition. Don't know enough to comfortably delete.  Here's the DDS log.  I hope you can help quickly. My boss wants me to call the "computer guy" again, who I have no faith in, because every time we pay him to "fix it" I end up having to come here and get help because he doesn't actually fix anything, but still cashes the checks.
edit:1:46pm EST  Avira just popped up with detections of TR/Trash.Gen and TR/Drop.Softomat.AN in the System Volume Information folder, as both .exe and .dll under real time protection.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 12:56:02 on 2013-08-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3033.2209 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Runnin... Read more

A:PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Third party programs if not up to date can be the cause of infiltration an infection.Please restart the computer before running this security check.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the on... Read more

9 more replies
Answer Match 73.08%

Hi just did a Malware scan and found these PUP,S ,,,PUP Optional Binkiland and also PUP Optional Gameo please any help greatfully recieved thanks 

A:PUP Optional

Hello harty and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsu... Read more

57 more replies
Answer Match 73.08%

Hello to all the good people at bleeping.
 
I have been runing malwarebytes scans and super anti spyware scans and adwcleaner and so on and everytime I run the malware bytes scans there is a pup optional.findwide.A
Technically I understand that is not a virus per say but can lead into other malicious threats.
 
I looked up in the C folder and I can't find anything there I do know the pup.optional.findwide.aC:\users\regina\appdata\local\google\chrome\userdata\default\preferences.
this is what the malwarebytes is scanning.
 
I have reset the browser in google chrome and
done what all I think to do.
 
I know this kind of thing is browser hijack.
 
Can anyone give me a opinion on what other methods to do?
 
Thankyou for reading,
 
From Gina

A:Can't get rid of pup.optional

Hello GinaLets also do these and see what we get.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 us... Read more

7 more replies
Answer Match 73.08%

Hello, I just ran a  Malwarebytes scan as I ocasionally do.  This time, for the first time,  I did a full system scan and it found the PUP.Optional.1.9.1 malware. It located it in a programme on my desktop, Unlocker.1.9.1.exe. Other scans with AVG and House Call don't pick anything up. The Unlocker programme is important to me because without it my photshop  files are consistantly locked by Explorer and I can't progress my work. For this reason I didn't want to be too hasty in removing the 'infection'. My PC works just fine and I think PUP stands for potentially unwanted programme.  Potentially? Am I safe to leave it? Please can you advise me? Many thanks in anticipation - Ian.

A:PUP.Optional.1.9.1

I've used Unlocker quite extensively in the past. It can be of great use. From what I remember, it will install some extra "junk" during the setup if you're not carefully reading and forget to uncheck a couple of boxes. That aside, I believe the program to be safe and have never had an issue with it.

6 more replies
Answer Match 73.08%

Hi everyone.. new here, I've been using MSE 12mths no problems, my ? is why is MSE optional on updates?

A:MSE Optional

Welcome to the Seven forums!

Are you sure that it is MSE that you are seeing or could it be MSE updates?

5 more replies
Answer Match 72.24%

Hi,
I stupidly tried to download what I thought was Adobe flash player and ended up with Search Dial which took over my Windows 8 computer. I ran Malwarebytes and then reset my computer to an earlier date, which seemed to get rid of it and now it works okay once again. But now when I run Malewarebytes Pup.Optional.eSafe.A shows up on my Windows 8 laptop. I read on other sites on removing it but they all want you to download various tools. I ran Malewarebytes and it removed it but a couple days later it showed up again when I ran Malewarebytes. Would running Super Anti Spyware solve the problem?

I admit to being a total computer dummy and brought this upon myself, learning a tough lesson, but I sure would appreciate any help/advice you can offer.

p.s. I have a very difficult time navigating Windows 8 just to find the simplest things. So please be very specific if you can.

Thanks!

A:Pup.Optional.eSafe.A

I've run Malewarebytes again several times and the Pup.Optional.eSafe.A is gone, so I think my computer is okay.

2 more replies
Answer Match 72.24%

I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A)

A:PUP.Optional in Registry Key will not go away

  
Quote: Originally Posted by angiesluck


I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A)


In command prompt:

Code:
reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} /s
post output

9 more replies
Answer Match 72.24%

do i have to install this update?

A:optional update

Hello SpeedDial,

No, you do not have to. It's just to let you know that there is a new optional driver version update. If you do not want to install it, then you can hide it to not see it anymore in Windows Update. However, you might give it a try since it is a new version that may help improve your graphic card's performance. If not, you can always rollback to the previous driver version.

Hope this helps,
Shawn

7 more replies
Answer Match 72.24%

Hi, a scan with MBAM found and quarantined this PUP. Do I need to clean up any remnants and if so how? and would you advise installing Unchecky to help prevent these things creeping into my system again? Thanks.

A:PUP Optional Spigot.A

teddyboy,

Hi and welcome to TSF.

Please note that this is under the supervision of an expert analyst.

Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs (dds.txt, attach.txt and gmer.txt) mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post.

Please Read! "Who is Helping you?"

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Thanks. I can begin working on removing your malware when you submit those logs.

Please be patient with me during this time.

5 more replies
Answer Match 72.24%

Win 7 Ultimate.English

Always in Update: 34 optional updates available

Is there any to delete that from updates?

I am tired of the need to have that showin up every time I go to Windows Update .

Thanks in advance
oldad

A:34 optional updates available

Nobody forces you to install any updates. It is up to you what you want to install. I sometimes "hide" updates because I do not use the program to which they pertain. In Vista I have hidden all of SP2 on one system because it gave me problems on another system and it is smooth sailing since then. So as I said, it's up to you.

3 more replies
Answer Match 72.24%

Hello

I just recently bought a new computer 1.5 half weeks ago, and I've already experience 3 crashes on it, though the temperature of the GPU and CPU never exceeds 60 degrees celsius and rarely ventures above 50 degrees. Therefore I decided to reformat and install Windows 7 once again after the thrid crash. After I installed my most used programs so that I'd be able to use my computer again, I installed Malwarebytes Anti-Malware and ran a can of my system and I noticed I already had an infection, which baffled me. I had just reformatted the computer an hour earlier. So I tried removing it with Malwarebytes and other software but with no luck. I don't know if this is related to my computer's crashing problem, but I feel like it's something that's been transferred from my previous older computer as I bought a new one, cause it suddenly started crashing during games in League of Legends after 2 years of use. The symptoms and times of crashes of my new computer is the same.

Since the synchronization of google chrome transfers my preferred settings I'm thinking that the issue may lie herein, as the path in which the PUP is located is Google\Chrome\User Data\Default\Secure Preferences.

I've tried running GMER several times and saving it but absolutely nothing happens when I press the "Save..." button.

I do have access to a Windows Install Disk

DDS.txt below:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Quezacotl at 23:1... Read more

A:PUP Optional.Trovi.A

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

19 more replies
Answer Match 72.24%

I think I killed it? But want to be sure. I wasn't having any problems before this that
I noticed. But it had been awhile since I'd run a Full Scan.  When I did run a full
scan is when I found it.  This is my first post. I'm following Grinler's "Preperation
Guide", so I hope I'm posting this correctly and including information that is needed...
My PC is dual boot WinXP & Win7 64 Pro.  This was found on the Win 7 boot.
 
When I found PUP.Optional.Tarma.A, I ran the following in this order:
AdwCleaner
Junk Removal Tool
Malwarebytes
 
I checked also with eset online scanner, RogueKiller, Emsisoft Anti-Malware
and HitmanPro. The PUP.Optional.Tarma.A seems to be gone(?) but HitmanPro
and RogueKiller pointed out some 'suspicious' things. DDS Log posted below:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by WildCat at 9:54:16 on 2013-08-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8190.5402 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svcho... Read more

A:PUP.Optional.Tarma.A - gone?

Good evening.
Would you post the appropriate logs shoiwing the nasties in question for HitmanPro and RogueKiller.

27 more replies
Answer Match 72.24%

I opened Windows Update and only listed was an optional update. I didn't update at that time and when I went back to update I could not find the optional update. Ihave Windows 7 Home premium 64 Bit. I looked for updates again but it said everything was up to date. How can I find that update.. I'm not really good with computers any help will be greatly appreciated. I have one other question if you don't mind.

I have to Unzip a ZIP-file with WinZip and save the content to my hard
drive. Then use the unzipped EXE-file to run a program. This sound simple enough, I guess, if you know what you are doing. Where can I get this WinZip program that will run on Windows 7 Home Premium 64 Bit.

One other question. A program that I want to install supports Windows 7 64 bit in 32-bit emulation mode. What does that mean and how do I run this program.

Thanks again for all your help and cooperation. Have a good evening.

A:Optional Update

Welcome rottikid,

For the update it was probably for MSE if that's your Anti-Virus, You could just look at Installed updates and see if it is there.

As for WinZip you can get it here WinZip - Free software downloads and software reviews - CNET Download.com There might be something else you can use too, someone else might know more about that.

Usually people will download a zipped file to their desktop or downloads area by clicking save instead of run when prompted. (see Below)

And for the 32 bit emulation I don't know the technical answer but 64 bit windows has 2 sets of programs files, Program Files (64bit) and Program Filesx86 (32bit).

Hope that helps you out some.

Derek

5 more replies
Answer Match 72.24%

CANNOT get rid of this even switched from Firefox to chrome. Ran MWB here is the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.07.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: FAMILYROOM [administrator]
 
9/7/2013 1:44:09 PM
mbam-log-2013-09-07 (13-44-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 275904
Time elapsed: 25 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer.1 (PUP.Optional.Amonet... Read more

A:It's back again PuP.Optional.xxx.a

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

25 more replies
Answer Match 72.24%

My OS is Windows 8. For my security I have the free Malwarebytes installed and Windows Defender. Last week I ran a scan with Malwarebytes and it found 11 pieces of malware. All of them were pup.optional. This morning I did another scan and it found 811 of them. This is not a typo. It found eight hundred and eleven! How could this have happened? I do not get on any obscene web sites or any that may be questionable. Also what are the pup.optional? I would appreciate some thoughts on this. Thanks, Fran

A:Infested with pup.optional

MBAM recently made a change to a more aggressive PUP policy.
Malwarebytes Adopts Aggressive PUP Policy - Malwarebytes News - Malwarebytes Forum






Quote:
In the past, Malwarebytes Anti-Malware has detected only PUPs, or Potentially Unwanted Programs, that were mostly harmful and deceiving. Our users expected more and so we?ve revised our policy to include PUPs in our database that most of our users find annoying or misleading. Within the next few days, detection for many new variants will be added. Malwarebytes feels most of our users have no knowledge that these PUPs were installed and would like them removed. Several thousand forum posts and support tickets confirm our standpoint. Ranging from difficult to uninstall applications to software that makes you opt-out, we?ve had enough of it all!


Source: Malwarebytes Adopts Aggressive PUP Policy | Malwarebytes Unpacked

This won't answer why you have them or where they came from, but it might explain why you are seeing them now.

4 more replies
Answer Match 72.24%

Malwarebytes found and removed several (15) PUP.optional objects and one Adware object. I am a little nervous that the computer may still be infected as it still a little slow and IE is having some minor problems.
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by Mary at 3:36:35 on 2013-08-29
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4060.2593 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Pr... Read more

A:Several PUP.Optional found

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505985 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

3 more replies
Answer Match 72.24%

It is recommended to install all optional updates or take the time to research select only those that are relevant to your system? Can the update either be uninstalled or installed at a later date if there is a problem?

More replies
Answer Match 72.24%

I just did a clean reinstall of windows 7 on my toshiba laptop. Now when I goto windows update it doesnt display optional updates at all. There isnt a place for it. Before the reinstall I didnt have this problem. Anyone know how I can see the optional updates?

A:Help with optional updates

Look in the Windows Update settings in Control panel. There should be a box to check that says something like "Offer optional updates the same way I receive Windows updates".

5 more replies
Answer Match 72.24%

Hi cryptodan
 
I am following your advice given to glynch8030. As I have no idea just what I can and can not safely delete I was looking for assistance 
Below is the log for the first step (I deleted as many as I felt comfortable with. running Windows 7 with eScan and Malwarebytes uusing Google-Chrome browser.
 
# AdwCleaner v3.012 - Report created 18/11/2013 at 14:11:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wild Kitteh - WILDKITTEH-PC
# Running from : C:\Users\Wild Kitteh\Favorites\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\Ask
[x] Not Deleted : C:\ProgramData\boost_interprocess
[x] Not Deleted : C:\ProgramData\Partner
[x] Not Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\searchquband
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\Searchqutoolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ ipb.topic.inSection = 'topicview';
ipb.topic.topic_id = 514581;
ipb.topic.forum_id = 103;
ipb.topic.redirectPost = 1;
ipb.topic.start_id = 0;
ipb.topic.page_id = 0;
ipb.topic.topPid = 0;
ipb.topic.counts = { postTotal: 8,
curStart: ipb.topic.start_id,
perPage: ... Read more

A:PUP.Optional.Bandoo

GO ahead and rerun adwcleaner and clean what it finds.Then do the following:Please download Malwarebytes Anti-Malwareand save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin a... Read more

7 more replies
Answer Match 72.24%

I'm not familiar with doing driver updates. I have 3 optionals from Windows Update. I've read both pros & cons to using Windows Update for drivers but it's been awhile, so what's the current consensus now that I'm running Windows 7? Is it 'good to go' or is it best to go to the product sites?

A:Optional Updates

Others may disagree but I believe the first place to check for updated drivers is at the computer manufacturer's website. (If it's a home built machine then check the individual manufacturer websites for motherboard, graphics card, etc.) I also think most people would say "if it ain't broke, don't fix it."

A few months ago Windows Updates said there was a new driver available for my Sony Vaio's Intel HD 3000 graphics. I went to the Intel site to verify. It was there so I installed it. Almost immediately I began getting blue screens. I went back to the older version and all was well. I emailed Intel and they said once they release a driver, each computer manufacturer or component manufacturer is free to optimize the driver for their particular needs. Sony hadn't optimized it and it wasn't compatible with my Vaio.

If you decide to install those drivers I'd recommend you make a restore point just in case something doesn't work. Better yet, a system image. Go to the Acer website to verify the version being offered as an optionl update is the latest and greatest for your computer. Same thing with nVidia.

6 more replies
Answer Match 72.24%

Found PUP.Optional.AlexaTB.A after running a Malwarebytes scan. It says that quarantined and deleted successfully. Is that all there is to it or do I need to run something else? Thanks! The Malwarebytes log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Grant Writer :: HP88342945029 [administrator]

10/22/2013 9:39:21 AM
mbam-log-2013-10-22 (09-39-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315574
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

More replies
Answer Match 72.24%

I just ran a malwarebytes scan and it found several instances of "pup.optional.defaulttab" in various locations in my computer.  Both before and after I ran the scan, I see this warning every time I open up Google Chrome.
 
Here is a copy of the mbam log after I ran the scan also.  Thank you for your assistance and expertise

A:Pup.optional.defaulttab

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (N... Read more

19 more replies
Answer Match 72.24%

My computer had PUP.Optional.SearchProtect.A
 when scanned with Malwarebytes.  Malwarebytes says my system is now clear, but something seems to be chugging all the time in the background.  I'm wondering if there is still some residual infection.  Thank you for any suggestions.

A:PUP.Optional.SearchProtect.A

Hello HelenLet's look at some more.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double clic... Read more

22 more replies
Answer Match 72.24%

My computer automatically updated today. Upon going through the list of updates there where two optional updates one for English and the other for CXT-Network-PCI soft data fax modem with smart CP. What are they? Do I really need them? I checked the Microsoft help thing when your right click for info. All I could get was it was a driver and nothing else.

A:optional update

You must have this kind of card on your system using Windows drivers, then when there is a new driver WU propose it to make an upgrade.
My personnal advise regarding WU setup is to look for updates letting you the choice to download and install them.

2 more replies
Answer Match 72.24%

My internet was unusually slow today so I decided to use Malwarebytes to scan for viruses. It detected 22 items all called pup.OPTIONAL.tarma.a. I deleted all of them but I am worried I still might be infected, any idea what I should do?
 

A:pup.optional.tarma.a

Hi -
First these are all Potentially Unwanted Programs that have been found. Always delete them.
 
Now - Update and Re-run the MBAM scan and check if any PUP items still exist - Also a Full scan with your Antivirus.
These will only return if you visit, or download from sites that contain these infectins.
 
Thank You -

1 more replies
Answer Match 72.24%

A past update for Powershell 2.0 and WinRm 2.0 was designated Optional. (Which I didn't download. Do I need this?) Had trouble with the recent Live Essentials update and after some reading uninstalled Windows Live from my system which re-designated the Live Essentials update from Important to Optional. Now I find that the Powershell/WinRm package has changed ftom Optional to Important. Any idea why and how I should proceed?

Thanks.

A:From Optional to Important

Windows PowerShell is a new Windows command-line shell designed especially for system administrators. The Windows PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination.

Do you need it?

3 more replies
Answer Match 72.24%

Where do these files come from? I have found them with malwarebytes and deleted them, but later there are more showing up again.

A:[SOLVED] PUP.optional

PUP is an acronym for Potentially Unwanted Programs, which are added to a system without the user's knowledge or consent. They are usually bundled with other software downloads. While downloading and installing a software, care should be taken to uncheck other offers of software, if not wanted.

PUP (Potentially Unwanted Program) Definition

3 more replies
Answer Match 72.24%

Hello,

I recently performed a scan using Malwarebytes Anti-Malware and it reported my CPU being infected by (3) PUP.Optionals, one of which being PUP.Optional.Somoto. The CPU is completely asymptomatic and I wouldn't have noticed anything different if it wasn't for running the scan. I've attached the preliminary logs and any help is greatly appreciated. Unfortunately, I was unable to get GMER to work. I "blue screened" on the first attempt and then the CPU completely froze on the second try ...

DDS.txt


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by amy at 13:21:41 on 2013-09-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.463 [GMT -7:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_C... Read more

A:PUP.Optional.Somoto

Hello, calex_uo.

Please send me the Malwarebytes scan log showing the detection.

Open Malwarebytes Anti-Malware>>Click the 'Logs' tab
Select log from the date of the desired scan, they're named mbam-log-2013-xx-xx [10-11-12].txt
then click the 'Open' button. Once the log is open, copy/paste the content of that log into your reply.

PUP detections are Potentially Unwanted Programs. These are programs Malwarebytes researchers have found are sometimes added to a system without the user's knowledge or approval. These are not malicious, just potentially unwanted.

5 more replies
Answer Match 72.24%

I have some kind of infection that keeps showing up in all my scans. My computer is running really slow also. Thanks.

A:PUP.Optional.Smartbar.A

Hello spalladino25 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

29 more replies
Answer Match 72.24%

Having trouble removing this permanently. Keeps coming back after Malwarebytes quarantines it. Any help would be greatly appreciated. Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:07 AM, on 6/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tracy\Desktop\Malware Virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-i... Read more

More replies
Answer Match 72.24%

I&#8217;d appreciate some help and I&#8217;ll provide background:
o) A few weeks ago my 3 year old Dell Studio 7100 Windows 7 PC, with McAfee Total Protection, started having intermittent network connectivity issues (both wireless and Ethernet connection). Rebooting fixed the problem, but only temporarily.
o) I installed Malwarebytes and it found problems that I deleted.
o) I&#8217;ve been working with a Tech Support Guy on the network connectivity issue and I may be close to a solution.
o) Today, Malwarebytes found &#8220;PUP.Optional.MYPCbackup&#8221; and I&#8217;m not sure if I should delete it.
o) I ran the sysinfo.exe file and the result follows:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X6 1055T Processor, AMD64 Family 16 Model 10 Stepping 0
Processor Count: 6
RAM: 8191 Mb
Graphics Card: AMD Radeon HD 6600 Series, 1024 Mb
Hard Drives: C: Total - 939785 MB, Free - 853579 MB; E: Total - 476937 MB, Free - 452321 MB;
Motherboard: Dell Inc., 0NWWY0
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

< link to original issue posted here http://forums.techguy.org/networking/1146675-windows-cant-communicate-primary-dns.html
The system ran great until a couple weeks ago when intermittently the computer just "spins" when I try to view an open browser tab (e.g. MSN.com). This sometimes happens after computer wakes up, ... Read more

A:PUP.Optional.MYPCbackup - What to do?

16 more replies
Answer Match 72.24%

Malwarebytes is telling me this Chrome Extension (is a potential threat, but I cannot find anything about "PicEnhance" in Google or Forum searches.  I have installed numerous extensions for later exploration.  Is
"pup.optional.PicEnhance.A" part of an HDR or other photo editing extension.  Malwarebytes won't let me update its database until I do something with this.  I suspect I can make it an exception, but thought I'd ask the experts first.  Malwarebytes log posted below.
 
Also, and I've asked before with no reply: I have been helped numerous times by this forum and would like to donate to the cause.  Where is the link to send money to BC.com???
 
Many THANKS!!!!!
 
>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/22/2014
Scan Time: 7:49:40 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.22.02
Rootkit Database: v2014.06.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dayle
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398612
Time Elapsed: 14 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Valu... Read more

A:pup.optional.PicEnhance.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

5 more replies
Answer Match 72.24%

I ran malwarebytes and it has found several Pup.optional infections.
 
Heres the log from when i ran it
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2014.01.23.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-76814CAF25 [administrator]
23/01/2014 19:22:14
MBAM-log-2014-01-24 (16-45-16).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439965
Time elapsed: 5 hour(s), 25 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKCR\CLSID\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\Toolbar.CT2504091 (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWA... Read more

A:Pup.optional Infection

Hi David, this doesn't look too bad.Please run a FRST scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

2 more replies
Answer Match 72.24%

 Malwarebytes Anti-Malware, I do a scan this pops up i click to delete, then it come back again, not sure what to do?
 
PUP.Optional.Conduit.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Thanks

A:PUP.Optional.Conduit.A,

Hi, I'm Rootk and I will be helping you with your problem. First off, I want you to know that I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.We need to see some additional information about what is happening in your machine.Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt Save both reports to your desktop. The instructions here ask you to attach the Attach.txt.

Instead of attaching, please copy/paste both logs into your next reply.
Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HERE

18 more replies
Answer Match 72.24%

Hi, I downloaded Microsoft Visual Basic from Softonic.com on to my computer. When I scanned it with Malwarebytes it categorized it as "pup.optional" and when I pressed "Remove" it deleted it, the reason why I pressed "Remove" was because I though Malwarebytes would remove "PUP's" from the download, but it removed the whole thing instead. My question is, can I download it again, and is it safe? Since Malwarebytes just claimed it was a "Potential unwanted program", though I'm not sure what the "Optional" part was about. Also, I tried scanning other download installers that I have on my PC with Malwarebytes, and it didn't detect anything, so why only this one did they claim is "pup.optional"?

Any help is welcome, thank you!
 

A:Malwarebytes: pup.optional

16 more replies
Answer Match 72.24%

Anyone get this virus lately?

PUP.Optional.DefaultTab.A

thanks
 

A:PUP.Optional.DefaultTab.A

Hello bsacco and Welcome to this forum.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.

Please follow the instructions outlined here.
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
 

1 more replies
Answer Match 72.24%

hello i have been having trouble with pup.optional.mysearchDial.a
pup.optional.Dealply.a

when i click a new tab this my search Dial page comes up ( it is a a pup)
but when i press the home page it is google like it is spose to be
often get pop up coming in
computer running slower
firefox stops responding

i did have quit a few mysearchDial.a
pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
but i guess they will appear again after using computer for a bit ??

iv got malawarebytes, superantispyware, hitman pro, avg free
can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on
 

A:pup.optional.mysearchDial.a

16 more replies
Answer Match 72.24%

I am infected with the Conduit malware.  I ran Malwarebytes and it came back with over 600 threats named pup.optional. conduit A.  When I try to change the internet homepage it defaults by to the the browser logo page.  I have attempted several times to remove the virus but it keeps returning. I also get a DLL run box when I start indowsThis my first time with 600+ threats.  Please advise on how to remove.  Thank You
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2012 6:11:05 AM
System Uptime: 3/25/2014 3:01:04 PM (56 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 867.11 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 3/16/2014 7:00:04 PM - Windows Backup
RP223: 3/18/2014 1:14:59 AM - Windows Update
RP224: 3/22/2014 11:17:34 AM - Windows Update
RP225: 3/23/2014 7:00:05 PM - Windows Backup
RP226: 3/26/2014 1:37:55 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin... Read more

A:PUP Optional Conduit A

Hello rosemel I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

16 more replies
Answer Match 72.24%

I cannot get rid of this virus/malware/pup.

I noticed my cpu performance was running very slowly, so I ran MBAM. It detected the above, and I restarted to complete the clean up. Upon a restart, I rescanned in safe mode and nothing was found. However, I still noticed slow performance, and I scanned with MBAM again in regular mode. It found the PUP but did not clean it out. I ran ESET online scanner, but this could not get ride of it either. I will post my required logs below.
 

A:Cannot get rid of (pup.optional.bprotector.a )

15 more replies
Answer Match 72.24%

Hi all,
I have a function in a class that makes a connection to mysql:
Code:
public function Connect($server=$this->server, $username=$this->username,$password=$this->password)
The $server, $username and $password arguments are optional, as they are set with default values at the constructor, and I want the arguments to be equal to the variables defined in the constructor if they are not defined in the function call. The code above returns a parse error.

Any suggestions on how to do this?

Many thanks,
Andy
 

More replies
Answer Match 72.24%

I've been performing routine maintainance of a friend's laptop.  It's been over two months since I've done so.
 
Scanning in Safe Mode with Malwarebytes I found PUP.Optional.Superfish.A twice on the computer.  I quarantined them.
 
While I Safe Mode I also ran:
 
Rkill -- came back okay.
 
TDDSKiller -- came back okay.
 
AWCleaner -- came back okay.
 
And yes, I didn't stop at BleepingComptuer first, so I did not see the instruction and I ran ComboFix.  Sorry.
 
I ran TFC and restarted.
 
Once restarted, in normal mode I ran ESET and it came back clean.  Right now I am defragging, with almost 500 MB to defrag, so it's still going.
 
 
Windows Vista (Home)
Internet Explorer and Google Chrone.
 
 
A quick search online shows this is the kind of virus you get by downloading something when you shouldn't have.  This is exactly the kind of thing I keep telling my friend to [i]NOT[/io] do, but he ignroes me.  He'll search for something, like a manual for a product, and the first thing in the search resutls, regardless of what site it's on, he'll click on if it has the name/words he's looking for.  I've tried several ways to get him to understand.
 
He. Does. Not. Get. It.
 
And what's worse is he enters all kinds of personal information on the laptop.  And that quick search shows this particular virus can download other things onto the computer.  He's lucky this time.
&... Read more

A:PUP.Optional.Superfish.A

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/558205 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 72.24%

Hello,
 
MBAM Premium detected PUP.Optional.AZlyrics.A and warned me, per Settings > Detection and Protection > Non-Malware Protection > PUP detections =  "Warn user".
 
After the warning, I changed the PUP detection action to "treat as malware" so it will quarantine it on the next scan.
 
I'm asking for help because of a previous experience with a PUP variant.  Last summer, on a different computer, MBAM quarantined a couple of PUP variants.  Some further cleanup was needed to make things right, and I got the help I needed after posting to this forum.
 
DDS.txt posted below.  Attach.zip attached.
 
Thanks!
--mstap42
 
# == DDS.txt == #
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Stapletons at 23:01:54 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1671 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.... Read more

A:PUP.Optional.AZlyrics.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

15 more replies
Answer Match 72.24%

Hi.

Just done a Malwarebytes scan which found PUP.Optional.Somoto in my downloads folder. Says it's infected in my DVDShrink download.

Can't seem to find any information on this. Is this harmless adware, or should I be worried?

A:PUP.Optional.Somoto

Well....lets take a look and see what we can find.

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any antivirus programs during ... Read more

12 more replies
Answer Match 72.24%

Had to do another reinstall of W7. Are any of these optional updates needed ?

A:Optional Updates

Define 'needed'!
The OS will run happily and securely without them - but they do contain some nice enhancements.
I'd install everything offered except the Bing and Live stuff (unless you actually want those) - and hide those so that they don't get in the way (at least until they are updated again)

2 more replies
Answer Match 72.24%

Any danger in not installing optional updates? I have nine of them waiting in line and my machine is working just fine. Pros and cons, please?
Thanks in advance

A:Optional Updates

Optional means just that: optional. It won't hurt to not install them. I hide anything to do with Bing and, if I were to unhide them, there would be many more times nine setting there.

8 more replies
Answer Match 72.24%

Received the following update from M$ today, not sure what it is wanting to do -

"nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GTX 260

Download size: 252.2 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

nVidia Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware software update released in February, 2015"

Could someone shed some light on this ?
Thanks

Joe

A:Optional Update - not sure what it is ?

This is an update to your NVidia graphics card drivers, etc. It is optional because it is not necessarily required.

I personally always go to the manufacturer's (NVidia in this case) support site and get the latest drivers from there if I feel I need to update them.

Paul

3 more replies
Answer Match 72.24%

I have never installed a single optional update because I don't really know what they are all about although some are obvious. So I ask: just how important are optional updates? Is it generally recommended they be installed?

Thanks in advance.

A:Optional updates

Some are fairly useful - some are fairly pointless
You need to make the decision on which you want to install for yourself - the list is way to log now to detail it.

1 more replies
Answer Match 72.24%

1 - Latest version of Vuze infected my laptop with malware - pup.optional.conduit.a
 
2 - I've browsed through the forums here many a time and have always been impressed with the help I've seen given. That being said, what is a good donation amount?
 
3 - DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Remag VII at 9:36:34 on 2013-11-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.13849 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\s... Read more

A:pup.optional.conduit.a

Hello Remag VII I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

17 more replies
Answer Match 72.24%

Please help!

I have just switched from dial up to LAN nad although my connection says it's operational it does not actually do anything. I am accessing the web now by using my old dial up. in internet options/connections tab, , I cannot click on anything except the SETUP tab. Ie, nothing else is highlighted as such. I don'y know whether this is connected to the problem or not. In WIN XP help and support, I ran the Network Diagnose Scan system - result is that internet explorer web proxy not configured. In desperation, I have copied the scan results here. Please can you help but bear in mind that I am not really all that computer literate. Thank you!
nternet Service
Default Outlook Express Mail

Not Configured

Default Outlook Express News

Not Configured

Internet Explorer Web Proxy

Not Configured

Computer Information
+ Computer System

NATASHA

AdminPasswordStatus = 3
AutomaticResetBootOption = TRUE
AutomaticResetCapability = TRUE
BootROMSupported = TRUE
BootupState = Normal boot
Caption = NATASHA
ChassisBootupState = 3
CreationClassName = Win32_ComputerSystem
CurrentTimeZone = 120
Description = AT/AT COMPATIBLE
Domain = WORKGROUP
DomainRole = 0
EnableDaylightSavingsTime = TRUE
FrontPanelResetStatus = 3
InfraredSupported = FALSE
KeyboardPasswordStatus = 3
Manufacturer = ATI___
Model = AWRDACPI
Name = NATASHA
NetworkServerModeEnabled = TRUE
NumberOfProcessors = 1
PartOfDomain = FALSE
PauseAfterRe... Read more

A:Lan Settings Not Optional

What type of connection do you have and what brand and model of modem. Are you using a router or hub? What brand and model?
Looking at your log I would believe you do not have a ethernet connection for what ever reason.

11 more replies
Answer Match 72.24%

My computer is acting slow and sluggish, and when I run Malwarebytes it comes up with something called PUP.Optional.Conduit.A, I let it remove it and when i scan again later, it is still on my system. Is there a way to get rid of this permanently? Or is there more on my computer that is making it slow? Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:45 PM, on 10/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Malwarebyte... Read more

A:PUP.Optional.Conduit.A

7 more replies
Answer Match 72.24%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4001 Mb
Graphics Card: Intel(R) HD Graphics, 1808 Mb
Hard Drives: C: Total - 940261 MB, Free - 876787 MB;
Motherboard: Dell Inc., 0CXTWJ
Antivirus: Microsoft Security Essentials, Updated and Enabled

I have Malware Premium and scan everyday. It keeps finding multiple Pup.Optional. PC Privacy Dock and Pup.Optional Hawker A files. I delete them everyday, and the next day it finds more of them. What are these files, and where do they come from? Are they harmful? How can I prevent them from "invading" my PC?

 

A:Pup. Optional files

10 more replies
Answer Match 72.24%

I have a
Gateway One All-In-One Desktop with Intel® Pentium® Processor - Microsoft Windows 7 Home Premium Edition 64-bit operating system preinstalled.Optional update:
I recently went to the Critical Updates and saw the following:

"Intel Corp - Display Mobile Intel (R) 4 series expires chipset family" - 21 MB (which is quite a large update)

Just what is this update and should I install it? This is our grandson's computer and we would not want to cause any problems or damage by installing this Optional Update. Nothing appears to be wrong with our graphics, etc.
Please advise and thank you.
Alice Z
 

A:Optional Update

I installed this onto my laptop and considerably improved the graphics on it.
 

3 more replies
Answer Match 72.24%

Does one need optional updates? The reason I ask is until recently i've had no problems with any update.This one just refuses to install Realtek PCIe GBE Family Controller.(Error code 800F0203)Went through all the chanels, still no install.
 

A:optional Win 7 update

Jetsguy: Just a word of caution.... It may be best to not load optional updates from Microsoft for hardware or software not related to Microsofts products. To update those non-related programs or hardware go directly to the manufacturers website and get updates there.
 

3 more replies
Answer Match 72.24%

hello
i have my problem back
iv seen some of the old infections on the super antispyware scan
computer/ browser not responding, takes forever to to anything
is slow at booting up also
running slow

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Business, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, x64 Family 6 Model 15 Stepping 10
Processor Count: 2
RAM: 1005 Mb
Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb
Hard Drives: C: Total - 76316 MB, Free - 41504 MB;
Motherboard: LENOVO, 766512M
Antivirus: AVG AntiVirus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled

that is weird i have previously deleted /removed avg and put in Vipre on trial but computer wouldn't work properly with the firewall working so im using windows firewall and vipre for the rest
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2012 2:21:56 PM
System Uptime: 2/10/2013 5:53:20 AM (2 hours ago)
.
Motherboard: LENOVO | | 766512M
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 40.233 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Ac... Read more

A:pup.optional.mysearchDial.a

16 more replies
Answer Match 72.24%

Please help me to be sure this system is safe.
Thank You
 

A:Pup.Optional.Mindspark.A

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Answer Match 72.24%

I am new to the world of Windows, and am helping a friend out with his pc.  I got it all setup and malware clean, but don't know for sure what Optional Updates I should install.  Can anyone advise me as at least what NOT to install?  This is what I got.  I should mention, that I just re-installed his OS via. the Recovery Partition, so all is new and probably out of date.  All M.S. Updates have been done.  I use a Logitec Mouse so I think I want that, and, they are very common.  The others I am not sure about.
 

A:Optional Updates

- I would recommend to simply install them all. Those "Update for Windows" add new features.
- Is Windows Update only recommending 9 "optional updates" ?

7 more replies
Answer Match 72.24%

Hi, My brother made a mistake when running Malwarebytes while trying to remove PUP.Optional.Verti and ended up allowing it onto his computer. In spite of running multiple other virus removal programs, I have not been successful in removing this object from computer. 
 
I would greatly appreciate assistance to remove this PUP.Optional.Verti and all of it's spawn from my brothers computer. 
 
Thanks

A:PUP.Optional.Verti

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

24 more replies
Answer Match 72.24%

2.
I was trying to get a game to play on Voobly working properly which required port forwarding and so, I had to set a static IP and use this tool from portforward.com to test if the ports were opened or not. I was on the phone while installing the software which resulted in me accepting what I thought was a window for going forward with the installation. Two more accept/decline windows followed it and I knew I messed up (I hit decline on those).
 
I ran a full scan using Malwarebytes and it found 9 infections on my computer by the name in the title.  I use firefox and have no toolbar on my windows or in my add-ons. I looked in my "Add or Remove programs" and found nothing new. Should I remove that portforward.com tool? I ask because they seem to be pretty trusted, the optional downloads are what seem to be malicious.
3.
I use windows XP and am planning on upgrading soon.
4.
I ran Malwarebytes.

A:PUP.Optional.Conduit.A

Hello -
Please run these few programs and Copy / Paste the logs generated. Temporarily Disable Your Anti-virus if needed
 
 
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.
 
 
Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)
 
 
Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will run for about 2 minutes
Copt and Paste the log it produces.
 
 
Important: Do not reboot your computer until you complete the next step.
 
 
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Clic... Read more

15 more replies
Answer Match 72.24%

There are 2 "optional" update to look closely at.
 
1) Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 (KB3075249)
 
2) Update for customer experience and diagnostic telemetry (KB3080149)
 
I think that Microshaft is up to it's old 'snooping' tricks again.  I'd advise not to install them.  Any thoughts from you gurus?
 
- RVAH-12

A:New (optional) updates on 8/21/15

Hi RVAH-12 I personally would install them because I see no harm in doing so. As long as they aren't drivers update, there's no real chance that they'll mess up your system. If you are one of these users that cares about privacy (in a certain way), you might just want to leave the second update out, but for the first one, it can be useful in the future (the kind of data it'll collect can be valuable to enhance Windows' protection).

15 more replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

Hi,
 
I'm working on Windows 7 (64) using chrome as my browser.  I recently got a PUP detected by Malwarebytes of PUP.Optional.Conduit.A which recurs every time it's quarantined.  A second infection was detected once during this infection as well, but it hasn't recurred (I believe that infection was something related to "Spigot" which I had once on my computer last year)   
 
I have not noticed any symptoms on my computer.  I have not downloaded anything that could be an obvious source of the program.  
 
Thanks for any help you can offer getting rid of this pesky program! 
 
Heather
 
 
 
Here's my FRST.txt info:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by user (administrator) on USER-PC on 28-04-2015 14:15:53
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AM... Read more

A:PUP.Optional.Conduit.A I don't know how to get rid of it

Hello userhw,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could... Read more

29 more replies
Answer Match 72.24%

So I regularly run malwarebytes, and this thing keeps coming back after being quarantined.
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Running from D:\Downloads
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVI... Read more

A:PUP.optional.trovi.a... what to do?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JSK at 2015-04-10 01:28:10
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKL... Read more

24 more replies
Answer Match 72.24%

I need help getting rid of PUP.Optional.Conduit. I have run Malwarebytes and House Call and Avast. Malwarebytes sees it and I try to Remove it but it keeps coming back. It makes IE freez. Help!!! I am running win 7 64BIT.

A:PUP.Optional.Conduit

http://www.bleepingcomputer.com/download/junkware-removal-tool/
this works pretty well.
I would also reset IE back to default to be sure, and run c cleaner.

5 more replies
Answer Match 72.24%

Was doing routine scan, and came across the :
Registry Keys: 1
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [37b6d869eb91e254b719be834cb76f91],

I used Malwarebytes to scan with and had made sure it was up to date. However the program reported I was infected with PUP.Optional.DefaultTab.A. Realize this can happen through downloading different things and companies "hiding" things in software you download. I'd like to get this removed if possible.Been using Malware bytes quite sometime, and this is a first seeing the PUP.Optional.DefaultTab.A.

Also I have been getting the "page can't be displayed" when on websites.Website shows, but like on it some where it will say "page can't be displayed" Could this "pup" also be causing this ? Below I have pasted the complete log : ( I have not taken any action yet to correct this) Decided to see if someone here could help me. I'm using Windows 7 Ultimate 64 bit.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/30/2014
Scan Time: 11:15:23 AM
Logfile: DT1.txt
Administrator: No
Version: 2.00.3.1025
Malware Database: v2014.11.30.05
Rootkit Database: v2014.11.29.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337284
Time Elapsed: 4 min, 29 sec... Read more

More replies
Answer Match 72.24%

Malwarebytes has just picked up 2 of these with a new definition file update.
It's pointing to Topaz Remask 5 uninstaller uninst.exe and a corresponding registry key. Topaz is paid photo processing software used widely by photographers. Remask 5 was downloaded from the Topaz Labs site.

So what do you think the best action is?

A:PUP.optional.adpeak

The only things I can think of is going to the Malwarebytes forum and checking if it is a false positive. Then checking with Topaz see if the problem has been reported to them.

4 more replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

I have anti virus software as well as Malware Bytes. Every single time i run a full scan on both programs my anti virus software doesn't spot this ad ware but Malware Bytes does. I have to restart my computer to get rid of it. But once i run a scan again; right after i restarted my computer the ad ware appears again. IDK what to do, i'm not very keen on downloading some ad ware blocker program but if that's the only option then its fine. Any suggestions on how to permanently get rid of this. 

A:pup.optional.conduit

Hello and Welcome -
Please read http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
 
Make sure that all items are selected, or you will not have removed them.
Please select your last Malwarebytes Scan, and Copy / Paste it back here.
If you are not able to find it, Please Update your copy of the program, and run a Full Scan.
Then Copy / Paste that log back here.
 
 
Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
Please Copy and Paste the small log back here
 
 
Now: Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Note Do not click on the Scan or Clean button more than once, as this may cancell all results
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
* If you see any which you do not want removed, remove the check mark next to it. 

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infectio... Read more

2 more replies
Answer Match 72.24%

Hi,
 
Since some time back malwarebytes will remove "PUP.optional.spigot.a" everytime I run it. Sometimes an empty internet explorer "do you want to leave this page" message will appear as well (I dont use IE.)
Outside of malwarebytes I run avast. Could I get some help killing this annoying little thing.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Z (administrator) on MARGETA (02-09-2015 12:34:29)
Running from C:\Users\Z\Desktop
Loaded Profiles: Z (Available Profiles: Z)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\As... Read more

A:PUP.optional.spigot.a

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Z (2015-09-02 12:35:01)
Running from C:\Users\Z\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3700485390-1544953774-2094612495-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3700485390-1544953774-2094612495-503 - Limited - Disabled)
Guest (S-1-5-21-3700485390-1544953774-2094612495-501 - Limited - Disabled)
Z (S-1-5-21-3700485390-1544953774-2094612495-1001 - Administrator - Enabled) => C:\Users\Z
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3700485390-1544953774-2094612495-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Achron (HKLM-x32\...\Steam App 109700) (Version:  - Hazardous Software Inc.)
Adobe Flash ... Read more

1 more replies
Answer Match 72.24%

Advanced micro devices,inc-Graphics adapter wddm1.2-amd Radeon HD 6310 Graphics is this update important? I found it on my update list so I was just wondering if its okay to update also, what does this update do?

A:Optional Update

It is clearly an 'update' for the device driver for your graphics adapter, but I do not know what in particular that update fixes or improves about it.
 
Device drivers are small pieces of software that are the link between Windows and the various pieces of hardware on the computer. If Windows or wants to draw something on the screen, it gets the device driver for your graphics adapter to do it.. Device drivers are specific to the exact model of hardware that they are designed for, and sometimes to that hardware being used on a particular model of computer.
 
I am a bit wary about accepting device driver updates from Microsoft updates, but do not ignore them. In particular, I would think carefully about this one, and ensure that the update matches the driver already installed on your system. My reasoning being that device drivers can be issued through four different channels (each subtly different).
 
The Manufacturer of your computer. If you have let's say a "Bloggs model X1000" laptop - The most appropriate driver updates might well come from "Bloggs" themselves... They will know how best to use that model of graphics adapter in their system, and might have modified the drivers (or include specific support software) that they supply to best match their system.
 
The Manufacturer of a separate add-in card that you separately purchased for your computer. The card manufacturer will know how best to use that model of graphics adapter in their system, and mig... Read more

2 more replies
Answer Match 72.24%

My first post here at this site. Sorry if I make mistakes with any of your rules.
 
I have this nasty little problem that I can't seem to get rid of. I am told it isn't a virus but rather just a program that steals information and finds it's way deep into my labtop. I am not really experienced with getting rid of such things but I have tried a few things to no avail. All it is really doing is making videos run slow and studdering, and making everything else slower. I have an older labtop so it is already slow enough. 
 
I run the free version of avast, and the free version of malwarebytes. When I run an avast scan nothing shows up, and when I run the malwarebytes one line comes up (PUP.Optional.Conduit.A). I hit the quantine button and seems to go away, but as soon as I run another scan it is right back on there. 
 
I uninstalled Chrome, and reinstalled it and ran another scan and it wasn't there. But as soon as I watched a video on youtube it was back. I tried googling PUP.Optional.Conduit.A and there was a 4 step removal guide that I tried. First step was to use start menu to open "remove programs" find it and remove anything with Conduit in the program. I tried that and found none. I searched all programs and still couldn't find it. But I know it is there, because every time I run a malwarebytes scan it shows up. 
 
I went ahead and did the other 3 steps of the 4 step plan which included adding AdwCleaner and running a scan, Then add Malw... Read more

A:PUP.Optional.Conduit.A

Conduit probably installed a start-up item.  It may also be listed in Programs and features as a program that's installed. I would check your start-up items and programs and features list to see, but first need to know what version of Windows your running.

5 more replies
Answer Match 72.24%

There have been a lot of problems reported the last few months where Windows Update is very slow and takes a long time.
I just checked my W7 Updates and a new update KB3102810 was published yesterday (2015-11-03)
This update might help fix this, but it also includes a fix for updating to Win 10.

Read more here:
https://support.microsoft.com/en-us/kb/3102810

I also get the "same update" offered for W8.1 as KB3102812 described here:
https://support.microsoft.com/en-us/kb/3102812

A:New optional update

I promptly hid KB3102810 and another optional one when they came through recently; I still have two important ones from yesterday pending (KB2758857 and KB3067904); I'm waiting to see if anyone reports problems or not. I haven't had any trouble with windows updates taking too long to do its thing and I don't need a fix for updating to Win 10 because that simply isn't going to happen. In fact, I suspect the ones who have been having trouble with updates also have the Win 10 nagware, etc. installed, which I do not.

1 more replies
Answer Match 72.24%

My wife's laptop has been infected with this nasty virus, she blamed me for her getting it, but I run Malwarebytes occasionally and has never detected the PUP on my machine. I have used Malwarebytes several times on her machine only to have the machine re-infected. So I've been to several sites they confirmed that removal very difficult. They list some very convoluted solution. One even warned that a miss-stroke could cause serious damage to your machine. I have a tremor so I do not want to attempt one of those and that fact they only list windows 7 and 8.

I hoping that there is someone out there that can point me to trusted software to remove this or recommend or a reputable site that can do the removal. I'm not looking for a freebee but permeant solution to this virus.

I'm sure she has a lot of unwanted junk on her relatively new machine. Every time I ran MB it took longer than the previous time, I just ran MB, it took 21min. My machine has a larger capacity and only takes about 5min.

A:PUP.Optional.HomePageHelpe

See if this article will help........
How can you remove PUP.Optional.Helperbar.
It consists of 3 steps.
http://malwarefixes.com/threats/pup-optional-helperbar/

1 more replies
Answer Match 72.24%

ok i have a dell optiplex gx260 here is a description:
4T274 PRINTED WIRING ASSY, PLANAR (MOTHERBOARD), GX260, 845G, AUDIO/VIDEO, GIGAHERTZ NETWORK INTERFACE CARD/CONTROLLERS, 2
9K795 PROCESSOR, 80532, 2.0G, 512K, 400FSB, SOCKET N
3K113 DUAL IN-LINE MEMORY MODULE, 256, 266M, 32X64, 8K, 184

when i went to upgrade the ram Kensington said i have a 2.53 ghz cpu, can i upgrade processors without changing the motherboard? if so what is the top speed i can reach. forgive the novice in me, i am a damn good mechanic, but computers are a little foreign to me.
 

A:optional cpu for my dell

Theoretically your 845G chipset should support 533FSB as well as 400FSB, so a Prescott might go in nicely (up to 3GHz).
BUT, it being Dell, it is probably a castrated version.
This would be the optimal CPU: http://www.excaliberpc.com/Intel_Pe....93GHz/JM80547PE0771M/partinfo-id-562784.html
but perhaps others have a better idea?
 

2 more replies
Answer Match 72.24%

Hi -  Malwarebytes keeps finding this on my computer - pup.optional.conduit.a in google/chrome/user data/default/preferences.    I've read this forum, the malwarebytes forum, etc.. and tried the different fixes using different tools.   It will be gone .. then return again the next time I run a Malwerebytes scan.       I recently was having shut-down problems w/ my my Acer laptop after the latest Windows 8.1 update, tried many things and ended up doing a factory reset, which fixed that problem so everything is pretty fresh.      I did a reset of Google Chrome last night.   I got a clean scan on Malwarebytes but it's back again today.  I'm really getting frustrated and beginning to wonder if this is a false positive or something.  I hope that someone can help me.  

 

A:PUP.Optional.Conduit.A

Hello jewelz... I moved this to the Am I Infected Forum.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows... Read more

11 more replies
Answer Match 72.24%

I have had multiple issues with my computer, most of which I think I've gotten worked out, but this problem hasn't gone away with pup.optional.crossrider.a.  
 
We were having internet connection problems, so at first I didn't realize that I had an infection, as our internet connection actually had a problem as did our line coming into our house, which now is worked out by our provider.  I was still having slow internet connection problems and instances of it not finding the server to main websites or not sending and receiving email.  I ran Malwarebytes and it came up with multiple instances of pup.optional.crossrider.a.  I have Advast, and ran a boot-time scan which found quite a few trojans and malware, which it got rid of them.  After it ran, I ran Malwarebytes again, and again it found pup.optional.crossrider.a.  How do I get rid of this and is it dangerous?
 
The computer is running much better after the boot time scan, but I still would like to get it completely taken care of.  Thanks! 
 
Jennifer

A:pup.optional.crossrider.a

Hello there      Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this. Step One:Mini Tool BoxClick here to download MiniToolBox to your desktop.Double click MiniToolBox.Select the following and then press go.Post the log in your next reply.Flush DNSReset IE Proxy SettingsReset FF Proxy SettingsList Last 10 Event Viewer ErrorsList Installed ProgramsList Restore Points Step Two:Malwarebytes Anti-MalwareClick here to download Malwarebytes to your desktop.Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.On the dashboard, click update now.After that, click scan now - the scan will now begin.When the scan's completed, select apply actions - make sure the action is quarantine.Restart your computer.How to get the log.On the dashboard, select the history tab and click application logs.Select the log which has the time and date of when you did the scan.Click copy to clipboard and paste it into your reply.Step Three:Security CheckClick here to download Security Check to your desktop.Double click SecurityCheck and follow the on-screen instructions.A log should open, called checkup.txt.Please post the contents of it in your next reply.Thanks and good luck!

10 more replies
Answer Match 72.24%

I ran a scan of Malwarebytes and it came back with the below infection. It says it's in the registry. I attempted to remove the infection, but it keeps coming back. Any help would be appreciated. Thank you.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/19/2016
Scan Time: 2:23 AM
Logfile: malware scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.19.03
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shane
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408386
Time Elapsed: 15 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf], 
PUP.Optional.Uniblue, HKLM\SOFTWARE\CLASSES\pc-mechanic, , [17f82774dac02b0bf6b2a84ecb394bb5], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8E4FDD39-3... Read more

A:Pup.Optional infection

You need to change the settings and you need to rerun MBAM as the log you posted doesn't show you allowed MBAM to delete/ quarantine what it found.
Use the programs below to clean, remove adware and remove malware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled Change to Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and... Read more

1 more replies
Answer Match 72.24%

Hello,
 
I was wondering if anyone could help me remove infected items reported by Malwarebytes. I removed them before however they seem to have returned. They are named variations of PUP.optional.Conduit.A and are registry keys and files/folders. I have done another scan and it says they are removed but I would like to be certain they are gone is there any other ways I could do this?
 
Thank you

A:PUP.optional.Conduit.A

 I'd do a scan with Malwarebytes and my antivirus program in Safe Mode.  I have to tell you that Conduit malware is very hard to get rid of because it sinks it's teeth into many parts of your system.  You might try the Revo Uninstaller too.
 
Good luck.

4 more replies
Answer Match 72.24%

Hi guys, I have these pending optional updates, question is, is there a need to install them? According to the Microsoft support page, some of these updates fix certain issues on some devices. I am not experiencing any of the said problems so I am wondering if I still need to install the updates. Thanks

A:Optional Updates

I had two of those, KB3042085 and 2976978. One seems to be yet another pre W10 update. Installed them OK.

If you install these would you look at something first just to satisfy my curiosity. What is your free disc space before and then after installing these ?

14 more replies
Answer Match 71.4%

A new optional update KB3035583 is available, published today.

Update enables additional capabilities for Windows Update notifications in Windows 8.1 and Windows 7 SP1

A:New optional update KB3035583 available

I'm not having Windows Update problems so I don't know if new KB is a good thing or not.

I do all my Windows 7 updates manually.

9 more replies
Answer Match 71.4%

On 21 April Microsoft released 20+ "Optional" updates.

Any opinions from Forum Members as to which of these updates is worthwhile installing...?

T.
 

A:April Optional Updates

the key word is optional
nobody can say what is wanted or needed on your particular computer
the only thing to do is look at each update in turn and follow the more information link & see what it does
if you don't have the software or hardware installed that the update applies to then hide that update and don't install it
If you feel the update might apply to you then update it
of the 20 odd optional updates this month, I applied about 8
I made sure to ignore & hide the Russian rouble update and Korean language updates which definitely don't apply to me and the update to allow backup to a recordable blueray disc because I don't have a BR player or recorder on the computer
 

3 more replies
Answer Match 71.4%

Hi I just joined so that I can post on here. I keep getting infected with PUP.Optional.BestBuy.A from an apparent Google Chrome extension. I can't seem to find any information about the PUP online. Another issue that I've run into for the first time since buying this computer maybe 2-3 years ago is I keep getting an error saying "Not running genuine windows". I know it's genuine windows since it came with the pc I believe so I don't know why I'm suddenly getting this message out of nowhere. Also, I use a program which needs to use java to work. I uninstalled java because I'm unsure of what java to have installed that is safe. I would like to be provided with a safe version of java, and have it properly set up.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.05.25.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Jeremy :: JEREMY-PC [administrator]
5/25/2014 11:55:09 PM
MBAM-log-2014-05-26 (00-09-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279028
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folde... Read more

A:PUP.Optional.BestBuy.A and other issues

Hi 4youte and welcome to BleepingComputer!
 
Looks like you didn't told Malwarebytes to remove the infections, and also your version is outdated, let's download fresh copy.
 
Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.
Thank you.

41 more replies
Answer Match 71.4%

I ran Malwarebytes and found seven entries related to opencandy. I removed them via the program and ran it again and its gone but I read on this infection and it says that its caused by installation of a program. I would like to make sure that my PC doesnt have anything harmful on it now. Thanks in advance.
 
 
--------------------------------------------------------------------------------------------------------------------------------
(Malwarebytes Log)
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.16.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Jose :: JOSE-PC [administrator]
 
11/17/2013 12:03:46 AM
mbam-log-2013-11-17 (00-03-46).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237493
Time elapsed: 4 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\Jose\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Qu... Read more

A:Infected by PUP.Optional.OpenCandy

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

8 more replies
Answer Match 71.4%

I decided to do a Malwarebytes scan today and it caught a "PUP.Optional.BestBuy.A". I just want to make sure I'm not infected with anything else but am not totally sure where to go from here. My computer is running Windows 7.
 
Here is my Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/12/2014
Scan Time: 7:10:18 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.12.09
Rootkit Database: v2014.09.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ch0nG
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340067
Time Elapsed: 9 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 12
PUP.Optional.BestBuy.A, C:\Users\Ch0nG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp, Quarantined, [8841eb0145362214f03927b937cb2ed2], 
PUP.Optional.BestBuy.A, C:\Users\Ch0nG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopm... Read more

A:PUP.Optional.BestBuy.A - Possible next steps?

Many Potentially Unwanted Programs (PUPs) (to include toolbars, add-ons/plug-ins, and browser extensions) can be removed from within its program group Uninstall shortcut in Start Menu > All Programs or by using Add/Remove Programs or Programs and Features in Control Panel, so always check there first. With most adware/junkware it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In most cases, using the uninstaller of the adware not only removes it more effectively, but it also restores any changed configuration.Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders.Note: Some programs can be difficult to remove if their services and running processes are not disabled or turned off prior to attempting removal because they are in use. As such, it is easier to uninstall after booting into safe mode so there are less processes which can interfere with uninstalling the program.Remove anything else (newly installed programs) you do not recognize.The next place to check is your browser extensions and add-ons/plug-ins.How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google ChromeHow To Disable Individual Plug-ins in Google Chrome <- try only if the above does not workCh... Read more

5 more replies
Answer Match 71.4%

I can not locate optional updates downloaded from Windows Update site and "confirmed" as successfully installed. I checked on View installed updates in the Program and Features caption in the Control Panel. The updates that are there are those categorized as Critical, High Priority or Important. The rest of those categorized as Optional are nowhere to be found, though confirmed as successfully installed in the View Update History in the Windows Update site. Can anyone please help.

More replies
Answer Match 71.4%

Hi. On 2016-07-30 I ran a routine Malwarebytes scan on my computer. The scan found two PUP entries. These entries are detailed in the following Malwarebytes log:
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2016/07/30 21:43:13 -0500</date>
<logfile>mbam-log-2016-07-30 (21-43-05).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2016.07.31.02</malware-database>
<rootkit-database>v2016.05.27.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>DESKTOP-TPUDS46</hostname>
<ip>192.168.1.12</ip>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>brumh</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>custom</type>
<result>completed</result>
<objects>776140</objects>
<time>4484</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summa... Read more

More replies
Answer Match 71.4%

This was detected by Malwarebytes. Googling the subject I found at least 6 completely different removal instructions posted in various forums online.
Please advise the best way to remove this Trojan.
Thanks!

A:PUP.Optional.Babylon.A infection

 When you run Malwarebytes, it reports its findings.  At the bottom left corner of the window is a button that says Quarantine all.  If you click that and follow the onscreen instructions, it will quarantine everything it has reported.
 
Good luck.

2 more replies