Tech Problem Aggregator

Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Q: Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Hi there
 
Noticed my laptop was running a bit slow tonight so did a Malwarebytes scan - it found the aforementioned threats.
 
I quarantined them after the first scan and rebooted, did a further scan and they're still there.
 
Any help on removing them would be much appreciated.
 
Have enclosed a Hijackthis log... do you need the DDS logs as per the thread at the top of this forum?
 
Thanks in advance!
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:10:26, on 22/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Digiguide TV Guide\digiguide.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141" target="_blank" class="invilink">http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3227944992-3949249397-1304132861-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR (User '?')
O4 - HKUS\S-1-5-21-3227944992-3949249397-1304132861-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR (User '?')
O4 - HKUS\S-1-5-21-3227944992-3949249397-1304132861-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR (User '?')
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - S-1-5-21-3227944992-3949249397-1304132861-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Digiguide TV Guide.lnk = C:\Program Files (x86)\Digiguide TV Guide\Client.exe (User '?')
O4 - S-1-5-21-3227944992-3949249397-1304132861-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = David\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - S-1-5-21-3227944992-3949249397-1304132861-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?')
O4 - S-1-5-21-3227944992-3949249397-1304132861-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User '?')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Digiguide TV Guide.lnk = C:\Program Files (x86)\Digiguide TV Guide\Client.exe
O4 - Startup: Dropbox.lnk = David\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
O4 - Global Startup: NETGEAR WNDA3200 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
O4 - Global Startup: PHOTOfunSTUDIO 8.0 AE.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE239C28-C7A5-4C8B-B428-95506E375C95}: NameServer = 82.132.254.2 82.132.254.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: NETGEAR WNDA3200 Device Checking Service (WDCS_WNDA3200) - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 18284 bytes
 
 

A: Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Good evening.
 

do you need the DDS logs as per the thread at the top of this forum?

 
Yes, that's why it's there. HijackThis has not been seriously updated in some time and so is not considered worth the hard drive space, although I suppose that it acts as cheap advertising for Trend Micro.
 
Will you also let me have a copy of the detections that MBAM is finding. You can paste them into your next reply from the Logs Tab in MBAM.

2 more replies
Answer Match 84.9%

Malwarebytes scan found Conduit on my computer.
This is the message I got after having it deleted.
 
nsbCDCC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nscFC66.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsi7E1F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl5338.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl772F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nswF199.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsy88DC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
I did a search and found many removal guides for this so I wanted to make sure it is really gone.
 
Thanks,
Bonefish

A:malwarebytes found PUP.Optional.Conduit.A

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.-- Note: The contents of the AdwClea... Read more

5 more replies
Answer Match 84.9%

A friend of mine has been running scans with Malwarebytes and each time, PUP.Optional.Inbox has been coming up. What is it exactly, what does it do and most importantly how to get rid of it?
 
A google search of PUP.Optional.Inbox came up with some hits but none with ".inbox". 
 
TIA

A:Malwarebytes found PUP.Optional.Inbox

A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it.
PUPs include spyware,  adware, and dialers, and are often downloaded in conjunction with a program that the user wants.
 
Generally you delete these unless you know the program, and want to keep it -
 
Thanks -
EDIT - Be sure to Update the program (MBAM) prior to each use, as definitions change daily -

12 more replies
Answer Match 84.9%

I had a dozen attempts at a change of firefox home page during install of JetAudio basic from download.com (ie browser hijack popups warnings from Superantispyware) . I dont think it had got as far as install jetaudio, there was a cnet installer which asked if I wanted a bunch of other stuff, which I believe I rejected, but as I hadnt seen a cnet installer before (always seemed to just download a file in the past when I used this site, without pushing other downloads), I suppose I may have clicked on accept the first time foolishly thinking because they say clear of spyware I should trust the installer.I have since read some cautionary discussion on using the cnet installer, suggesting people have had problems even when rejecting any bundled downloads, seeming some junk can be bundled anyway? see here http://forums.cnet.com/7723-6132_102-591945-0/search-conduit-malware/ I also note that a few days before I started having problems with the shockwave flash plugin crashing - this may indicate separate issue, or maybe just be instability of the current version of firefox / flash perhaps Anyway, I ran Malwarebytes in full scan, found a lot of files associated with pup.optional.conduit.a I cleared those (log attached), and then ran malywarebytes again in quick, which came up clean. Always suspicious things are not always that simple, I searched for what I was up against, whether any other action required. I found this page: https://forums.malwarebytes.org/index.php?s... Read more

A:Malwarebytes found pup.optional.conduit.a

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513893 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

38 more replies
Answer Match 84%

Hi,
 
I ran Malwarebytes yesterday and it found PUP.Optional.OpenCandy. It appears that MBAM quarantined and removed it successfully. A subsequent scan did not find anything. I have not noticed anything irregular about my computer, but I would like to know if I am infected or at risk. Please find the MBAM log below.
 
Thank you very much in advance for your help.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.13.13
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Drew :: DREW-THINKPADX [administrator]
 
11/13/2013 8:25:28 PM
mbam-log-2013-11-13 (20-25-28).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405884
Time elapsed: 1 hour(s), 18 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\Drew\Downloads\PhotoScape_V3.6.5.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)
 

A:Malwarebytes found PUP.Optional.OpenCandy - Am I infected?

Hi Drew -
In the overall scheme of things this Potentially Unwanted Program >  PUP.Optional.OpenCandy is minor
 
Just run your Antivirus and Antimalware programs on a regular basis to remove them -
 
Regards -

5 more replies
Answer Match 83.1%

Hi all, I hope someone can help me or point me in the right direction.
I ran a Malewarebytes scan today and it found a PUP.Optional.Wajam.A in the registry category. I have now quarantined this but it follows something similiar which it found the other day PUP.Optional.OpenCandy. After search it seems I must have got the open candy one that must have attached its self with some free software program but where the Wajam one came from I have no idea! After looking at a few forums it sounds quite bad...any ideas how I can get completly rid of it? It didnt show on the second Malwarebytes scan but I just want to check its not hidden away!
Thankyou

A:PUP.Optional.Wajam.A and open candy found in malwarebytes

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

13 more replies
Answer Match 83.1%

When i was trying to connect to the internet on my windows laptop, i recieved a message that said that it could not resolve the ip address, due to a duplicate ip address on my system, or words to that effect. This worried me so I
1) rebooted into safe mode and disabled my virus protection
2) ran a Malwarebytes Anti-Malware scan which came back with PUP.Optional.MindSpark, and let it clean it
3) ran a trend micro houscall, which came back with EXPLCVE20130431, and heur swfmstr.a, which I let it clean.
4) I then ran FRST64.exe which gave 2 logfiles, see below.
 
NOTE, eclipse has stopped working on my machine, due to java runtime environment being not there anymore. I think Trend micro's clean must have broken my.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by dom (administrator) on DOM-VAIO on 14-03-2015 16:43:21
Running from C:\Users\dom\Desktop
Loaded Profiles: dom (Available profiles: dom & hooky sw)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Softw... Read more

A:Malwarebytes Anti-Malware found PUP.Optional.MindSpark

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
CHR Extension: (Avast Online Security) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-06]
C:\Users\dom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpduquzf.dll
C:\Users\dom\AppData\Local\Temp\winp.x643286603236552557303.dll
C:\Users\dom\AppData\Local\Temp\winp.x643468336870237779907.dll
C:\Users\dom\AppData\Local\Temp\winp.x645993274845538612934.dll
C:\Users\hooky sw\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8zg90_.dll

End
Save the files as fixlist.txt into the same folder as FRSTRun FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) ... Read more

11 more replies
Answer Match 83.1%

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer. 
Free Trial Avast comes up clean.
Free Trial Malwarebytes is a bit different:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d], 
 
Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2... Read more

A:PUP.Optional.Spigot.A, PUP.Optional.MyEmoticons.A, PUP.Optional.SearchProtection

Update:
Malwarebytes blocked PUP.RiskwareTool.CK from doing something (this was outside of a scan). 
A quick Google search has led me to understand that this particular PUP is not an issue? Is this true?

3 more replies
Answer Match 103.74%

  OK I am a moderate security guy trying to learn more from the REAL Security PROs. I was looking for server 2012 Installing and Configuring study material FOR FREE of course and got in a little to deep. I use Zone alarm firewall Free version and Malwarebytes religiously. As well as MSE as my regular day to day antivirus. Now normally I would not dig as deep as I did this time to get so ROOTKIT infected.
  Recently I ran GMER and found a lot of RED in the registry; Files and other important places so I figured I need to reimage my machine......! I also ran Kaspersky's TDSSKiller and it came back clean?? I will attach the Kaspersky log below... Now I also use CMS Product Ultimate BounceBack version 11.4.0.29, I believe so I can make all this go away with a backup reimage. But I am pursuing my Server 2012 MCSA and eventually want to become Security focused. So I have all the Rootkit tools and have played with them in the past but in my experience it has always been best to completely reinstall the OS version, Whatever the OS may be at the time, and move forward because otherwise you are never going to completely clean the machine. Not to mention, the time saved by doing this speaks for itself. All that being said I would still like to get a better understanding of this from a Security standpoint..... I am running a Windows 7 Professional Elitebook 8650p laptop with 240GB Crucial SSD and 16GB RAM.This time around I am going to use a HIPS such as Winpatrol but want a so... Read more

A:PUP.Optional.YourFileDownloader and PUP.Optional.InstalleRex believed rootkits?!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/537537 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Answer Match 102.06%

Hi Folks-
Been trying to eradicate PUP.Optional.Spigot virus. Now the Outbrowse has shown up.
Have tried to use Malawarebytes, Kaspersky Rootkit killer, AdWdleaner. Gets rid of it but shows up almost immediately. 
Seems to be in this location-
 
 PUP.Optional.Spigot.A, C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "https://search.yahoo.com/?type=994519&fr=spigot-yhp-ch",), Replaced,[267b049c215a3006d998c51aa4607a86]
 
______________________________________  
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by Ericsun at 16:14:01 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1494 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Micr... Read more

A:Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543666 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

8 more replies
Answer Match 99.54%

Hi, I downloaded Microsoft Visual Basic from Softonic.com on to my computer. When I scanned it with Malwarebytes it categorized it as "pup.optional" and when I pressed "Remove" it deleted it, the reason why I pressed "Remove" was because I though Malwarebytes would remove "PUP's" from the download, but it removed the whole thing instead. My question is, can I download it again, and is it safe? Since Malwarebytes just claimed it was a "Potential unwanted program", though I'm not sure what the "Optional" part was about. Also, I tried scanning other download installers that I have on my PC with Malwarebytes, and it didn't detect anything, so why only this one did they claim is "pup.optional"?

Any help is welcome, thank you!
 

A:Malwarebytes: pup.optional

16 more replies
Answer Match 98.28%

malwarebytes showed 13 of these, is my pc really infected? what do i do? thanks in advance for your help, im freaking out!
 
 
 
 

A:Malwarebytes:PUP.Optional.SweetIM.A! What is it? HELP PLEASE

Press remove selected at end of scan,and check with HitmanPro for other viruses.Good luck!

19 more replies
Answer Match 98.28%

this is a work computer, so I'll only be around 10a-5:30p EST.  "Computer guy" came about 6 weeks ago, ran Combofix, left.  After that, I  noticed that Conduit hijaked the browsers.  Uninstalled what toolbars I could find, changed settings in IE and Chrome, seemed to be gone. Still no symptoms.  Last week I saw the unsupported or unfound file image in the shortcuts next to the start menu, ran MBAM again, found this, deleted. ran other scans in safe mode w/networking, seemed clean.  Ran a scan just because today, no symptoms, 45 objects found.  Deleted again.  ran TDSS, found a partition. Don't know enough to comfortably delete.  Here's the DDS log.  I hope you can help quickly. My boss wants me to call the "computer guy" again, who I have no faith in, because every time we pay him to "fix it" I end up having to come here and get help because he doesn't actually fix anything, but still cashes the checks.
edit:1:46pm EST  Avira just popped up with detections of TR/Trash.Gen and TR/Drop.Softomat.AN in the System Volume Information folder, as both .exe and .dll under real time protection.
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 12:56:02 on 2013-08-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3033.2209 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Runnin... Read more

A:PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Third party programs if not up to date can be the cause of infiltration an infection.Please restart the computer before running this security check.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the on... Read more

9 more replies
Answer Match 98.28%

Hello,
I ran Malawarebyes and it said that some of my registry keys are infected. It quarantined them but I just want to make that there isn't another step I have to do to make sure its gone. Below is the log. Thanks!
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Tisha :: TISHA-HP [administrator]
12/11/2013 7:24:11 PM
mbam-log-2013-12-11 (19-24-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214460
Time elapsed: 11 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Op... Read more

A:PUP.Optional.Bandoo & PUP.Optional.Searchqu

Welcome JoRayne, to be sure we can do these.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.A... Read more

8 more replies
Answer Match 97.44%

I just posted in the virus/malware forum about MalwareBytes showing my computer is infected with PUP.Optional.Conduit.A and will be waiting for a reply for the time period stated (about five days). But what i wonder now is I still have the Malwarebytes window open showing the 22 instances of PUP.Optional Conduit.A and PUP.Optional.Conduit files still on my computer. 
 
I can checkmark those and hit "remove slected" or hit "ignore." 
 
Which should I do until I get further information from a volunteer here from BleepingComputer.com? 
 
Thank you very much, 
Brian 
 

A:Do I remove PUP.Optional.Conduit.A in Malwarebytes too?

This is usually related to the Conduit toolbar. Did you intentionally install this?

3 more replies
Answer Match 97.44%

I deleted it but im afraid it's not gone. can someone please help me?  The pc is running slow and a lot of stuff shows up on the bottom left side of the screen on all browers! It corrects itself if i re freash the page. Thanks so much!

A:Malwarebytes said this:PluginInstall.exe (PUP.Optional.Conduit.A) What do i do?

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

17 more replies
Answer Match 96.18%

Hi, 
 
For the last 2 weeks every time I scan my computer with Malwarebytes it shows that there is 1 infected file, in the: C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000. It says that it is a PUP.Optional.Installrex and I get rid of it everytime but it keeps returning. I have no idea what causes this so I hope someone can help ;)
 
This is what the log says btw (in Dutch partly sorry for that) :
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Databaseversie: v2014.02.27.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Username :: User [administrator]
 
27-2-2014 17:57:39
mbam-log-2014-02-27 (17-57-39).txt
 
Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 412176
Verstreken tijd: 37 minuut/minuten, 8 seconde(n)
 
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
 
Bes... Read more

A:pup.optional.installrex keeps appearing on scans with Malwarebytes

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===I see you are running an outdated version of Malwarebytes Anti-Malware.To update, open the program, click the Update tab, and click the 'Click here to find out more and check it out!' link - see screen-shot.http://s28.postimg.org/olomuur6l/MB_screenshot.jpgRun the application and clean everything that is found.Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click th... Read more

2 more replies
Answer Match 96.18%

Hello, 
 
I have run Malwarebytes and it has detected Pup.optional.installMonetizer and even after removing and rebooting it is re-installing
 
I ran ESET scanner and it is picking up 2 viruses so far. Both are a variant of  Win32/Amonetize.W application
 
Any help is greatly appreciated!
 
wpfast 
 

A:Pup.optional.installMonetizer detected by Malwarebytes keeps reloading

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desk... Read more

33 more replies
Answer Match 96.18%

I've run the following to try to remove this but no success. It comes back after a reboot.
 
- adwcleaner_3.310
- HitmanPro_x64
- JRT (Junk Removal Tool)
 
I've read that running FRST can help diagnose this specific issue. I've attached the related files. Thanks for any help!!

A:PUP.Optional.Spigot.A - malwarebytes / adwcleaner etc does not remove

Hello  tsalb and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
 
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
 
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with o... Read more

2 more replies
Answer Match 95.34%

I got a notice on my taskbar from MB that my website protection was disabled and to click on it to enable it.  So I did then I decided to run a scan with MB and there was an update to MB so I did that first and then ran a scan and it came up with  PUP.Optional.Searchprotect.A so I deleted it and scanned again and it came up with a clean system.  Over the past few days I have been downloading things like SDK and roms for my phone but I scanned all of them with MB and they were always clean. Should I be worried that there could be something left over from this? I have not done anything else at this time.
 
Thanks for any help.
 
Winows 7 service pack 1

A:Malwarebytes Anti-malware caught PUP.Optional.SearchProtect.A

Hi statos.
 
 Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
-------------
 

 
  Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next... Read more

2 more replies
Answer Match 94.5%

Malwarebytes found and removed several (15) PUP.optional objects and one Adware object. I am a little nervous that the computer may still be infected as it still a little slow and IE is having some minor problems.
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502
Run by Mary at 3:36:35 on 2013-08-29
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4060.2593 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Pr... Read more

A:Several PUP.Optional found

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505985 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

3 more replies
Answer Match 93.24%

Ran Malwarebytes and attached the log. Please let me know my next steps.
Thanks for your help!

A:Found PUP.optional.defaulttab.a - now what?

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with OTLDownload OTL by OldTimer and save it to your desktop.Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administratorClick the "Scan All Users" checkbox.
Note: If you are using a Windows 64bit... Read more

15 more replies
Answer Match 92.4%

A PUP detection means a "Potentially Unwanted Program". PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading.PUPs may be defined somewhat differently by various security vendors. This is what Malwarebytes has to say:What are the 'PUP' detections, are they threats and should they be deleted?.If you recognize the PUP detection(s) as belonging to a program you installed and/or want to keep, you can add those items to the exclusion or ignore list (by right-clicking) so they will not show in future scans. If you don't recognize the detection(s), then you can remove them. ...Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run on Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a users Facebook wall, and friends who ... Read more

A:PUP.Optional.CrossRider found by MBAM - What should I do?

Thank you for the information. I have not noticed any aberrant behavior on my laptop and none of the other scanners (Avast, Gmer, TDSSKiller, Stinger, SUPERAntiSpyware) have reported anything amiss. Since I am always wary of deleting any item from the registry, I think I will leave these 9 items. Make sense?
 
Thanks again.
 
    David

9 more replies
Answer Match 91.14%

I am not being successful at eliminating the audio ads

A:audio ads- found backdoor bot and pup.optional regclean pro

Hello hapybus I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

44 more replies
Answer Match 89.46%

A Malware Bytes scan yesterday has discovered the PUP.Optional.Amonetize trojan.
 
I would like help removing this from my system.

A:Malware Bytes has found PUP.Optional.Amonetize trojan, would like help removing

Please run these tools to see if it helps to solve your problem
 
Junkware removal tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/
 
ADWcleaner
http://www.bleepingcomputer.com/download/adwcleaner/
 
Both of these tools will create a log after running, could you please post the logs so we can see what has been removed
 
If you are unsure about anything or have any questions about any of the tools then feel free to ask 

1 more replies
Answer Match 88.62%

My PC will sometimes go to bluescreen at Windows Login Screen when I use both the touchpad and click buttons to move the mouse to select User Account. The Bluescreen error has been included as an attachment and I've transcribed technical information:
INVALID_PROCESS_ATTACH_ATTEMPT STOP: 0x00000005 (0xFFFFFA8003B4F740, 0xFFFFFA800659DB30, 0x0000000000000000, 0x0000000000000001)
Dumping of Physical Information always reaches 100, then computer shuts down. When PC is turned on, 100% fan is indefinite through normal boot (which is always sluggish and I get options to boot normally, safe mode, safeM + CMD,...etc.) and throughout usage. If I do not manually restart the computer, the computer fan will sit at 100% indefinitely. Laptop and vents have not been disassembled and cleaned in one year, and Laptop has never shut down from overheating nor has ever warned about overheating.

Keyboard Keys do NOT send PC to bluescreen.
If for some reason my Login Account is already selected, even if I enter password and hit enter, i can crash at any time if the touchpad is simply touched, up until the blue loading screen vanishes revealing desktop.
Using a mouse or any USB ports do not send PC to bluescreen.
I've tried waiting a few minutes for the computer to sit at Windows Login screen before using trackpad and click buttons, but it still goes to bluescreen.
Happens with all combinations of battery installed/absent + plugged in/unplugged.
My Computer Repair guy told me to unp... Read more

A:PUP.Optional found, INVALID_P...PT bluscrn crash, explorer.exe crashes freq.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

2 more replies
Answer Match 73.08%

Hi just did a Malware scan and found these PUP,S ,,,PUP Optional Binkiland and also PUP Optional Gameo please any help greatfully recieved thanks 

A:PUP Optional

Hello harty and Welcome to the BleepingComputer.   
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsu... Read more

57 more replies
Answer Match 73.08%

Hello to all the good people at bleeping.
 
I have been runing malwarebytes scans and super anti spyware scans and adwcleaner and so on and everytime I run the malware bytes scans there is a pup optional.findwide.A
Technically I understand that is not a virus per say but can lead into other malicious threats.
 
I looked up in the C folder and I can't find anything there I do know the pup.optional.findwide.aC:\users\regina\appdata\local\google\chrome\userdata\default\preferences.
this is what the malwarebytes is scanning.
 
I have reset the browser in google chrome and
done what all I think to do.
 
I know this kind of thing is browser hijack.
 
Can anyone give me a opinion on what other methods to do?
 
Thankyou for reading,
 
From Gina

A:Can't get rid of pup.optional

Hello GinaLets also do these and see what we get.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 us... Read more

7 more replies
Answer Match 73.08%

Hello, I just ran a  Malwarebytes scan as I ocasionally do.  This time, for the first time,  I did a full system scan and it found the PUP.Optional.1.9.1 malware. It located it in a programme on my desktop, Unlocker.1.9.1.exe. Other scans with AVG and House Call don't pick anything up. The Unlocker programme is important to me because without it my photshop  files are consistantly locked by Explorer and I can't progress my work. For this reason I didn't want to be too hasty in removing the 'infection'. My PC works just fine and I think PUP stands for potentially unwanted programme.  Potentially? Am I safe to leave it? Please can you advise me? Many thanks in anticipation - Ian.

A:PUP.Optional.1.9.1

I've used Unlocker quite extensively in the past. It can be of great use. From what I remember, it will install some extra "junk" during the setup if you're not carefully reading and forget to uncheck a couple of boxes. That aside, I believe the program to be safe and have never had an issue with it.

6 more replies
Answer Match 73.08%

Hi everyone.. new here, I've been using MSE 12mths no problems, my ? is why is MSE optional on updates?

A:MSE Optional

Welcome to the Seven forums!

Are you sure that it is MSE that you are seeing or could it be MSE updates?

5 more replies
Answer Match 72.24%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4001 Mb
Graphics Card: Intel(R) HD Graphics, 1808 Mb
Hard Drives: C: Total - 940261 MB, Free - 876787 MB;
Motherboard: Dell Inc., 0CXTWJ
Antivirus: Microsoft Security Essentials, Updated and Enabled

I have Malware Premium and scan everyday. It keeps finding multiple Pup.Optional. PC Privacy Dock and Pup.Optional Hawker A files. I delete them everyday, and the next day it finds more of them. What are these files, and where do they come from? Are they harmful? How can I prevent them from "invading" my PC?

 

A:Pup. Optional files

10 more replies
Answer Match 72.24%

CANNOT get rid of this even switched from Firefox to chrome. Ran MWB here is the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.07.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: FAMILYROOM [administrator]
 
9/7/2013 1:44:09 PM
mbam-log-2013-09-07 (13-44-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 275904
Time elapsed: 25 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer.1 (PUP.Optional.Amonet... Read more

A:It's back again PuP.Optional.xxx.a

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

25 more replies
Answer Match 72.24%

Please help!

I have just switched from dial up to LAN nad although my connection says it's operational it does not actually do anything. I am accessing the web now by using my old dial up. in internet options/connections tab, , I cannot click on anything except the SETUP tab. Ie, nothing else is highlighted as such. I don'y know whether this is connected to the problem or not. In WIN XP help and support, I ran the Network Diagnose Scan system - result is that internet explorer web proxy not configured. In desperation, I have copied the scan results here. Please can you help but bear in mind that I am not really all that computer literate. Thank you!
nternet Service
Default Outlook Express Mail

Not Configured

Default Outlook Express News

Not Configured

Internet Explorer Web Proxy

Not Configured

Computer Information
+ Computer System

NATASHA

AdminPasswordStatus = 3
AutomaticResetBootOption = TRUE
AutomaticResetCapability = TRUE
BootROMSupported = TRUE
BootupState = Normal boot
Caption = NATASHA
ChassisBootupState = 3
CreationClassName = Win32_ComputerSystem
CurrentTimeZone = 120
Description = AT/AT COMPATIBLE
Domain = WORKGROUP
DomainRole = 0
EnableDaylightSavingsTime = TRUE
FrontPanelResetStatus = 3
InfraredSupported = FALSE
KeyboardPasswordStatus = 3
Manufacturer = ATI___
Model = AWRDACPI
Name = NATASHA
NetworkServerModeEnabled = TRUE
NumberOfProcessors = 1
PartOfDomain = FALSE
PauseAfterRe... Read more

A:Lan Settings Not Optional

What type of connection do you have and what brand and model of modem. Are you using a router or hub? What brand and model?
Looking at your log I would believe you do not have a ethernet connection for what ever reason.

11 more replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

My computer automatically updated today. Upon going through the list of updates there where two optional updates one for English and the other for CXT-Network-PCI soft data fax modem with smart CP. What are they? Do I really need them? I checked the Microsoft help thing when your right click for info. All I could get was it was a driver and nothing else.

A:optional update

You must have this kind of card on your system using Windows drivers, then when there is a new driver WU propose it to make an upgrade.
My personnal advise regarding WU setup is to look for updates letting you the choice to download and install them.

2 more replies
Answer Match 72.24%

I just did a clean reinstall of windows 7 on my toshiba laptop. Now when I goto windows update it doesnt display optional updates at all. There isnt a place for it. Before the reinstall I didnt have this problem. Anyone know how I can see the optional updates?

A:Help with optional updates

Look in the Windows Update settings in Control panel. There should be a box to check that says something like "Offer optional updates the same way I receive Windows updates".

5 more replies
Answer Match 72.24%

I am infected with the Conduit malware.  I ran Malwarebytes and it came back with over 600 threats named pup.optional. conduit A.  When I try to change the internet homepage it defaults by to the the browser logo page.  I have attempted several times to remove the virus but it keeps returning. I also get a DLL run box when I start indowsThis my first time with 600+ threats.  Please advise on how to remove.  Thank You
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2012 6:11:05 AM
System Uptime: 3/25/2014 3:01:04 PM (56 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 867.11 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 3/16/2014 7:00:04 PM - Windows Backup
RP223: 3/18/2014 1:14:59 AM - Windows Update
RP224: 3/22/2014 11:17:34 AM - Windows Update
RP225: 3/23/2014 7:00:05 PM - Windows Backup
RP226: 3/26/2014 1:37:55 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin... Read more

A:PUP Optional Conduit A

Hello rosemel I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

16 more replies
Answer Match 72.24%

I&#8217;d appreciate some help and I&#8217;ll provide background:
o) A few weeks ago my 3 year old Dell Studio 7100 Windows 7 PC, with McAfee Total Protection, started having intermittent network connectivity issues (both wireless and Ethernet connection). Rebooting fixed the problem, but only temporarily.
o) I installed Malwarebytes and it found problems that I deleted.
o) I&#8217;ve been working with a Tech Support Guy on the network connectivity issue and I may be close to a solution.
o) Today, Malwarebytes found &#8220;PUP.Optional.MYPCbackup&#8221; and I&#8217;m not sure if I should delete it.
o) I ran the sysinfo.exe file and the result follows:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X6 1055T Processor, AMD64 Family 16 Model 10 Stepping 0
Processor Count: 6
RAM: 8191 Mb
Graphics Card: AMD Radeon HD 6600 Series, 1024 Mb
Hard Drives: C: Total - 939785 MB, Free - 853579 MB; E: Total - 476937 MB, Free - 452321 MB;
Motherboard: Dell Inc., 0NWWY0
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

< link to original issue posted here http://forums.techguy.org/networking/1146675-windows-cant-communicate-primary-dns.html
The system ran great until a couple weeks ago when intermittently the computer just "spins" when I try to view an open browser tab (e.g. MSN.com). This sometimes happens after computer wakes up, ... Read more

A:PUP.Optional.MYPCbackup - What to do?

16 more replies
Answer Match 72.24%

Anyone get this virus lately?

PUP.Optional.DefaultTab.A

thanks
 

A:PUP.Optional.DefaultTab.A

Hello bsacco and Welcome to this forum.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.

Please follow the instructions outlined here.
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html
 

1 more replies
Answer Match 72.24%

Hi,
 
I'm working on Windows 7 (64) using chrome as my browser.  I recently got a PUP detected by Malwarebytes of PUP.Optional.Conduit.A which recurs every time it's quarantined.  A second infection was detected once during this infection as well, but it hasn't recurred (I believe that infection was something related to "Spigot" which I had once on my computer last year)   
 
I have not noticed any symptoms on my computer.  I have not downloaded anything that could be an obvious source of the program.  
 
Thanks for any help you can offer getting rid of this pesky program! 
 
Heather
 
 
 
Here's my FRST.txt info:
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by user (administrator) on USER-PC on 28-04-2015 14:15:53
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AM... Read more

A:PUP.Optional.Conduit.A I don't know how to get rid of it

Hello userhw,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could... Read more

29 more replies
Answer Match 72.24%

Having trouble removing this permanently. Keeps coming back after Malwarebytes quarantines it. Any help would be greatly appreciated. Thanks
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:30:07 AM, on 6/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Tracy\Desktop\Malware Virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-i... Read more

More replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

I cannot get rid of this virus/malware/pup.

I noticed my cpu performance was running very slowly, so I ran MBAM. It detected the above, and I restarted to complete the clean up. Upon a restart, I rescanned in safe mode and nothing was found. However, I still noticed slow performance, and I scanned with MBAM again in regular mode. It found the PUP but did not clean it out. I ran ESET online scanner, but this could not get ride of it either. I will post my required logs below.
 

A:Cannot get rid of (pup.optional.bprotector.a )

15 more replies
Answer Match 72.24%

hello
i have my problem back
iv seen some of the old infections on the super antispyware scan
computer/ browser not responding, takes forever to to anything
is slow at booting up also
running slow

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Business, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, x64 Family 6 Model 15 Stepping 10
Processor Count: 2
RAM: 1005 Mb
Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb
Hard Drives: C: Total - 76316 MB, Free - 41504 MB;
Motherboard: LENOVO, 766512M
Antivirus: AVG AntiVirus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled

that is weird i have previously deleted /removed avg and put in Vipre on trial but computer wouldn't work properly with the firewall working so im using windows firewall and vipre for the rest
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 14/06/2012 2:21:56 PM
System Uptime: 2/10/2013 5:53:20 AM (2 hours ago)
.
Motherboard: LENOVO | | 766512M
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 40.233 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Ac... Read more

A:pup.optional.mysearchDial.a

16 more replies
Answer Match 72.24%

A past update for Powershell 2.0 and WinRm 2.0 was designated Optional. (Which I didn't download. Do I need this?) Had trouble with the recent Live Essentials update and after some reading uninstalled Windows Live from my system which re-designated the Live Essentials update from Important to Optional. Now I find that the Powershell/WinRm package has changed ftom Optional to Important. Any idea why and how I should proceed?

Thanks.

A:From Optional to Important

Windows PowerShell is a new Windows command-line shell designed especially for system administrators. The Windows PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination.

Do you need it?

3 more replies
Answer Match 72.24%

hello i have been having trouble with pup.optional.mysearchDial.a
pup.optional.Dealply.a

when i click a new tab this my search Dial page comes up ( it is a a pup)
but when i press the home page it is google like it is spose to be
often get pop up coming in
computer running slower
firefox stops responding

i did have quit a few mysearchDial.a
pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
but i guess they will appear again after using computer for a bit ??

iv got malawarebytes, superantispyware, hitman pro, avg free
can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on
 

A:pup.optional.mysearchDial.a

16 more replies
Answer Match 72.24%

I ran malwarebytes and it has found several Pup.optional infections.
 
Heres the log from when i ran it
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2014.01.23.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-76814CAF25 [administrator]
23/01/2014 19:22:14
MBAM-log-2014-01-24 (16-45-16).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439965
Time elapsed: 5 hour(s), 25 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKCR\CLSID\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\Toolbar.CT2504091 (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWA... Read more

A:Pup.optional Infection

Hi David, this doesn't look too bad.Please run a FRST scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

2 more replies
Answer Match 72.24%

My computer is acting slow and sluggish, and when I run Malwarebytes it comes up with something called PUP.Optional.Conduit.A, I let it remove it and when i scan again later, it is still on my system. Is there a way to get rid of this permanently? Or is there more on my computer that is making it slow? Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:45 PM, on 10/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Malwarebyte... Read more

A:PUP.Optional.Conduit.A

7 more replies
Answer Match 72.24%

My internet was unusually slow today so I decided to use Malwarebytes to scan for viruses. It detected 22 items all called pup.OPTIONAL.tarma.a. I deleted all of them but I am worried I still might be infected, any idea what I should do?
 

A:pup.optional.tarma.a

Hi -
First these are all Potentially Unwanted Programs that have been found. Always delete them.
 
Now - Update and Re-run the MBAM scan and check if any PUP items still exist - Also a Full scan with your Antivirus.
These will only return if you visit, or download from sites that contain these infectins.
 
Thank You -

1 more replies
Answer Match 72.24%

Had to do another reinstall of W7. Are any of these optional updates needed ?

A:Optional Updates

Define 'needed'!
The OS will run happily and securely without them - but they do contain some nice enhancements.
I'd install everything offered except the Bing and Live stuff (unless you actually want those) - and hide those so that they don't get in the way (at least until they are updated again)

2 more replies
Answer Match 72.24%

Hi guys, I have these pending optional updates, question is, is there a need to install them? According to the Microsoft support page, some of these updates fix certain issues on some devices. I am not experiencing any of the said problems so I am wondering if I still need to install the updates. Thanks

A:Optional Updates

I had two of those, KB3042085 and 2976978. One seems to be yet another pre W10 update. Installed them OK.

If you install these would you look at something first just to satisfy my curiosity. What is your free disc space before and then after installing these ?

14 more replies
Answer Match 72.24%

I have anti virus software as well as Malware Bytes. Every single time i run a full scan on both programs my anti virus software doesn't spot this ad ware but Malware Bytes does. I have to restart my computer to get rid of it. But once i run a scan again; right after i restarted my computer the ad ware appears again. IDK what to do, i'm not very keen on downloading some ad ware blocker program but if that's the only option then its fine. Any suggestions on how to permanently get rid of this. 

A:pup.optional.conduit

Hello and Welcome -
Please read http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/
 
Make sure that all items are selected, or you will not have removed them.
Please select your last Malwarebytes Scan, and Copy / Paste it back here.
If you are not able to find it, Please Update your copy of the program, and run a Full Scan.
Then Copy / Paste that log back here.
 
 
Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
Please Copy and Paste the small log back here
 
 
Now: Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Note Do not click on the Scan or Clean button more than once, as this may cancell all results
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. 
* If you see any which you do not want removed, remove the check mark next to it. 

* Next: Click on the Clean button (only once) to remove the selected items. 
* You will receive a message telling you that all programs will be close so that the infectio... Read more

2 more replies
Answer Match 72.24%

2.
I was trying to get a game to play on Voobly working properly which required port forwarding and so, I had to set a static IP and use this tool from portforward.com to test if the ports were opened or not. I was on the phone while installing the software which resulted in me accepting what I thought was a window for going forward with the installation. Two more accept/decline windows followed it and I knew I messed up (I hit decline on those).
 
I ran a full scan using Malwarebytes and it found 9 infections on my computer by the name in the title.  I use firefox and have no toolbar on my windows or in my add-ons. I looked in my "Add or Remove programs" and found nothing new. Should I remove that portforward.com tool? I ask because they seem to be pretty trusted, the optional downloads are what seem to be malicious.
3.
I use windows XP and am planning on upgrading soon.
4.
I ran Malwarebytes.

A:PUP.Optional.Conduit.A

Hello -
Please run these few programs and Copy / Paste the logs generated. Temporarily Disable Your Anti-virus if needed
 
 
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.
 
 
Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)
 
 
Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will run for about 2 minutes
Copt and Paste the log it produces.
 
 
Important: Do not reboot your computer until you complete the next step.
 
 
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Clic... Read more

15 more replies
Answer Match 72.24%

I need help getting rid of PUP.Optional.Conduit. I have run Malwarebytes and House Call and Avast. Malwarebytes sees it and I try to Remove it but it keeps coming back. It makes IE freez. Help!!! I am running win 7 64BIT.

A:PUP.Optional.Conduit

http://www.bleepingcomputer.com/download/junkware-removal-tool/
this works pretty well.
I would also reset IE back to default to be sure, and run c cleaner.

5 more replies
Answer Match 72.24%

My first post here at this site. Sorry if I make mistakes with any of your rules.
 
I have this nasty little problem that I can't seem to get rid of. I am told it isn't a virus but rather just a program that steals information and finds it's way deep into my labtop. I am not really experienced with getting rid of such things but I have tried a few things to no avail. All it is really doing is making videos run slow and studdering, and making everything else slower. I have an older labtop so it is already slow enough. 
 
I run the free version of avast, and the free version of malwarebytes. When I run an avast scan nothing shows up, and when I run the malwarebytes one line comes up (PUP.Optional.Conduit.A). I hit the quantine button and seems to go away, but as soon as I run another scan it is right back on there. 
 
I uninstalled Chrome, and reinstalled it and ran another scan and it wasn't there. But as soon as I watched a video on youtube it was back. I tried googling PUP.Optional.Conduit.A and there was a 4 step removal guide that I tried. First step was to use start menu to open "remove programs" find it and remove anything with Conduit in the program. I tried that and found none. I searched all programs and still couldn't find it. But I know it is there, because every time I run a malwarebytes scan it shows up. 
 
I went ahead and did the other 3 steps of the 4 step plan which included adding AdwCleaner and running a scan, Then add Malw... Read more

A:PUP.Optional.Conduit.A

Conduit probably installed a start-up item.  It may also be listed in Programs and features as a program that's installed. I would check your start-up items and programs and features list to see, but first need to know what version of Windows your running.

5 more replies
Answer Match 72.24%

Hi -  Malwarebytes keeps finding this on my computer - pup.optional.conduit.a in google/chrome/user data/default/preferences.    I've read this forum, the malwarebytes forum, etc.. and tried the different fixes using different tools.   It will be gone .. then return again the next time I run a Malwerebytes scan.       I recently was having shut-down problems w/ my my Acer laptop after the latest Windows 8.1 update, tried many things and ended up doing a factory reset, which fixed that problem so everything is pretty fresh.      I did a reset of Google Chrome last night.   I got a clean scan on Malwarebytes but it's back again today.  I'm really getting frustrated and beginning to wonder if this is a false positive or something.  I hope that someone can help me.  

 

A:PUP.Optional.Conduit.A

Hello jewelz... I moved this to the Am I Infected Forum.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows... Read more

11 more replies
Answer Match 72.24%

Hi.

Just done a Malwarebytes scan which found PUP.Optional.Somoto in my downloads folder. Says it's infected in my DVDShrink download.

Can't seem to find any information on this. Is this harmless adware, or should I be worried?

A:PUP.Optional.Somoto

Well....lets take a look and see what we can find.

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any antivirus programs during ... Read more

12 more replies
Answer Match 72.24%

Hello

I just recently bought a new computer 1.5 half weeks ago, and I've already experience 3 crashes on it, though the temperature of the GPU and CPU never exceeds 60 degrees celsius and rarely ventures above 50 degrees. Therefore I decided to reformat and install Windows 7 once again after the thrid crash. After I installed my most used programs so that I'd be able to use my computer again, I installed Malwarebytes Anti-Malware and ran a can of my system and I noticed I already had an infection, which baffled me. I had just reformatted the computer an hour earlier. So I tried removing it with Malwarebytes and other software but with no luck. I don't know if this is related to my computer's crashing problem, but I feel like it's something that's been transferred from my previous older computer as I bought a new one, cause it suddenly started crashing during games in League of Legends after 2 years of use. The symptoms and times of crashes of my new computer is the same.

Since the synchronization of google chrome transfers my preferred settings I'm thinking that the issue may lie herein, as the path in which the PUP is located is Google\Chrome\User Data\Default\Secure Preferences.

I've tried running GMER several times and saving it but absolutely nothing happens when I press the "Save..." button.

I do have access to a Windows Install Disk

DDS.txt below:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Quezacotl at 23:1... Read more

A:PUP Optional.Trovi.A

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible).
Click the blue 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

19 more replies
Answer Match 72.24%

Hello,

I recently performed a scan using Malwarebytes Anti-Malware and it reported my CPU being infected by (3) PUP.Optionals, one of which being PUP.Optional.Somoto. The CPU is completely asymptomatic and I wouldn't have noticed anything different if it wasn't for running the scan. I've attached the preliminary logs and any help is greatly appreciated. Unfortunately, I was unable to get GMER to work. I "blue screened" on the first attempt and then the CPU completely froze on the second try ...

DDS.txt


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by amy at 13:21:41 on 2013-09-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.463 [GMT -7:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_C... Read more

A:PUP.Optional.Somoto

Hello, calex_uo.

Please send me the Malwarebytes scan log showing the detection.

Open Malwarebytes Anti-Malware>>Click the 'Logs' tab
Select log from the date of the desired scan, they're named mbam-log-2013-xx-xx [10-11-12].txt
then click the 'Open' button. Once the log is open, copy/paste the content of that log into your reply.

PUP detections are Potentially Unwanted Programs. These are programs Malwarebytes researchers have found are sometimes added to a system without the user's knowledge or approval. These are not malicious, just potentially unwanted.

5 more replies
Answer Match 72.24%

Where do these files come from? I have found them with malwarebytes and deleted them, but later there are more showing up again.

A:[SOLVED] PUP.optional

PUP is an acronym for Potentially Unwanted Programs, which are added to a system without the user's knowledge or consent. They are usually bundled with other software downloads. While downloading and installing a software, care should be taken to uncheck other offers of software, if not wanted.

PUP (Potentially Unwanted Program) Definition

3 more replies
Answer Match 72.24%

Hi, a scan with MBAM found and quarantined this PUP. Do I need to clean up any remnants and if so how? and would you advise installing Unchecky to help prevent these things creeping into my system again? Thanks.

A:PUP Optional Spigot.A

teddyboy,

Hi and welcome to TSF.

Please note that this is under the supervision of an expert analyst.

Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs (dds.txt, attach.txt and gmer.txt) mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post.

Please Read! "Who is Helping you?"

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Thanks. I can begin working on removing your malware when you submit those logs.

Please be patient with me during this time.

5 more replies
Answer Match 72.24%

Hello,
 
I was wondering if anyone could help me remove infected items reported by Malwarebytes. I removed them before however they seem to have returned. They are named variations of PUP.optional.Conduit.A and are registry keys and files/folders. I have done another scan and it says they are removed but I would like to be certain they are gone is there any other ways I could do this?
 
Thank you

A:PUP.optional.Conduit.A

 I'd do a scan with Malwarebytes and my antivirus program in Safe Mode.  I have to tell you that Conduit malware is very hard to get rid of because it sinks it's teeth into many parts of your system.  You might try the Revo Uninstaller too.
 
Good luck.

4 more replies
Answer Match 72.24%

Please help me to be sure this system is safe.
Thank You
 

A:Pup.Optional.Mindspark.A

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Answer Match 72.24%

I just ran a malwarebytes scan and it found several instances of "pup.optional.defaulttab" in various locations in my computer.  Both before and after I ran the scan, I see this warning every time I open up Google Chrome.
 
Here is a copy of the mbam log after I ran the scan also.  Thank you for your assistance and expertise

A:Pup.optional.defaulttab

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (N... Read more

19 more replies
Answer Match 72.24%

My computer had PUP.Optional.SearchProtect.A
 when scanned with Malwarebytes.  Malwarebytes says my system is now clear, but something seems to be chugging all the time in the background.  I'm wondering if there is still some residual infection.  Thank you for any suggestions.

A:PUP.Optional.SearchProtect.A

Hello HelenLet's look at some more.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double clic... Read more

22 more replies
Answer Match 72.24%

It is recommended to install all optional updates or take the time to research select only those that are relevant to your system? Can the update either be uninstalled or installed at a later date if there is a problem?

More replies
Answer Match 72.24%

ok i have a dell optiplex gx260 here is a description:
4T274 PRINTED WIRING ASSY, PLANAR (MOTHERBOARD), GX260, 845G, AUDIO/VIDEO, GIGAHERTZ NETWORK INTERFACE CARD/CONTROLLERS, 2
9K795 PROCESSOR, 80532, 2.0G, 512K, 400FSB, SOCKET N
3K113 DUAL IN-LINE MEMORY MODULE, 256, 266M, 32X64, 8K, 184

when i went to upgrade the ram Kensington said i have a 2.53 ghz cpu, can i upgrade processors without changing the motherboard? if so what is the top speed i can reach. forgive the novice in me, i am a damn good mechanic, but computers are a little foreign to me.
 

A:optional cpu for my dell

Theoretically your 845G chipset should support 533FSB as well as 400FSB, so a Prescott might go in nicely (up to 3GHz).
BUT, it being Dell, it is probably a castrated version.
This would be the optimal CPU: http://www.excaliberpc.com/Intel_Pe....93GHz/JM80547PE0771M/partinfo-id-562784.html
but perhaps others have a better idea?
 

2 more replies
Answer Match 72.24%

Any danger in not installing optional updates? I have nine of them waiting in line and my machine is working just fine. Pros and cons, please?
Thanks in advance

A:Optional Updates

Optional means just that: optional. It won't hurt to not install them. I hide anything to do with Bing and, if I were to unhide them, there would be many more times nine setting there.

8 more replies
Answer Match 72.24%

Received the following update from M$ today, not sure what it is wanting to do -

"nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GTX 260

Download size: 252.2 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

nVidia Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware software update released in February, 2015"

Could someone shed some light on this ?
Thanks

Joe

A:Optional Update - not sure what it is ?

This is an update to your NVidia graphics card drivers, etc. It is optional because it is not necessarily required.

I personally always go to the manufacturer's (NVidia in this case) support site and get the latest drivers from there if I feel I need to update them.

Paul

3 more replies
Answer Match 72.24%

Found PUP.Optional.AlexaTB.A after running a Malwarebytes scan. It says that quarantined and deleted successfully. Is that all there is to it or do I need to run something else? Thanks! The Malwarebytes log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Grant Writer :: HP88342945029 [administrator]

10/22/2013 9:39:21 AM
mbam-log-2013-10-22 (09-39-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315574
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

More replies
Answer Match 72.24%

I have a
Gateway One All-In-One Desktop with Intel® Pentium® Processor - Microsoft Windows 7 Home Premium Edition 64-bit operating system preinstalled.Optional update:
I recently went to the Critical Updates and saw the following:

"Intel Corp - Display Mobile Intel (R) 4 series expires chipset family" - 21 MB (which is quite a large update)

Just what is this update and should I install it? This is our grandson's computer and we would not want to cause any problems or damage by installing this Optional Update. Nothing appears to be wrong with our graphics, etc.
Please advise and thank you.
Alice Z
 

A:Optional Update

I installed this onto my laptop and considerably improved the graphics on it.
 

3 more replies
Answer Match 72.24%

I have never installed a single optional update because I don't really know what they are all about although some are obvious. So I ask: just how important are optional updates? Is it generally recommended they be installed?

Thanks in advance.

A:Optional updates

Some are fairly useful - some are fairly pointless
You need to make the decision on which you want to install for yourself - the list is way to log now to detail it.

1 more replies
Answer Match 72.24%

Hi cryptodan
 
I am following your advice given to glynch8030. As I have no idea just what I can and can not safely delete I was looking for assistance 
Below is the log for the first step (I deleted as many as I felt comfortable with. running Windows 7 with eScan and Malwarebytes uusing Google-Chrome browser.
 
# AdwCleaner v3.012 - Report created 18/11/2013 at 14:11:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wild Kitteh - WILDKITTEH-PC
# Running from : C:\Users\Wild Kitteh\Favorites\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\Ask
[x] Not Deleted : C:\ProgramData\boost_interprocess
[x] Not Deleted : C:\ProgramData\Partner
[x] Not Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\searchquband
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\Searchqutoolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ ipb.topic.inSection = 'topicview';
ipb.topic.topic_id = 514581;
ipb.topic.forum_id = 103;
ipb.topic.redirectPost = 1;
ipb.topic.start_id = 0;
ipb.topic.page_id = 0;
ipb.topic.topPid = 0;
ipb.topic.counts = { postTotal: 8,
curStart: ipb.topic.start_id,
perPage: ... Read more

A:PUP.Optional.Bandoo

GO ahead and rerun adwcleaner and clean what it finds.Then do the following:Please download Malwarebytes Anti-Malwareand save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin a... Read more

7 more replies
Answer Match 72.24%

I have had multiple issues with my computer, most of which I think I've gotten worked out, but this problem hasn't gone away with pup.optional.crossrider.a.  
 
We were having internet connection problems, so at first I didn't realize that I had an infection, as our internet connection actually had a problem as did our line coming into our house, which now is worked out by our provider.  I was still having slow internet connection problems and instances of it not finding the server to main websites or not sending and receiving email.  I ran Malwarebytes and it came up with multiple instances of pup.optional.crossrider.a.  I have Advast, and ran a boot-time scan which found quite a few trojans and malware, which it got rid of them.  After it ran, I ran Malwarebytes again, and again it found pup.optional.crossrider.a.  How do I get rid of this and is it dangerous?
 
The computer is running much better after the boot time scan, but I still would like to get it completely taken care of.  Thanks! 
 
Jennifer

A:pup.optional.crossrider.a

Hello there      Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this. Step One:Mini Tool BoxClick here to download MiniToolBox to your desktop.Double click MiniToolBox.Select the following and then press go.Post the log in your next reply.Flush DNSReset IE Proxy SettingsReset FF Proxy SettingsList Last 10 Event Viewer ErrorsList Installed ProgramsList Restore Points Step Two:Malwarebytes Anti-MalwareClick here to download Malwarebytes to your desktop.Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.On the dashboard, click update now.After that, click scan now - the scan will now begin.When the scan's completed, select apply actions - make sure the action is quarantine.Restart your computer.How to get the log.On the dashboard, select the history tab and click application logs.Select the log which has the time and date of when you did the scan.Click copy to clipboard and paste it into your reply.Step Three:Security CheckClick here to download Security Check to your desktop.Double click SecurityCheck and follow the on-screen instructions.A log should open, called checkup.txt.Please post the contents of it in your next reply.Thanks and good luck!

10 more replies
Answer Match 72.24%

1 - Latest version of Vuze infected my laptop with malware - pup.optional.conduit.a
 
2 - I've browsed through the forums here many a time and have always been impressed with the help I've seen given. That being said, what is a good donation amount?
 
3 - DDS
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Remag VII at 9:36:34 on 2013-11-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.13849 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\s... Read more

A:pup.optional.conduit.a

Hello Remag VII I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

17 more replies
Answer Match 72.24%

My wife's laptop has been infected with this nasty virus, she blamed me for her getting it, but I run Malwarebytes occasionally and has never detected the PUP on my machine. I have used Malwarebytes several times on her machine only to have the machine re-infected. So I've been to several sites they confirmed that removal very difficult. They list some very convoluted solution. One even warned that a miss-stroke could cause serious damage to your machine. I have a tremor so I do not want to attempt one of those and that fact they only list windows 7 and 8.

I hoping that there is someone out there that can point me to trusted software to remove this or recommend or a reputable site that can do the removal. I'm not looking for a freebee but permeant solution to this virus.

I'm sure she has a lot of unwanted junk on her relatively new machine. Every time I ran MB it took longer than the previous time, I just ran MB, it took 21min. My machine has a larger capacity and only takes about 5min.

A:PUP.Optional.HomePageHelpe

See if this article will help........
How can you remove PUP.Optional.Helperbar.
It consists of 3 steps.
http://malwarefixes.com/threats/pup-optional-helperbar/

1 more replies
Answer Match 72.24%

I think I killed it? But want to be sure. I wasn't having any problems before this that
I noticed. But it had been awhile since I'd run a Full Scan.  When I did run a full
scan is when I found it.  This is my first post. I'm following Grinler's "Preperation
Guide", so I hope I'm posting this correctly and including information that is needed...
My PC is dual boot WinXP & Win7 64 Pro.  This was found on the Win 7 boot.
 
When I found PUP.Optional.Tarma.A, I ran the following in this order:
AdwCleaner
Junk Removal Tool
Malwarebytes
 
I checked also with eset online scanner, RogueKiller, Emsisoft Anti-Malware
and HitmanPro. The PUP.Optional.Tarma.A seems to be gone(?) but HitmanPro
and RogueKiller pointed out some 'suspicious' things. DDS Log posted below:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by WildCat at 9:54:16 on 2013-08-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8190.5402 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svcho... Read more

A:PUP.Optional.Tarma.A - gone?

Good evening.
Would you post the appropriate logs shoiwing the nasties in question for HitmanPro and RogueKiller.

27 more replies
Answer Match 72.24%

Hi, My brother made a mistake when running Malwarebytes while trying to remove PUP.Optional.Verti and ended up allowing it onto his computer. In spite of running multiple other virus removal programs, I have not been successful in removing this object from computer. 
 
I would greatly appreciate assistance to remove this PUP.Optional.Verti and all of it's spawn from my brothers computer. 
 
Thanks

A:PUP.Optional.Verti

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

24 more replies
Answer Match 72.24%

Hi,
I stupidly tried to download what I thought was Adobe flash player and ended up with Search Dial which took over my Windows 8 computer. I ran Malwarebytes and then reset my computer to an earlier date, which seemed to get rid of it and now it works okay once again. But now when I run Malewarebytes Pup.Optional.eSafe.A shows up on my Windows 8 laptop. I read on other sites on removing it but they all want you to download various tools. I ran Malewarebytes and it removed it but a couple days later it showed up again when I ran Malewarebytes. Would running Super Anti Spyware solve the problem?

I admit to being a total computer dummy and brought this upon myself, learning a tough lesson, but I sure would appreciate any help/advice you can offer.

p.s. I have a very difficult time navigating Windows 8 just to find the simplest things. So please be very specific if you can.

Thanks!

A:Pup.Optional.eSafe.A

I've run Malewarebytes again several times and the Pup.Optional.eSafe.A is gone, so I think my computer is okay.

2 more replies
Answer Match 72.24%

Win 7 Ultimate.English

Always in Update: 34 optional updates available

Is there any to delete that from updates?

I am tired of the need to have that showin up every time I go to Windows Update .

Thanks in advance
oldad

A:34 optional updates available

Nobody forces you to install any updates. It is up to you what you want to install. I sometimes "hide" updates because I do not use the program to which they pertain. In Vista I have hidden all of SP2 on one system because it gave me problems on another system and it is smooth sailing since then. So as I said, it's up to you.

3 more replies
Answer Match 72.24%

Hi all,
I have a function in a class that makes a connection to mysql:
Code:
public function Connect($server=$this->server, $username=$this->username,$password=$this->password)
The $server, $username and $password arguments are optional, as they are set with default values at the constructor, and I want the arguments to be equal to the variables defined in the constructor if they are not defined in the function call. The code above returns a parse error.

Any suggestions on how to do this?

Many thanks,
Andy
 

More replies
Answer Match 72.24%

Malwarebytes is telling me this Chrome Extension (is a potential threat, but I cannot find anything about "PicEnhance" in Google or Forum searches.  I have installed numerous extensions for later exploration.  Is
"pup.optional.PicEnhance.A" part of an HDR or other photo editing extension.  Malwarebytes won't let me update its database until I do something with this.  I suspect I can make it an exception, but thought I'd ask the experts first.  Malwarebytes log posted below.
 
Also, and I've asked before with no reply: I have been helped numerous times by this forum and would like to donate to the cause.  Where is the link to send money to BC.com???
 
Many THANKS!!!!!
 
>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/22/2014
Scan Time: 7:49:40 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.22.02
Rootkit Database: v2014.06.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dayle
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398612
Time Elapsed: 14 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Valu... Read more

A:pup.optional.PicEnhance.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

5 more replies
Answer Match 72.24%

I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A)

A:PUP.Optional in Registry Key will not go away

  
Quote: Originally Posted by angiesluck


I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A)


In command prompt:

Code:
reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} /s
post output

9 more replies
Answer Match 72.24%

I ran a scan of Malwarebytes and it came back with the below infection. It says it's in the registry. I attempted to remove the infection, but it keeps coming back. Any help would be appreciated. Thank you.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/19/2016
Scan Time: 2:23 AM
Logfile: malware scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.10.19.03
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shane
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408386
Time Elapsed: 15 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf], 
PUP.Optional.Uniblue, HKLM\SOFTWARE\CLASSES\pc-mechanic, , [17f82774dac02b0bf6b2a84ecb394bb5], 
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8E4FDD39-3... Read more

A:Pup.Optional infection

You need to change the settings and you need to rerun MBAM as the log you posted doesn't show you allowed MBAM to delete/ quarantine what it found.
Use the programs below to clean, remove adware and remove malware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled Change to Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and... Read more

1 more replies
Answer Match 72.24%

I have some kind of infection that keeps showing up in all my scans. My computer is running really slow also. Thanks.

A:PUP.Optional.Smartbar.A

Hello spalladino25 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

29 more replies
Answer Match 72.24%

Hi,
 
Since some time back malwarebytes will remove "PUP.optional.spigot.a" everytime I run it. Sometimes an empty internet explorer "do you want to leave this page" message will appear as well (I dont use IE.)
Outside of malwarebytes I run avast. Could I get some help killing this annoying little thing.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Z (administrator) on MARGETA (02-09-2015 12:34:29)
Running from C:\Users\Z\Desktop
Loaded Profiles: Z (Available Profiles: Z)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\As... Read more

A:PUP.optional.spigot.a

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Z (2015-09-02 12:35:01)
Running from C:\Users\Z\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3700485390-1544953774-2094612495-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3700485390-1544953774-2094612495-503 - Limited - Disabled)
Guest (S-1-5-21-3700485390-1544953774-2094612495-501 - Limited - Disabled)
Z (S-1-5-21-3700485390-1544953774-2094612495-1001 - Administrator - Enabled) => C:\Users\Z
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3700485390-1544953774-2094612495-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Achron (HKLM-x32\...\Steam App 109700) (Version:  - Hazardous Software Inc.)
Adobe Flash ... Read more

1 more replies
Answer Match 72.24%

Hello,
 
MBAM Premium detected PUP.Optional.AZlyrics.A and warned me, per Settings > Detection and Protection > Non-Malware Protection > PUP detections =  "Warn user".
 
After the warning, I changed the PUP detection action to "treat as malware" so it will quarantine it on the next scan.
 
I'm asking for help because of a previous experience with a PUP variant.  Last summer, on a different computer, MBAM quarantined a couple of PUP variants.  Some further cleanup was needed to make things right, and I got the help I needed after posting to this forum.
 
DDS.txt posted below.  Attach.zip attached.
 
Thanks!
--mstap42
 
# == DDS.txt == #
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Stapletons at 23:01:54 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1671 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.... Read more

A:PUP.Optional.AZlyrics.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

15 more replies
Answer Match 72.24%

So I regularly run malwarebytes, and this thing keeps coming back after being quarantined.
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Running from D:\Downloads
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVI... Read more

A:PUP.optional.trovi.a... what to do?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JSK at 2015-04-10 01:28:10
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKL... Read more

24 more replies
Answer Match 72.24%

My OS is Windows 8. For my security I have the free Malwarebytes installed and Windows Defender. Last week I ran a scan with Malwarebytes and it found 11 pieces of malware. All of them were pup.optional. This morning I did another scan and it found 811 of them. This is not a typo. It found eight hundred and eleven! How could this have happened? I do not get on any obscene web sites or any that may be questionable. Also what are the pup.optional? I would appreciate some thoughts on this. Thanks, Fran

A:Infested with pup.optional

MBAM recently made a change to a more aggressive PUP policy.
Malwarebytes Adopts Aggressive PUP Policy - Malwarebytes News - Malwarebytes Forum






Quote:
In the past, Malwarebytes Anti-Malware has detected only PUPs, or Potentially Unwanted Programs, that were mostly harmful and deceiving. Our users expected more and so we?ve revised our policy to include PUPs in our database that most of our users find annoying or misleading. Within the next few days, detection for many new variants will be added. Malwarebytes feels most of our users have no knowledge that these PUPs were installed and would like them removed. Several thousand forum posts and support tickets confirm our standpoint. Ranging from difficult to uninstall applications to software that makes you opt-out, we?ve had enough of it all!


Source: Malwarebytes Adopts Aggressive PUP Policy | Malwarebytes Unpacked

This won't answer why you have them or where they came from, but it might explain why you are seeing them now.

4 more replies
Answer Match 72.24%

Malwarebytes has just picked up 2 of these with a new definition file update.
It's pointing to Topaz Remask 5 uninstaller uninst.exe and a corresponding registry key. Topaz is paid photo processing software used widely by photographers. Remask 5 was downloaded from the Topaz Labs site.

So what do you think the best action is?

A:PUP.optional.adpeak

The only things I can think of is going to the Malwarebytes forum and checking if it is a false positive. Then checking with Topaz see if the problem has been reported to them.

4 more replies
Answer Match 72.24%

There have been a lot of problems reported the last few months where Windows Update is very slow and takes a long time.
I just checked my W7 Updates and a new update KB3102810 was published yesterday (2015-11-03)
This update might help fix this, but it also includes a fix for updating to Win 10.

Read more here:
https://support.microsoft.com/en-us/kb/3102810

I also get the "same update" offered for W8.1 as KB3102812 described here:
https://support.microsoft.com/en-us/kb/3102812

A:New optional update

I promptly hid KB3102810 and another optional one when they came through recently; I still have two important ones from yesterday pending (KB2758857 and KB3067904); I'm waiting to see if anyone reports problems or not. I haven't had any trouble with windows updates taking too long to do its thing and I don't need a fix for updating to Win 10 because that simply isn't going to happen. In fact, I suspect the ones who have been having trouble with updates also have the Win 10 nagware, etc. installed, which I do not.

1 more replies