Tech Problem Aggregator

# PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

Q: PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

this is a work computer, so I'll only be around 10a-5:30p EST.  "Computer guy" came about 6 weeks ago, ran Combofix, left.  After that, I  noticed that Conduit hijaked the browsers.  Uninstalled what toolbars I could find, changed settings in IE and Chrome, seemed to be gone. Still no symptoms.  Last week I saw the unsupported or unfound file image in the shortcuts next to the start menu, ran MBAM again, found this, deleted. ran other scans in safe mode w/networking, seemed clean.  Ran a scan just because today, no symptoms, 45 objects found.  Deleted again.  ran TDSS, found a partition. Don't know enough to comfortably delete.  Here's the DDS log.  I hope you can help quickly. My boss wants me to call the "computer guy" again, who I have no faith in, because every time we pay him to "fix it" I end up having to come here and get help because he doesn't actually fix anything, but still cashes the checks.
edit:1:46pm EST  Avira just popped up with detections of TR/Trash.Gen and TR/Drop.Softomat.AN in the System Volume Information folder, as both .exe and .dll under real time protection.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 12:56:02 on 2013-08-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3033.2209 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1302791988\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x6\programs\QFSCHD160.EXE"
mRun: [HostManager] c:\program files\common files\aol\1302791988\ee\AOLSoftware.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect office x6\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F107EAD8-A66A-4692-BA2A-E0697E0E2E81} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-12 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2013-7-12 371768]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-12 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-12 108088]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-7-12 589368]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-12 84744]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-08-06 16:34:02 -------- d-----w- c:\program files\Runtime Software
2013-08-06 16:04:39 -------- d-----w- c:\windows\ERUNT
2013-08-01 17:06:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-01 17:06:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-07-22 14:22:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\CRE
2013-07-22 14:19:19 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-22 14:19:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-12 14:45:20 -------- d-----w- c:\documents and settings\owner\application data\Avira
2013-07-12 14:44:29 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-12 14:44:29 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-07-12 14:44:16 -------- d-----w- c:\program files\Avira
2013-07-12 14:44:16 -------- d-----w- c:\documents and settings\all users\application data\Avira
2013-07-09 18:38:44 -------- d-s---w- C:\ComboFix
.
==================== Find3M  ====================
.
2013-07-26 12:00:53 577934 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-07-22 14:19:03 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 14:19:03 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-08 13:28:12 31425872 ----a-w- c:\program files\Dropbox 2.0.5.exe
.
============= FINISH: 12:56:22.31 ===============

A: PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

9 more replies

when scanned with Malwarebytes.  Malwarebytes says my system is now clear, but something seems to be chugging all the time in the background.  I'm wondering if there is still some residual infection.  Thank you for any suggestions.

A:PUP.Optional.SearchProtect.A

22 more replies

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer.
Free Trial Avast comes up clean.
Free Trial Malwarebytes is a bit different:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile:

Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d],

Registry Values: 1

A:PUP.Optional.Spigot.A, PUP.Optional.MyEmoticons.A, PUP.Optional.SearchProtection

Update:
Malwarebytes blocked PUP.RiskwareTool.CK from doing something (this was outside of a scan).
A quick Google search has led me to understand that this particular PUP is not an issue? Is this true?

3 more replies

I got a notice on my taskbar from MB that my website protection was disabled and to click on it to enable it.  So I did then I decided to run a scan with MB and there was an update to MB so I did that first and then ran a scan and it came up with  PUP.Optional.Searchprotect.A so I deleted it and scanned again and it came up with a clean system.  Over the past few days I have been downloading things like SDK and roms for my phone but I scanned all of them with MB and they were always clean. Should I be worried that there could be something left over from this? I have not done anything else at this time.

Thanks for any help.

Winows 7 service pack 1

A:Malwarebytes Anti-malware caught PUP.Optional.SearchProtect.A

Hi statos.

Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
-------------

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

2 more replies

I just installed a new SSD.  Somehow I got infected with the Conduit Search Virus for the second time while setting up the SSD and programs.  I have run Malwarebytes several times.  It finds PUP.Optional.Conduit.A in several places.  I have quarantined each time but the Conduit Search has more lives than a cat.

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Eric Hardman at 15:31:44 on 2014-05-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.5597 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe

A:Conduit Search Virus: PUP.Optional.Conduit.A

10 more replies

Infected with this search virus again and I can't get rid of it.  Opens multiple tabs in Chrome.  Keeps coming back no matter what I try.

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Eric Hardman at 9:53:03 on 2014-08-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.4962 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe

A:Conduit Search Virus: PUP.Optional.Conduit.A

16 more replies

Malwarebytes Anti-Malware, I do a scan this pops up i click to delete, then it come back again, not sure what to do?

Thanks

A:PUP.Optional.Conduit.A,

Hi, I'm Rootk and I will be helping you with your problem. First off, I want you to know that I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.We need to see some additional information about what is happening in your machine.Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt Save both reports to your desktop. The instructions here ask you to attach the Attach.txt.

Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HERE

18 more replies

1 - Latest version of Vuze infected my laptop with malware - pup.optional.conduit.a

2 - I've browsed through the forums here many a time and have always been impressed with the help I've seen given. That being said, what is a good donation amount?

3 - DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Remag VII at 9:36:34 on 2013-11-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.13849 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService

A:pup.optional.conduit.a

17 more replies

Hi,

I'm working on Windows 7 (64) using chrome as my browser.  I recently got a PUP detected by Malwarebytes of PUP.Optional.Conduit.A which recurs every time it's quarantined.  A second infection was detected once during this infection as well, but it hasn't recurred (I believe that infection was something related to "Spigot" which I had once on my computer last year)

I have not noticed any symptoms on my computer.  I have not downloaded anything that could be an obvious source of the program.

Thanks for any help you can offer getting rid of this pesky program!

Heather

Here's my FRST.txt info:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by user (administrator) on USER-PC on 28-04-2015 14:15:53
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

A:PUP.Optional.Conduit.A I don't know how to get rid of it

29 more replies

I am infected with the Conduit malware.  I ran Malwarebytes and it came back with over 600 threats named pup.optional. conduit A.  When I try to change the internet homepage it defaults by to the the browser logo page.  I have attempted several times to remove the virus but it keeps returning. I also get a DLL run box when I start indowsThis my first time with 600+ threats.  Please advise on how to remove.  Thank You

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2012 6:11:05 AM
System Uptime: 3/25/2014 3:01:04 PM (56 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 867.11 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 3/16/2014 7:00:04 PM - Windows Backup
RP223: 3/18/2014 1:14:59 AM - Windows Update
RP224: 3/22/2014 11:17:34 AM - Windows Update
RP225: 3/23/2014 7:00:05 PM - Windows Backup
RP226: 3/26/2014 1:37:55 PM - Windows Update
.
==== Installed Programs ======================
.

A:PUP Optional Conduit A

16 more replies

I have anti virus software as well as Malware Bytes. Every single time i run a full scan on both programs my anti virus software doesn't spot this ad ware but Malware Bytes does. I have to restart my computer to get rid of it. But once i run a scan again; right after i restarted my computer the ad ware appears again. IDK what to do, i'm not very keen on downloading some ad ware blocker program but if that's the only option then its fine. Any suggestions on how to permanently get rid of this.

A:pup.optional.conduit

Hello and Welcome -

Make sure that all items are selected, or you will not have removed them.
Please select your last Malwarebytes Scan, and Copy / Paste it back here.
If you are not able to find it, Please Update your copy of the program, and run a Full Scan.
Then Copy / Paste that log back here.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
Please Copy and Paste the small log back here

* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Note Do not click on the Scan or Clean button more than once, as this may cancell all results
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* If you see any which you do not want removed, remove the check mark next to it.

* Next: Click on the Clean button (only once) to remove the selected items.
* You will receive a message telling you that all programs will be close so that the infectio... Read more

2 more replies

2.
I was trying to get a game to play on Voobly working properly which required port forwarding and so, I had to set a static IP and use this tool from portforward.com to test if the ports were opened or not. I was on the phone while installing the software which resulted in me accepting what I thought was a window for going forward with the installation. Two more accept/decline windows followed it and I knew I messed up (I hit decline on those).

I ran a full scan using Malwarebytes and it found 9 infections on my computer by the name in the title.  I use firefox and have no toolbar on my windows or in my add-ons. I looked in my "Add or Remove programs" and found nothing new. Should I remove that portforward.com tool? I ask because they seem to be pretty trusted, the optional downloads are what seem to be malicious.
3.
I use windows XP and am planning on upgrading soon.
4.
I ran Malwarebytes.

A:PUP.Optional.Conduit.A

Hello -
Please run these few programs and Copy / Paste the logs generated. Temporarily Disable Your Anti-virus if needed

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will run for about 2 minutes
Copt and Paste the log it produces.

Important: Do not reboot your computer until you complete the next step.

* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.

15 more replies

I need help getting rid of PUP.Optional.Conduit. I have run Malwarebytes and House Call and Avast. Malwarebytes sees it and I try to Remove it but it keeps coming back. It makes IE freez. Help!!! I am running win 7 64BIT.

A:PUP.Optional.Conduit

this works pretty well.
I would also reset IE back to default to be sure, and run c cleaner.

5 more replies

My first post here at this site. Sorry if I make mistakes with any of your rules.

I have this nasty little problem that I can't seem to get rid of. I am told it isn't a virus but rather just a program that steals information and finds it's way deep into my labtop. I am not really experienced with getting rid of such things but I have tried a few things to no avail. All it is really doing is making videos run slow and studdering, and making everything else slower. I have an older labtop so it is already slow enough.

I run the free version of avast, and the free version of malwarebytes. When I run an avast scan nothing shows up, and when I run the malwarebytes one line comes up (PUP.Optional.Conduit.A). I hit the quantine button and seems to go away, but as soon as I run another scan it is right back on there.

I uninstalled Chrome, and reinstalled it and ran another scan and it wasn't there. But as soon as I watched a video on youtube it was back. I tried googling PUP.Optional.Conduit.A and there was a 4 step removal guide that I tried. First step was to use start menu to open "remove programs" find it and remove anything with Conduit in the program. I tried that and found none. I searched all programs and still couldn't find it. But I know it is there, because every time I run a malwarebytes scan it shows up.

A:PUP.Optional.Conduit.A

Conduit probably installed a start-up item.  It may also be listed in Programs and features as a program that's installed. I would check your start-up items and programs and features list to see, but first need to know what version of Windows your running.

5 more replies

My computer is acting slow and sluggish, and when I run Malwarebytes it comes up with something called PUP.Optional.Conduit.A, I let it remove it and when i scan again later, it is still on my system. Is there a way to get rid of this permanently? Or is there more on my computer that is making it slow? Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:45 PM, on 10/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

A:PUP.Optional.Conduit.A

7 more replies

Hi -  Malwarebytes keeps finding this on my computer - pup.optional.conduit.a in google/chrome/user data/default/preferences.    I've read this forum, the malwarebytes forum, etc.. and tried the different fixes using different tools.   It will be gone .. then return again the next time I run a Malwerebytes scan.       I recently was having shut-down problems w/ my my Acer laptop after the latest Windows 8.1 update, tried many things and ended up doing a factory reset, which fixed that problem so everything is pretty fresh.      I did a reset of Google Chrome last night.   I got a clean scan on Malwarebytes but it's back again today.  I'm really getting frustrated and beginning to wonder if this is a false positive or something.  I hope that someone can help me.

A:PUP.Optional.Conduit.A

11 more replies

Hello,

I was wondering if anyone could help me remove infected items reported by Malwarebytes. I removed them before however they seem to have returned. They are named variations of PUP.optional.Conduit.A and are registry keys and files/folders. I have done another scan and it says they are removed but I would like to be certain they are gone is there any other ways I could do this?

Thank you

A:PUP.optional.Conduit.A

I'd do a scan with Malwarebytes and my antivirus program in Safe Mode.  I have to tell you that Conduit malware is very hard to get rid of because it sinks it's teeth into many parts of your system.  You might try the Revo Uninstaller too.

Good luck.

4 more replies

Hey peeps,
I've run mbam five times with no luck getting rid of these problem childs. It keeps shutdown win firewall. All of a sudden now there's some sort of scan going continuously. Don't know if it's related, but been having problems with BSOD that I seem to have resolved by rolling back nvidia drivers to 314.22.  Event Viewer shows nvlddmkm Event id 14. "Either the component that raises this event is not installed on your local ocmputer or the installation is corrupted." I've done a bunch of fresh installs of the drivers and nothing seemed to work until I rolled back the driver.  No more BSOD since I did that, but then firewall kept getting shut off.  Now I notice that file system looks corrupted.  I saved the DDS and Attach text to desktop but they are not there. New icons on desktop showed for 'Computer' and 'Chris' (my user account name).  I think I'll perform a restore from a backup image, but I want a go ahead from y'all first.  Thanks for looking.  I appreciate your time.
Here is MBAM log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.03.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Chris :: BLACK-COMPUTER [limited]
12/4/2013 12:11:33 AM
mbam-log-2013-12-04 (00-11-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182196

A:mixidj v30 and optional.conduit.a

16 more replies

I would love some help in removing this malware. I also have files that have the same name but leave off the "A" at the end. Not sure if this is a different problem or not.

I have not seen any apparent problems with my computer other than sometimes when I start it up the desktop icons never show up and I have to re-start the computer. That may be related to the malware but not sure.

Here are the reports from DDS.

Thank you very much for your help,
Brian

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 15:58:12 on 2014-01-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2005.564 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE

A:Infected with PUP.Optional.Conduit.A

7 more replies

Hello, this is continued from this thread;
http://www.bleepingcomputer.com/forums/t/531576/pupoptionalconduita/#entry3346761
where I was recommended to start a thread here.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/6/2014 6:51:28 PM
System Uptime: 4/23/2014 12:03:26 PM (8 hours ago)
.
Motherboard: Dell Inc.           |  | 0DH682
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 60.061 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 4/15/2014 1:21:27 AM - Software Distribution Service 3.0
RP35: 4/15/2014 1:21:27 AM - Software Distribution Service 3.0
RP36: 4/15/2014 1:21:28 AM - System Checkpoint
RP37: 4/15/2014 1:21:28 AM - Software Distribution Service 3.0
RP38: 4/15/2014 1:21:28 AM - System Checkpoint
RP39: 4/15/2014 1:21:28 AM - System Checkpoint
RP40: 4/15/2014 1:21:28 AM - System Checkpoint
RP41: 4/15/2014 1:21:28 AM - System Checkpoint

A:PUP.Optional.Conduit.A continued

Good evening.
Can you tell me what tool you installed that started this issue?

15 more replies

Hi and thank you guys for helping those of us who do not know how. I have windows vista home premium with service pack 2. I have avast free anti virus. I have 3 browsers on my computer. Firefox, Internet Explorer and Google Chrome. My wife prefers internet explorer, my son swears by google chrome and i like firefox best. For weeks now, no matter which browser we chose to use, our Avast antivirus periodically and repeatedly would pop up a warning box saying "threat has been detected". Each time Avast said that it dealt with the problem by blocking it but it kept coming back time after time after time. Each time the warning popped up it would say one of the following: vetranted, superpent, getitnowfast or there were maybe 2 or 3 more. I downloaded  the free version of malwarebytes anti malware and it said it detected over 400 threats and quarantined them. After it did its job I can now use Firefox and internet explorer without any popups. But the threats still continue with chrome. Am I infected?

A:pup.optional.multiplug.gen and conduit

6 more replies

I deleted it but im afraid it's not gone. can someone please help me?  The pc is running slow and a lot of stuff shows up on the bottom left side of the screen on all browers! It corrects itself if i re freash the page. Thanks so much!

A:Malwarebytes said this:PluginInstall.exe (PUP.Optional.Conduit.A) What do i do?

17 more replies

I just posted in the virus/malware forum about MalwareBytes showing my computer is infected with PUP.Optional.Conduit.A and will be waiting for a reply for the time period stated (about five days). But what i wonder now is I still have the Malwarebytes window open showing the 22 instances of PUP.Optional Conduit.A and PUP.Optional.Conduit files still on my computer.

I can checkmark those and hit "remove slected" or hit "ignore."

Which should I do until I get further information from a volunteer here from BleepingComputer.com?

Thank you very much,
Brian

A:Do I remove PUP.Optional.Conduit.A in Malwarebytes too?

This is usually related to the Conduit toolbar. Did you intentionally install this?

3 more replies

Malwarebytes scan found Conduit on my computer.
This is the message I got after having it deleted.

nsbCDCC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nscFC66.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsi7E1F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl5338.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl772F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nswF199.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsy88DC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

I did a search and found many removal guides for this so I wanted to make sure it is really gone.

Thanks,
Bonefish

A:malwarebytes found PUP.Optional.Conduit.A

5 more replies

According to MBAM, two of my computers are infected.  This one appears to have at a minimum a pup.optional.conduit infection.  I'll include a DDS as well as a MBAM log here.  Any help is greatly appreciated.

DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by CFT at 18:58:30 on 2013-12-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.1516 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

A:Computer infected with pup.optional.conduit & others

Any help would be greatly appreciated .. thanks much.

9 more replies

A:Malwarebytes found pup.optional.conduit.a

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513893 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

38 more replies

I have two problems here:

First, optional.conduit.a keeps on reinstalling itself. Tried removing using AdWcleaner and Hitman Pro but it keeps coming back.
I followed the instructions from http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/
Am I missing something

Second, Hitman Pro has quarantined "chromeinstall-u755". I'm not sure what it is or how to get rid of it.

A:optional.conduit.a and chromeinstall -u755

Hi samone4,

List last 10 Event Viewer Errors
List Installed Programs
post the results from minitoolbox so that I can better assist you in removing the problem.

3 more replies

Hi there

Noticed my laptop was running a bit slow tonight so did a Malwarebytes scan - it found the aforementioned threats.

I quarantined them after the first scan and rebooted, did a further scan and they're still there.

Any help on removing them would be much appreciated.

Have enclosed a Hijackthis log... do you need the DDS logs as per the thread at the top of this forum?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:10:26, on 22/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Digiguide TV Guide\digiguide.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

A:Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Good evening.

do you need the DDS logs as per the thread at the top of this forum?

Yes, that's why it's there. HijackThis has not been seriously updated in some time and so is not considered worth the hard drive space, although I suppose that it acts as cheap advertising for Trend Micro.

Will you also let me have a copy of the detections that MBAM is finding. You can paste them into your next reply from the Logs Tab in MBAM.

2 more replies

OK I am a moderate security guy trying to learn more from the REAL Security PROs. I was looking for server 2012 Installing and Configuring study material FOR FREE of course and got in a little to deep. I use Zone alarm firewall Free version and Malwarebytes religiously. As well as MSE as my regular day to day antivirus. Now normally I would not dig as deep as I did this time to get so ROOTKIT infected.
Recently I ran GMER and found a lot of RED in the registry; Files and other important places so I figured I need to reimage my machine......! I also ran Kaspersky's TDSSKiller and it came back clean?? I will attach the Kaspersky log below... Now I also use CMS Product Ultimate BounceBack version 11.4.0.29, I believe so I can make all this go away with a backup reimage. But I am pursuing my Server 2012 MCSA and eventually want to become Security focused. So I have all the Rootkit tools and have played with them in the past but in my experience it has always been best to completely reinstall the OS version, Whatever the OS may be at the time, and move forward because otherwise you are never going to completely clean the machine. Not to mention, the time saved by doing this speaks for itself. All that being said I would still like to get a better understanding of this from a Security standpoint..... I am running a Windows 7 Professional Elitebook 8650p laptop with 240GB Crucial SSD and 16GB RAM.This time around I am going to use a HIPS such as Winpatrol but want a so... Read more

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/537537 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies

Last night I updated my Malwarebyte's Antimalware to the recent version and ran a scan, this is what it found.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/8/2014
Scan Time: 11:55:22 PM
Logfile:
Version: 2.00.2.1012
Malware Database: v2014.09.08.10
Rootkit Database: v2014.08.21.01
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Blair
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292725
Time Elapsed: 16 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\Blair\Application Data\Mozilla\Firefox\Profiles\8mt0uc98.William\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}");), Replaced,[c3d646833348b77f91880c1b49bc817f]
Physical Sectors: 0
(No malicious items detected)
(end)

Should I be worried that it found this, I honestly don't remember being redirected anytim... Read more

A:Finally updated MBAM 1.7 to 2.0 an it finds PUP.Optional.Conduit.A

7 more replies

Hi Folks-
Been trying to eradicate PUP.Optional.Spigot virus. Now the Outbrowse has shown up.
Have tried to use Malawarebytes, Kaspersky Rootkit killer, AdWdleaner. Gets rid of it but shows up almost immediately.
Seems to be in this location-

______________________________________

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by Ericsun at 16:14:01 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1494 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

A:Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543666 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

8 more replies

Hello,
I ran Malawarebyes and it said that some of my registry keys are infected. It quarantined them but I just want to make that there isn't another step I have to do to make sure its gone. Below is the log. Thanks!

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
12/11/2013 7:24:11 PM
mbam-log-2013-12-11 (19-24-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214460
Time elapsed: 11 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

A:PUP.Optional.Bandoo & PUP.Optional.Searchqu

8 more replies

Ok, First of all, Merry Christmas!
Somehow I managed to get these two nasty surprises on my computer. It started a few days ago. IE was having a lot of pop-ups (specifically down-load some updates to a video player) and it hijacked my home page.
I ran Malwarebytes on it which found a TON of stuff to fix. It fixed some, but not all.
It kept on showing a file (RunDll32) that was corrupt. I manually deleted that file.
I was running McAfee, but then it started having errors and would not work. saHook.dll was invalid. I called "tech Support" which turned out to be Advanced Systems Optimizer (total scam BTW). They did find a Trojan "Zeus" on my computer but wanted $300 to fix it. Finally I got an actual McAfee tech support person who could not fix the problem. (we de-installed and re-installed twice). To help protect my computer I installed Symentac End Point Protection 11.0 (I got it from work) and it won't install correctly. The proactive threat protection will not update and it keeps giving me a LU 1825 or LU 1806 error. Malewarebytes is not finding any issues. SEP did not find any issues, but I am still concerned that I have a virus/maleware/Trojan on my computer. Here are my logs. HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:03:30 AM, on 12/24/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Ru... Read more A:Conduit and SearchProtect virus 10 more replies Answer Match 79.8% somehow zoomify among other adware/malware has infected my computer, i have ran malwarebytes and it found 41 items, ive purged the quarantine and i am still having the same programs show up in taskmanager, before i ran the scan, something was preventing me from connecting to the internet, but after i restarted my computer i was able to connect again but fear that this will keep happening unless i can get this horrible unwanted additions off my computer! please save my computer! A:multiple viruses zoomify, searchprotect, conduit...help! Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more 7 more replies Answer Match 78.96% DefaultTab.A, BrowserApps.A, CrossRider.A, CrossRider.T, WeatherAlerts, Bundlore, OneSoftPerDay.A, AppMarket.A, Tuto4PC.A, Suspicious.cloud.9, Sonar.Heuristic.120, OptimizerPro have all been found in various scans in the past couple weeks. I need to be sure that these are all gone. This laptop is used primarily for maintaining and editing photos and general computing and internet surfing and recently has been running slower and slower. The Astromenda was taking over the web browser and even though I've removed it from everywhere, it still appeared in the MBAM scan ran today in addition to Hijack.StartMenu. I'd like some help making sure all the viruses, PUPs, etc are cleared up. I've downloaded MBAM in addition to using Norton that's installed. I unstalled AVG that was also installed since Norton was the paid edition and I didn't want them to conflict with each other. Also, I can't get into a lot of folders and get the message "Location Not Available and C:\documents and Settings is not accessible. Access is denied" even though the user is an administrator user. I'm not sure if this is related to any of the virus or malware issues. Thanks in advance for any assistance in this matter. Here's the DDS.txt and the file attach.txt is attached. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.25.2 Run by Owner at 1:46:09 on 2014-09-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1... Read more A:Astromenda.A, Hijack.StartMenu, Conduit.SearchProtect, GlobalUpdate.T... Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window. HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more 33 more replies Answer Match 76.44% Hello, Thank you very much for your service! I seem to be infected with the Win 32 virus. I have tried ending processes and removing manually through remove programs, but with no luck as it won't allow me to end the processes. It has also downloaded and added several things; Severe Weather Alerts, Live Support, Mix DJ toolbar. It also crashed recently, no blue screen but just a flat power-down. My google chrome bookmarks have also been removed. The computer is running extremely slowly, and I also have the feeling something is wrong with my Windows updates, as I do the updates and when I reboot they are still there. Some of the updates show an error message and won't download. Thanks in advance! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Brit at 14:12:44 on 2013-08-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.3080 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k Local... Read more A:Infected with Win32/Conduit.SearchProtect. Crashing. MixDJ toolbar, Live Support Hello aLuffabo,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.***Note: Windows Vista and Windows 7 users:Right click in the adwCleaner.exe and select Click the Delete button.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfile at C:\AdwCleaner[R1].txt.2.Download RogueKiller on the desktopClose all ... Read more 3 more replies Answer Match 73.08% Hello to all the good people at bleeping. I have been runing malwarebytes scans and super anti spyware scans and adwcleaner and so on and everytime I run the malware bytes scans there is a pup optional.findwide.A Technically I understand that is not a virus per say but can lead into other malicious threats. I looked up in the C folder and I can't find anything there I do know the pup.optional.findwide.aC:\users\regina\appdata\local\google\chrome\userdata\default\preferences. this is what the malwarebytes is scanning. I have reset the browser in google chrome and done what all I think to do. I know this kind of thing is browser hijack. Can anyone give me a opinion on what other methods to do? Thankyou for reading, From Gina A:Can't get rid of pup.optional Hello GinaLets also do these and see what we get.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 us... Read more 7 more replies Answer Match 73.08% Hi just did a Malware scan and found these PUP,S ,,,PUP Optional Binkiland and also PUP Optional Gameo please any help greatfully recieved thanks A:PUP Optional Hello harty and Welcome to the BleepingComputer. My name is Yılmaz and I'll help you with the cleanup of malware from your computer. Before we move on, please read the following points carefully. Please complete all steps in the specified order. Even if tools don't find malware, I want you to post the logfiles anyway. Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so. Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can. Don't install or uninstall software during the cleanup unless you are told to do so. If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed. I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean Please reply to this thread. Do not start a new topic As my first language is not English, please do not use slang or idioms. It could be hard for me to understand. Please open as administrator the computer. How is open as administrator the computer? Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsu... Read more 57 more replies Answer Match 73.08% Hi everyone.. new here, I've been using MSE 12mths no problems, my ? is why is MSE optional on updates? A:MSE Optional Welcome to the Seven forums! Are you sure that it is MSE that you are seeing or could it be MSE updates? 5 more replies Answer Match 73.08% Hello, I just ran a Malwarebytes scan as I ocasionally do. This time, for the first time, I did a full system scan and it found the PUP.Optional.1.9.1 malware. It located it in a programme on my desktop, Unlocker.1.9.1.exe. Other scans with AVG and House Call don't pick anything up. The Unlocker programme is important to me because without it my photshop files are consistantly locked by Explorer and I can't progress my work. For this reason I didn't want to be too hasty in removing the 'infection'. My PC works just fine and I think PUP stands for potentially unwanted programme. Potentially? Am I safe to leave it? Please can you advise me? Many thanks in anticipation - Ian. A:PUP.Optional.1.9.1 I've used Unlocker quite extensively in the past. It can be of great use. From what I remember, it will install some extra "junk" during the setup if you're not carefully reading and forget to uncheck a couple of boxes. That aside, I believe the program to be safe and have never had an issue with it. 6 more replies Answer Match 72.24% Where do these files come from? I have found them with malwarebytes and deleted them, but later there are more showing up again. A:[SOLVED] PUP.optional PUP is an acronym for Potentially Unwanted Programs, which are added to a system without the user's knowledge or consent. They are usually bundled with other software downloads. While downloading and installing a software, care should be taken to uncheck other offers of software, if not wanted. PUP (Potentially Unwanted Program) Definition 3 more replies Answer Match 72.24% I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) A:PUP.Optional in Registry Key will not go away Quote: Originally Posted by angiesluck I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) In command prompt: Code: reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} /s post output 9 more replies Answer Match 72.24% hello i have my problem back iv seen some of the old infections on the super antispyware scan computer/ browser not responding, takes forever to to anything is slow at booting up also running slow Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft® Windows Vista™ Business, Service Pack 2, 32 bit Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, x64 Family 6 Model 15 Stepping 10 Processor Count: 2 RAM: 1005 Mb Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb Hard Drives: C: Total - 76316 MB, Free - 41504 MB; Motherboard: LENOVO, 766512M Antivirus: AVG AntiVirus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled that is weird i have previously deleted /removed avg and put in Vipre on trial but computer wouldn't work properly with the firewall working so im using windows firewall and vipre for the rest . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 14/06/2012 2:21:56 PM System Uptime: 2/10/2013 5:53:20 AM (2 hours ago) . Motherboard: LENOVO | | 766512M Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 40.233 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== Installed Programs ====================== . Adobe Flash Player 11 Ac... Read more A:pup.optional.mysearchDial.a 16 more replies Answer Match 72.24% do i have to install this update? A:optional update Hello SpeedDial, No, you do not have to. It's just to let you know that there is a new optional driver version update. If you do not want to install it, then you can hide it to not see it anymore in Windows Update. However, you might give it a try since it is a new version that may help improve your graphic card's performance. If not, you can always rollback to the previous driver version. Hope this helps, Shawn 7 more replies Answer Match 72.24% Hi, I stupidly tried to download what I thought was Adobe flash player and ended up with Search Dial which took over my Windows 8 computer. I ran Malwarebytes and then reset my computer to an earlier date, which seemed to get rid of it and now it works okay once again. But now when I run Malewarebytes Pup.Optional.eSafe.A shows up on my Windows 8 laptop. I read on other sites on removing it but they all want you to download various tools. I ran Malewarebytes and it removed it but a couple days later it showed up again when I ran Malewarebytes. Would running Super Anti Spyware solve the problem? I admit to being a total computer dummy and brought this upon myself, learning a tough lesson, but I sure would appreciate any help/advice you can offer. p.s. I have a very difficult time navigating Windows 8 just to find the simplest things. So please be very specific if you can. Thanks! A:Pup.Optional.eSafe.A I've run Malewarebytes again several times and the Pup.Optional.eSafe.A is gone, so I think my computer is okay. 2 more replies Answer Match 72.24% Hi, a scan with MBAM found and quarantined this PUP. Do I need to clean up any remnants and if so how? and would you advise installing Unchecky to help prevent these things creeping into my system again? Thanks. A:PUP Optional Spigot.A teddyboy, Hi and welcome to TSF. Please note that this is under the supervision of an expert analyst. Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs (dds.txt, attach.txt and gmer.txt) mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post. Please Read! "Who is Helping you?" If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Thanks. I can begin working on removing your malware when you submit those logs. Please be patient with me during this time. 5 more replies Answer Match 72.24% Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 4001 Mb Graphics Card: Intel(R) HD Graphics, 1808 Mb Hard Drives: C: Total - 940261 MB, Free - 876787 MB; Motherboard: Dell Inc., 0CXTWJ Antivirus: Microsoft Security Essentials, Updated and Enabled I have Malware Premium and scan everyday. It keeps finding multiple Pup.Optional. PC Privacy Dock and Pup.Optional Hawker A files. I delete them everyday, and the next day it finds more of them. What are these files, and where do they come from? Are they harmful? How can I prevent them from "invading" my PC? A:Pup. Optional files 10 more replies Answer Match 72.24% My computer automatically updated today. Upon going through the list of updates there where two optional updates one for English and the other for CXT-Network-PCI soft data fax modem with smart CP. What are they? Do I really need them? I checked the Microsoft help thing when your right click for info. All I could get was it was a driver and nothing else. A:optional update You must have this kind of card on your system using Windows drivers, then when there is a new driver WU propose it to make an upgrade. My personnal advise regarding WU setup is to look for updates letting you the choice to download and install them. 2 more replies Answer Match 72.24% A past update for Powershell 2.0 and WinRm 2.0 was designated Optional. (Which I didn't download. Do I need this?) Had trouble with the recent Live Essentials update and after some reading uninstalled Windows Live from my system which re-designated the Live Essentials update from Important to Optional. Now I find that the Powershell/WinRm package has changed ftom Optional to Important. Any idea why and how I should proceed? Thanks. A:From Optional to Important Windows PowerShell is a new Windows command-line shell designed especially for system administrators. The Windows PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination. Do you need it? 3 more replies Answer Match 72.24% Hello I just recently bought a new computer 1.5 half weeks ago, and I've already experience 3 crashes on it, though the temperature of the GPU and CPU never exceeds 60 degrees celsius and rarely ventures above 50 degrees. Therefore I decided to reformat and install Windows 7 once again after the thrid crash. After I installed my most used programs so that I'd be able to use my computer again, I installed Malwarebytes Anti-Malware and ran a can of my system and I noticed I already had an infection, which baffled me. I had just reformatted the computer an hour earlier. So I tried removing it with Malwarebytes and other software but with no luck. I don't know if this is related to my computer's crashing problem, but I feel like it's something that's been transferred from my previous older computer as I bought a new one, cause it suddenly started crashing during games in League of Legends after 2 years of use. The symptoms and times of crashes of my new computer is the same. Since the synchronization of google chrome transfers my preferred settings I'm thinking that the issue may lie herein, as the path in which the PUP is located is Google\Chrome\User Data\Default\Secure Preferences. I've tried running GMER several times and saving it but absolutely nothing happens when I press the "Save..." button. I do have access to a Windows Install Disk DDS.txt below: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Quezacotl at 23:1... Read more A:PUP Optional.Trovi.A Hello and Welcome to TSF. If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible). Click the blue 'Download now @bleepingcomputer' button. Run AdwCleaner and select Scan Once the Scan is done, select Cleaning Once done it will ask to reboot, please allow the reboot. On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt Please copy/paste the contents of the log in your next reply. ------------------------------------------------------ Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer. Make sure the Addition.txt button is ticked. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply. ------------------------------------------------------ 19 more replies Answer Match 72.24% I&#8217;d appreciate some help and I&#8217;ll provide background: o) A few weeks ago my 3 year old Dell Studio 7100 Windows 7 PC, with McAfee Total Protection, started having intermittent network connectivity issues (both wireless and Ethernet connection). Rebooting fixed the problem, but only temporarily. o) I installed Malwarebytes and it found problems that I deleted. o) I&#8217;ve been working with a Tech Support Guy on the network connectivity issue and I may be close to a solution. o) Today, Malwarebytes found &#8220;PUP.Optional.MYPCbackup&#8221; and I&#8217;m not sure if I should delete it. o) I ran the sysinfo.exe file and the result follows: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: AMD Phenom(tm) II X6 1055T Processor, AMD64 Family 16 Model 10 Stepping 0 Processor Count: 6 RAM: 8191 Mb Graphics Card: AMD Radeon HD 6600 Series, 1024 Mb Hard Drives: C: Total - 939785 MB, Free - 853579 MB; E: Total - 476937 MB, Free - 452321 MB; Motherboard: Dell Inc., 0NWWY0 Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled < link to original issue posted here http://forums.techguy.org/networking/1146675-windows-cant-communicate-primary-dns.html The system ran great until a couple weeks ago when intermittently the computer just "spins" when I try to view an open browser tab (e.g. MSN.com). This sometimes happens after computer wakes up, ... Read more A:PUP.Optional.MYPCbackup - What to do? 16 more replies Answer Match 72.24% Had to do another reinstall of W7. Are any of these optional updates needed ? A:Optional Updates Define 'needed'! The OS will run happily and securely without them - but they do contain some nice enhancements. I'd install everything offered except the Bing and Live stuff (unless you actually want those) - and hide those so that they don't get in the way (at least until they are updated again) 2 more replies Answer Match 72.24% Having trouble removing this permanently. Keeps coming back after Malwarebytes quarantines it. Any help would be greatly appreciated. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:30:07 AM, on 6/27/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Tracy\Desktop\Malware Virus\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-i... Read more More replies Answer Match 72.24% My OS is Windows 8. For my security I have the free Malwarebytes installed and Windows Defender. Last week I ran a scan with Malwarebytes and it found 11 pieces of malware. All of them were pup.optional. This morning I did another scan and it found 811 of them. This is not a typo. It found eight hundred and eleven! How could this have happened? I do not get on any obscene web sites or any that may be questionable. Also what are the pup.optional? I would appreciate some thoughts on this. Thanks, Fran A:Infested with pup.optional MBAM recently made a change to a more aggressive PUP policy. Malwarebytes Adopts Aggressive PUP Policy - Malwarebytes News - Malwarebytes Forum Quote: In the past, Malwarebytes Anti-Malware has detected only PUPs, or Potentially Unwanted Programs, that were mostly harmful and deceiving. Our users expected more and so we?ve revised our policy to include PUPs in our database that most of our users find annoying or misleading. Within the next few days, detection for many new variants will be added. Malwarebytes feels most of our users have no knowledge that these PUPs were installed and would like them removed. Several thousand forum posts and support tickets confirm our standpoint. Ranging from difficult to uninstall applications to software that makes you opt-out, we?ve had enough of it all! Source: Malwarebytes Adopts Aggressive PUP Policy | Malwarebytes Unpacked This won't answer why you have them or where they came from, but it might explain why you are seeing them now. 4 more replies Answer Match 72.24% Win 7 Ultimate.English Always in Update: 34 optional updates available Is there any to delete that from updates? I am tired of the need to have that showin up every time I go to Windows Update . Thanks in advance oldad A:34 optional updates available Nobody forces you to install any updates. It is up to you what you want to install. I sometimes "hide" updates because I do not use the program to which they pertain. In Vista I have hidden all of SP2 on one system because it gave me problems on another system and it is smooth sailing since then. So as I said, it's up to you. 3 more replies Answer Match 72.24% Received the following update from M$ today, not sure what it is wanting to do -

"nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GTX 260

You may need to restart your computer for this update to take effect.

Update type: Optional

nVidia Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware software update released in February, 2015"

Could someone shed some light on this ?
Thanks

Joe

A:Optional Update - not sure what it is ?

This is an update to your NVidia graphics card drivers, etc. It is optional because it is not necessarily required.

I personally always go to the manufacturer's (NVidia in this case) support site and get the latest drivers from there if I feel I need to update them.

Paul

3 more replies

I opened Windows Update and only listed was an optional update. I didn't update at that time and when I went back to update I could not find the optional update. Ihave Windows 7 Home premium 64 Bit. I looked for updates again but it said everything was up to date. How can I find that update.. I'm not really good with computers any help will be greatly appreciated. I have one other question if you don't mind.

I have to Unzip a ZIP-file with WinZip and save the content to my hard
drive. Then use the unzipped EXE-file to run a program. This sound simple enough, I guess, if you know what you are doing. Where can I get this WinZip program that will run on Windows 7 Home Premium 64 Bit.

One other question. A program that I want to install supports Windows 7 64 bit in 32-bit emulation mode. What does that mean and how do I run this program.

Thanks again for all your help and cooperation. Have a good evening.

A:Optional Update

Welcome rottikid,

For the update it was probably for MSE if that's your Anti-Virus, You could just look at Installed updates and see if it is there.

As for WinZip you can get it here WinZip - Free software downloads and software reviews - CNET Download.com There might be something else you can use too, someone else might know more about that.

And for the 32 bit emulation I don't know the technical answer but 64 bit windows has 2 sets of programs files, Program Files (64bit) and Program Filesx86 (32bit).

Hope that helps you out some.

Derek

5 more replies

Anyone get this virus lately?

PUP.Optional.DefaultTab.A

thanks

A:PUP.Optional.DefaultTab.A

Hello bsacco and Welcome to this forum.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

1 more replies

CANNOT get rid of this even switched from Firefox to chrome. Ran MWB here is the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

9/7/2013 1:44:09 PM
mbam-log-2013-09-07 (13-44-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 275904
Time elapsed: 25 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

A:It's back again PuP.Optional.xxx.a

25 more replies

I ran malwarebytes and it has found several Pup.optional infections.

Heres the log from when i ran it

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2014.01.23.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
23/01/2014 19:22:14
MBAM-log-2014-01-24 (16-45-16).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439965
Time elapsed: 5 hour(s), 25 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKCR\CLSID\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\Toolbar.CT2504091 (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.

A:Pup.optional Infection

2 more replies

Malwarebytes is telling me this Chrome Extension (is a potential threat, but I cannot find anything about "PicEnhance" in Google or Forum searches.  I have installed numerous extensions for later exploration.  Is
"pup.optional.PicEnhance.A" part of an HDR or other photo editing extension.  Malwarebytes won't let me update its database until I do something with this.  I suspect I can make it an exception, but thought I'd ask the experts first.  Malwarebytes log posted below.

Also, and I've asked before with no reply: I have been helped numerous times by this forum and would like to donate to the cause.  Where is the link to send money to BC.com???

Many THANKS!!!!!

>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/22/2014
Scan Time: 7:49:40 AM
Logfile:
Version: 2.00.2.1012
Malware Database: v2014.06.22.02
Rootkit Database: v2014.06.20.01
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dayle
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398612
Time Elapsed: 14 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)

A:pup.optional.PicEnhance.A

5 more replies

Hi, I downloaded Microsoft Visual Basic from Softonic.com on to my computer. When I scanned it with Malwarebytes it categorized it as "pup.optional" and when I pressed "Remove" it deleted it, the reason why I pressed "Remove" was because I though Malwarebytes would remove "PUP's" from the download, but it removed the whole thing instead. My question is, can I download it again, and is it safe? Since Malwarebytes just claimed it was a "Potential unwanted program", though I'm not sure what the "Optional" part was about. Also, I tried scanning other download installers that I have on my PC with Malwarebytes, and it didn't detect anything, so why only this one did they claim is "pup.optional"?

Any help is welcome, thank you!

A:Malwarebytes: pup.optional

16 more replies

I have a
Gateway One All-In-One Desktop with Intel® Pentium® Processor - Microsoft Windows 7 Home Premium Edition 64-bit operating system preinstalled.Optional update:
I recently went to the Critical Updates and saw the following:

"Intel Corp - Display Mobile Intel (R) 4 series expires chipset family" - 21 MB (which is quite a large update)

Just what is this update and should I install it? This is our grandson's computer and we would not want to cause any problems or damage by installing this Optional Update. Nothing appears to be wrong with our graphics, etc.
Alice Z

A:Optional Update

I installed this onto my laptop and considerably improved the graphics on it.

3 more replies

I cannot get rid of this virus/malware/pup.

I noticed my cpu performance was running very slowly, so I ran MBAM. It detected the above, and I restarted to complete the clean up. Upon a restart, I rescanned in safe mode and nothing was found. However, I still noticed slow performance, and I scanned with MBAM again in regular mode. It found the PUP but did not clean it out. I ran ESET online scanner, but this could not get ride of it either. I will post my required logs below.

A:Cannot get rid of (pup.optional.bprotector.a )

15 more replies

Does one need optional updates? The reason I ask is until recently i've had no problems with any update.This one just refuses to install Realtek PCIe GBE Family Controller.(Error code 800F0203)Went through all the chanels, still no install.

A:optional Win 7 update

Jetsguy: Just a word of caution.... It may be best to not load optional updates from Microsoft for hardware or software not related to Microsofts products. To update those non-related programs or hardware go directly to the manufacturers website and get updates there.

3 more replies

Hi all,
I have a function in a class that makes a connection to mysql:
Code:
public function Connect($server=$this->server, $username=$this->username,$password=$this->password)
The $server,$username and \$password arguments are optional, as they are set with default values at the constructor, and I want the arguments to be equal to the variables defined in the constructor if they are not defined in the function call. The code above returns a parse error.

Any suggestions on how to do this?

Many thanks,
Andy

More replies

I have some kind of infection that keeps showing up in all my scans. My computer is running really slow also. Thanks.

A:PUP.Optional.Smartbar.A

29 more replies

My internet was unusually slow today so I decided to use Malwarebytes to scan for viruses. It detected 22 items all called pup.OPTIONAL.tarma.a. I deleted all of them but I am worried I still might be infected, any idea what I should do?

A:pup.optional.tarma.a

Hi -
First these are all Potentially Unwanted Programs that have been found. Always delete them.

Now - Update and Re-run the MBAM scan and check if any PUP items still exist - Also a Full scan with your Antivirus.
These will only return if you visit, or download from sites that contain these infectins.

Thank You -

1 more replies

Hello,

I recently performed a scan using Malwarebytes Anti-Malware and it reported my CPU being infected by (3) PUP.Optionals, one of which being PUP.Optional.Somoto. The CPU is completely asymptomatic and I wouldn't have noticed anything different if it wasn't for running the scan. I've attached the preliminary logs and any help is greatly appreciated. Unfortunately, I was unable to get GMER to work. I "blue screened" on the first attempt and then the CPU completely froze on the second try ...

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by amy at 13:21:41 on 2013-09-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.463 [GMT -7:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe

A:PUP.Optional.Somoto

Hello, calex_uo.

Please send me the Malwarebytes scan log showing the detection.

Open Malwarebytes Anti-Malware>>Click the 'Logs' tab
Select log from the date of the desired scan, they're named mbam-log-2013-xx-xx [10-11-12].txt

PUP detections are Potentially Unwanted Programs. These are programs Malwarebytes researchers have found are sometimes added to a system without the user's knowledge or approval. These are not malicious, just potentially unwanted.

5 more replies

Hi.

Can't seem to find any information on this. Is this harmless adware, or should I be worried?

A:PUP.Optional.Somoto

Well....lets take a look and see what we can find.

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

and save it to your desktop.Disable any antivirus programs during ... Read more

12 more replies

Found PUP.Optional.AlexaTB.A after running a Malwarebytes scan. It says that quarantined and deleted successfully. Is that all there is to it or do I need to run something else? Thanks! The Malwarebytes log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

10/22/2013 9:39:21 AM
mbam-log-2013-10-22 (09-39-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315574
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

More replies

I'm not familiar with doing driver updates. I have 3 optionals from Windows Update. I've read both pros & cons to using Windows Update for drivers but it's been awhile, so what's the current consensus now that I'm running Windows 7? Is it 'good to go' or is it best to go to the product sites?

Others may disagree but I believe the first place to check for updated drivers is at the computer manufacturer's website. (If it's a home built machine then check the individual manufacturer websites for motherboard, graphics card, etc.) I also think most people would say "if it ain't broke, don't fix it."

A few months ago Windows Updates said there was a new driver available for my Sony Vaio's Intel HD 3000 graphics. I went to the Intel site to verify. It was there so I installed it. Almost immediately I began getting blue screens. I went back to the older version and all was well. I emailed Intel and they said once they release a driver, each computer manufacturer or component manufacturer is free to optimize the driver for their particular needs. Sony hadn't optimized it and it wasn't compatible with my Vaio.

If you decide to install those drivers I'd recommend you make a restore point just in case something doesn't work. Better yet, a system image. Go to the Acer website to verify the version being offered as an optionl update is the latest and greatest for your computer. Same thing with nVidia.

6 more replies

Any danger in not installing optional updates? I have nine of them waiting in line and my machine is working just fine. Pros and cons, please?

Optional means just that: optional. It won't hurt to not install them. I hide anything to do with Bing and, if I were to unhide them, there would be many more times nine setting there.

8 more replies

Hi cryptodan

I am following your advice given to glynch8030. As I have no idea just what I can and can not safely delete I was looking for assistance
Below is the log for the first step (I deleted as many as I felt comfortable with. running Windows 7 with eScan and Malwarebytes uusing Google-Chrome browser.

# AdwCleaner v3.012 - Report created 18/11/2013 at 14:11:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wild Kitteh - WILDKITTEH-PC
# Running from : C:\Users\Wild Kitteh\Favorites\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\boost_interprocess
[x] Not Deleted : C:\ProgramData\Partner
[x] Not Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\searchquband
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\Searchqutoolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ ipb.topic.inSection = 'topicview';
ipb.topic.topic_id = 514581;
ipb.topic.forum_id = 103;
ipb.topic.redirectPost = 1;
ipb.topic.start_id = 0;
ipb.topic.page_id = 0;
ipb.topic.topPid = 0;
ipb.topic.counts = { postTotal: 8,
curStart: ipb.topic.start_id,

A:PUP.Optional.Bandoo

7 more replies

Hello,

MBAM Premium detected PUP.Optional.AZlyrics.A and warned me, per Settings > Detection and Protection > Non-Malware Protection > PUP detections =  "Warn user".

After the warning, I changed the PUP detection action to "treat as malware" so it will quarantine it on the next scan.

I'm asking for help because of a previous experience with a PUP variant.  Last summer, on a different computer, MBAM quarantined a couple of PUP variants.  Some further cleanup was needed to make things right, and I got the help I needed after posting to this forum.

DDS.txt posted below.  Attach.zip attached.

Thanks!
--mstap42

# == DDS.txt == #

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Stapletons at 23:01:54 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1671 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe

A:PUP.Optional.AZlyrics.A

15 more replies

hello i have been having trouble with pup.optional.mysearchDial.a
pup.optional.Dealply.a

when i click a new tab this my search Dial page comes up ( it is a a pup)
often get pop up coming in
computer running slower
firefox stops responding

i did have quit a few mysearchDial.a
pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
but i guess they will appear again after using computer for a bit ??

iv got malawarebytes, superantispyware, hitman pro, avg free
can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on

A:pup.optional.mysearchDial.a

16 more replies

I have never installed a single optional update because I don't really know what they are all about although some are obvious. So I ask: just how important are optional updates? Is it generally recommended they be installed?

Some are fairly useful - some are fairly pointless
You need to make the decision on which you want to install for yourself - the list is way to log now to detail it.

1 more replies

I have just switched from dial up to LAN nad although my connection says it's operational it does not actually do anything. I am accessing the web now by using my old dial up. in internet options/connections tab, , I cannot click on anything except the SETUP tab. Ie, nothing else is highlighted as such. I don'y know whether this is connected to the problem or not. In WIN XP help and support, I ran the Network Diagnose Scan system - result is that internet explorer web proxy not configured. In desperation, I have copied the scan results here. Please can you help but bear in mind that I am not really all that computer literate. Thank you!
nternet Service
Default Outlook Express Mail

Not Configured

Default Outlook Express News

Not Configured

Internet Explorer Web Proxy

Not Configured

Computer Information
+ Computer System

NATASHA

AutomaticResetBootOption = TRUE
AutomaticResetCapability = TRUE
BootROMSupported = TRUE
BootupState = Normal boot
Caption = NATASHA
ChassisBootupState = 3
CreationClassName = Win32_ComputerSystem
CurrentTimeZone = 120
Description = AT/AT COMPATIBLE
Domain = WORKGROUP
DomainRole = 0
EnableDaylightSavingsTime = TRUE
FrontPanelResetStatus = 3
InfraredSupported = FALSE
Manufacturer = ATI___
Model = AWRDACPI
Name = NATASHA
NetworkServerModeEnabled = TRUE
NumberOfProcessors = 1
PartOfDomain = FALSE

A:Lan Settings Not Optional

What type of connection do you have and what brand and model of modem. Are you using a router or hub? What brand and model?
Looking at your log I would believe you do not have a ethernet connection for what ever reason.

11 more replies

I ran a scan of Malwarebytes and it came back with the below infection. It says it's in the registry. I attempted to remove the infection, but it keeps coming back. Any help would be appreciated. Thank you.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/19/2016
Scan Time: 2:23 AM
Logfile: malware scan.txt

Version: 2.2.1.1043
Malware Database: v2016.10.19.03
Rootkit Database: v2016.09.26.02
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shane

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408386
Time Elapsed: 15 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Uniblue, HKLM\SOFTWARE\CLASSES\pc-mechanic, , [17f82774dac02b0bf6b2a84ecb394bb5],

A:Pup.Optional infection

You need to change the settings and you need to rerun MBAM as the log you posted doesn't show you allowed MBAM to delete/ quarantine what it found.
Use the programs below to clean, remove adware and remove malware.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled Change to Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and... Read more

1 more replies

I just did a clean reinstall of windows 7 on my toshiba laptop. Now when I goto windows update it doesnt display optional updates at all. There isnt a place for it. Before the reinstall I didnt have this problem. Anyone know how I can see the optional updates?

Look in the Windows Update settings in Control panel. There should be a box to check that says something like "Offer optional updates the same way I receive Windows updates".

5 more replies

It is recommended to install all optional updates or take the time to research select only those that are relevant to your system? Can the update either be uninstalled or installed at a later date if there is a problem?

More replies

Installing optional features failed, why?

Optinal features for english language are installed.

More replies

My wife's laptop has been infected with this nasty virus, she blamed me for her getting it, but I run Malwarebytes occasionally and has never detected the PUP on my machine. I have used Malwarebytes several times on her machine only to have the machine re-infected. So I've been to several sites they confirmed that removal very difficult. They list some very convoluted solution. One even warned that a miss-stroke could cause serious damage to your machine. I have a tremor so I do not want to attempt one of those and that fact they only list windows 7 and 8.

I hoping that there is someone out there that can point me to trusted software to remove this or recommend or a reputable site that can do the removal. I'm not looking for a freebee but permeant solution to this virus.

I'm sure she has a lot of unwanted junk on her relatively new machine. Every time I ran MB it took longer than the previous time, I just ran MB, it took 21min. My machine has a larger capacity and only takes about 5min.

A:PUP.Optional.HomePageHelpe

How can you remove PUP.Optional.Helperbar.
It consists of 3 steps.
http://malwarefixes.com/threats/pup-optional-helperbar/

1 more replies

Thank You

A:Pup.Optional.Mindspark.A

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies

Installing optional features failed, why?

Optinal features for english language are installed.

More replies

So I regularly run malwarebytes, and this thing keeps coming back after being quarantined.
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVI... Read more

A:PUP.optional.trovi.a... what to do?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JSK at 2015-04-10 01:28:10
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)

24 more replies

There have been a lot of problems reported the last few months where Windows Update is very slow and takes a long time.
I just checked my W7 Updates and a new update KB3102810 was published yesterday (2015-11-03)
This update might help fix this, but it also includes a fix for updating to Win 10.

https://support.microsoft.com/en-us/kb/3102810

I also get the "same update" offered for W8.1 as KB3102812 described here:
https://support.microsoft.com/en-us/kb/3102812

A:New optional update

I promptly hid KB3102810 and another optional one when they came through recently; I still have two important ones from yesterday pending (KB2758857 and KB3067904); I'm waiting to see if anyone reports problems or not. I haven't had any trouble with windows updates taking too long to do its thing and I don't need a fix for updating to Win 10 because that simply isn't going to happen. In fact, I suspect the ones who have been having trouble with updates also have the Win 10 nagware, etc. installed, which I do not.

1 more replies

Hi guys, I have these pending optional updates, question is, is there a need to install them? According to the Microsoft support page, some of these updates fix certain issues on some devices. I am not experiencing any of the said problems so I am wondering if I still need to install the updates. Thanks

I had two of those, KB3042085 and 2976978. One seems to be yet another pre W10 update. Installed them OK.

If you install these would you look at something first just to satisfy my curiosity. What is your free disc space before and then after installing these ?

14 more replies

Was doing routine scan, and came across the :
Registry Keys: 1
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [37b6d869eb91e254b719be834cb76f91],

I used Malwarebytes to scan with and had made sure it was up to date. However the program reported I was infected with PUP.Optional.DefaultTab.A. Realize this can happen through downloading different things and companies "hiding" things in software you download. I'd like to get this removed if possible.Been using Malware bytes quite sometime, and this is a first seeing the PUP.Optional.DefaultTab.A.

Also I have been getting the "page can't be displayed" when on websites.Website shows, but like on it some where it will say "page can't be displayed" Could this "pup" also be causing this ? Below I have pasted the complete log : ( I have not taken any action yet to correct this) Decided to see if someone here could help me. I'm using Windows 7 Ultimate 64 bit.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/30/2014
Scan Time: 11:15:23 AM
Logfile: DT1.txt
Version: 2.00.3.1025
Malware Database: v2014.11.30.05
Rootkit Database: v2014.11.29.01
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337284
Time Elapsed: 4 min, 29 sec... Read more

More replies

Hi,

Since some time back malwarebytes will remove "PUP.optional.spigot.a" everytime I run it. Sometimes an empty internet explorer "do you want to leave this page" message will appear as well (I dont use IE.)
Outside of malwarebytes I run avast. Could I get some help killing this annoying little thing.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Z (administrator) on MARGETA (02-09-2015 12:34:29)
Running from C:\Users\Z\Desktop
Loaded Profiles: Z (Available Profiles: Z)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\As... Read more

A:PUP.optional.spigot.a

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Z (2015-09-02 12:35:01)
Running from C:\Users\Z\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
DefaultAccount (S-1-5-21-3700485390-1544953774-2094612495-503 - Limited - Disabled)
Guest (S-1-5-21-3700485390-1544953774-2094612495-501 - Limited - Disabled)
Z (S-1-5-21-3700485390-1544953774-2094612495-1001 - Administrator - Enabled) => C:\Users\Z
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3700485390-1544953774-2094612495-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Achron (HKLM-x32\...\Steam App 109700) (Version:  - Hazardous Software Inc.)