Tech Problem Aggregator

# PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

Q: PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

this is a work computer, so I'll only be around 10a-5:30p EST.  "Computer guy" came about 6 weeks ago, ran Combofix, left.  After that, I  noticed that Conduit hijaked the browsers.  Uninstalled what toolbars I could find, changed settings in IE and Chrome, seemed to be gone. Still no symptoms.  Last week I saw the unsupported or unfound file image in the shortcuts next to the start menu, ran MBAM again, found this, deleted. ran other scans in safe mode w/networking, seemed clean.  Ran a scan just because today, no symptoms, 45 objects found.  Deleted again.  ran TDSS, found a partition. Don't know enough to comfortably delete.  Here's the DDS log.  I hope you can help quickly. My boss wants me to call the "computer guy" again, who I have no faith in, because every time we pay him to "fix it" I end up having to come here and get help because he doesn't actually fix anything, but still cashes the checks.
edit:1:46pm EST  Avira just popped up with detections of TR/Trash.Gen and TR/Drop.Softomat.AN in the System Volume Information folder, as both .exe and .dll under real time protection.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 12:56:02 on 2013-08-06
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3033.2209 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1302791988\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: {6ec5b552-6d23-4e05-a153-32aa26f7d9e8} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x6\programs\QFSCHD160.EXE"
mRun: [HostManager] c:\program files\common files\aol\1302791988\ee\AOLSoftware.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect office x6\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x6\programs\WPLauncher.hta
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F107EAD8-A66A-4692-BA2A-E0697E0E2E81} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-7-12 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2013-7-12 371768]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-7-12 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-7-12 108088]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2013-7-12 589368]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-7-12 84744]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect office x6\programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-08-06 16:34:02 -------- d-----w- c:\program files\Runtime Software
2013-08-06 16:04:39 -------- d-----w- c:\windows\ERUNT
2013-08-01 17:06:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-01 17:06:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-07-22 14:22:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\CRE
2013-07-22 14:19:19 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-22 14:19:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-12 14:45:20 -------- d-----w- c:\documents and settings\owner\application data\Avira
2013-07-12 14:44:29 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-07-12 14:44:29 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-07-12 14:44:16 -------- d-----w- c:\program files\Avira
2013-07-12 14:44:16 -------- d-----w- c:\documents and settings\all users\application data\Avira
2013-07-09 18:38:44 -------- d-s---w- C:\ComboFix
.
==================== Find3M  ====================
.
2013-07-26 12:00:53 577934 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-07-22 14:19:03 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-22 14:19:03 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-08 13:28:12 31425872 ----a-w- c:\program files\Dropbox 2.0.5.exe
.
============= FINISH: 12:56:22.31 ===============

A: PUP.Optional.SearchProtect.A, PUP.Optional.Conduit.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Third party programs if not up to date can be the cause of infiltration an infection.Please restart the computer before running this security check.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.p.s.If the SecurityCheck program fails to run for any reason, run it as an Administrator.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

9 more replies
Answer Match 85.5%

My computer had PUP.Optional.SearchProtect.A
when scanned with Malwarebytes.  Malwarebytes says my system is now clear, but something seems to be chugging all the time in the background.  I'm wondering if there is still some residual infection.  Thank you for any suggestions.

A:PUP.Optional.SearchProtect.A

Hello HelenLet's look at some more.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double clic... Read more

22 more replies
Answer Match 83.1%

Recently had a few people stay in my home for a few days. Common courtesy had me give them permission to use my computer when they needed to, but once they departed, I decided to run a scan on the computer.
Free Trial Avast comes up clean.
Free Trial Malwarebytes is a bit different:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/23/2014
Scan Time: 11:09:25 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.24.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Tameka

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 267992
Time Elapsed: 13 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Spigot.A, C:\Users\Tameka\AppData\Roaming\Search Protection\SearchProtection.exe, 724, , [062bb5a0b3c82412a25f003c31cf629e]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, , [32ff9fb6f7843cfa041e7e23bb47f30d],

Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-934097189-4001693668-3402004547-1001-{ED1FC765-E35E-4C3D-BF15-2... Read more

A:PUP.Optional.Spigot.A, PUP.Optional.MyEmoticons.A, PUP.Optional.SearchProtection

Update:
Malwarebytes blocked PUP.RiskwareTool.CK from doing something (this was outside of a scan).
A quick Google search has led me to understand that this particular PUP is not an issue? Is this true?

3 more replies
Answer Match 81.9%

I got a notice on my taskbar from MB that my website protection was disabled and to click on it to enable it.  So I did then I decided to run a scan with MB and there was an update to MB so I did that first and then ran a scan and it came up with  PUP.Optional.Searchprotect.A so I deleted it and scanned again and it came up with a clean system.  Over the past few days I have been downloading things like SDK and roms for my phone but I scanned all of them with MB and they were always clean. Should I be worried that there could be something left over from this? I have not done anything else at this time.

Thanks for any help.

Winows 7 service pack 1

A:Malwarebytes Anti-malware caught PUP.Optional.SearchProtect.A

Hi statos.

Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
-------------

Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next... Read more

2 more replies
Answer Match 78.3%

I just installed a new SSD.  Somehow I got infected with the Conduit Search Virus for the second time while setting up the SSD and programs.  I have run Malwarebytes several times.  It finds PUP.Optional.Conduit.A in several places.  I have quarantined each time but the Conduit Search has more lives than a cat.

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Eric Hardman at 15:31:44 on 2014-05-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.5597 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WL... Read more

A:Conduit Search Virus: PUP.Optional.Conduit.A

Hello Double Eagle I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

10 more replies
Answer Match 78.3%

Infected with this search virus again and I can't get rid of it.  Opens multiple tabs in Chrome.  Keeps coming back no matter what I try.

Also getting pop up ad banner side loading from the lower right hand corner on IE.

Thanks in advance.

DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Eric Hardman at 9:53:03 on 2014-08-20
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8174.4962 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\... Read more

A:Conduit Search Virus: PUP.Optional.Conduit.A

Hello Double Eagle I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

16 more replies
Answer Match 107.1%

Malwarebytes Anti-Malware, I do a scan this pops up i click to delete, then it come back again, not sure what to do?

PUP.Optional.Conduit.A, C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences

Thanks

A:PUP.Optional.Conduit.A,

Hi, I'm Rootk and I will be helping you with your problem. First off, I want you to know that I'm still in training for malware removal and my responses have to be approved before I can post them to you, therefore there will be a little delay between each post.We need to see some additional information about what is happening in your machine.Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt Save both reports to your desktop. The instructions here ask you to attach the Attach.txt.

Instead of attaching, please copy/paste both logs into your next reply.
Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.Run the scan, enable your A/V and reconnect to the internet.Information on A/V control HERE

18 more replies
Answer Match 107.1%

1 - Latest version of Vuze infected my laptop with malware - pup.optional.conduit.a

2 - I've browsed through the forums here many a time and have always been impressed with the help I've seen given. That being said, what is a good donation amount?

3 - DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.45.2
Run by Remag VII at 9:36:34 on 2013-11-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16332.13849 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\s... Read more

A:pup.optional.conduit.a

Hello Remag VII I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

17 more replies
Answer Match 107.1%

Hi,

I'm working on Windows 7 (64) using chrome as my browser.  I recently got a PUP detected by Malwarebytes of PUP.Optional.Conduit.A which recurs every time it's quarantined.  A second infection was detected once during this infection as well, but it hasn't recurred (I believe that infection was something related to "Spigot" which I had once on my computer last year)

I have not noticed any symptoms on my computer.  I have not downloaded anything that could be an obvious source of the program.

Thanks for any help you can offer getting rid of this pesky program!

Heather

Here's my FRST.txt info:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by user (administrator) on USER-PC on 28-04-2015 14:15:53
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AM... Read more

A:PUP.Optional.Conduit.A I don't know how to get rid of it

Hello userhw,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Logs can take a while to research, so please be patient.Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.***Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.***Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could... Read more

29 more replies
Answer Match 107.1%

I am infected with the Conduit malware.  I ran Malwarebytes and it came back with over 600 threats named pup.optional. conduit A.  When I try to change the internet homepage it defaults by to the the browser logo page.  I have attempted several times to remove the virus but it keeps returning. I also get a DLL run box when I start indowsThis my first time with 600+ threats.  Please advise on how to remove.  Thank You

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2012 6:11:05 AM
System Uptime: 3/25/2014 3:01:04 PM (56 hours ago)
.
Motherboard: Dell Inc. |  | 0Y2MRG
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | CPU 1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 867.11 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 3/16/2014 7:00:04 PM - Windows Backup
RP223: 3/18/2014 1:14:59 AM - Windows Update
RP224: 3/22/2014 11:17:34 AM - Windows Update
RP225: 3/23/2014 7:00:05 PM - Windows Backup
RP226: 3/26/2014 1:37:55 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin... Read more

A:PUP Optional Conduit A

Hello rosemel I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

16 more replies
Answer Match 107.1%

I have anti virus software as well as Malware Bytes. Every single time i run a full scan on both programs my anti virus software doesn't spot this ad ware but Malware Bytes does. I have to restart my computer to get rid of it. But once i run a scan again; right after i restarted my computer the ad ware appears again. IDK what to do, i'm not very keen on downloading some ad ware blocker program but if that's the only option then its fine. Any suggestions on how to permanently get rid of this.

A:pup.optional.conduit

Hello and Welcome -
Please read http://blog.malwarebytes.org/news/2013/09/selecting-all-pups/

Make sure that all items are selected, or you will not have removed them.
Please select your last Malwarebytes Scan, and Copy / Paste it back here.
If you are not able to find it, Please Update your copy of the program, and run a Full Scan.
Then Copy / Paste that log back here.

Please download and run RKill by Grinler.
A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
Please Copy and Paste the small log back here

Now: Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Note Do not click on the Scan or Clean button more than once, as this may cancell all results
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* If you see any which you do not want removed, remove the check mark next to it.

* Next: Click on the Clean button (only once) to remove the selected items.
* You will receive a message telling you that all programs will be close so that the infectio... Read more

2 more replies
Answer Match 107.1%

2.
I was trying to get a game to play on Voobly working properly which required port forwarding and so, I had to set a static IP and use this tool from portforward.com to test if the ports were opened or not. I was on the phone while installing the software which resulted in me accepting what I thought was a window for going forward with the installation. Two more accept/decline windows followed it and I knew I messed up (I hit decline on those).

I ran a full scan using Malwarebytes and it found 9 infections on my computer by the name in the title.  I use firefox and have no toolbar on my windows or in my add-ons. I looked in my "Add or Remove programs" and found nothing new. Should I remove that portforward.com tool? I ask because they seem to be pretty trusted, the optional downloads are what seem to be malicious.
3.
I use windows XP and am planning on upgrading soon.
4.
I ran Malwarebytes.

A:PUP.Optional.Conduit.A

Hello -
Please run these few programs and Copy / Paste the logs generated. Temporarily Disable Your Anti-virus if needed

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

Please download MiniToolBox to desktop and run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
At most the tool will run for about 2 minutes
Copt and Paste the log it produces.

Important: Do not reboot your computer until you complete the next step.

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Clic... Read more

15 more replies
Answer Match 107.1%

I need help getting rid of PUP.Optional.Conduit. I have run Malwarebytes and House Call and Avast. Malwarebytes sees it and I try to Remove it but it keeps coming back. It makes IE freez. Help!!! I am running win 7 64BIT.

A:PUP.Optional.Conduit

http://www.bleepingcomputer.com/download/junkware-removal-tool/
this works pretty well.
I would also reset IE back to default to be sure, and run c cleaner.

5 more replies
Answer Match 107.1%

My first post here at this site. Sorry if I make mistakes with any of your rules.

I have this nasty little problem that I can't seem to get rid of. I am told it isn't a virus but rather just a program that steals information and finds it's way deep into my labtop. I am not really experienced with getting rid of such things but I have tried a few things to no avail. All it is really doing is making videos run slow and studdering, and making everything else slower. I have an older labtop so it is already slow enough.

I run the free version of avast, and the free version of malwarebytes. When I run an avast scan nothing shows up, and when I run the malwarebytes one line comes up (PUP.Optional.Conduit.A). I hit the quantine button and seems to go away, but as soon as I run another scan it is right back on there.

I uninstalled Chrome, and reinstalled it and ran another scan and it wasn't there. But as soon as I watched a video on youtube it was back. I tried googling PUP.Optional.Conduit.A and there was a 4 step removal guide that I tried. First step was to use start menu to open "remove programs" find it and remove anything with Conduit in the program. I tried that and found none. I searched all programs and still couldn't find it. But I know it is there, because every time I run a malwarebytes scan it shows up.

I went ahead and did the other 3 steps of the 4 step plan which included adding AdwCleaner and running a scan, Then add Malw... Read more

A:PUP.Optional.Conduit.A

Conduit probably installed a start-up item.  It may also be listed in Programs and features as a program that's installed. I would check your start-up items and programs and features list to see, but first need to know what version of Windows your running.

5 more replies
Answer Match 107.1%

My computer is acting slow and sluggish, and when I run Malwarebytes it comes up with something called PUP.Optional.Conduit.A, I let it remove it and when i scan again later, it is still on my system. Is there a way to get rid of this permanently? Or is there more on my computer that is making it slow? Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:36:45 PM, on 10/11/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nic Arvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Malwarebyte... Read more

A:PUP.Optional.Conduit.A

7 more replies
Answer Match 107.1%

Hi -  Malwarebytes keeps finding this on my computer - pup.optional.conduit.a in google/chrome/user data/default/preferences.    I've read this forum, the malwarebytes forum, etc.. and tried the different fixes using different tools.   It will be gone .. then return again the next time I run a Malwerebytes scan.       I recently was having shut-down problems w/ my my Acer laptop after the latest Windows 8.1 update, tried many things and ended up doing a factory reset, which fixed that problem so everything is pretty fresh.      I did a reset of Google Chrome last night.   I got a clean scan on Malwarebytes but it's back again today.  I'm really getting frustrated and beginning to wonder if this is a false positive or something.  I hope that someone can help me.

A:PUP.Optional.Conduit.A

Hello jewelz... I moved this to the Am I Infected Forum.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows... Read more

11 more replies
Answer Match 107.1%

Hello,

I was wondering if anyone could help me remove infected items reported by Malwarebytes. I removed them before however they seem to have returned. They are named variations of PUP.optional.Conduit.A and are registry keys and files/folders. I have done another scan and it says they are removed but I would like to be certain they are gone is there any other ways I could do this?

Thank you

A:PUP.optional.Conduit.A

I'd do a scan with Malwarebytes and my antivirus program in Safe Mode.  I have to tell you that Conduit malware is very hard to get rid of because it sinks it's teeth into many parts of your system.  You might try the Revo Uninstaller too.

Good luck.

4 more replies
Answer Match 106.26%

Hey peeps,
I've run mbam five times with no luck getting rid of these problem childs. It keeps shutdown win firewall. All of a sudden now there's some sort of scan going continuously. Don't know if it's related, but been having problems with BSOD that I seem to have resolved by rolling back nvidia drivers to 314.22.  Event Viewer shows nvlddmkm Event id 14. "Either the component that raises this event is not installed on your local ocmputer or the installation is corrupted." I've done a bunch of fresh installs of the drivers and nothing seemed to work until I rolled back the driver.  No more BSOD since I did that, but then firewall kept getting shut off.  Now I notice that file system looks corrupted.  I saved the DDS and Attach text to desktop but they are not there. New icons on desktop showed for 'Computer' and 'Chris' (my user account name).  I think I'll perform a restore from a backup image, but I want a go ahead from y'all first.  Thanks for looking.  I appreciate your time.
Here is MBAM log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.03.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Chris :: BLACK-COMPUTER [limited]
12/4/2013 12:11:33 AM
mbam-log-2013-12-04 (00-11-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182196
Time elap... Read more

A:mixidj v30 and optional.conduit.a

Hello cleffgo I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

16 more replies
Answer Match 106.26%

I would love some help in removing this malware. I also have files that have the same name but leave off the "A" at the end. Not sure if this is a different problem or not.

I have not seen any apparent problems with my computer other than sometimes when I start it up the desktop icons never show up and I have to re-start the computer. That may be related to the malware but not sure.

Here are the reports from DDS.

Thank you very much for your help,
Brian

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 15:58:12 on 2014-01-04
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2005.564 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malware... Read more

A:Infected with PUP.Optional.Conduit.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completi... Read more

7 more replies
Answer Match 106.26%

Mod Edit:  Pasted DDS log into post, fixed title - Hamluis.

Hello, this is continued from this thread;
http://www.bleepingcomputer.com/forums/t/531576/pupoptionalconduita/#entry3346761
where I was recommended to start a thread here.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/6/2014 6:51:28 PM
System Uptime: 4/23/2014 12:03:26 PM (8 hours ago)
.
Motherboard: Dell Inc.           |  | 0DH682
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 60.061 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP34: 4/15/2014 1:21:27 AM - Software Distribution Service 3.0
RP35: 4/15/2014 1:21:27 AM - Software Distribution Service 3.0
RP36: 4/15/2014 1:21:28 AM - System Checkpoint
RP37: 4/15/2014 1:21:28 AM - Software Distribution Service 3.0
RP38: 4/15/2014 1:21:28 AM - System Checkpoint
RP39: 4/15/2014 1:21:28 AM - System Checkpoint
RP40: 4/15/2014 1:21:28 AM - System Checkpoint
RP41: 4/15/2014 1:21:28 AM - System Checkpoint
RP42: 4/15... Read more

A:PUP.Optional.Conduit.A continued

Good evening.
Can you tell me what tool you installed that started this issue?

15 more replies
Answer Match 106.26%

Hi and thank you guys for helping those of us who do not know how. I have windows vista home premium with service pack 2. I have avast free anti virus. I have 3 browsers on my computer. Firefox, Internet Explorer and Google Chrome. My wife prefers internet explorer, my son swears by google chrome and i like firefox best. For weeks now, no matter which browser we chose to use, our Avast antivirus periodically and repeatedly would pop up a warning box saying "threat has been detected". Each time Avast said that it dealt with the problem by blocking it but it kept coming back time after time after time. Each time the warning popped up it would say one of the following: vetranted, superpent, getitnowfast or there were maybe 2 or 3 more. I downloaded  the free version of malwarebytes anti malware and it said it detected over 400 threats and quarantined them. After it did its job I can now use Firefox and internet explorer without any popups. But the threats still continue with chrome. Am I infected?

A:pup.optional.multiplug.gen and conduit

Hello Zombo, we should get god results from these...MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection software now to avo... Read more

6 more replies
Answer Match 105%

I deleted it but im afraid it's not gone. can someone please help me?  The pc is running slow and a lot of stuff shows up on the bottom left side of the screen on all browers! It corrects itself if i re freash the page. Thanks so much!

A:Malwarebytes said this:PluginInstall.exe (PUP.Optional.Conduit.A) What do i do?

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

17 more replies
Answer Match 105%

I just posted in the virus/malware forum about MalwareBytes showing my computer is infected with PUP.Optional.Conduit.A and will be waiting for a reply for the time period stated (about five days). But what i wonder now is I still have the Malwarebytes window open showing the 22 instances of PUP.Optional Conduit.A and PUP.Optional.Conduit files still on my computer.

I can checkmark those and hit "remove slected" or hit "ignore."

Which should I do until I get further information from a volunteer here from BleepingComputer.com?

Thank you very much,
Brian

A:Do I remove PUP.Optional.Conduit.A in Malwarebytes too?

This is usually related to the Conduit toolbar. Did you intentionally install this?

3 more replies
Answer Match 105%

Malwarebytes scan found Conduit on my computer.
This is the message I got after having it deleted.

nsbCDCC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nscFC66.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsi7E1F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl5338.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsl772F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nswF199.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brett\AppData\Local\Temp\nsy88DC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

I did a search and found many removal guides for this so I wanted to make sure it is really gone.

Thanks,
Bonefish

A:malwarebytes found PUP.Optional.Conduit.A

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.-- Note: The contents of the AdwClea... Read more

5 more replies
Answer Match 105%

According to MBAM, two of my computers are infected.  This one appears to have at a minimum a pup.optional.conduit infection.  I'll include a DDS as well as a MBAM log here.  Any help is greatly appreciated.

DDS Log
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by CFT at 18:58:30 on 2013-12-31
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3993.1516 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:... Read more

A:Computer infected with pup.optional.conduit & others

Any help would be greatly appreciated .. thanks much.

9 more replies
Answer Match 105%

I had a dozen attempts at a change of firefox home page during install of JetAudio basic from download.com (ie browser hijack popups warnings from Superantispyware) . I dont think it had got as far as install jetaudio, there was a cnet installer which asked if I wanted a bunch of other stuff, which I believe I rejected, but as I hadnt seen a cnet installer before (always seemed to just download a file in the past when I used this site, without pushing other downloads), I suppose I may have clicked on accept the first time foolishly thinking because they say clear of spyware I should trust the installer.I have since read some cautionary discussion on using the cnet installer, suggesting people have had problems even when rejecting any bundled downloads, seeming some junk can be bundled anyway? see here http://forums.cnet.com/7723-6132_102-591945-0/search-conduit-malware/ I also note that a few days before I started having problems with the shockwave flash plugin crashing - this may indicate separate issue, or maybe just be instability of the current version of firefox / flash perhaps Anyway, I ran Malwarebytes in full scan, found a lot of files associated with pup.optional.conduit.a I cleared those (log attached), and then ran malywarebytes again in quick, which came up clean. Always suspicious things are not always that simple, I searched for what I was up against, whether any other action required. I found this page: https://forums.malwarebytes.org/index.php?s... Read more

A:Malwarebytes found pup.optional.conduit.a

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513893 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

38 more replies
Answer Match 105%

I have two problems here:

First, optional.conduit.a keeps on reinstalling itself. Tried removing using AdWcleaner and Hitman Pro but it keeps coming back.
I followed the instructions from http://www.malwareremovalguides.info/pup-optional-conduit-removal-intructions/
Am I missing something

Second, Hitman Pro has quarantined "chromeinstall-u755". I'm not sure what it is or how to get rid of it.

Please help.

A:optional.conduit.a and chromeinstall -u755

Hi samone4,

Please do the following:

Download minitoolbox (http://www.bleepingcomputer.com/download/minitoolbox/) and run it with the following boxes checked:
List last 10 Event Viewer Errors
List Installed Programs
post the results from minitoolbox so that I can better assist you in removing the problem.

3 more replies
Answer Match 103.74%

Hi there

Noticed my laptop was running a bit slow tonight so did a Malwarebytes scan - it found the aforementioned threats.

I quarantined them after the first scan and rebooted, did a further scan and they're still there.

Any help on removing them would be much appreciated.

Have enclosed a Hijackthis log... do you need the DDS logs as per the thread at the top of this forum?

Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:10:26, on 22/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Digiguide TV Guide\digiguide.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome... Read more

A:Malwarebytes has found PUP.Optional.BrowseFox.A and PUP.Optional.Webconnect.A

Good evening.

do you need the DDS logs as per the thread at the top of this forum?

Yes, that's why it's there. HijackThis has not been seriously updated in some time and so is not considered worth the hard drive space, although I suppose that it acts as cheap advertising for Trend Micro.

Will you also let me have a copy of the detections that MBAM is finding. You can paste them into your next reply from the Logs Tab in MBAM.

2 more replies
Answer Match 103.74%

OK I am a moderate security guy trying to learn more from the REAL Security PROs. I was looking for server 2012 Installing and Configuring study material FOR FREE of course and got in a little to deep. I use Zone alarm firewall Free version and Malwarebytes religiously. As well as MSE as my regular day to day antivirus. Now normally I would not dig as deep as I did this time to get so ROOTKIT infected.
Recently I ran GMER and found a lot of RED in the registry; Files and other important places so I figured I need to reimage my machine......! I also ran Kaspersky's TDSSKiller and it came back clean?? I will attach the Kaspersky log below... Now I also use CMS Product Ultimate BounceBack version 11.4.0.29, I believe so I can make all this go away with a backup reimage. But I am pursuing my Server 2012 MCSA and eventually want to become Security focused. So I have all the Rootkit tools and have played with them in the past but in my experience it has always been best to completely reinstall the OS version, Whatever the OS may be at the time, and move forward because otherwise you are never going to completely clean the machine. Not to mention, the time saved by doing this speaks for itself. All that being said I would still like to get a better understanding of this from a Security standpoint..... I am running a Windows 7 Professional Elitebook 8650p laptop with 240GB Crucial SSD and 16GB RAM.This time around I am going to use a HIPS such as Winpatrol but want a so... Read more

A:PUP.Optional.YourFileDownloader and PUP.Optional.InstalleRex believed rootkits?!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/537537 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Answer Match 102.48%

Last night I updated my Malwarebyte's Antimalware to the recent version and ran a scan, this is what it found.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/8/2014
Scan Time: 11:55:22 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.08.10
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Blair
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292725
Time Elapsed: 16 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\Blair\Application Data\Mozilla\Firefox\Profiles\8mt0uc98.William\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms}");), Replaced,[c3d646833348b77f91880c1b49bc817f]
Physical Sectors: 0
(No malicious items detected)
(end)

Should I be worried that it found this, I honestly don't remember being redirected anytim... Read more

A:Finally updated MBAM 1.7 to 2.0 an it finds PUP.Optional.Conduit.A

You want to remove Conduit. as it can bring in other items.Potentially Unwanted Programs are annoying for a number of reasons. They will install adware on your PC meaning that you’ll be plagued by dozens of irritating pop up adverts for websites and products you probably have little or no interest in and they can also hijack your browser and install unasked for tool bars. In this case, it will install Conduit toolbar and change your default search engine to search.conduit.com. A tool bar that you didn’t ask for is rarely useful and serves to do little more than to confuse you and change the appearance of the browser that you know and use on a daily basis. Furthermore some tool bars have the ability to install even more unwanted software and can redirect you to websites that the programmer wants you to visit instead of the sites that you are trying to go to.What is Conduit  Also run..ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.[/*][*]Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.[/*][*]Click on the Scan button.[/*][*]AdwCleaner will begin...be patient as the scan may take some time to complete.[/*][*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.[/*][*]After reviewing the log, click on the Clean button.[/*][*]Press OK when asked to close all programs and follow the onscreen prompts.[/*... Read more

7 more replies
Answer Match 102.06%

Hi Folks-
Been trying to eradicate PUP.Optional.Spigot virus. Now the Outbrowse has shown up.
Have tried to use Malawarebytes, Kaspersky Rootkit killer, AdWdleaner. Gets rid of it but shows up almost immediately.
Seems to be in this location-

PUP.Optional.Spigot.A, C:\Users\Ericsun\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "https://search.yahoo.com/?type=994519&fr=spigot-yhp-ch",), Replaced,[267b049c215a3006d998c51aa4607a86]

______________________________________

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by Ericsun at 16:14:01 on 2014-08-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3037.1494 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Micr... Read more

A:Can not remove PUP.Optional Spigot. Also PUP.Optional.Outbrowse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543666 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

8 more replies
Answer Match 98.28%

Hello,
I ran Malawarebyes and it said that some of my registry keys are infected. It quarantined them but I just want to make that there isn't another step I have to do to make sure its gone. Below is the log. Thanks!

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.11.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Tisha :: TISHA-HP [administrator]
12/11/2013 7:24:11 PM
mbam-log-2013-12-11 (19-24-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214460
Time elapsed: 11 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar (PUP.Op... Read more

A:PUP.Optional.Bandoo & PUP.Optional.Searchqu

Welcome JoRayne, to be sure we can do these.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolClick on the Scan button.A... Read more

8 more replies
Answer Match 81.48%

Ok, First of all, Merry Christmas!
Somehow I managed to get these two nasty surprises on my computer. It started a few days ago. IE was having a lot of pop-ups (specifically down-load some updates to a video player) and it hijacked my home page.
I ran Malwarebytes on it which found a TON of stuff to fix. It fixed some, but not all.
It kept on showing a file (RunDll32) that was corrupt. I manually deleted that file.
Now, I thought I had my home page issue fixed, but it changed again.
I was running McAfee, but then it started having errors and would not work. saHook.dll was invalid. I called "tech Support" which turned out to be Advanced Systems Optimizer (total scam BTW). They did find a Trojan "Zeus" on my computer but wanted $300 to fix it. Finally I got an actual McAfee tech support person who could not fix the problem. (we de-installed and re-installed twice). To help protect my computer I installed Symentac End Point Protection 11.0 (I got it from work) and it won't install correctly. The proactive threat protection will not update and it keeps giving me a LU 1825 or LU 1806 error. Malewarebytes is not finding any issues. SEP did not find any issues, but I am still concerned that I have a virus/maleware/Trojan on my computer. Here are my logs. HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:03:30 AM, on 12/24/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Ru... Read more A:Conduit and SearchProtect virus 10 more replies Answer Match 79.8% somehow zoomify among other adware/malware has infected my computer, i have ran malwarebytes and it found 41 items, ive purged the quarantine and i am still having the same programs show up in taskmanager, before i ran the scan, something was preventing me from connecting to the internet, but after i restarted my computer i was able to connect again but fear that this will keep happening unless i can get this horrible unwanted additions off my computer! please save my computer! A:multiple viruses zoomify, searchprotect, conduit...help! Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more 7 more replies Answer Match 78.96% DefaultTab.A, BrowserApps.A, CrossRider.A, CrossRider.T, WeatherAlerts, Bundlore, OneSoftPerDay.A, AppMarket.A, Tuto4PC.A, Suspicious.cloud.9, Sonar.Heuristic.120, OptimizerPro have all been found in various scans in the past couple weeks. I need to be sure that these are all gone. This laptop is used primarily for maintaining and editing photos and general computing and internet surfing and recently has been running slower and slower. The Astromenda was taking over the web browser and even though I've removed it from everywhere, it still appeared in the MBAM scan ran today in addition to Hijack.StartMenu. I'd like some help making sure all the viruses, PUPs, etc are cleared up. I've downloaded MBAM in addition to using Norton that's installed. I unstalled AVG that was also installed since Norton was the paid edition and I didn't want them to conflict with each other. Also, I can't get into a lot of folders and get the message "Location Not Available and C:\documents and Settings is not accessible. Access is denied" even though the user is an administrator user. I'm not sure if this is related to any of the virus or malware issues. Thanks in advance for any assistance in this matter. Here's the DDS.txt and the file attach.txt is attached. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.25.2 Run by Owner at 1:46:09 on 2014-09-25 Microsoft Windows 7 Home Premium 6.1.7601.1.1... Read more A:Astromenda.A, Hijack.StartMenu, Conduit.SearchProtect, GlobalUpdate.T... Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window. HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more 33 more replies Answer Match 76.44% Hello, Thank you very much for your service! I seem to be infected with the Win 32 virus. I have tried ending processes and removing manually through remove programs, but with no luck as it won't allow me to end the processes. It has also downloaded and added several things; Severe Weather Alerts, Live Support, Mix DJ toolbar. It also crashed recently, no blue screen but just a flat power-down. My google chrome bookmarks have also been removed. The computer is running extremely slowly, and I also have the feeling something is wrong with my Windows updates, as I do the updates and when I reboot they are still there. Some of the updates show an error message and won't download. Thanks in advance! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Brit at 14:12:44 on 2013-08-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.3080 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k Local... Read more A:Infected with Win32/Conduit.SearchProtect. Crashing. MixDJ toolbar, Live Support Hello aLuffabo,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download AdwCleanerDouble click on AdwCleaner.exe to run the tool.***Note: Windows Vista and Windows 7 users:Right click in the adwCleaner.exe and select Click the Delete button.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your next reply.Or you can find the logfile at C:\AdwCleaner[R1].txt.2.Download RogueKiller on the desktopClose all ... Read more 3 more replies Answer Match 73.08% Hello to all the good people at bleeping. I have been runing malwarebytes scans and super anti spyware scans and adwcleaner and so on and everytime I run the malware bytes scans there is a pup optional.findwide.A Technically I understand that is not a virus per say but can lead into other malicious threats. I looked up in the C folder and I can't find anything there I do know the pup.optional.findwide.aC:\users\regina\appdata\local\google\chrome\userdata\default\preferences. this is what the malwarebytes is scanning. I have reset the browser in google chrome and done what all I think to do. I know this kind of thing is browser hijack. Can anyone give me a opinion on what other methods to do? Thankyou for reading, From Gina A:Can't get rid of pup.optional Hello GinaLets also do these and see what we get.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 us... Read more 7 more replies Answer Match 73.08% Hi just did a Malware scan and found these PUP,S ,,,PUP Optional Binkiland and also PUP Optional Gameo please any help greatfully recieved thanks A:PUP Optional Hello harty and Welcome to the BleepingComputer. My name is Yılmaz and I'll help you with the cleanup of malware from your computer. Before we move on, please read the following points carefully. Please complete all steps in the specified order. Even if tools don't find malware, I want you to post the logfiles anyway. Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so. Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can. Don't install or uninstall software during the cleanup unless you are told to do so. If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed. I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean Please reply to this thread. Do not start a new topic As my first language is not English, please do not use slang or idioms. It could be hard for me to understand. Please open as administrator the computer. How is open as administrator the computer? Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsu... Read more 57 more replies Answer Match 73.08% Hi everyone.. new here, I've been using MSE 12mths no problems, my ? is why is MSE optional on updates? A:MSE Optional Welcome to the Seven forums! Are you sure that it is MSE that you are seeing or could it be MSE updates? 5 more replies Answer Match 73.08% Hello, I just ran a Malwarebytes scan as I ocasionally do. This time, for the first time, I did a full system scan and it found the PUP.Optional.1.9.1 malware. It located it in a programme on my desktop, Unlocker.1.9.1.exe. Other scans with AVG and House Call don't pick anything up. The Unlocker programme is important to me because without it my photshop files are consistantly locked by Explorer and I can't progress my work. For this reason I didn't want to be too hasty in removing the 'infection'. My PC works just fine and I think PUP stands for potentially unwanted programme. Potentially? Am I safe to leave it? Please can you advise me? Many thanks in anticipation - Ian. A:PUP.Optional.1.9.1 I've used Unlocker quite extensively in the past. It can be of great use. From what I remember, it will install some extra "junk" during the setup if you're not carefully reading and forget to uncheck a couple of boxes. That aside, I believe the program to be safe and have never had an issue with it. 6 more replies Answer Match 72.24% Where do these files come from? I have found them with malwarebytes and deleted them, but later there are more showing up again. A:[SOLVED] PUP.optional PUP is an acronym for Potentially Unwanted Programs, which are added to a system without the user's knowledge or consent. They are usually bundled with other software downloads. While downloading and installing a software, care should be taken to uncheck other offers of software, if not wanted. PUP (Potentially Unwanted Program) Definition 3 more replies Answer Match 72.24% I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) A:PUP.Optional in Registry Key will not go away Quote: Originally Posted by angiesluck I have found on my husbands laptop a malware that is very persistant at staying on his computer even thou I have run several Malware removals....both in normal mode and in safe mode.....MalwarbytesAnti-Malware finds it...deletes it but it comes back.....I also downloaded in safe mode and tried SuperAntimalware but that does not find anything in registry.....Spybot search and destory finds 1 but it does not show up when you click on show details...nothing shows up! So why can I not get rid of it.......It says its in Registry Key...HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) In command prompt: Code: reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} /s post output 9 more replies Answer Match 72.24% hello i have my problem back iv seen some of the old infections on the super antispyware scan computer/ browser not responding, takes forever to to anything is slow at booting up also running slow Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft® Windows Vista™ Business, Service Pack 2, 32 bit Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, x64 Family 6 Model 15 Stepping 10 Processor Count: 2 RAM: 1005 Mb Graphics Card: NVIDIA Quadro NVS 140M, 128 Mb Hard Drives: C: Total - 76316 MB, Free - 41504 MB; Motherboard: LENOVO, 766512M Antivirus: AVG AntiVirus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled that is weird i have previously deleted /removed avg and put in Vipre on trial but computer wouldn't work properly with the firewall working so im using windows firewall and vipre for the rest . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Business Boot Device: \Device\HarddiskVolume1 Install Date: 14/06/2012 2:21:56 PM System Uptime: 2/10/2013 5:53:20 AM (2 hours ago) . Motherboard: LENOVO | | 766512M Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 40.233 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== Installed Programs ====================== . Adobe Flash Player 11 Ac... Read more A:pup.optional.mysearchDial.a 16 more replies Answer Match 72.24% do i have to install this update? A:optional update Hello SpeedDial, No, you do not have to. It's just to let you know that there is a new optional driver version update. If you do not want to install it, then you can hide it to not see it anymore in Windows Update. However, you might give it a try since it is a new version that may help improve your graphic card's performance. If not, you can always rollback to the previous driver version. Hope this helps, Shawn 7 more replies Answer Match 72.24% Hi, I stupidly tried to download what I thought was Adobe flash player and ended up with Search Dial which took over my Windows 8 computer. I ran Malwarebytes and then reset my computer to an earlier date, which seemed to get rid of it and now it works okay once again. But now when I run Malewarebytes Pup.Optional.eSafe.A shows up on my Windows 8 laptop. I read on other sites on removing it but they all want you to download various tools. I ran Malewarebytes and it removed it but a couple days later it showed up again when I ran Malewarebytes. Would running Super Anti Spyware solve the problem? I admit to being a total computer dummy and brought this upon myself, learning a tough lesson, but I sure would appreciate any help/advice you can offer. p.s. I have a very difficult time navigating Windows 8 just to find the simplest things. So please be very specific if you can. Thanks! A:Pup.Optional.eSafe.A I've run Malewarebytes again several times and the Pup.Optional.eSafe.A is gone, so I think my computer is okay. 2 more replies Answer Match 72.24% Hi, a scan with MBAM found and quarantined this PUP. Do I need to clean up any remnants and if so how? and would you advise installing Unchecky to help prevent these things creeping into my system again? Thanks. A:PUP Optional Spigot.A teddyboy, Hi and welcome to TSF. Please note that this is under the supervision of an expert analyst. Please read NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help and post/attach the three logs (dds.txt, attach.txt and gmer.txt) mentioned. These logs will give me a place to start and give you back a better working computer. If any problems completing, continue with next log and let me know what happened in your next post. Please Read! "Who is Helping you?" If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near top), then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Thanks. I can begin working on removing your malware when you submit those logs. Please be patient with me during this time. 5 more replies Answer Match 72.24% Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 4001 Mb Graphics Card: Intel(R) HD Graphics, 1808 Mb Hard Drives: C: Total - 940261 MB, Free - 876787 MB; Motherboard: Dell Inc., 0CXTWJ Antivirus: Microsoft Security Essentials, Updated and Enabled I have Malware Premium and scan everyday. It keeps finding multiple Pup.Optional. PC Privacy Dock and Pup.Optional Hawker A files. I delete them everyday, and the next day it finds more of them. What are these files, and where do they come from? Are they harmful? How can I prevent them from "invading" my PC? A:Pup. Optional files 10 more replies Answer Match 72.24% My computer automatically updated today. Upon going through the list of updates there where two optional updates one for English and the other for CXT-Network-PCI soft data fax modem with smart CP. What are they? Do I really need them? I checked the Microsoft help thing when your right click for info. All I could get was it was a driver and nothing else. A:optional update You must have this kind of card on your system using Windows drivers, then when there is a new driver WU propose it to make an upgrade. My personnal advise regarding WU setup is to look for updates letting you the choice to download and install them. 2 more replies Answer Match 72.24% A past update for Powershell 2.0 and WinRm 2.0 was designated Optional. (Which I didn't download. Do I need this?) Had trouble with the recent Live Essentials update and after some reading uninstalled Windows Live from my system which re-designated the Live Essentials update from Important to Optional. Now I find that the Powershell/WinRm package has changed ftom Optional to Important. Any idea why and how I should proceed? Thanks. A:From Optional to Important Windows PowerShell is a new Windows command-line shell designed especially for system administrators. The Windows PowerShell includes an interactive prompt and a scripting environment that can be used independently or in combination. Do you need it? 3 more replies Answer Match 72.24% Hello I just recently bought a new computer 1.5 half weeks ago, and I've already experience 3 crashes on it, though the temperature of the GPU and CPU never exceeds 60 degrees celsius and rarely ventures above 50 degrees. Therefore I decided to reformat and install Windows 7 once again after the thrid crash. After I installed my most used programs so that I'd be able to use my computer again, I installed Malwarebytes Anti-Malware and ran a can of my system and I noticed I already had an infection, which baffled me. I had just reformatted the computer an hour earlier. So I tried removing it with Malwarebytes and other software but with no luck. I don't know if this is related to my computer's crashing problem, but I feel like it's something that's been transferred from my previous older computer as I bought a new one, cause it suddenly started crashing during games in League of Legends after 2 years of use. The symptoms and times of crashes of my new computer is the same. Since the synchronization of google chrome transfers my preferred settings I'm thinking that the issue may lie herein, as the path in which the PUP is located is Google\Chrome\User Data\Default\Secure Preferences. I've tried running GMER several times and saving it but absolutely nothing happens when I press the "Save..." button. I do have access to a Windows Install Disk DDS.txt below: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by Quezacotl at 23:1... Read more A:PUP Optional.Trovi.A Hello and Welcome to TSF. If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ Please download AdwCleaner from here and save it to your desktop.Do NOT click the green 'Download' button(if visible). Click the blue 'Download now @bleepingcomputer' button. Run AdwCleaner and select Scan Once the Scan is done, select Cleaning Once done it will ask to reboot, please allow the reboot. On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt Please copy/paste the contents of the log in your next reply. ------------------------------------------------------ Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer. Make sure the Addition.txt button is ticked. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply. ------------------------------------------------------ 19 more replies Answer Match 72.24% I&#8217;d appreciate some help and I&#8217;ll provide background: o) A few weeks ago my 3 year old Dell Studio 7100 Windows 7 PC, with McAfee Total Protection, started having intermittent network connectivity issues (both wireless and Ethernet connection). Rebooting fixed the problem, but only temporarily. o) I installed Malwarebytes and it found problems that I deleted. o) I&#8217;ve been working with a Tech Support Guy on the network connectivity issue and I may be close to a solution. o) Today, Malwarebytes found &#8220;PUP.Optional.MYPCbackup&#8221; and I&#8217;m not sure if I should delete it. o) I ran the sysinfo.exe file and the result follows: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: AMD Phenom(tm) II X6 1055T Processor, AMD64 Family 16 Model 10 Stepping 0 Processor Count: 6 RAM: 8191 Mb Graphics Card: AMD Radeon HD 6600 Series, 1024 Mb Hard Drives: C: Total - 939785 MB, Free - 853579 MB; E: Total - 476937 MB, Free - 452321 MB; Motherboard: Dell Inc., 0NWWY0 Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled < link to original issue posted here http://forums.techguy.org/networking/1146675-windows-cant-communicate-primary-dns.html The system ran great until a couple weeks ago when intermittently the computer just "spins" when I try to view an open browser tab (e.g. MSN.com). This sometimes happens after computer wakes up, ... Read more A:PUP.Optional.MYPCbackup - What to do? 16 more replies Answer Match 72.24% Had to do another reinstall of W7. Are any of these optional updates needed ? A:Optional Updates Define 'needed'! The OS will run happily and securely without them - but they do contain some nice enhancements. I'd install everything offered except the Bing and Live stuff (unless you actually want those) - and hide those so that they don't get in the way (at least until they are updated again) 2 more replies Answer Match 72.24% Having trouble removing this permanently. Keeps coming back after Malwarebytes quarantines it. Any help would be greatly appreciated. Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:30:07 AM, on 6/27/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Tracy\Desktop\Malware Virus\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-i... Read more More replies Answer Match 72.24% My OS is Windows 8. For my security I have the free Malwarebytes installed and Windows Defender. Last week I ran a scan with Malwarebytes and it found 11 pieces of malware. All of them were pup.optional. This morning I did another scan and it found 811 of them. This is not a typo. It found eight hundred and eleven! How could this have happened? I do not get on any obscene web sites or any that may be questionable. Also what are the pup.optional? I would appreciate some thoughts on this. Thanks, Fran A:Infested with pup.optional MBAM recently made a change to a more aggressive PUP policy. Malwarebytes Adopts Aggressive PUP Policy - Malwarebytes News - Malwarebytes Forum Quote: In the past, Malwarebytes Anti-Malware has detected only PUPs, or Potentially Unwanted Programs, that were mostly harmful and deceiving. Our users expected more and so we?ve revised our policy to include PUPs in our database that most of our users find annoying or misleading. Within the next few days, detection for many new variants will be added. Malwarebytes feels most of our users have no knowledge that these PUPs were installed and would like them removed. Several thousand forum posts and support tickets confirm our standpoint. Ranging from difficult to uninstall applications to software that makes you opt-out, we?ve had enough of it all! Source: Malwarebytes Adopts Aggressive PUP Policy | Malwarebytes Unpacked This won't answer why you have them or where they came from, but it might explain why you are seeing them now. 4 more replies Answer Match 72.24% Win 7 Ultimate.English Always in Update: 34 optional updates available Is there any to delete that from updates? I am tired of the need to have that showin up every time I go to Windows Update . Thanks in advance oldad A:34 optional updates available Nobody forces you to install any updates. It is up to you what you want to install. I sometimes "hide" updates because I do not use the program to which they pertain. In Vista I have hidden all of SP2 on one system because it gave me problems on another system and it is smooth sailing since then. So as I said, it's up to you. 3 more replies Answer Match 72.24% Received the following update from M$ today, not sure what it is wanting to do -

"nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce GTX 260

Download size: 252.2 MB

You may need to restart your computer for this update to take effect.

Update type: Optional

nVidia Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware software update released in February, 2015"

Could someone shed some light on this ?
Thanks

Joe

A:Optional Update - not sure what it is ?

This is an update to your NVidia graphics card drivers, etc. It is optional because it is not necessarily required.

I personally always go to the manufacturer's (NVidia in this case) support site and get the latest drivers from there if I feel I need to update them.

Paul

3 more replies
Answer Match 72.24%

I opened Windows Update and only listed was an optional update. I didn't update at that time and when I went back to update I could not find the optional update. Ihave Windows 7 Home premium 64 Bit. I looked for updates again but it said everything was up to date. How can I find that update.. I'm not really good with computers any help will be greatly appreciated. I have one other question if you don't mind.

I have to Unzip a ZIP-file with WinZip and save the content to my hard
drive. Then use the unzipped EXE-file to run a program. This sound simple enough, I guess, if you know what you are doing. Where can I get this WinZip program that will run on Windows 7 Home Premium 64 Bit.

One other question. A program that I want to install supports Windows 7 64 bit in 32-bit emulation mode. What does that mean and how do I run this program.

Thanks again for all your help and cooperation. Have a good evening.

A:Optional Update

Welcome rottikid,

For the update it was probably for MSE if that's your Anti-Virus, You could just look at Installed updates and see if it is there.

As for WinZip you can get it here WinZip - Free software downloads and software reviews - CNET Download.com There might be something else you can use too, someone else might know more about that.

Usually people will download a zipped file to their desktop or downloads area by clicking save instead of run when prompted. (see Below)

And for the 32 bit emulation I don't know the technical answer but 64 bit windows has 2 sets of programs files, Program Files (64bit) and Program Filesx86 (32bit).

Hope that helps you out some.

Derek

5 more replies
Answer Match 72.24%

Anyone get this virus lately?

PUP.Optional.DefaultTab.A

thanks

A:PUP.Optional.DefaultTab.A

Hello bsacco and Welcome to this forum.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.

Please follow the instructions outlined here.
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

1 more replies
Answer Match 72.24%

CANNOT get rid of this even switched from Firefox to chrome. Ran MWB here is the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: FAMILYROOM [administrator]

9/7/2013 1:44:09 PM
mbam-log-2013-09-07 (13-44-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 275904
Time elapsed: 25 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
HKCR\AmiBs.Installer.1 (PUP.Optional.Amonet... Read more

A:It's back again PuP.Optional.xxx.a

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

25 more replies
Answer Match 72.24%

I ran malwarebytes and it has found several Pup.optional infections.

Heres the log from when i ran it

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2014.01.23.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-76814CAF25 [administrator]
23/01/2014 19:22:14
MBAM-log-2014-01-24 (16-45-16).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 439965
Time elapsed: 5 hour(s), 25 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKCR\CLSID\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\Toolbar.CT2504091 (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B7893AE-9E88-4B90-80F7-5057E407926F} (PUP.Optional.Conduit) -> No action taken.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} (PUP.Optional.Conduit) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} (PUP.Optional.Conduit) -> No action taken.
HKCU\SOFTWA... Read more

A:Pup.optional Infection

Hi David, this doesn't look too bad.Please run a FRST scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

2 more replies
Answer Match 72.24%

Malwarebytes is telling me this Chrome Extension (is a potential threat, but I cannot find anything about "PicEnhance" in Google or Forum searches.  I have installed numerous extensions for later exploration.  Is
"pup.optional.PicEnhance.A" part of an HDR or other photo editing extension.  Malwarebytes won't let me update its database until I do something with this.  I suspect I can make it an exception, but thought I'd ask the experts first.  Malwarebytes log posted below.

Also, and I've asked before with no reply: I have been helped numerous times by this forum and would like to donate to the cause.  Where is the link to send money to BC.com???

Many THANKS!!!!!

>>>>>
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/22/2014
Scan Time: 7:49:40 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.22.02
Rootkit Database: v2014.06.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dayle
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398612
Time Elapsed: 14 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Valu... Read more

A:pup.optional.PicEnhance.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

5 more replies
Answer Match 72.24%

Hi, I downloaded Microsoft Visual Basic from Softonic.com on to my computer. When I scanned it with Malwarebytes it categorized it as "pup.optional" and when I pressed "Remove" it deleted it, the reason why I pressed "Remove" was because I though Malwarebytes would remove "PUP's" from the download, but it removed the whole thing instead. My question is, can I download it again, and is it safe? Since Malwarebytes just claimed it was a "Potential unwanted program", though I'm not sure what the "Optional" part was about. Also, I tried scanning other download installers that I have on my PC with Malwarebytes, and it didn't detect anything, so why only this one did they claim is "pup.optional"?

Any help is welcome, thank you!

A:Malwarebytes: pup.optional

16 more replies
Answer Match 72.24%

I have a
Gateway One All-In-One Desktop with Intel® Pentium® Processor - Microsoft Windows 7 Home Premium Edition 64-bit operating system preinstalled.Optional update:
I recently went to the Critical Updates and saw the following:

"Intel Corp - Display Mobile Intel (R) 4 series expires chipset family" - 21 MB (which is quite a large update)

Just what is this update and should I install it? This is our grandson's computer and we would not want to cause any problems or damage by installing this Optional Update. Nothing appears to be wrong with our graphics, etc.
Please advise and thank you.
Alice Z

A:Optional Update

I installed this onto my laptop and considerably improved the graphics on it.

3 more replies
Answer Match 72.24%

I cannot get rid of this virus/malware/pup.

I noticed my cpu performance was running very slowly, so I ran MBAM. It detected the above, and I restarted to complete the clean up. Upon a restart, I rescanned in safe mode and nothing was found. However, I still noticed slow performance, and I scanned with MBAM again in regular mode. It found the PUP but did not clean it out. I ran ESET online scanner, but this could not get ride of it either. I will post my required logs below.

A:Cannot get rid of (pup.optional.bprotector.a )

15 more replies
Answer Match 72.24%

Does one need optional updates? The reason I ask is until recently i've had no problems with any update.This one just refuses to install Realtek PCIe GBE Family Controller.(Error code 800F0203)Went through all the chanels, still no install.

A:optional Win 7 update

Jetsguy: Just a word of caution.... It may be best to not load optional updates from Microsoft for hardware or software not related to Microsofts products. To update those non-related programs or hardware go directly to the manufacturers website and get updates there.

3 more replies
Answer Match 72.24%

Hi all,
I have a function in a class that makes a connection to mysql:
Code:
public function Connect($server=$this->server, $username=$this->username,$password=$this->password)
The $server,$username and \$password arguments are optional, as they are set with default values at the constructor, and I want the arguments to be equal to the variables defined in the constructor if they are not defined in the function call. The code above returns a parse error.

Any suggestions on how to do this?

Many thanks,
Andy

More replies
Answer Match 72.24%

I have some kind of infection that keeps showing up in all my scans. My computer is running really slow also. Thanks.

A:PUP.Optional.Smartbar.A

Hello spalladino25 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

29 more replies
Answer Match 72.24%

My internet was unusually slow today so I decided to use Malwarebytes to scan for viruses. It detected 22 items all called pup.OPTIONAL.tarma.a. I deleted all of them but I am worried I still might be infected, any idea what I should do?

A:pup.optional.tarma.a

Hi -
First these are all Potentially Unwanted Programs that have been found. Always delete them.

Now - Update and Re-run the MBAM scan and check if any PUP items still exist - Also a Full scan with your Antivirus.
These will only return if you visit, or download from sites that contain these infectins.

Thank You -

1 more replies
Answer Match 72.24%

Hello,

I recently performed a scan using Malwarebytes Anti-Malware and it reported my CPU being infected by (3) PUP.Optionals, one of which being PUP.Optional.Somoto. The CPU is completely asymptomatic and I wouldn't have noticed anything different if it wasn't for running the scan. I've attached the preliminary logs and any help is greatly appreciated. Unfortunately, I was unable to get GMER to work. I "blue screened" on the first attempt and then the CPU completely froze on the second try ...

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by amy at 13:21:41 on 2013-09-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.463 [GMT -7:00]
.
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_C... Read more

A:PUP.Optional.Somoto

Hello, calex_uo.

Please send me the Malwarebytes scan log showing the detection.

Open Malwarebytes Anti-Malware>>Click the 'Logs' tab
Select log from the date of the desired scan, they're named mbam-log-2013-xx-xx [10-11-12].txt
then click the 'Open' button. Once the log is open, copy/paste the content of that log into your reply.

PUP detections are Potentially Unwanted Programs. These are programs Malwarebytes researchers have found are sometimes added to a system without the user's knowledge or approval. These are not malicious, just potentially unwanted.

5 more replies
Answer Match 72.24%

Hi.

Just done a Malwarebytes scan which found PUP.Optional.Somoto in my downloads folder. Says it's infected in my DVDShrink download.

Can't seem to find any information on this. Is this harmless adware, or should I be worried?

A:PUP.Optional.Somoto

Well....lets take a look and see what we can find.

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any antivirus programs during ... Read more

12 more replies
Answer Match 72.24%

Found PUP.Optional.AlexaTB.A after running a Malwarebytes scan. It says that quarantined and deleted successfully. Is that all there is to it or do I need to run something else? Thanks! The Malwarebytes log is below.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Grant Writer :: HP88342945029 [administrator]

10/22/2013 9:39:21 AM
mbam-log-2013-10-22 (09-39-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315574
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

More replies
Answer Match 72.24%

I'm not familiar with doing driver updates. I have 3 optionals from Windows Update. I've read both pros & cons to using Windows Update for drivers but it's been awhile, so what's the current consensus now that I'm running Windows 7? Is it 'good to go' or is it best to go to the product sites?

A:Optional Updates

Others may disagree but I believe the first place to check for updated drivers is at the computer manufacturer's website. (If it's a home built machine then check the individual manufacturer websites for motherboard, graphics card, etc.) I also think most people would say "if it ain't broke, don't fix it."

A few months ago Windows Updates said there was a new driver available for my Sony Vaio's Intel HD 3000 graphics. I went to the Intel site to verify. It was there so I installed it. Almost immediately I began getting blue screens. I went back to the older version and all was well. I emailed Intel and they said once they release a driver, each computer manufacturer or component manufacturer is free to optimize the driver for their particular needs. Sony hadn't optimized it and it wasn't compatible with my Vaio.

If you decide to install those drivers I'd recommend you make a restore point just in case something doesn't work. Better yet, a system image. Go to the Acer website to verify the version being offered as an optionl update is the latest and greatest for your computer. Same thing with nVidia.

6 more replies
Answer Match 72.24%

Any danger in not installing optional updates? I have nine of them waiting in line and my machine is working just fine. Pros and cons, please?
Thanks in advance

A:Optional Updates

Optional means just that: optional. It won't hurt to not install them. I hide anything to do with Bing and, if I were to unhide them, there would be many more times nine setting there.

8 more replies
Answer Match 72.24%

Hi cryptodan

I am following your advice given to glynch8030. As I have no idea just what I can and can not safely delete I was looking for assistance
Below is the log for the first step (I deleted as many as I felt comfortable with. running Windows 7 with eScan and Malwarebytes uusing Google-Chrome browser.

# AdwCleaner v3.012 - Report created 18/11/2013 at 14:11:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wild Kitteh - WILDKITTEH-PC
# Running from : C:\Users\Wild Kitteh\Favorites\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\Ask
[x] Not Deleted : C:\ProgramData\boost_interprocess
[x] Not Deleted : C:\ProgramData\Partner
[x] Not Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\searchquband
[x] Not Deleted : C:\Users\Wild Kitteh\AppData\LocalLow\Searchqutoolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ ipb.topic.inSection = 'topicview';
ipb.topic.topic_id = 514581;
ipb.topic.forum_id = 103;
ipb.topic.redirectPost = 1;
ipb.topic.start_id = 0;
ipb.topic.page_id = 0;
ipb.topic.topPid = 0;
ipb.topic.counts = { postTotal: 8,
curStart: ipb.topic.start_id,
perPage: ... Read more

A:PUP.Optional.Bandoo

GO ahead and rerun adwcleaner and clean what it finds.Then do the following:Please download Malwarebytes Anti-Malwareand save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin a... Read more

7 more replies
Answer Match 72.24%

Hello,

MBAM Premium detected PUP.Optional.AZlyrics.A and warned me, per Settings > Detection and Protection > Non-Malware Protection > PUP detections =  "Warn user".

After the warning, I changed the PUP detection action to "treat as malware" so it will quarantine it on the next scan.

I'm asking for help because of a previous experience with a PUP variant.  Last summer, on a different computer, MBAM quarantined a couple of PUP variants.  Some further cleanup was needed to make things right, and I got the help I needed after posting to this forum.

DDS.txt posted below.  Attach.zip attached.

Thanks!
--mstap42

# == DDS.txt == #

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.71.2
Run by Stapletons at 23:01:54 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1671 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.... Read more

A:PUP.Optional.AZlyrics.A

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

15 more replies
Answer Match 72.24%

hello i have been having trouble with pup.optional.mysearchDial.a
pup.optional.Dealply.a

when i click a new tab this my search Dial page comes up ( it is a a pup)
but when i press the home page it is google like it is spose to be
often get pop up coming in
computer running slower
firefox stops responding

i did have quit a few mysearchDial.a
pup.optional.Dealply.a infections, in malawarebytes but seem to be gone for now ???
but i guess they will appear again after using computer for a bit ??

iv got malawarebytes, superantispyware, hitman pro, avg free
can i ask if spyhunter 4 is a rough spyware remover , some reviews said so , but that said i was badly infected and need to pay for it to be fixed , so nothing was done and after ready review i removed it from programs and desktop and download , i am using free AVG and windows defender is not working , cannot turn it on

A:pup.optional.mysearchDial.a

16 more replies
Answer Match 72.24%

I have never installed a single optional update because I don't really know what they are all about although some are obvious. So I ask: just how important are optional updates? Is it generally recommended they be installed?

Thanks in advance.

A:Optional updates

Some are fairly useful - some are fairly pointless
You need to make the decision on which you want to install for yourself - the list is way to log now to detail it.

1 more replies
Answer Match 72.24%

Please help!

I have just switched from dial up to LAN nad although my connection says it's operational it does not actually do anything. I am accessing the web now by using my old dial up. in internet options/connections tab, , I cannot click on anything except the SETUP tab. Ie, nothing else is highlighted as such. I don'y know whether this is connected to the problem or not. In WIN XP help and support, I ran the Network Diagnose Scan system - result is that internet explorer web proxy not configured. In desperation, I have copied the scan results here. Please can you help but bear in mind that I am not really all that computer literate. Thank you!
nternet Service
Default Outlook Express Mail

Not Configured

Default Outlook Express News

Not Configured

Internet Explorer Web Proxy

Not Configured

Computer Information
+ Computer System

NATASHA

AdminPasswordStatus = 3
AutomaticResetBootOption = TRUE
AutomaticResetCapability = TRUE
BootROMSupported = TRUE
BootupState = Normal boot
Caption = NATASHA
ChassisBootupState = 3
CreationClassName = Win32_ComputerSystem
CurrentTimeZone = 120
Description = AT/AT COMPATIBLE
Domain = WORKGROUP
DomainRole = 0
EnableDaylightSavingsTime = TRUE
FrontPanelResetStatus = 3
InfraredSupported = FALSE
KeyboardPasswordStatus = 3
Manufacturer = ATI___
Model = AWRDACPI
Name = NATASHA
NetworkServerModeEnabled = TRUE
NumberOfProcessors = 1
PartOfDomain = FALSE
PauseAfterRe... Read more

A:Lan Settings Not Optional

What type of connection do you have and what brand and model of modem. Are you using a router or hub? What brand and model?
Looking at your log I would believe you do not have a ethernet connection for what ever reason.

11 more replies
Answer Match 72.24%

I ran a scan of Malwarebytes and it came back with the below infection. It says it's in the registry. I attempted to remove the infection, but it keeps coming back. Any help would be appreciated. Thank you.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/19/2016
Scan Time: 2:23 AM
Logfile: malware scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.19.03
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Shane

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408386
Time Elapsed: 15 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [df306833edadcc6a94859cd510f241bf],
PUP.Optional.Uniblue, HKLM\SOFTWARE\CLASSES\pc-mechanic, , [17f82774dac02b0bf6b2a84ecb394bb5],
PUP.Optional.MySearchDial, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8E4FDD39-3... Read more

A:Pup.Optional infection

You need to change the settings and you need to rerun MBAM as the log you posted doesn't show you allowed MBAM to delete/ quarantine what it found.
Use the programs below to clean, remove adware and remove malware.

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled Change to Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and... Read more

1 more replies
Answer Match 72.24%

I just did a clean reinstall of windows 7 on my toshiba laptop. Now when I goto windows update it doesnt display optional updates at all. There isnt a place for it. Before the reinstall I didnt have this problem. Anyone know how I can see the optional updates?

A:Help with optional updates

Look in the Windows Update settings in Control panel. There should be a box to check that says something like "Offer optional updates the same way I receive Windows updates".

5 more replies
Answer Match 72.24%

It is recommended to install all optional updates or take the time to research select only those that are relevant to your system? Can the update either be uninstalled or installed at a later date if there is a problem?

More replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

My wife's laptop has been infected with this nasty virus, she blamed me for her getting it, but I run Malwarebytes occasionally and has never detected the PUP on my machine. I have used Malwarebytes several times on her machine only to have the machine re-infected. So I've been to several sites they confirmed that removal very difficult. They list some very convoluted solution. One even warned that a miss-stroke could cause serious damage to your machine. I have a tremor so I do not want to attempt one of those and that fact they only list windows 7 and 8.

I hoping that there is someone out there that can point me to trusted software to remove this or recommend or a reputable site that can do the removal. I'm not looking for a freebee but permeant solution to this virus.

I'm sure she has a lot of unwanted junk on her relatively new machine. Every time I ran MB it took longer than the previous time, I just ran MB, it took 21min. My machine has a larger capacity and only takes about 5min.

A:PUP.Optional.HomePageHelpe

See if this article will help........
How can you remove PUP.Optional.Helperbar.
It consists of 3 steps.
http://malwarefixes.com/threats/pup-optional-helperbar/

1 more replies
Answer Match 72.24%

Please help me to be sure this system is safe.
Thank You

A:Pup.Optional.Mindspark.A

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

15 more replies
Answer Match 72.24%

Installing optional features failed, why?

Optinal features for english language are installed.
Extra language package are downloaded and installed.

More replies
Answer Match 72.24%

So I regularly run malwarebytes, and this thing keeps coming back after being quarantined.
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Running from D:\Downloads
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVI... Read more

A:PUP.optional.trovi.a... what to do?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by JSK at 2015-04-10 01:28:10
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.39778 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKL... Read more

24 more replies
Answer Match 72.24%

There have been a lot of problems reported the last few months where Windows Update is very slow and takes a long time.
I just checked my W7 Updates and a new update KB3102810 was published yesterday (2015-11-03)
This update might help fix this, but it also includes a fix for updating to Win 10.

Read more here:
https://support.microsoft.com/en-us/kb/3102810

I also get the "same update" offered for W8.1 as KB3102812 described here:
https://support.microsoft.com/en-us/kb/3102812

A:New optional update

I promptly hid KB3102810 and another optional one when they came through recently; I still have two important ones from yesterday pending (KB2758857 and KB3067904); I'm waiting to see if anyone reports problems or not. I haven't had any trouble with windows updates taking too long to do its thing and I don't need a fix for updating to Win 10 because that simply isn't going to happen. In fact, I suspect the ones who have been having trouble with updates also have the Win 10 nagware, etc. installed, which I do not.

1 more replies
Answer Match 72.24%

Hi guys, I have these pending optional updates, question is, is there a need to install them? According to the Microsoft support page, some of these updates fix certain issues on some devices. I am not experiencing any of the said problems so I am wondering if I still need to install the updates. Thanks

A:Optional Updates

I had two of those, KB3042085 and 2976978. One seems to be yet another pre W10 update. Installed them OK.

If you install these would you look at something first just to satisfy my curiosity. What is your free disc space before and then after installing these ?

14 more replies
Answer Match 72.24%

Was doing routine scan, and came across the :
Registry Keys: 1
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [37b6d869eb91e254b719be834cb76f91],

I used Malwarebytes to scan with and had made sure it was up to date. However the program reported I was infected with PUP.Optional.DefaultTab.A. Realize this can happen through downloading different things and companies "hiding" things in software you download. I'd like to get this removed if possible.Been using Malware bytes quite sometime, and this is a first seeing the PUP.Optional.DefaultTab.A.

Also I have been getting the "page can't be displayed" when on websites.Website shows, but like on it some where it will say "page can't be displayed" Could this "pup" also be causing this ? Below I have pasted the complete log : ( I have not taken any action yet to correct this) Decided to see if someone here could help me. I'm using Windows 7 Ultimate 64 bit.

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/30/2014
Scan Time: 11:15:23 AM
Logfile: DT1.txt
Administrator: No
Version: 2.00.3.1025
Malware Database: v2014.11.30.05
Rootkit Database: v2014.11.29.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: test
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337284
Time Elapsed: 4 min, 29 sec... Read more

More replies
Answer Match 72.24%

Hi,

Since some time back malwarebytes will remove "PUP.optional.spigot.a" everytime I run it. Sometimes an empty internet explorer "do you want to leave this page" message will appear as well (I dont use IE.)
Outside of malwarebytes I run avast. Could I get some help killing this annoying little thing.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Z (administrator) on MARGETA (02-09-2015 12:34:29)
Running from C:\Users\Z\Desktop
Loaded Profiles: Z (Available Profiles: Z)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\As... Read more

A:PUP.optional.spigot.a

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Z (2015-09-02 12:35:01)
Running from C:\Users\Z\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3700485390-1544953774-2094612495-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3700485390-1544953774-2094612495-503 - Limited - Disabled)
Guest (S-1-5-21-3700485390-1544953774-2094612495-501 - Limited - Disabled)
Z (S-1-5-21-3700485390-1544953774-2094612495-1001 - Administrator - Enabled) => C:\Users\Z
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3700485390-1544953774-2094612495-1001\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Achron (HKLM-x32\...\Steam App 109700) (Version:  - Hazardous Software Inc.)
Adobe Flash ... Read more

1 more replies
Answer Match 72.24%

I just ran a malwarebytes scan and it found several instances of "pup.optional.defaulttab" in various locations in my computer.  Both before and after I ran the scan, I see this warning every time I open up Google Chrome.

Here is a copy of the mbam log after I ran the scan also.  Thank you for your assistance and expertise

A:Pup.optional.defaulttab

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.1: DDS.scr (N... Read more

19 more replies