Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUPs


  • Please log in to reply
5 replies to this topic

#1 ariestorre

ariestorre

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 28 December 2013 - 06:04 PM

hello... i am new to this site.    hope you guys can help me.  been having problems with PUPs.  been using  Malwerbytes to scan and remove but they keep on coming back.  is there a way i can remove these pests permanently?

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due to the absence of any malware logs included with this topic. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

    Retired


  • Members
  • 9,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:07:16 AM

Posted 28 December 2013 - 06:20 PM

Hello -

PUP = Potentially Unwanted Program. Usually you download these with other programs -

Please keep Updating and using Malwarebytes Anti-Malware Full Scans.

 

Just to check that these are only small infections please run these -

 

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

 

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* NOW - Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
+ Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Once you finish the Clean and your computer reboots, you can post a log here if you wish. Next re-open the program to uninstall it and remove all items in quarantine.

Just hit the Uninstall button to remove it -

 

Thank You -



#3 ariestorre

ariestorre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 January 2014 - 03:14 PM

thank you noknojon for the reply. sorry that it took me a while to follow your advice and post this reply. anyway, i did the steps and here are the log reports:

# AdwCleaner v3.017 - Report created 17/01/2014 at 11:30:25
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : lourdes - LOURDES-PC
# Running from : C:\Users\lourdes\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Web Assistant Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Incredibar-Games_EN
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\lourdes\AppData\Local\Conduit
Folder Deleted : C:\Users\lourdes\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lourdes\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\lourdes\AppData\LocalLow\Incredibar-Games_EN
Folder Deleted : C:\Users\lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\uv7v0n36.default\ConduitCommon
Folder Deleted : C:\Users\lourdes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\lourdes\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpimglhojapikoeeifcifanbeinephdm
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dpimglhojapikoeeifcifanbeinephdm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{322F82C7-DE90-4579-93AA-971DCF45B5E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7767E57F-477F-4ED4-BB14-F5EAE1BC3014}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57B44B4F-3C3C-4354-93BC-42AE3F48537C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Incredibar-Games_EN
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Incredibar-Games_EN
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\Incredibar-Games_EN
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Incredibar-Games_EN Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\lourdes\AppData\Roaming\Mozilla\Firefox\Profiles\uv7v0n36.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\lourdes\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7499 octets] - [17/01/2014 11:27:05]
AdwCleaner[S0].txt - [7177 octets] - [17/01/2014 11:30:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7237 octets] ##########

#4 ariestorre

ariestorre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 January 2014 - 03:15 PM

and here is the log report for the adw cleaner

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2014 11:09:55 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\jusched.exe (PID: 6136) [FI]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* (BFE) is not Running.
Startup Type set to:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* wscsvc [Missing Service]

* BFE [Missing ImagePath]
* iphlpsvc [Missing ImagePath]
* MpsSvc [Missing ImagePath]
* WinDefend [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/17/2014 11:11:51 AM
Execution time: 0 hours(s), 1 minute(s), and 56 seconds(s)

#5 dc3

dc3

    Arachibutyrophobia


  • Members
  • 16,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:16 PM

Posted 17 January 2014 - 03:53 PM

I would suggest running JRT as well.

 

Please download Junkware Removal Tool.
 
Open your browser and go to Downloads, then click on the Junkware Removal Tool to install it.  
 
Click on Run to initiate the installation.
 
To avoid potential conflicts, temporarily disable your antivirus and firewall.  You will want to be offline when you do this.
 
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator.
 
The tool will open and start scanning your system.
 
Please be patient as this can take a while to complete depending on your system's specifications.
 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.  Copy and this and then post this in your topic.

 
"I refuse to join any club that would have me as a member"  Groucho Marx

 


#6 ariestorre

ariestorre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 January 2014 - 07:50 PM

thanks for the suggestion dc3.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users