Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Am I...

  • Please log in to reply
1 reply to this topic

#1 AnnMcD


  • Members
  • 1 posts
  • Local time:10:42 PM

Posted 06 July 2013 - 12:52 AM

\Malwarebytes Anti-Malware
Database version: v2013.07.06.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Ann :: ANN-PC [administrator]
7/5/2013 10:39:50 PM
mbam-log-2013-07-05 (22-39-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226230
Time elapsed: 9 minute(s), 58 second(s)
Memory Processes Detected: 2
C:\Users\Ann\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 3140 -> Delete on reboot.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 2448 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 13
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Delete on reboot.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Quarantined and deleted successfully.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Data: "C:\Users\Ann\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 5
C:\Users\Ann\AppData\Roaming\WebCake (PUP.WebCake) -> Delete on reboot.
C:\Users\Ann\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Ann\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Quarantined and deleted successfully.
Files Detected: 11
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Ann\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Ann\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Delete on reboot.
C:\Users\Ann\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Ann\AppData\Roaming\WebCake\dat\Desktop.OS.Plugin.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Delete on reboot.

Edited by hamluis, 06 July 2013 - 06:12 PM.
PM sent new OP - Hamluis.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 47,090 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:42 PM

Posted 06 July 2013 - 10:03 PM

A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. They may also be defined somewhat differently by various security vendors.

This is what Malwarebytes has to say: What are the 'PUP' detections, are they threats and should they be deleted?

WebCake is an adware application that is supposed to enhance your browsing experience...it is supposed to provide its users with offers and discount coupons and an option to compare prices of particular products and services. WebCake also shows a variety of pop-up advertisements on the desktop including advertisements with coupons that offer discounts on products the user may be interested in.

Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally will prevent Malwarebytes from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Search button
  • A logfile (AdwCleaner[R1].txt) will automatically open in Notepad after the scan has finished.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of the logfile is also saved at the root drive, usually C:\AdwCleaner[R1].txt.

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users