Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes detected Malware - am I still infected?


  • Please log in to reply
9 replies to this topic

#1 ChrissyToph

ChrissyToph

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 May 2014 - 11:49 PM

Hi there,

 

I ran a Malwarebytes scan today just to check my laptop was ok - it hasn't been behaving weirdly or anything but I was just doing a 'routine check' I guess (although it's been a while since I ran one... Uni life got in the way) and it detected over 3000 items. I scrolled down the items and many of them were PUPs and one Trojan. I moved them all to quarantine straightaway and forgot to export a log first but I quickly took a print screen before the process was done, which I've attached. It doesn't show all of them but, when I had scrolled to check them beforehand, the rest were all the same 'PUP.Optional.FreecauseTB.A'.

 

I know Malwarebytes does a great job but I'm still really concerned I might still have other stuff lurking on my laptop... Would it be possible for anyone to run me through the steps to see if my laptop's safe now?

 

Many thanks in advance for the help.

 

EDIT: Sorry, I forgot to attach the pic. Have now.

 

xryg.png


Edited by ChrissyToph, 24 May 2014 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 Itz Paradox

Itz Paradox

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 24 May 2014 - 11:56 PM

pup seems to be something odd going around others seem to have it in other threads i would just quarentine it



#3 ChrissyToph

ChrissyToph
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 May 2014 - 12:12 AM

I ran another Malwarebytes scan 'cause I felt a bit paranoid and it seems like there's more PUPs back :/... I don't know what's causing them. I also remembered to save a log this time:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/05/2014
Scan Time: 05:53:37
Logfile: Malwarebytes; PUP log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.28.02
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Win

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335139
Time Elapsed: 15 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465, , [bc06afa7e09be94dfb8cc3ba31d112ee],

Files: 44
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\0a7b4732362c02e88c8ab362287cacae, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\0dfe22c4ec5271dcafcdbb2a4127011d, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\110d62db993eb3ef998843477cc408ea.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\12fd48e90deb0c5c78374a2c97e1cd78, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\24599220f89824d6aac79c9f68793486, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\45fa631356d061edcadfcbe75e67af13.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\46cd2b216967a799059bf118e7a78969, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\4776adb987109d06f8b00686c1a3caa0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\4c0248811b0fc63c2dae8bb0e901de6e, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\5357b710c0913b2482e8cc57b626758f, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\560c379cff7fd0aa581f4ef10aae2b2d.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\5cdf7fe6941452ddf0ba5fdd45f4825b.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\5e32dfe62519f1ac17cce3150bcb9b0d, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\5f67a367d051e515d91bd56d3506c3d2, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\6317fd4046973e8c78ebc25fc764fdaf, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\a5366ffe8bed9a8b2c0878aac953d11b, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\a73c6dd4b7c362d72476f333a2422176.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b16592b99a21c811fee9fa858bcf7a68, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b443d3a710ff92a8fc7940592a848ad1, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b4c12ce1b8f4f940f242d7af2aff5444, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b6fff0a80443ae388f1d403ba31a0de9, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b71333c245eefba15ad85bd492c2c4c3, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\b8c63597b967b9db78dd97c8fc8d718f.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\bf872142e8528b8c148d1ad7218a8307, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\d88ccfd74ee20f2fe8539b80162d6d2d, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\66c6c40df690fef399f4e0ee1664a86c.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\6f03c49b416efe78ed224beaf3455e72.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\77deff30c51bd5c492677fb46baf60a1, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\7f26d2753138a5ebec0c48f6ece74ecb.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\814b494c26bd6e7078d1b07d3a95a71f, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\81ba37be19f7fa6194c2e26364407345, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\88038484c7504b66264be8719353db47, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\8b02f63b58436bd134680a598f6eafed, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\9a3af0ea1a7319219590a35756240b90, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\de0858309da9df3cfb2e6ef68c659234, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\e6c5de6c916d84442cfb7b3eeeeb3f0d, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\e9f63050e1adde7845896b850f3fb509.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\eeef166662c13d6cbcd6e322d7f3cd3a.0, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\efe356fdc0e27ffb7d7bcefb3dcb7f5e, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\f0c443d524c1162d3b398dda98830dc7, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\f2e52bac32acabb7066dac7485f5b4ca, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\f683db278a8010b141c7b0300a656318, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\fe43fca39ecd02dd242683095565747e, , [bc06afa7e09be94dfb8cc3ba31d112ee],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\61465\tb.xml, , [bc06afa7e09be94dfb8cc3ba31d112ee],

Physical Sectors: 0
(No malicious items detected)


(end)

 

P.S: Sorry I couldn't find the edit button to add this to my original post so I've posted a new post... :S



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 PM

Posted 28 May 2014 - 07:05 AM

A Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. That fact adds to confusion and a lot of complaints from end users asking why a detection was not made on a particular file (program) they are having issues with.

Many programs, toolbars and add-ons/plug-ins come bundled with other free third-party software as a common practice by legitimate vendors.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

With most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Add/Remove Programs or Programs and Features in Control Panel, so always check there first. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration.

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.
4. As a final step, rescan again with Malwarebytes Anti-Malware and post the log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ChrissyToph

ChrissyToph
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 May 2014 - 09:04 AM

Hi quietman7,

Thanks for your detailed response. I managed to run RKill fine but Adwcleaner didn't seem to work. I know you said it takes a while but I tried to run the scan and, even after over an hour, it was still "pending"? I'm wondering whether it might be because, whilst running RKill, my Avira Antivirus programme blocked one of the processes Rkill was performing... Here's the Rkill log:




Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/29/2014 01:46:19 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Win\AppData\Local\newvista journeys\newvista journeys.exe (PID: 2864) [UP-HEUR]
 * C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (PID: 2976) [AU-HEUR]
 * C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (PID: 3776) [WD-HEUR]
 * C:\WINDOWS\Samsung\PanelMgr\caller64.exe (PID: 4232) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/

Program finished at: 05/29/2014 01:48:42 PM
Execution time: 0 hours(s), 2 minute(s), and 22 seconds(s)
 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 PM

Posted 29 May 2014 - 11:28 AM

Ok...try running AdwCleaner without using RKill, then continue with the rest of the instructions I provided.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ChrissyToph

ChrissyToph
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 May 2014 - 01:34 PM

Hi quietman7,

I realised that it wasn't to do with RKill. I had assumed that when I double click on adwcleaner that I was running it as admin ('cause I'm the only user) but I forgot that I had to right click and select run as admin. Sorry about that. Adwcleaner ran fine, here's the log (I ran it without RKill (I forgot...). If I should do it again with RKill first then please let me know):

# AdwCleaner v3.211 - Report created 29/05/2014 at 18:08:22
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Win - WIN-PC
# Running from : C:\Users\Win\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Auto Updater
Folder Deleted : C:\Program Files (x86)\Auto Updater
Folder Deleted : C:\Users\Win\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Win\AppData\Roaming\Auto Updater
Folder Deleted : C:\Users\Win\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Auto Updater
Folder Deleted : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles

\p8r4bqze.default\FCTB
File Deleted : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles

\p8r4bqze.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\SoftonicDownloader_for_xara-xtreme_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing

\SoftonicDownloader_for_xara-xtreme_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-

5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-

8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-

43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67C71B35-A416-4A54-BD1D-

15965A4FE41C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-

4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-

C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-

7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-

030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-

0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-

6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-

D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-

861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-

D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-

46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-

049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-

053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-

7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-

5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-

9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-

F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-

9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-

2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-

917B9078604B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes

\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\AutoUpdater_is1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles

\p8r4bqze.default\prefs.js ]

Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.2803282.KeywordHistory",

"game%2520of%2520throne%2520cast%2520tommen%7Cgame%2520of%2520throne

%2520cast%7Cpostman%2520pat%7Cdaario%2520Naharis%7CDae[...]
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.AutoSearchEventData", "auto

%20search");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.ClearCacheDate", 29);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.DNSCatch", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.DisplayEULA", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.DnsCatchEventData", "dns

%20catch");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.EBOMode", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCAData_xx", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCA_xx", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.FirstLaunchShown", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallDomain",

"freecause.com");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallType", "standard");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.LoadLayoutDate.61465", 29);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.NewTabSearchEventData", "tab

%20search");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.ShowRecommendedOptions",

true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.StateReportDate",

"1401351981785");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.TopRightSearchEventData",

"top%20right%20search");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeInstallSaved", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.homepage",

"hxxps%3A//www.google.co.uk/");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.search",

"Google");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_im

g",

"aHR0cDovL3MzdG9vbGJhci5mcmVlY2F1c2UuY29tL3lhaG9vX3B1cnBsZV95YmFuZy5wbmc

%3D");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_ur

l",

"aHR0cDovL3VrLnNlYXJjaC55YWhvby5jb20vc2VhcmNoP291cm1hcms9MSZlaT11dGYtOCZm

cj1uZWN0YXItdGItdjImc2x2OC0mdHlwZT0ldG9vb[...]
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.text",

"Search%20to%20Collect%20Nectar%20Points");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.customNewTab", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaDefaultMode", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowInstallerPage",

false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowSurvey", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.helpUsImprove", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.hideOthers", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.partnerauth", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.processAddrBar", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.restoreSearch", false);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.", "1400707737");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.123", "61684");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.searchHistory", true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.session",

"DAE2E3FB59AAE08B53CC2275E6079896A375E83B23EDA961ABD81F2F0B3C5641D5D2B92C

7A2D90C46F3AA27B92525278866A2621A04FA96A99F8E87CE362528ED01434DF[...]
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.showFirstLaunchOptions",

true);
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.tb_lang", "en");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.tool_id", "61465");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.user_id", "110856280");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.user_key",

"e8a66d464f8490db627ac8992b6c65fc38f012a3");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.user_layouts", "61465");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.user_lnames", "Nectar

%20Search%20Toolbar");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.xml_service_url",

"6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.yahooSearch", true);

[ File : C:\Users\Win\AppData\Roaming\Mozilla\Firefox\Profiles

\xan65q6d.Clean Profile\prefs.js ]


*************************

AdwCleaner[R0].txt - [9713 octets] - [29/05/2014 13:49:56]
AdwCleaner[R1].txt - [9773 octets] - [29/05/2014 18:01:48]
AdwCleaner[R2].txt - [9833 octets] - [29/05/2014 18:07:45]
AdwCleaner[S0].txt - [9833 octets] - [29/05/2014 18:08:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9893 octets]

##########


JRT log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Win on 29/05/2014 at 18:24:36.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-

1262339472-660284345-4180170919-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Win\AppData\Roaming\coupons"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Win\AppData\Roaming\mozilla

\firefox\profiles\p8r4bqze.default\fctb
Successfully deleted the following from C:\Users\Win\AppData\Roaming

\mozilla\firefox\profiles\p8r4bqze.default\prefs.js

user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.AutoSearchEventData", "auto

%20search");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.ClearCacheDate",

29);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DNSCatch", true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DisplayEULA", true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.DnsCatchEventData",

"dns%20catch");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EBOMode", false);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCAData_xx",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.EnableDCA_xx",

false);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.FirstLaunchShown",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallDomain",

"freecause.com");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.InstallType",

"standard");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.LoadLayoutDate.61465", 29);
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.NewTabSearchEventData", "tab

%20search");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.ShowRecommendedOptions",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.StateReportDate",

"1401383547274");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.TopRightSearchEventData",

"top%20right%20search");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeInstallSaved",

true);
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.homepage",

"hxxps%3A//www.google.co.uk/");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.beforeinstall.search",

"Google");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_im

g",

"aHR0cDovL3MzdG9vbGJhci5mcmVlY2F1c2UuY29tL3lhaG9vX3B1cnBsZV95YmFuZy5wbmc

%3D");
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.engine_ur

l",

"aHR0cDovL3VrLnNlYXJjaC55YWhvby5jb20vc2VhcmNoP291cm1hcms9MSZlaT11dGYtOCZm

cj1uZWN0YXItdGIt
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.comp.search.2803282.text",

"Search%20to%20Collect%20Nectar%20Points");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.customNewTab",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaDefaultMode",

false);
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowInstallerPage",

false);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.dcaShowSurvey",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.helpUsImprove",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.hideOthers", true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.partnerauth",

false);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.processAddrBar",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.restoreSearch",

false);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.runcmd.123",

"61684");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.searchHistory",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.session",

"DAE2E3FB59AAE08B53CC2275E6079896A375E83B23EDA961ABD81F2F0B3C5641D5D2B92C

7A2D90C46F3AA27B92525278866A2621A04FA96
user_pref

("freecause841468a1d7f44bd384e6bb0f13a06c64.showFirstLaunchOptions",

true);
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tb_lang", "en");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.tool_id", "61465");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_id",

"110856280");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_key",

"e8a66d464f8490db627ac8992b6c65fc38f012a3");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_layouts",

"61465");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.user_lnames",

"Nectar%20Search%20Toolbar");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.xml_service_url",

"6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecause841468a1d7f44bd384e6bb0f13a06c64.yahooSearch", true);
Emptied folder: C:\Users\Win\AppData\Roaming\mozilla\firefox\profiles

\p8r4bqze.default\minidumps [636 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/05/2014 at 18:31:12.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I ran Malwarebytes and it found some more of the Freecause PUPs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/05/2014
Scan Time: 19:14:26
Logfile: Malwarebytes; PUP log 2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.29.09
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Win

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336412
Time Elapsed: 14 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465, , [62cb282ffb803bfb7d41621c43bf5aa6],

Files: 46
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\06d55f84ca9f181c2ef2a6a9f440f1be, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\0a7b4732362c02e88c8ab362287cacae, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\0dfe22c4ec5271dcafcdbb2a4127011d, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\110d62db993eb3ef998843477cc408ea.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\24599220f89824d6aac79c9f68793486, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\4437a70a4e533ad280775dee40b900d3, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\45fa631356d061edcadfcbe75e67af13.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\46cd2b216967a799059bf118e7a78969, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\4776adb987109d06f8b00686c1a3caa0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\4c0248811b0fc63c2dae8bb0e901de6e, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\4eaebdeca03b8f58d814a9e2676e0cd4, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\5357b710c0913b2482e8cc57b626758f, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\560c379cff7fd0aa581f4ef10aae2b2d.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\5cdf7fe6941452ddf0ba5fdd45f4825b.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\5e32dfe62519f1ac17cce3150bcb9b0d, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\b4c12ce1b8f4f940f242d7af2aff5444, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\b6fff0a80443ae388f1d403ba31a0de9, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\b71333c245eefba15ad85bd492c2c4c3, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\bf872142e8528b8c148d1ad7218a8307, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\d88ccfd74ee20f2fe8539b80162d6d2d, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\de0858309da9df3cfb2e6ef68c659234, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\e6c5de6c916d84442cfb7b3eeeeb3f0d, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\e9f63050e1adde7845896b850f3fb509.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\eeef166662c13d6cbcd6e322d7f3cd3a.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\efe356fdc0e27ffb7d7bcefb3dcb7f5e, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\f0c443d524c1162d3b398dda98830dc7, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\f2e52bac32acabb7066dac7485f5b4ca, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\f683db278a8010b141c7b0300a656318, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\fe43fca39ecd02dd242683095565747e, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\ff68b092ecc8e57f5d1bb8f38a62dca2.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\tb.xml, , [62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\5f67a367d051e515d91bd56d3506c3d2, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\6317fd4046973e8c78ebc25fc764fdaf, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\66c6c40df690fef399f4e0ee1664a86c.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\6f03c49b416efe78ed224beaf3455e72.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\77deff30c51bd5c492677fb46baf60a1, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\7f26d2753138a5ebec0c48f6ece74ecb.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\814b494c26bd6e7078d1b07d3a95a71f, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\81ba37be19f7fa6194c2e26364407345, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\88038484c7504b66264be8719353db47, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\8b02f63b58436bd134680a598f6eafed, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\9a3af0ea1a7319219590a35756240b90, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\a5366ffe8bed9a8b2c0878aac953d11b, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\a73c6dd4b7c362d72476f333a2422176.0, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\b16592b99a21c811fee9fa858bcf7a68, ,

[62cb282ffb803bfb7d41621c43bf5aa6],
PUP.Optional.FreeCauseTB.A, C:\Users\Win\AppData\Roaming\Mozilla\Firefox

\Profiles\p8r4bqze.default\FCTB\{841468a1-d7f4-4bd3-84e6-

bb0f13a06c64}\61465\b443d3a710ff92a8fc7940592a848ad1, ,

[62cb282ffb803bfb7d41621c43bf5aa6],

Physical Sectors: 0
(No malicious items detected)


(end)



But I think I now understand where these Freecause PUPs are coming from. After running Adwcleaner and JRT, a Toolbar I had installed called Nectar Toolbar restarted its installation. It's a safe toolbar - I use it to earn Nectar store points. So does this mean I should ignore Malwarebytes when it brings up the Freecause PUPs?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 PM

Posted 29 May 2014 - 03:29 PM

Again, a Potentially Unwanted Program (PUP) is a very broad threat category which can encompass any number of different programs to include those which are benign as well as problematic. Thus, this type of detection does not always necessarily mean the file is malicious or a bad program. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software usually containing Adware or bundled with other free third-party software to include toolbars, add-ons/plug-ins and browser extensions. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs. PUPs may also be defined somewhat differently by various security vendors and may or may not be detected/removed based on that definition. That fact adds to confusion and a lot of complaints from end users asking why a detection was not made on a particular file (program) they are having issues with.

Many programs, toolbars and add-ons/plug-ins come bundled with other free third-party software as a common practice by legitimate vendors. If you recognize a security scanner's detection of legitimate software as a PUP, you can ignore it or add to it's exclusion list.

To learn more about PUPs and how you get them, please read: About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 ChrissyToph

ChrissyToph
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 May 2014 - 03:33 PM

Ah okay. Thanks quietman7!



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,069 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:07 PM

Posted 29 May 2014 - 03:36 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users