Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: PUP Files Everyday

19 Nov 2017   #11
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by bigmck View Post
Lady Fitz -- I thank you for the Malwarebytes heads up. Yeah, I had version 3 and I have been getting some goofy things lately now that I think about it. I just uninstalled it and am trying Super Spyware or what ever you called it. I will see how it works. Thanks,
SuperAntiSpyware (SAS) and Malwarebytes 3 (MB3) do two completely things. I use both: the free version of SAS and the paid version of MB3 (I have four grandfathered lifetime licenses).

SAS looks for and removes cookies that either track your usage or inject advertising into your computer. MB3 looks for pretty much all other kinds of malware. MB3 does its job well but has some problems, most which can be fixed, although it's a pain in the neck to have to keep doing so with each new version. It's worthwhile to use MB3's user forum to keep track of the problems and fixes. I also recommend using MB3 with an antivirus even though MB3 claims you don't need one; MB3 also claims you can do so. I'm using Avast free with most of the extra features turned off with MB3.


My System SpecsSystem Spec
.
20 Nov 2017   #12
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

Quote   Quote: Originally Posted by Lady Fitzgerald View Post
SuperAntiSpyware (SAS) and Malwarebytes 3 (MB3) do two completely things. I use both: the free version of SAS and the paid version of MB3 (I have four grandfathered lifetime licenses).

SAS looks for and removes cookies that either track your usage or inject advertising into your computer. MB3 looks for pretty much all other kinds of malware. MB3 does its job well but has some problems, most which can be fixed, although it's a pain in the neck to have to keep doing so with each new version. It's worthwhile to use MB3's user forum to keep track of the problems and fixes. I also recommend using MB3 with an antivirus even though MB3 claims you don't need one; MB3 also claims you can do so. I'm using Avast free with most of the extra features turned off with MB3.
I was under the impression that SuperAnti was an alternative to Malwarebytes, thanks for the heads up. I use MS Security Essentials for my AV. I like MalBytes but I get too many strange things. I have gone back to MalBytes V 2.2 What did you disable in V 3 that satisfied you?
My System SpecsSystem Spec
20 Nov 2017   #13
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by bigmck View Post
I was under the impression that SuperAnti was an alternative to Malwarebytes, thanks for the heads up. I use MS Security Essentials for my AV. I like MalBytes but I get too many strange things. I have gone back to MalBytes V 2.2 What did you disable in V 3 that satisfied you?
I just went back to an earlier update of v3.
My System SpecsSystem Spec
.

20 Nov 2017   #14
torchwood

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring
 
 

Hi bigmck,

nothing really sticking out as malware
Allthough there is a google policy restriction.
Im not a malware expert but i'll ask @DonnaB to cast here expert eyes over it.
There are a couple weird files
the program compatabilty program is referencing Yahoo
and some odd data in your appdata temp files, Quarentine for one.


Both MBAM and MSE are having trouble connecting via your host files.


Roy
My System SpecsSystem Spec
20 Nov 2017   #15
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

Thanks for looking at the files Roy.
My System SpecsSystem Spec
20 Nov 2017   #16
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi everybody,

For the record, if I am not mistaken, MBAM3 is not an AV unless you have the paid version like Lady Fitzgerald has, otherwise it does not run in realtime and is only a second hand scanner that must be executed manually. The paid version is supposed to play well along side any other AV as a second layer of realtime protection.

I think I read that you uninstalled Malwarebytes? If not, please attach the logs so we can see the 36 PUP's that it has been finding.

bigmck? Did you download WeatherBug intentionally?
Quote:
Task: {06F75BBE-8156-4B85-9EA0-97DDC91475B4} - System32\Tasks\{B6FFA501-E300-4C95-BC8D-3971D890F9EE} => C:\Windows\system32\pcalua.exe -a C:\Users\Jim\Desktop\WeatherBugSetup.exe -d C:\Users\Jim\Desktop
Task: {45E5D37F-0334-441E-853B-19014301465C} - System32\Tasks\{CC802FEB-6364-45B2-A2E9-B26FEAAE3700} => C:\Windows\system32\pcalua.exe -a D:\Downloads\WeatherBugSetup.exe -d D:\Downloads
WeatherBug is and ad serving software that is considered PUP/Adware because it is usually bundled along with legit software that is downloaded and can generate pop-up advertisements in the browser it attaches to. Back in the day SuperAntiSpyware used to target it as a threat, or was that Spyware Blaster. Sorry, my memory fails me since it has been quite some time since I uninstalled it.

The following two programs are severely outdated. Older versions of software have vulnerabilities that malware can use to infect your system. Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed properly. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises that it is needed.

Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

If you decide that you do need Java, you can dowload the most recent version from here.

As for the Hosts file. Found the following in the FRST log:

Hosts: Hosts file not detected in the default directory

Any idea what might have happened to it? We'll do a search of the default location to see what's up. I am sure it will not be found but still want to see.

There are a few orphaned files etc that can be removed and we're going to empty those temp files. Please do as follows:

  • Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt.

    Quote:
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Toolbar: HKU\S-1-5-21-2284772-1736933989-2242282106-1000 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
    S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
    S3 ALSysIO; \??\C:\Users\Jim\AppData\Local\Temp\ALSysIO.sys [X]
    S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
    S4 nvvad_WaveExtensible; system32\drivers\nvvad32v.sys [X]
    S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
    CustomCLSID: HKU\S-1-5-21-2284772-1736933989-2242282106-1000_Classes\CLSID\{48AC0584-909B-42D6-BD5F-83124C096669}\InprocServer32 -> no filepath
    Folder: C:\WINDOWS\system32\drivers\etc
    EmptyTemp:
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you will find where you saved FRST. Please attach it to your reply. DO NOT paste into reply box. It might be too long.
My System SpecsSystem Spec
20 Nov 2017   #17
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by DonnaB View Post
Hi everybody,

For the record, if I am not mistaken, MBAM3 is not an AV unless you have the paid version like Lady Fitzgerald has, otherwise it does not run in realtime and is only a second hand scanner that must be executed manually. The paid version is supposed to play well along side any other AV as a second layer of realtime protection...
True that. I should have been more clear about that.
My System SpecsSystem Spec
21 Nov 2017   #18
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

Quote   Quote: Originally Posted by Lady Fitzgerald View Post
True that. I should have been more clear about that.
Yes, I am aware that MByte is not an AV. I run MSE for my AV. == I also have the Paid Version of MByte. Since I uninstalled MByte 3 and installed MByte 2 I don't get the Pup but I feel like it is not a good idea to run Version 2. I could be getting all kind of stuff. When I install a new program, which I haven't recently, I always look to see if anything is being added in addition to the program. == Lady Fitz, what do you disable in MByte 3 that works for you?
My System SpecsSystem Spec
22 Nov 2017   #19
Lady Fitzgerald

Win 7 Ultimate 64 bit
 
 

Quote   Quote: Originally Posted by bigmck View Post
...Lady Fitz, what do you disable in MByte 3 that works for you?
I installed an earlier version of Malwarebytes 3.
My System SpecsSystem Spec
22 Nov 2017   #20
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
 
 

@ bigmck

Take a look in msconfig Startup and Non Microsoft Services.

You might have a program in one of those that is doing a 'auto' update that is loading those PuP's.

I have the paid for version of Malwarebyte and MSE and have no problems on two systems.

I also use the stand alone free online scan with Eset. It's the only thing I have found that finds and removes the Google toolbar bundle.

Jack
My System SpecsSystem Spec
Reply

 PUP Files Everyday




Thread Tools




Similar help and support threads
Thread Forum
BSOD everyday :( Please help
Can anyone give me any advice as to what programs or hardware might be causing this issue? Am attaching the logs from the minidump folder. The BSOD happens randomly, without any real pattern. Thanks very much!
BSOD Help and Support
Everyday computer use rig
I'm making a new computer just to run office, pdf, and internet. Will this be a decent computer rig? Case and PSU Newegg.com - COOLER MASTER Elite RC-330-KKR1 Black SECC ATX Mid Tower Computer Case 350W Power Supply Mobo and GPU (might want a different one) Newegg.com - BIOSTAR A880G&#43; AM3...
Hardware & Devices
[Help]BSOD everyday
I just grabbed a new set of PC components and assembled them myself. Unfortunately, my PC has suffered from BSOD everyday, especially around lunch time when I first turn it on. I have checked the compability among my PC components and the research reflects no compability troubles. I have included...
BSOD Help and Support
As new as from day one everyday!
Hey guys, ive recently seen in internet cafes that they use a program whatever so that if you install anything on the computer, ie games, software, etc etc .. once you turn off or restart the comp! its back to its original self again! and everything you had just installed or did has gone! and...
General Discussion
Freezes everyday.
have a big issue with Windows 7. It freezes all the time, multiple times every single day since i've installed. I'm running x64 Build 7600 with a plenty good enough computer. It seems to freeze at the most random times for small things, mostly when browsing the internet, doesn't matter which...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:44.
Twitter Facebook Google+