Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/5/2014
Scan Time: 12:49:31 AM
Logfile: July 5th log with pum.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.05.02
Rootkit Database: v2014.07.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Diana
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332386
Time Elapsed: 12 min, 20 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.WeCare.A, HKU\S-1-5-21-2636108111-3271393454-2496197924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [1cca4952a2d9b77f28bef094778b11ef],
PUP.Optional.WeCare.A, HKU\S-1-5-21-2636108111-3271393454-2496197924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [1cca4952a2d9b77f28bef094778b11ef],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2636108111-3271393454-2496197924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [ab3b3d5efd7e92a4220e12b58e746b95],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-2636108111-3271393454-2496197924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),,[db0b32694b30f73f6cb2ff91ea1aff01]
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Hi, Diana.
What do you mean by the subject of your post, "I lost the items in inbox."?
MBAM found "Potentially Unwanted Programs" (PUPs). Let's see if there are any remnants.
Please download Adware Cleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode to your Desktop. <--Note: The provided link is a direct download link. Please save it to your
desktop!
- Close all open programs and internet browsers.
- Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US-windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
- Click the Scan button.
- AdwCleaner will begin. Be patient as the scan may take some time to complete.
- After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Quote from: Corrine on July 05, 2014, 01:55:33 PM
Hi, Diana.
What do you mean by the subject of your post, "I lost the items in inbox."?
MBAM found "Potentially Unwanted Programs" (PUPs). Let's see if there are any remnants.
Please download Adware Cleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode to your Desktop. <--Note: The provided link is a direct download link. Please save it to your desktop!
- Close all open programs and internet browsers.
- Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US-windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
- Click the Scan button.
- AdwCleaner will begin. Be patient as the scan may take some time to complete.
- After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Quote from: Corrine on July 05, 2014, 01:55:33 PM
Hi, Diana.
What do you mean by the subject of your post, "I lost the items in inbox."?
MBAM found "Potentially Unwanted Programs" (PUPs). Let's see if there are any remnants.
Please download Adware Cleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode to your Desktop. <--Note: The provided link is a direct download link. Please save it to your desktop!
- Close all open programs and internet browsers.
- Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US-windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
- Click the Scan button.
- AdwCleaner will begin. Be patient as the scan may take some time to complete.
- After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
I meant I lost all the emails in my in box. I am getting new ones.
Here is what I got from AdwCleaner.
# AdwCleaner v3.214 - Report created 05/07/2014 at 16:55:53
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Diana - OWNER-PC
# Running from : C:\Users\Diana\Downloads\adwcleaner_3.214 (4).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v23.0 (en-US)
[ File : C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\tom6abi5.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3728 octets] - [05/07/2014 16:01:27]
AdwCleaner[R1].txt - [3720 octets] - [05/07/2014 16:09:41]
AdwCleaner[R2].txt - [1075 octets] - [05/07/2014 16:31:13]
AdwCleaner[R3].txt - [1196 octets] - [05/07/2014 16:52:46]
AdwCleaner[R4].txt - [1256 octets] - [05/07/2014 16:55:28]
AdwCleaner[S0].txt - [3683 octets] - [05/07/2014 16:13:58]
AdwCleaner[S1].txt - [1140 octets] - [05/07/2014 16:36:05]
AdwCleaner[S2].txt - [1180 octets] - [05/07/2014 16:55:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1240 octets] #######
Corrine, I have done what I can. the computer works but still makes circles before a command.
I had used Malwarebytes and Anti-Malware vers 2021012 and it said I had two pups and a pum. It wanted me to take action. It also left a message that my databases were out of date. Would not let me delete it. I saw that it was a trial. Finally, I removed it from my programs after doing the adwCleaner.
My Flashplayer would not work today. I posted on FB a short video and I could not see it. I was asked to put in Flash Player; and got Flash Player Active X. I uninstalled and saw I have Flash player but it doesn't show the video. Other on FB saw what I put in.
Hi, Diana.
You apparently left the "trial" for Malwarebytes Pro checked when you installed Malwarebytes. As to the databases being out of date, I gather you mean that message was from MBAM. That meant that there was an update to the software that needed to be installed.
Now, Adobe Flash Player can sometimes be, let's say, goofy. Go to About Flash Player page (http://www.adobe.com/products/flash/about/) to verify the Adobe Flash Player version number installed on your computer. If you do not have version 14.0.0.145, please get the updates. The most recent version information is available in my blog post, Adobe Flash Player Critical Security Update (http://securitygarden.blogspot.com/2014/07/adobe-flash-player-critical-security.html).
What does the log look like to you? Is an enable pum a bad thing?
Hi, Diana.
In your MBAM log, yes. The registry change detected by MBAM as a Potentially Unwanted Modification was made by the PUP.Optional.WeCare.A which is used to show advertising. It was likely bundled within the custom installer on one of the download sites (e.g., CNet), thus my recommendation to go to the vendor site when installing software. Even then, it is important to watch each screen for pre-checked toolbar or other add-on options.
.
Thanks, I learned a lot.
You're welcome, Diana.