Jump to content

Recommended Posts

I have a Toshiba P850 with Windows 8 loaded with Norton 360..  which is why I'm baffled how MBAM found a list of PUP.Optional.PassShow.A's and PUP.Optional.NextLive.A's particularly attached to Registry keys.  

 

(My subscription to System Mechanic Pro expired yesterday.)

 

I'm not a techie or even well read in computers but know enough to realize 'you' don't mess with the registry.  

 

Here's the latest log, from the Pro trial as I don't have the money to pay for a subscription.:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.29.02
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
JC :: 1PREMIER-PC [administrator]
 
Protection: Enabled
 
12/29/2013 7:12:37 AM
MBAM-log-2013-12-29 (11-59-51).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413231
Time elapsed: 56 minute(s), 23 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKCR\CLSID\{2d661e5b-7d7a-417c-b5b5-6479017bb314} (PUP.Optional.PassShow.A) -> No action taken.
HKCR\TypeLib\{b8c3b958-ec6a-4d2f-bf2d-c7906acd3da0} (PUP.Optional.PassShow.A) -> No action taken.
HKCR\Interface\{88f2ef1e-a38b-44dd-ae7c-57dfa28ba40f} (PUP.Optional.PassShow.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D661E5B-7D7A-417C-B5B5-6479017BB314} (PUP.Optional.PassShow.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\dhogjnnleghndloamdkljhnhdchpcijl (PUP.Optional.PassShow.A) -> No action taken.
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\JC\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
HKCU\Software\Mozilla\Firefox\Extensions|{57c20073-e24b-4b2a-aa91-70d1ad526cbf} (PUP.Optional.PassShow.A) -> Data: C:\Program Files (x86)\PassShow\150.xpi -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\JC\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\JC\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
There are fairly recent oddities in performance such as Chrome refusing to load and the indication of the button on the taskbar fading as though it wasn't pressed at all.  Sometimes I click it multiple times to load.  Another recent oddity is my connection drops a lot and it's not due to a lack of provision from the providing company.  I get the impression that someone is somewhere just flipping a switch to my connection and toying with me cuz it'll disconnect several times in succession.
 
I deleted some other files it found and I get boxes (f.e. loading Sims 3) that reference the missing file once found in the pup list. 
 
"There was a problem starting
C:\Users\JC\AppData\Roaming\newnext.me\nengine.dll  
 
The specified module could not be found."
 
I appreciate any and all help possibly offered.
Link to post
Share on other sites

It's OK to delete those but I would use this method:

Please create a new system restore point before continuing.

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites


# AdwCleaner v3.016 - Report created 30/12/2013 at 19:08:17

# Updated 23/12/2013 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : JC - 1PREMIER-PC

# Running from : C:\Users\JC\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\JC\AppData\Local\Mobogenie

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16384

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [secondary Start Pages]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [secondary Start Pages]

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\JC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1862 octets] - [30/12/2013 18:48:20]

AdwCleaner[R1].txt - [1922 octets] - [30/12/2013 18:55:10]

AdwCleaner[R2].txt - [1982 octets] - [30/12/2013 19:00:46]

AdwCleaner[s0].txt - [1695 octets] - [30/12/2013 19:08:17]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1755 octets] ##########

 


 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.31.05

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16476

JC :: 1PREMIER-PC [administrator]

 

Protection: Enabled

 

12/31/2013 9:55:30 AM

mbam-log-2013-12-31 (09-55-30).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 415422

Time elapsed: 1 hour(s), 13 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

What's your opinion on the program offering in the Adwcleaner - Hosts Anti-PUP/Adware?  

It goes to a French site with a long list of things to do.

 

Haven't had a chance to see if / what remains in terms of any (aforementioned/otherwise) difficulties at this point.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.