hlzz43 Posted December 21, 2016 ID:1082489 Share Posted December 21, 2016 Hi. I have had issues with some PUPs and was wondering if someone could shed some light on them. A while ago, out of the blue, Malwarebytes found 6 PUPs on my system. I hadn't installed any new software, so i was a little confused, but deleted them. A short while later I did a factory reset on my computer, and was surprised to find that when I reinstalled Malwarebytes the same PUPs i had seen earlier showed up in the scan again. Bear in mind that they had not shown up in subsequent scans prior to the reset. Here is the scan log (I was still using the old version when this happened): OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS Scan Type: Threat Scan Result: Completed Objects Scanned: 267984 Time Elapsed: 19 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [e2fbb90b217933037ba3b713ac57c040], PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [7469dbe99a00c96d62bc4387966da55b], PUP.Optional.ASK, HKU\S-1-5-21-3229545797-3483317972-2539771611-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FA28606-DE77-4029-AF96-B231E3B8F827}, Quarantined, [3ca1fbc9336795a1041b557531d248b8], Registry Values: 3 PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF, Quarantined, [e2fbb90b217933037ba3b713ac57c040] PUP.Optional.ASK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF, Quarantined, [7469dbe99a00c96d62bc4387966da55b] PUP.Optional.ASK, HKU\S-1-5-21-3229545797-3483317972-2539771611-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2fa28606-de77-4029-af96-b231e3b8f827}|URL, http://search.ask.com/web?q={searchTerms}&l=dis&o=HPNTDF, Quarantined, [3ca1fbc9336795a1041b557531d248b8] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Like above, they were deleted So I'm not really sure what's going on here. Could they be part of the default software that comes with the reset? If so, why did MBAM suddenly flag them? Or do I possibly have some kind of threat? Any help would be very much appreciated. Link to post Share on other sites More sharing options...
hlzz43 Posted December 21, 2016 Author ID:1082493 Share Posted December 21, 2016 Sorry to double post, but there was another issue I wanted to ask about but forgot to put in the original post and making a second topic seems redundant. Prior to my factory reset, a full scan took around 2 hours; after the reset, it took 4 (before I upgraded to 3.0; full scans take around 2 hours with 3.0, but i don't really have any frame of reference for that being normal or not). While I seem to remember something similar happening the last time I did a factory reset, and it evening out over time, it seems unusual. The issue seems to be that the winsxs folder takes a really long time to scan, and this appears to be the case for both the old version and the new. Is this normal? Again, sorry to double post. If this is improper, I apologize. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 21, 2016 ID:1082499 Share Posted December 21, 2016 Hello and Please follow the topic below and attach reports. Link to post Share on other sites More sharing options...
hlzz43 Posted December 21, 2016 Author ID:1082507 Share Posted December 21, 2016 Here are the logs. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted December 21, 2016 ID:1082518 Share Posted December 21, 2016 Your computer isn't infected. It probably came bundled with some software you installed. Please remove every instance found by MalwareBytes and if it is not returning, then you're good. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 30, 2016 Root Admin ID:1085158 Share Posted December 30, 2016 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts