Author Topic: svchost.exe process and a bunch of PUM (and other stuffs)  (Read 70645 times)

0 Members and 1 Guest are viewing this topic.

July 14, 2015, 04:19:19 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
svchost.exe process and a bunch of PUM (and other stuffs)
« on: July 14, 2015, 04:19:19 pm »
First of all, sorry for my bad english.

A while ago, Adwcleaner detected a registry error related to a Proxy server, I delete it, I cleaned the registry with CCleaner, did a full scan with MalwareBytes, SuperAntiSpyware and Microsoft Security Essentials and they detected some viruses, but nothing related to the Proxy.
I tried everything I could to fix it, but it was impossible, it reapeared everytimes I turned on the PC, however, some guys who knew about informatic told me that it was probably a false positive, so I forgot about it.

A pair of days ago, I entered AZLyrics (dumb choice from my part) and beause those types of sites have bad reputation, I asked on Reddit if that place was dangerous, luckily it seems that only the adds contained malware, and AdBlock Plus blocked it.
However, I runned all those scans I mentioned before (except the full Microsoft Security Essentials scan, because 6 hours of scan is too much) and I used RKill this time too, but, none of them detected nothing (except AdwCleaner and the Proxy thing).

So, I decided to try RogueKiller, because TroneScript uses it in it's scans, and it detected the proxy problem from AdwCleaner but much bigger.
Obviously, I runned every scan again (complete Microsoft Security Essentials scan included), and none of them detected anything again (except AdwCleaner), so I clean the registry with RogueKiller, and it seems to work, however it doesn't detect the "PorxyOverride <-loopback>" thing, but I decide to ignore it.
Everything seems fixed, but the next day, all of that appears again, with a svchost.exe process included, I clean all of that, cleaned the registry again with AdwCleaner and checked every svchost process with the task administrator (every of them was from System32 folder)

I don't know what else to do, I'm in danger or it's just a false positive?
I have some reports, but I'll leave the one which detected all the problems at once:

RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/14/2015 10:32:31

¤¤¤ Procesos : 1 ¤¤¤
[Proc.Svchost] svchost.exe(3452) --
  • -> Eliminado [TermThr]


¤¤¤ Registro : 10 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

If you need some more information or I forgot to explain something, tell me and I'll reply the fastest I can.
Edit: also, I know I'm running an 32 bit version of RogueKiller, but is because I use a 32 bit version of the OS and I don't have the installation disk for Windows 7 (I borrowed it from a guy I know).
Thanks.
« Last Edit: August 25, 2015, 01:42:50 pm by Heantrad »

Reply #1July 14, 2015, 10:35:26 pm

offchopx

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #1 on: July 14, 2015, 10:35:26 pm »
hey man, im not able to help but I have the exact same records (except that svhost.exe one, might be an issue there) that come up in my scan as well. Double check are these IP address your ISP set ones? go to your rotuer and check, open cmd and run ping -a 62.81.16.164 etc. Mine was all from my ISP, so I think maybe its false positive. I made post in that topic for FP. So i'll let you know if any update :D

Reply #2July 14, 2015, 10:44:18 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #2 on: July 14, 2015, 10:44:18 pm »
I don't know anything about that ISP thing, can you explain me all the things I should do?

Reply #3July 15, 2015, 11:56:17 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #3 on: July 15, 2015, 11:56:17 pm »
Hi Heantrad,

Welcome to Adlice.com Forum.
We are going to check if it really is a false positive.

Please download Farbar Recovery Scan Tool (x86) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Regards.

Reply #4July 16, 2015, 11:26:21 am

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #4 on: July 16, 2015, 11:26:21 am »
It exceds the maximun allowed length, so I'll use pastebin, hope you don't mind.
http://pastebin.com/kYDnSiaG

I hope nothing important has been pasted there, because I heard people use this type of pages to hack and all those stuffs.
Also, If it's not too much trouble, could you tell me if something important (IP, phone number, passwords, personal information...) has been pasted? It's because if it has been, I can contact the creators of the page and ask them to delete it.
« Last Edit: July 16, 2015, 12:21:51 pm by Heantrad »

Reply #5July 16, 2015, 06:18:11 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #5 on: July 16, 2015, 06:18:11 pm »
Hi Heantrad,

Your computer is clean. This was indeed a false positive.
No personal information is displayed in your FRST log.

Regards.

Reply #6July 16, 2015, 06:44:12 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #6 on: July 16, 2015, 06:44:12 pm »
Hi Heantrad,

Your computer is clean. This was indeed a false positive.
No personal information is displayed in your FRST log.

Regards.
Wow men, thanks a lot.
Anyway, what was it then?, I'm curious...
Also, the svchost.exe process hasn't appeared today, stills beign nothing to worry right?
« Last Edit: July 16, 2015, 07:07:27 pm by Heantrad »

Reply #7July 16, 2015, 07:08:29 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #7 on: July 16, 2015, 07:08:29 pm »
Hi Heantrad,

I'm glad I was able to help you. :)
A svchost process crashed and was restarted. This behaviour made RogueKiller detects the newly created process as suspicious.

Regards.

Reply #8July 16, 2015, 07:16:07 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #8 on: July 16, 2015, 07:16:07 pm »
Hi Heantrad,

I'm glad I was able to help you. :)
A svchost process crashed and was restarted. This behaviour made RogueKiller detects the newly created process as suspicious.

Regards.
Alright, that's extrage, but luckily it's nothing.
And all those non-harmful PUM, from where are they? (sorry if I'm asking a lot of things, I like to know all the stuff I can always)
« Last Edit: July 16, 2015, 07:32:14 pm by Heantrad »

Reply #9July 16, 2015, 07:40:25 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #9 on: July 16, 2015, 07:40:25 pm »
Hi Heantrad,

Don't worry about that.
Quote
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
Theses lines means there was an application running as a proxy on your system. They were removed at some point since they aren't appearing on the FRST log.

Quote
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
Theses lines match the adress of your Internet Service Provider Domain Name System and DHCP servers.

Regards.

Reply #10July 16, 2015, 08:25:51 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #10 on: July 16, 2015, 08:25:51 pm »
Hi Heantrad,

Don't worry about that.
Quote
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
Theses lines means there was an application running as a proxy on your system. They were removed at some point since they aren't appearing on the FRST log.

Quote
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
Theses lines match the adress of your Internet Service Provider Domain Name System and DHCP servers.

Regards.

They proxy hasn't been removed, as it keeps showing on further RogueKiller scans.
Here you have the log:
RogueKiller V10.9.1.0 [Jul  9 2015] by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Sistema Operativo : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Iniciado en : Modo Normal
Usuario : PAQUITO [Administrador]
Started from : C:\Users\PAQUITO\Desktop\Carpetas\Programas\RogueKiller.exe
Modo : Escanear -- Fecha : 07/16/2015 20:23:37

¤¤¤ Procesos : 0 ¤¤¤

¤¤¤ Registro : 10 ¤¤¤
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18969D2B-6655-459E-970C-054BCF84438E} | DhcpNameServer : 62.81.16.164 62.81.16.213 ([SPAIN (ES)][SPAIN (ES)])  -> Encontrado

¤¤¤ Tareas : 0 ¤¤¤

¤¤¤ Archivos : 0 ¤¤¤

¤¤¤ Archivo de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Cargado) ¤¤¤

¤¤¤ Navegadores Web : 0 ¤¤¤

¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST380011A ATA Device +++++
--- User ---
[MBR] 56e60236016fbee647d48fdc4748b6cb
[BSP] f9290963082e6a88bf87140ae95018f6 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD50 00AZRX-00A8L SCSI Disk Device +++++
--- User ---
[MBR] 2c2b02fc763bc7f60c91970e27545702
[BSP] 8618bcf435fd08ab414ac96125d49708 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Función incorrecta. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )

Reply #11July 16, 2015, 09:09:11 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #11 on: July 16, 2015, 09:09:11 pm »
Hi Heantrad,

Please relaunch RogueKiller and check the following entries for deletion :
Quote
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado

How your computer is running so far ?

Regards.

Reply #12July 16, 2015, 09:29:30 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #12 on: July 16, 2015, 09:29:30 pm »
Hi Heantrad,

Please relaunch RogueKiller and check the following entries for deletion :
Quote
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Encontrado
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:64178;https=127.0.0.1:64178  -> Encontrado

How your computer is running so far ?

Regards.
That's the problem, I delete them but they keep apearing again, with AdwCleaner happens the same (and it's the thing that the guy that knew about informatic told me was just a false positive), here's AdwCleaner's log if that helps:

# AdwCleaner v4.208 - Registro generado 16/07/2015 en 21:31:30
# Actualizado 09/07/2015 por Xplode
# Base de datos : 2015-07-15.1 [Servidor]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x86)
# Nombre de usuario : PAQUITO - PAQUITO-PC
# Ejecutado desde : C:\Users\PAQUITO\Desktop\Carpetas\Programas\adwcleaner_4.208.exe
# Opción : Escanear

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****


***** [ Tareas programadas... ] *****


***** [ Accesos directos ] *****


***** [ Registro ] *****

Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Datos Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:64178;hxxps=127.0.0.1:64178
Valor Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Valor Encontrado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Navegadores Web ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v29.0 (es-ES)


-\\ Google Chrome v43.0.2357.134


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1348 bytes] - [02/07/2015 00:14:49]
AdwCleaner[R10].txt - [1999 bytes] - [05/07/2015 23:36:47]
AdwCleaner[R11].txt - [2059 bytes] - [06/07/2015 09:58:04]
AdwCleaner[R12].txt - [2280 bytes] - [06/07/2015 10:15:39]
AdwCleaner[R13].txt - [2343 bytes] - [06/07/2015 16:21:54]
AdwCleaner[R14].txt - [2400 bytes] - [10/07/2015 14:08:52]
AdwCleaner[R15].txt - [2463 bytes] - [11/07/2015 14:49:47]
AdwCleaner[R16].txt - [2523 bytes] - [11/07/2015 14:58:46]
AdwCleaner[R17].txt - [2583 bytes] - [11/07/2015 15:55:44]
AdwCleaner[R18].txt - [2643 bytes] - [11/07/2015 21:55:25]
AdwCleaner[R19].txt - [2201 bytes] - [12/07/2015 16:03:53]
AdwCleaner[R1].txt - [1407 bytes] - [02/07/2015 12:44:04]
AdwCleaner[R20].txt - [2264 bytes] - [12/07/2015 16:57:35]
AdwCleaner[R21].txt - [2823 bytes] - [13/07/2015 16:22:22]
AdwCleaner[R22].txt - [2384 bytes] - [13/07/2015 17:43:39]
AdwCleaner[R23].txt - [2492 bytes] - [13/07/2015 18:03:35]
AdwCleaner[R24].txt - [2552 bytes] - [13/07/2015 18:08:41]
AdwCleaner[R25].txt - [2612 bytes] - [13/07/2015 21:16:14]
AdwCleaner[R26].txt - [3182 bytes] - [14/07/2015 10:24:16]
AdwCleaner[R27].txt - [2743 bytes] - [14/07/2015 10:33:45]
AdwCleaner[R28].txt - [3299 bytes] - [14/07/2015 10:37:35]
AdwCleaner[R29].txt - [2863 bytes] - [14/07/2015 10:54:11]
AdwCleaner[R2].txt - [1463 bytes] - [02/07/2015 12:47:26]
AdwCleaner[R30].txt - [2751 bytes] - [16/07/2015 21:31:30]
AdwCleaner[R3].txt - [1686 bytes] - [02/07/2015 18:33:02]
AdwCleaner[R4].txt - [1745 bytes] - [02/07/2015 18:36:33]
AdwCleaner[R5].txt - [1807 bytes] - [02/07/2015 21:59:59]
AdwCleaner[R6].txt - [1866 bytes] - [03/07/2015 22:49:21]
AdwCleaner[R7].txt - [1925 bytes] - [04/07/2015 15:46:41]
AdwCleaner[R8].txt - [2309 bytes] - [05/07/2015 23:24:31]
AdwCleaner[R9].txt - [1938 bytes] - [05/07/2015 23:34:34]
AdwCleaner[S0].txt - [2120 bytes] - [05/07/2015 23:26:17]
AdwCleaner[S1].txt - [2440 bytes] - [13/07/2015 17:44:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R30].txt - [3342 bytes] ##########

The computer is running OK so far (Chrome is a little slow at starting, but my PC isn't really powerful, so it's normal).
« Last Edit: July 16, 2015, 09:35:25 pm by Heantrad »

Reply #13July 16, 2015, 10:29:36 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2248
  • Reputation:
    81
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #13 on: July 16, 2015, 10:29:36 pm »
Hi Heantrad,

Since they keep appearing and the fact FRST revealed nothing malicious , I can make the guess those entries are linked to some security softwares.
In my opinion, there is no reason to worry about them.

Regards.

Reply #14July 16, 2015, 10:43:08 pm

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM
« Reply #14 on: July 16, 2015, 10:43:08 pm »
Hi Heantrad,

Since they keep appearing and the fact FRST revealed nothing malicious , I can make the guess those entries are linked to some security softwares.
In my opinion, there is no reason to worry about them.

Regards.
If you don't mind, I can send another FRST log with the Proxy entrys now that they appeared (sometimes they appear, sometimes they don't, it's a mess).