svchost.exe process and a bunch of PUM (and other stuffs)

[Curson]

Hi Heantrad,

It doesn't matter.

Regards.

[Heantrad]

This is appart, but anyways, I've been loged out of some accounts today when I started the PC, need to say that Google Chrome has updated today too.
Why can this be? (I checked the "stay loged in" option).

[Curson]

Hi Heantrad,

With FRST execution, all temporary files including cookies were removed from your computer.
This is the reason why you need to manually login to the accounts whose credentials were stored in thoses.

Regards.

[Heantrad]

Hi Heantrad,

With FRST execution, all temporary files including cookies were removed from your computer.
This is the reason why you need to manually login to the accounts whose credentials were stored in thoses.

Regards.

The thing is that I alredy loged out on those (Outlook and Reddit) after the fix, but they got unloged again without reason it seems.

[Curson]

Hi Heantrad,

FRST don't mess with Outlook settings.
Did you try to signin and check "Remember password" after the fix ?

Regards.

[Heantrad]

Hi Heantrad,

FRST don't mess with Outlook settings.
Did you try to signin and check "Remember password" after the fix ?

Regards.

I remember that I did with Reddit, but I'm not sure with Outlook.
However, it's probably nothing and it's me that I'm a bit paranoic.

[Curson]

Hi Heantrad,

How is the system running now ? Is the "remember password" function working with your Reddit account ?

Regards.

[Heantrad]

Hi Heantrad,

How is the system running now ? Is the "remember password" function working with your Reddit account ?

Regards.

The password thing is going well now, but I discovered something is happening with the anti-malware programs.

MalwareBytes doesn't do the full scan (normally it takes 20 minutes, now it takes 15).
SuperAntiSpyware stopped detecting things (it detected two PUP from a softonic variant, thanks to TikiOne Steam Cleaner, which is a legit program, but the download website isn't, and then asked me to restart the PC, when I restarted it didn't even detect cookies).
Microsoft Security Essentials is probably not protecting the PC, because it didn't detect the PUP.

The programs that weren't installed seemed to work fine, Bytes and Spyware started working normal again (but they're probably going to act weird again soon probably) after reinstalling them again, I haven't tried with MSE yet.

I did another scan with MalwareBytes (I restarted the computer before doing it) and it took less time than usual again (17 minutes) I'll do a scan with SuperAnti now to see if it doesn't detect cookies again. EDIT: It happen what I expected, AntiSpyware didn't work again.

Also, forgot to say, none of the programs I mentioned time ago detects anything (RogueKiller detects nothing, RKill doesn't detect any process, CCleaner doesn't detect neither trash files nor trash register data, AdwCleaner detects nothing...)

EDIT 2: Also, I'm not sure, but, could it be for Pastebin? VirusTotal detected this...
https://www.virustotal.com/es/url/574e66b1ddc111be82ebc51b24e1f71b21a273669f0db76f679db6b87af09295/analysis/1437936681/

Also, is it dangerous to use the anti malware programs right now in the state they're?

[Curson]

Hi Heantrad,

Softonic is actively repackig freewares with adwares bundles. I highly recommend you to download anything from their website.
For exemple, here is TikiOne Steam Cleaner official download site.

I think you could use your security programs without worrying.
If you still have doubts about Malwarebytes Anti-Malware, I suggest you to open a new thread on their forum : they will be more qualified than me to help you with this particular issue.

Pastebin is perfectly safe to use.

Regards.

[Heantrad]

Hi Heantrad,

Softonic is actively repackig freewares with adwares bundles. I highly recommend you to download anything from their website.
For exemple, here is TikiOne Steam Cleaner official download site.

I think you could use your security programs without worrying.
If you still have doubts about Malwarebytes Anti-Malware, I suggest you to open a new thread on their forum : they will be more qualified than me to help you with this particular issue.

Pastebin is perfectly safe to use.

Regards.

The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.
Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.

Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).

However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.

[Curson]

Hi Heantrad

The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.

Are you sure about this ? The archived hosted at GitHub seems clean.

Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.

Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).

The logs don't give a clue about this particular issue so, it's hard for me to troubleshoot it.
BTW, tracking cookies are mostly harmless.

However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.

Were you able to register on MalwareByte's forum ?

Regards.

[Heantrad]

Hi Heantrad

The thing is that I got the PUP from that page (GitHub) that's why it says it's a Softonic Variant.

Are you sure about this ? The archived hosted at GitHub seems clean.

Also, any thoughts on the SuperAntiSpyware! thing?, now it doesn't matter that I reinstall it (and all the rest of the programs) it keeps failing.
Edit: It worked today and detected a lot of cookies (all of them except three from Windows.old, because I used Windows XP before but I thing it might be another error, as I didn't found the directory SAS! said) but it doesn't work anymore again, and it still doesn't detect cookies from doubleclick or imrworldwide.

Also, when I mean using the security programs, I mean running scans, meanwhile I wait to find a solution, I run scans from all the programs (SAS! and MSE mostly).

The logs don't give a clue about this particular issue so, it's hard for me to troubleshoot it.
BTW, tracking cookies are mostly harmless.

However I tried to registry on MalwareByte's forum and the e-mail for completing the registration hasn't come yet, I'l try registring again later.

Were you able to register on MalwareByte's forum ?

Regards.

I haven't tried to register yet because SAS! is doing weird things, it works sometimes and sometimes doesn't. Alright the cookie thing was a bug, they fixed it today.
Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?
And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.

[Curson]

Hi Heantrad,

Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?

Maybe the log produced by SuperAntiSpyware could help.

And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.

It's very possible. I advise you to privilege GitHub over SourceForge.

Regard.

[Heantrad]

Hi Heantrad,

Would you need anything especial to troubleshoot it?, I mean what scan logs should I send you?

Maybe the log produced by SuperAntiSpyware could help.

And I downloaded Tikione from SourceForge (it's the download link that the official web tells you to use, appart from GitHub) and I installed that version, maybe it was SourceForge's fault.

It's very possible. I advise you to privilege GitHub over SourceForge.

Regard.

SAS! works fine now, but anyways I'll paste the latest full scan log I have.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/03/2015 at 05:27 PM

Application Version : 6.0.1204
Database Version : 11994

Scan type       : Complete Scan
Total Scan Time : 01:06:15

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 687
Memory threats detected   : 0
Registry items scanned    : 33310
Registry threats detected : 0
File items scanned        : 94145
File threats detected     : 5

Adware.Tracking Cookie
   .bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .bluekai.com [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   .demdex.net [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
   engine.adzerk.net [ C:\USERS\PAQUITO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

============
 End of Log
============
I'll also atach a full scan log from MBAM, don't know if it will serve for anything, but anyways.

Also, SAS! detected a cookies placed on C:\Users\PAQUITO\AppData\Roaming\Microsoft\Windows\Cookies , it's called UMBMRDQ2 and it's from openx.net. Edit: "cookies" from skimresources and mathtag have appear from nowhere today too, in the same folder.
The weird thing is that this has happened to me before and it detects it as a cookie, but it quarantines it instead of automatically deleting it.
Also, I don't use Internet Explorer, so, I don't know why it's stored in that folder (if I'm not wrong, only cookies from IE should be placed there), maybe it's related that CCleaner detects temporal files and other stuff from IE too, but as before, I don't use IE

[Curson]

Hi Heantrad,

The MBAM log is clean and SAS only detected tracking cookies.

Also, I don't use Internet Explorer, so, I don't know why it's stored in that folder (if I'm not wrong, only cookies from IE should be placed there), maybe it's related that CCleaner detects temporal files and other stuff from IE too, but as before, I don't use IE

Some applications use IE engine to retrive ads. So, tracking cookies, could be present in that folder even if you don't use Internet Explorer.

How is the computer running ?

Regards.