Author Topic: svchost.exe process and a bunch of PUM (and other stuffs)  (Read 132672 times)

0 Members and 1 Guest are viewing this topic.

Reply #105October 01, 2015, 03:45:46 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #105 on: October 01, 2015, 03:45:46 PM »
Hi Heantrad,

Quote from: Heantrad
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
You can try those solutions but don't use the "System Restore" one. It will revert your computer to an earlier state, so Ron work will be useless.

Quote from: Heantrad
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

Quote from: Heantrad
Also, it's me or there's now more DNS entries than before?
The "CurrentControlSet" keys are the ones that matter. :)

Regards.

Reply #106October 01, 2015, 06:57:25 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #106 on: October 01, 2015, 06:57:25 PM »
Hi Heantrad,

Quote from: Heantrad
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?
You can try those solutions but don't use the "System Restore" one. It will revert your computer to an earlier state, so Ron work will be useless.

Quote from: Heantrad
RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

Quote from: Heantrad
Also, it's me or there's now more DNS entries than before?
The "CurrentControlSet" keys are the ones that matter. :)

Regards.
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Also, should I delete any of those DNS entries?
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Well, the sound problem happened again, this time the general volume went up to the max.
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
Now, after that I think there's only left the Program Files folder and the Nvidia Drivers.
« Last Edit: October 03, 2015, 01:06:30 PM by Heantrad »

Reply #107October 05, 2015, 02:33:58 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #107 on: October 05, 2015, 02:33:58 PM »
Hi Heantrad,

Quote from: Heantrad
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Yes.

Quote from: Heantrad
Also, should I delete any of those DNS entries?
No, you need them to access Internet.

Quote from: Heantrad
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
If you use a restore point were your computer was infected, the infection will indeed pass to your computer again.

Quote from: Heantrad
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Not anymore. Steam's browser uses WebKit now.

Quote from: Heantrad
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Java doesn't install adwares. Ron makes you uninstall old and flawed versions of Java.

Quote from: Heantrad
Well, the sound problem happened again, this time the general volume went up to the max.
Sorry, I still have no clue.

Quote from: Heantrad
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
It's safe.

Regards.

Reply #108October 05, 2015, 05:26:43 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #108 on: October 05, 2015, 05:26:43 PM »
Hi Heantrad,

Quote from: Heantrad
Then I should leave the PUMs there right? (they probably appeared because Ron told me to reset all my browsers).
Yes.

Quote from: Heantrad
Also, should I delete any of those DNS entries?
No, you need them to access Internet.

Quote from: Heantrad
And Ron told me to delete all the system restores I had, it's because the infection can pass from a restoration to my PC again or just to avoid using them by mistake?
If you use a restore point were your computer was infected, the infection will indeed pass to your computer again.

Quote from: Heantrad
Does Steam's browser reset along Internet Explorer?, as they use the same engine.
Not anymore. Steam's browser uses WebKit now.

Quote from: Heantrad
Does Java still install adware? As I needed to unistall it during Ron's cleanup and not I'm doubting about installing it again.
Java doesn't install adwares. Ron makes you uninstall old and flawed versions of Java.

Quote from: Heantrad
Well, the sound problem happened again, this time the general volume went up to the max.
Sorry, I still have no clue.

Quote from: Heantrad
Is puush.me a bad webpage? VirusTotal says it has two positive results, but Norton Safeweb says it's safe.
It's safe.

Regards.
So, how can I reset Steam's browser?
Also, when I reseted all the browsers Steam's one algo got kind of reset I think, as for example the 'Watched' videos got reseted.
« Last Edit: October 05, 2015, 05:29:02 PM by Heantrad »

Reply #109October 05, 2015, 07:44:32 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #109 on: October 05, 2015, 07:44:32 PM »
Hi Heantrad,

Please try to delete the following directories content :
Quote
C:\Program Files\Steam\config\Cookies
C:\Program Files\Steam\config\Overlay Cookies
C:\Program Files\Steam\config\HTML Cache
C:\Program Files\Steam\config\Overlay HTML Cache
Regards.

Reply #110October 05, 2015, 08:05:15 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #110 on: October 05, 2015, 08:05:15 PM »
Hi Heantrad,

Please try to delete the following directories content :
Quote
C:\Program Files\Steam\config\Cookies
C:\Program Files\Steam\config\Overlay Cookies
C:\Program Files\Steam\config\HTML Cache
C:\Program Files\Steam\config\Overlay HTML Cache
Regards.
Before I delete them, will Steam create the folders again (after using the his browser, opening Steam again...) or will I need to create the folders again or reinstall Steam?

Reply #111October 05, 2015, 08:27:01 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #111 on: October 05, 2015, 08:27:01 PM »
Hi Heantrad,

Don't delete these folders, only their contents.

Regards.

Reply #112October 05, 2015, 09:47:46 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #112 on: October 05, 2015, 09:47:46 PM »
Hi Heantrad,

Don't delete these folders, only their contents.

Regards.
Inside the Overlay HTML Cache folder there's a folder called AppCache, should I delete it too (it's empty)?
Also, the cookies folders are empty and the HTML Cache folder doesn't even exist.

Reply #113October 06, 2015, 04:21:20 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #113 on: October 06, 2015, 04:21:20 PM »
Hi Heantrad,

Yes, you should.
For more information, I suggest you to open a new thread on the Steam Forum.

Regards.

Reply #114October 06, 2015, 08:21:51 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #114 on: October 06, 2015, 08:21:51 PM »
Hi Heantrad,

Yes, you should.
For more information, I suggest you to open a new thread on the Steam Forum.

Regards.
Alright, I opened a thread on the Steam forums for more information.
Meanwhile, I have a pair of questions.
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
« Last Edit: October 06, 2015, 08:30:44 PM by Heantrad »

Reply #115October 07, 2015, 12:51:48 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #115 on: October 07, 2015, 12:51:48 AM »
Hi Heantrad,

Quote from: Heantrad
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
I strongly advice you not to use CCleaner "Registry Cleaner. It could cause harm to your system.

Quote from: Heantrad
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
It's perfectly normal. The system files and folders are protected again modification/deletion, not browsing.

Quote from: Heantrad
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
I don't really known Steam Browser so I assume the folders will be recreated. You can go ahead.

Regards.

Reply #116October 07, 2015, 04:22:11 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #116 on: October 07, 2015, 04:22:11 PM »
Hi Heantrad,

Quote from: Heantrad
CCleaner has detected some registry keys that can be deleted, should I delete any of those? (I have all of the search options actived)
I strongly advice you not to use CCleaner "Registry Cleaner. It could cause harm to your system.

Quote from: Heantrad
Also, it's normal that I can freely acces to Windows' folder?, I mean, I can freely enter System32, I thought those folders were protected.
It's perfectly normal. The system files and folders are protected again modification/deletion, not browsing.

Quote from: Heantrad
Alright, I got a responde alredy, in the images below I show them to you, the guy sended me to another thread and the folders he says I must delete are diferent (probably because it's outdated, it's from 2014), but he tells me to directly delete the folders, as I thought I should do the first time, I shouldn't do that right?
Also, now that I remember, Steam let's you reset your cookies directly from the parameters.
I don't really known Steam Browser so I assume the folders will be recreated. You can go ahead.

Regards.
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
« Last Edit: October 07, 2015, 06:44:53 PM by Heantrad »

Reply #117October 07, 2015, 07:42:05 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #117 on: October 07, 2015, 07:42:05 PM »
Hi Heantrad,

Quote from: Heantrad
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
I don't really know Steam Browser myself, so I advice you to follow the advice posted in Steam forum and to ask relating questions there as well.

Quote from: Heantrad
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
Firefox don't need a proxy to update,  so no.

Regards.

Reply #118October 08, 2015, 05:37:16 PM

Heantrad

  • Jr. Member

  • Offline
  • **

  • 92
  • Reputation:
    0
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #118 on: October 08, 2015, 05:37:16 PM »
Hi Heantrad,

Quote from: Heantrad
Then I should delete the folders you told me to right?
I checked the directions that the old thread had and they exist, and some of the folders are full, should I just delete all of them? (or copy them out of Steam, in case Steam doesn't create them again).
Also, as Steam utilizes webkit, resetting Chrome (and unistalling it) should reset Steam's browser too right?
I don't really know Steam Browser myself, so I advice you to follow the advice posted in Steam forum and to ask relating questions there as well.

Quote from: Heantrad
Just thought of it, could it be that the proxy server you helped me to delete was Mozilla's update server?, as now I've seen that the version I have is really old and in the update tab it says that the update server hasn't been found.
Firefox don't need a proxy to update,  so no.

Regards.
I'll make a post asking for every folder that I need for resetting Steam's browser.
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
So, I used Delfix as Ron told me for cleaning all the tools used, and I think it didn't work, this is what happened.

So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
« Last Edit: October 08, 2015, 06:13:46 PM by Heantrad »

Reply #119October 08, 2015, 06:39:02 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: svchost.exe process and a bunch of PUM (and other stuffs)
« Reply #119 on: October 08, 2015, 06:39:02 PM »
Hi Heantrad

Quote from: Heantrad
Meanwhile, I remembered that in CCleaner there's an option to clean Steam, do you think it will clean up the browser too or just temporary files Steam creates?
I have really no idea. You could always try.

Quote from: Heantrad
So, I used the Delfix tool (sorry that it took me so long) and it didn't do anything I think.
I runned the program, and it detected some programs, however, I didn't read the intruction of rebooting the sistem and I runned the tool again, then I restarted the PC and nothing got deleted, at least that's what seems, FRST stills there, Javara stills there and I think everything that showed on the log stills there.
I can't send you the log, because I didn't know I messed it up and I didn't do it right, so I didn't save it.
When I run the tool again, the log appears blank (I mean, it doesn't detect any programs installed).
Is possible to delete all the programs I installed during the malware removal manually or I needed the tool?
I've alredy replied to my post on Malwarebytes' forum with the same explanation, but I asked you too in case this error could harm the computer.
DelFix won't harm your computer in any case. ;)

Regards.