What Is A Pum

Greetings and welcome to the MajorGeeks Malware Forum.

PUM is an acronym for Potentially Unwanted Modification. Generally speaking it simply throws up a caution flag alerting you to take a look at it to see if you set it or are OK with it or if the modification was the result of malicious software.

Though I suspect it is not malware related I would like for us to take a look at your computer system. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

• Download Farbar Recover Scan Tool for 64 bit systems and save it to your Desktop. <<< Important
• If your computer language is other than English right click on the FRST64 icon and rename it to FRST64english
• Right click on the icon and select Run as administrator
• Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option
• Click Yes to the disclaimer
• Click Scan and allow the program to run
• Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
• 2 Notepad documents should now be open on your desktop.
• Please attach both reports to your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• FRST.txt
• Addition.txt

 

You are quite welcome.

Just wanted to touch base and apologize for the delay. I intend on posting something for you tomorrow morning (my current time is 7:00 PM).

Thanks in advance for your understanding and patience.

See you tomorrow.......

 

Greetings, and thank you again for your patience.

I am happy to report there is no evidence of malicious software on your computer. There is one program (Sweetlabs) that needs to be removed but it is junk more than anything else.

Regarding these entries, these lines are merely reporting settings in Windows Defender. Basically this is telling us Windows Defender is not to contact Microsoft and give them information about infections on your system that Windows Defender has detected. Many people are a little uncomfortable allowing information sharing with Microsoft if it is a choice they have to allow or deny.

Let me know if you have any questions.

Let's clean up the little tidbits. Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------

• Right click on the FRST icon and select Run as administrator
• Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
• There is no need to paste the information anywhere, FRST will do it for you

Code:

Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\markc\AppData\Local\Host App Service
C:\Users\Jessica\AppData\Local\Host App Service
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File) 
Task: {C13979EA-8B35-4037-BDB7-949872536D91} - System32\Tasks\App Explorer => C:\Users\markc\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7574560 2023-03-29] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136] 
End::

• Click Fix
• When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

• Fixlog

 

That report looks good.

I think we are all set. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?

 

You are welcome.

It is not a requirement, FRST64 can be run from other locations as well. The reason I focus on the Desktop is because it is the most visible location and requesting everything be done from the Desktop avoids confusion or complications. Browsers can vary in the default download location so rather than trying to deal with the various locations it is cleaner to request all activity be done from the Desktop.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

===================================================

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean.

• Have you Been Hacked? 10 Indicators That Say Yes
• So How did I get infected?
• Pirated Software is All Fun and Games Until Your Data is Stolen
• Do You Need Anti-Ransomware Software for Your PC?
• Why You Should Update All Your Software
• How Safe Are Password Managers?
• Whats the Best Way to Back Up My Computer?

Thank you for placing your trust in Major Geeks. It was a pleasure serving you.

 

You are quite welcome, and welcome here anytime.

Gary