crazylamp Report post Posted August 21, 2012 Hi, I was wondering if i am in the right place to ask for help regarding removal of threats that keep reapearing a full sas disk scan? If not, can i get a link to the right place?! Many thanks Danny Share this post Link to post Share on other sites
GuiltySpark Report post Posted August 21, 2012 Hi crazylamp , Can you post what the details are from the scan log, would make it easier. Share this post Link to post Share on other sites
crazylamp Report post Posted August 21, 2012 sure thing, I didnt want to get in too deep if i was in the wrong place! lol anyway here is the scan log: SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 08/21/2012 at 03:59 PM Application Version : 5.5.1012 Core Rules Database Version : 9093 Trace Rules Database Version: 6905 Scan type : Complete Scan Total Scan Time : 00:32:07 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 554 Memory threats detected : 0 Registry items scanned : 66594 Registry threats detected : 23 File items scanned : 40260 File threats detected : 16 PUP.FunmoodsToolbar (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}#AppID (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32 (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32#ThreadingModel (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ProgID (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\Programmable (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\TypeLib (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\VersionIndependentProgID (x86) HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (x86) HKCR\funmoods.dskBnd.1 (x86) HKCR\funmoods.dskBnd.1\CLSID (x86) HKCR\funmoods.dskBnd (x86) HKCR\funmoods.dskBnd\CLSID (x86) HKCR\funmoods.dskBnd\CurVer (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR (x86) HKU\S-1-5-21-2260298052-2034651218-1074579323-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} C:\PROGRA~2\FUNMOODS\1.5.23.22\ESCORTLBR.DLL Adware.Tracking Cookie .thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ] Share this post Link to post Share on other sites
SAS Customer Service Report post Posted August 21, 2012 PUP items are not removed by default, when the scan is finished you will need to manually put checkmarks next to those items before clicking the Remove Threats button. Run a complete scan with browsers closed in safe mode. Share this post Link to post Share on other sites
crazylamp Report post Posted August 21, 2012 Will do! many thanks! Share this post Link to post Share on other sites
