Jump to content
crazylamp

sas run, 78 threats detected, removed but reapeared after reboot

Recommended Posts

Hi,

I was wondering if i am in the right place to ask for help regarding removal of threats that keep reapearing a full sas disk scan? If not, can i get a link to the right place?!

Many thanks

Danny

Share this post


Link to post
Share on other sites

Hi crazylamp ,

Can you post what the details are from the scan log, would make it easier.

Share this post


Link to post
Share on other sites

sure thing, I didnt want to get in too deep if i was in the wrong place! lol anyway here is the scan log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 08/21/2012 at 03:59 PM

Application Version : 5.5.1012

Core Rules Database Version : 9093

Trace Rules Database Version: 6905

Scan type : Complete Scan

Total Scan Time : 00:32:07

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 554

Memory threats detected : 0

Registry items scanned : 66594

Registry threats detected : 23

File items scanned : 40260

File threats detected : 16

PUP.FunmoodsToolbar

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}#AppID

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ProgID

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\Programmable

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\TypeLib

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\VersionIndependentProgID

(x86) HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\funmoods.dskBnd.1

(x86) HKCR\funmoods.dskBnd.1\CLSID

(x86) HKCR\funmoods.dskBnd

(x86) HKCR\funmoods.dskBnd\CLSID

(x86) HKCR\funmoods.dskBnd\CurVer

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR

(x86) HKU\S-1-5-21-2260298052-2034651218-1074579323-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

C:\PROGRA~2\FUNMOODS\1.5.23.22\ESCORTLBR.DLL

Adware.Tracking Cookie

.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

Share this post


Link to post
Share on other sites

PUP items are not removed by default, when the scan is finished you will need to manually put checkmarks next to those items before clicking the Remove Threats button. Run a complete scan with browsers closed in safe mode.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...