sas run, 78 threats detected, removed but reapeared after reboot

[crazylamp]

Hi,

I was wondering if i am in the right place to ask for help regarding removal of threats that keep reapearing a full sas disk scan? If not, can i get a link to the right place?!

Many thanks

Danny

[GuiltySpark]

Hi crazylamp ,

Can you post what the details are from the scan log, would make it easier.

[crazylamp]

sure thing, I didnt want to get in too deep if i was in the wrong place! lol anyway here is the scan log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 08/21/2012 at 03:59 PM

Application Version : 5.5.1012

Core Rules Database Version : 9093

Trace Rules Database Version: 6905

Scan type : Complete Scan

Total Scan Time : 00:32:07

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 554

Memory threats detected : 0

Registry items scanned : 66594

Registry threats detected : 23

File items scanned : 40260

File threats detected : 16

PUP.FunmoodsToolbar

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}#AppID

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32#ThreadingModel

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ProgID

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\Programmable

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\TypeLib

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\VersionIndependentProgID

(x86) HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKCR\funmoods.dskBnd.1

(x86) HKCR\funmoods.dskBnd.1\CLSID

(x86) HKCR\funmoods.dskBnd

(x86) HKCR\funmoods.dskBnd\CLSID

(x86) HKCR\funmoods.dskBnd\CurVer

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS

(x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR

(x86) HKU\S-1-5-21-2260298052-2034651218-1074579323-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

C:\PROGRA~2\FUNMOODS\1.5.23.22\ESCORTLBR.DLL

Adware.Tracking Cookie

.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api21.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api15.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.api19.thetrafficstat.net [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

tags.toolbarsmedia.com [ C:\PROGRAMDATA\KASPERSKY LAB\SANDBOX\KLSB2\1\DEVICE\HARDDISKVOLUME3\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PDXOHY7F.DEFAULT\COOKIES.SQLITE ]

[SAS Customer Service]

PUP items are not removed by default, when the scan is finished you will need to manually put checkmarks next to those items before clicking the Remove Threats button. Run a complete scan with browsers closed in safe mode.

[crazylamp]

Will do! many thanks!