Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pup.funmoods


  • Please log in to reply
10 replies to this topic

#1 curundu

curundu

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston Texas
  • Local time:10:22 PM

Posted 25 April 2012 - 06:41 AM

I tried a search on the forum concerning "pup.funmoods" that my Malwarebytes program flagged as a problem. I deleted the instances and looked at other forums where some people say it's nothing to worry about and is not a virus, while others have said it is a virus and has done negative stuff to their computer.
Anyone out there know the scoop on this?
Thanks,
Dave

Edited by curundu, 25 April 2012 - 10:59 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 25 April 2012 - 11:31 AM

Hello, a PUP = Potentially Unwanted Program.
http://home.funmoods.com/
Is an emoticon app for social networking.. These are usually spy and adware related and are removed.
So it's not a virus but not really something one wants on their PC. Like Toolbars ..


Threat Profile: Generic PUP


Lets see if it also installed a toolbar

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 curundu

curundu
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston Texas
  • Local time:10:22 PM

Posted 25 April 2012 - 07:01 PM

Here' the report.
Thanks for your help.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Dave (administrator) on 25-04-2012 at 18:59:12
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DAVE-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1A-A0-3F-14-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 25, 2012 8:33:40 AM
Lease Expires . . . . . . . . . . : Thursday, April 26, 2012 8:33:39 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14c2:3d92:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::14c2:3d92:3f57:febf%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E29B89FB-26B9-4DA6-8511-15CB1B56F95C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.36
74.125.227.37
74.125.227.38
74.125.227.39
74.125.227.40
74.125.227.41
74.125.227.46
74.125.227.32
74.125.227.33
74.125.227.34
74.125.227.35



Pinging google.com [74.125.227.33] with 32 bytes of data:

Reply from 74.125.227.33: bytes=32 time=22ms TTL=52

Reply from 74.125.227.33: bytes=32 time=20ms TTL=52



Ping statistics for 74.125.227.33:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 20ms, Maximum = 22ms, Average = 21ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=77ms TTL=48

Reply from 72.30.38.140: bytes=32 time=73ms TTL=48



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 77ms, Average = 75ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a a0 3f 14 b3 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{E29B89FB-26B9-4DA6-8511-15CB1B56F95C}
16 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 18 ::/0 On-link
1 306 ::1/128 On-link
8 18 2001::/32 On-link
8 266 2001:0:4137:9e76:14c2:3d92:3f57:febf/128
On-link
8 266 fe80::/64 On-link
8 266 fe80::14c2:3d92:3f57:febf/128
On-link
1 306 ff00::/8 On-link
8 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


System errors:
=============
Error: (04/25/2012 08:35:19 AM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/23/2012 08:32:45 AM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/22/2012 06:38:18 PM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/22/2012 06:38:17 PM) (Source: Service Control Manager) (User: )
Description: Diagnostic Policy Service%%1053

Error: (04/22/2012 06:38:17 PM) (Source: Service Control Manager) (User: )
Description: 30000DPS

Error: (04/22/2012 08:00:26 AM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/21/2012 02:48:11 PM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/21/2012 02:37:48 PM) (Source: Service Control Manager) (User: )
Description: muxlw

Error: (04/21/2012 02:36:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:35:04 PM on 4/21/2012 was unexpected.

Error: (04/21/2012 06:56:58 AM) (Source: Service Control Manager) (User: )
Description: Roxio Hard Drive Watcher 91


Microsoft Office Sessions:
=========================
Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

Error: (04/23/2012 07:42:14 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
3D Ultra Pinball Thrillride
AAC Decoder (Version: 7.1.0)
Access Drivers (Version: 2.8)
Acrobat.com (Version: 1.7.186)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
AGEIA PhysX v2.6.0 (Version: 2.6.0.4)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AT&T Troubleshoot & Resolve Tool
AT&T Yahoo! Applications
AT&T Yahoo! Browser Configuration
AutoCAD 2000
AutoUpdate (Version: 1.1)
AutoVIP (Version: 1.5.0.50)
avast! Free Antivirus (Version: 7.0.1426.0)
Bonjour (Version: 3.0.0.10)
Bookworm Adventures Deluxe 1.0
Bookworm Deluxe 1.03
BufferChm (Version: 130.0.331.000)
Bullzip PDF Printer 4.0.0.545
Caricature Studio Green 3.6 (Version: 3.6)
CCleaner (remove only)
Chuzzle Deluxe 1.0
Conexant D850 PCI V.92 Modem
Copy (Version: 130.0.366.000)
CreditFederal.com Personal Finance Center
D3DX10 (Version: 15.4.2368.0902)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Dell System Customization Wizard (Version: 1.00.0000)
DellSupport (Version: 6.0.3030)
Destinations (Version: 140.0.77.000)
Device Doctor v1.0 (Version: 1.0)
DeviceDiscovery (Version: 130.0.372.000)
Digital Line Detect (Version: 1.20)
Diner Dash
Diner Dash - Flo on the Go
Diner Dash 2
DivX Codec (Version: 6.9.1)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Plus Web Player (Version: 2.0.0)
DivX Version Checker (Version: 7.1.0.9)
DJ_AIO_05_F4400_Software_Min (Version: 140.0.690.000)
DriverFinder (Version: 2.0.4)
F4400 (Version: 130.0.448.000)
Finding Nemo: Nemo's Underwater World of Fun Special Edition (Version: 1.00.0000)
Foxit PDF Creator Toolbar (Version: 1.14.1.0)
Foxit PDF Creator Toolbar Updater (Version: 1.2.0.20007)
Foxit Reader 5.1 (Version: 5.1.4.104)
Foxit Toolbar (Version: 4.1.0.5)
Free Window Registry Repair
Games, Music, & Photos Launcher (Version: 1.00.0000)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 2.8.7.6830)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 4.5.0.457
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript Lite 8.61
H.264 Decoder (Version: 1.1.0)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F4400 Printer Driver 14.0 Rel. 5 (Version: 14.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoGadget (Version: 130.0.282.000)
hpPrintProjects (Version: 130.0.303.000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
hpWLPGInstaller (Version: 130.0.303.000)
Indeo® software
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
Juniper Networks Setup Client (Version: 1.1.0.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Lernout & Hauspie TruVoice for Microsoft Agent
MagiQuest Online (remove only) (Version: 6.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Microsoft XML Parser (Version: 8.20.8730.4)
MKV Splitter (Version: 1.0.1)
Modem Diagnostic Tool (Version: 1.0.17.8)
Mozilla Firefox 10.0.3 (x86 en-US) (Version: 10.0.3)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Netflix Movie Viewer (Version: 1.2.211)
NetWaiting (Version: 2.5.41)
Notepad++ (Version: 5.5)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PC Wizard 2008.1.871
Picasa 3 (Version: 3.8)
PriceGong 2.6.4 (Version: 2.6.4)
Product Documentation Launcher (Version: 1.00.0000)
PVSonyDll (Version: 1.00.0001)
RCA SMV Video Converter (Version: 1.06.0200)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
RegZooka (Version: 2.85)
Revo Uninstaller 1.85 (Version: 1.85)
Rhapsody
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SBC Yahoo! DSL Home Networking Installer
Scan (Version: 140.0.80.000)
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Secunia PSI (2.0.0.1003)
Segoe UI (Version: 15.4.2271.0615)
Shop for HP Supplies (Version: 13.0)
SigmaTel Audio (Version: 5.10.5102.0)
SimpleD Budget
Skype™ 5.8 (Version: 5.8.154)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic Activation Module (Version: 1.0)
Sophos Anti-Rootkit 1.5.0 (Version: 1.5.0)
SpongeBob SquarePants - Battle for Bikini Bottom DEMO (Version: 1.00.000)
Status (Version: 130.0.373.000)
System Checkup 3.0 (Version: 3.0.2.49)
The Fairly OddParents Demo (Version: 0.90.000)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 130.0.376.000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0318)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0212)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0161)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0947)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0396)
TurboTax 2008 wrapper (Version: 008.000.0062)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4012)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0457)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0213)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Basic 2007
Ultimate Pinball Extreme
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
User's Guides
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WiseFixer 3.2 (Version: 3.2)
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Zoo Tycoon 2 - Ultimate Collection (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 3005.76 MB
Available physical RAM: 1755.79 MB
Total Pagefile: 6248.02 MB
Available Pagefile: 4903.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.51 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.05 GB) (Free:190.67 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.87 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVE-PC

Administrator Dave Guest


**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 25 April 2012 - 08:58 PM

Click on Start => in run or search box type cmd, press enter. Right click on cmd and select "run as administrator"
From the command prompt (black screen), Copy and Paste these ipconfig /all >c:\ipconfig.txt .
Please attach the .txt file to be found in your Local Disk 'C' on your next post.

Verify that all your Network Services are Started from Control Panel.
Click on start and type services.msc press enter.

• COM+ Event System (for WZC issues)
• Computer Browser
• DHCP Client
• DNS Client
• Network Connections
• Network Location Awareness
• Remote Procedure Call (RPC)
• Server
• TCP/IP Netbios helper
• WLAN AutoConfig ( Vista wireless configurations only)
• Workstation

Edited by boopme, 27 April 2012 - 09:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 curundu

curundu
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston Texas
  • Local time:10:22 PM

Posted 26 April 2012 - 10:48 PM

I don't understand this sentence. Forgive my ignorance.
Copy and Paste these ipconfig /all >c:\ipconfig.txt . Please attach the .txt file to be found in your Local Disk 'C' on your next post.

Edited by curundu, 27 April 2012 - 04:17 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 27 April 2012 - 09:18 PM

Hello, when you open the Command Prompt copy/paste this next to the flashing cursor,press Enter.
ipconfig /all >c:\ipconfig.txt

Then go to your C drive
open C drive type .txt in the search box
Locate.. ipconfig.txt
open it and
copy/paste that file in your next poxt.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 curundu

curundu
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston Texas
  • Local time:10:22 PM

Posted 28 April 2012 - 09:53 PM

I guess I read to much difficulty into your post. Here it is.
Thanks.

Windows IP Configuration

Host Name . . . . . . . . . . . . : DAVE-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1A-A0-3F-14-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 28, 2012 9:27:57 PM
Lease Expires . . . . . . . . . . : Sunday, April 29, 2012 9:27:57 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c62:27e7:3f57:febf(Preferred)
Link-local IPv6 Address . . . . . : fe80::c62:27e7:3f57:febf%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E29B89FB-26B9-4DA6-8511-15CB1B56F95C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 28 April 2012 - 11:13 PM

These look OK.. So I would say its up to you if you want the functions of that app then igore it on future scans. Me, I don't care for any PUPs and remove them. I don't like giving spyware a foothold.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 curundu

curundu
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston Texas
  • Local time:10:22 PM

Posted 29 April 2012 - 09:06 AM

Thanks Boopme,
Whatever MalwareBytes indicates as a problem I delete.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 29 April 2012 - 08:15 PM

You're welcome. Yes.. A little mopping up and you are good to go.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.




If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 kurteb

kurteb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 12 April 2013 - 09:40 PM

I traced PUP.Funmoods to http://www.audiograbber.org/download.html It used to be payware, now it's 'freeware' but this annoying malware is bundled with it. Be sure to uncheck EVERY option on the installation. Malwarebytes Anti-Malware does flag it as malware. This is probably the best example, you get payware that is now freeware, with this caveat.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users