Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUPs and More?


  • Please log in to reply
1 reply to this topic

#1 alton250

alton250

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 02 March 2013 - 05:53 PM

After receiving excellent help from Narenxp last night with my computer, I thought I'd scan one of my kids' computers to see how bad it was.  MalwareBytes found 42 items!!  I saw PUPs, and more.  I'm not sure how to deal with this stuff.  Any help would be greatly appreciated!

 

I've posted the MalwareBytes log below.

 

David

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.02.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
erika.atkinson :: ERIKAATKINSONPC [administrator]

3/2/2013 5:33:52 PM
MBAM-log-2013-03-02 (18-07-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315327
Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data:  -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyEtD0ByE0DtC0F0AzytN0D0Tzu0StCzytCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=6889831) Good: (http://www.google.com) -> No action taken.

Folders Detected: 5
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> No action taken.

Files Detected: 12
C:\Users\atkinison kids\Desktop\soft_pcp_conduit.exe (PUP.BundleInstaller.IB) -> No action taken.
C:\Users\atkinison kids\AppData\Local\Temp\ibtmpf564504\component_566 (PUP.CrossRider.SSK) -> No action taken.
C:\Users\atkinison kids\AppData\Local\Temp\is1098755234\GiantSavings_US.exe (PUP.GamePlayLabs) -> No action taken.
C:\Users\atkinison kids\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\Users\atkinison kids\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> No action taken.
C:\Users\atkinison kids\Local Settings\Application Data\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\atkinison kids\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> No action taken.
C:\Users\atkinison kids\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> No action taken.
C:\Users\atkinison kids\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> No action taken.

(end)



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:25 AM

Posted 02 March 2013 - 06:01 PM

Please remove those infections,run a scan again and post the new log

 

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users