WIN 32 PUP files

[Stick]

3 scans done today..................

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 10:48:14 AM
mbam-log-2011-01-26 (10-48-14).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 229734
Time elapsed: 41 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085534.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085539.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085526.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085528.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085529.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085530.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085533.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP851\A0085536.SCR (PUP.FunWebProducts) -> Quarantined and deleted successfully.

 
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5602
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 5:24:55 PM
mbam-log-2011-01-26 (17-24-55).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5611
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/26/2011 6:09:12 PM
mbam-log-2011-01-26 (18-09-12).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 231644
Time elapsed: 43 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)

[Stick]

In QUARANTINE 8 from today all the same..

PUP.Fun Web Products c:\system volume information\restore{106cf321-99a3-4c3

[Tarq57]

So far so good. Any more popups or malware detections?

If not, wait and see. No need to delete anything from quarantine, yet.
You will find that one or more of your system restore points are likely to be inoperative, which is no big deal.
(System restore has its uses, but can be unreliable, and doesn't take the place of backing up your files/photos etc from time to time.) You might wish to delete your earlier system restore points.

Be a bit careful as to what toolbars you install. Mywebsearch has a iffy reputation, at best. I don't use toolbars at all. Hate 'em. If I were you, and you really want a toolbar, I'd just have one installed, and uninstall all the others. There is a link here that contains another link to their uninstall utility. I recommend running it.(I've checked it; it's ok.) There is info available all over the web regarding My Web Search etc. The info available at PCHell might be of interest to you.

It would be a good idea to run the disk cleanup utility if you haven't run it for a while, or download and run Ccleaner, by piriform. I'd use the slim version (without a toolbar), available bottom of the page. Don't select everything for cleaning. You can get rid of stuff you might want to keep. Anything titled "temp" or "temporary" is safe to go. There are very good help files online for this program.

Hope that helps, and you are free of problems now. Check back and let us know in a week or so, or straight away if there are any problems (or questions) at all.

If you still have popups and/or malware detections, scan with OTL as directed in essexboys' post, and post the info and log below. I'll then let him know they are here.

[Stick]

My Websearch was deleted about a month ago...evidently not completely..it just seemed to popup one day
I'll deinately try the other procedures you mentioned..Really appreciate the info and the help..

[Stick]

Ran a DEEP SCAN last night...
Full MABM this morning
174_137_146_170 went from 9 to like 20?..make that 23 in quarintine
Also went to the PC HELL site..that addy is now in quarintine??

[Tarq57]

Sorry, that info is a bit meaningless without a scan report.
Are these new active infections, or just inactive stuff that's been sitting on the hard drive, and is this the first time you've done a full scan with MBAM?

Please post that scan report.
What is an "addy"?

[Stick]

About 5 mins ago I get.
gadzhetsaver6.com
Supposedly from microsoft...

[Tarq57]

I don't understand what you're reporting, whether it's a popup box, a malware alert, or a redirect, but whatever it is, you still have problems.

Re-read the post by essexboy, and please follow the directions. Post a new MBAM log, the OTL log, and the "extras" log that will be also generated.

[Stick]

About 5 mins ago I get.
gadzhetsaver6.com
Supposedly from microsoft...
DID NOT ALLOW



All MAM Scans have come up 0
Some are full some are quick..definations up todate

Getting Malware popups on 1 site which is down to 1 by now..
Deleted all but recent System Restore

Attempted Re Directs in tasbar...

Signed up on PC HELL even though the first time the addy got quarantined in the VIRUS CHEST
Gettin kinda edgy here..got 3 puters in house all runnin Verizon Fios Internet..I'm the only one having issues

[Tarq57]

Quick question: Is your firewall turned on?

And that's it from me, till you post the logs I've asked for. Only then can more progress be made.

You should know that posting random and imprecise info about popups etc is not helping.(Example: I still have no idea what gadzhetsave6.com refers to. And Avast does not quarantine addresses. The webshield might block an infected address.)

[Stick]

Firewall is turned on..

Most recent Malware scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/27/2011 5:59:15 PM
mbam-log-2011-01-27 (17-59-15).txt

Scan type: Full scan (C:\|)
Objects scanned: 197018
Time elapsed: 23 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Stick]

http://174.137.146.170/?cbb= 0343
                             0356
                             0812
                             0816
                             0822
                             0892
                             9171
                             9861
                             0068
                             4309
                             4325
                             8917
                             8955
                             9336

In Virus Chest as re directs

gadzhetsave6.com This was a popup..didn't load it


Avast Scans

Full
1/22
1/25
1/26...All no viruses detected
1/26...Some files could not be scanned

Boot Scan
1/26...No Viruses detected
1/27...No Viruses detected

Quick Scan
1/22
1/23
1/23
1/24
1/25
1/25
1/26
1/26
1/27...No Viruses detected
                            

[Tarq57]

OK, but this was not what I asked for.

Follow the directions in my post (reply #12) here.

Is that clear?

[Stick]

Actually the only thing that's clear to me at this time is my puter could probably be used as a small boat anchor

I have decided to take another course of action.
With respect I will be going with another more simplier system  simplier for me anyway
I mean NO disprect for anyone on this board...I gotta do what I gotta do..
Thanks anyway though

[Tarq57]

Sorry you were not prepared to progress this, but you got to do what you want to do.
Other options include a format and reinstall, or taking it to a shop to get it cleaned.

Or buying a new 'pooter.