Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Funmoods


  • Please log in to reply
15 replies to this topic

#1 Pardew

Pardew

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 23 June 2012 - 05:50 AM

Hello! It's me again. Pardew. A couple of years ago, you guys were great helping me eliminate a rootkit problem. Well, through trying to DL freeware(duh!), I've managed to get this inaptly named 'Funmoods' search engine auto-opening which I have to close every time when I start my Opera browser.

I think it was detected during setup process(freeware/Tarma Installer, I think) by my resident AVG(paid for) but I may have stupidly rushed and ignored it :blink: . 'Price Gong' was another package with it but I think I've eliminated that via Control Panel uninstall as I thought I could with Funmoods. MBAM detected 23 problems relating to PUP.Funmoods' in my registry all with 'no action taken' on output log.

I ran a rootkit on AVG which picked up a threat in a hidden file and asked me to get rid of it as 'power user' on reboot. Funmoods SE still on my Opera browser when I click to start it and still have to close it.

Sorry to whoffle, guys! It's what I do..........

Here's the MBAM log anyway -

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.12

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
popster :: DAVE [administrator]

23/06/2012 00:56:55
mbam-log-2012-06-23 (00-56-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 71778
Time elapsed: 7 minute(s), 15 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.
HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.
HKCR\f (PUP.Funmoods) -> No action taken.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



This should be in the 'Security' forum, shouldn't it? Sorry :blink:

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Edited by Animal, 23 June 2012 - 06:59 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 23 June 2012 - 10:31 PM

Yes, your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having Malwarebytes remove the threats. To confirm if everything was removed:
  • Rescan again (Quick Scan) in normal mode.
  • Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning.
  • Make sure that everything detected is checked and then click the Remove Selected button.
  • Then click the Logs tab and copy/paste the contents of the new report in your next reply.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 24 June 2012 - 12:16 PM

Hi, Quietman7.

Thanks for helping. I did forget to check the list of MBAM findings - duh!

Here's the MBAM log -

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
popster :: DAVE [administrator]

24/06/2012 17:58:53
mbam-log-2012-06-24 (17-58-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273917
Time elapsed: 11 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 24 June 2012 - 12:52 PM

Hi Quietman7.

Further to the above, even though MBAM didn't request a reboot following 'removal of selected' and posting the above log, I, perhaps wrongly? decided to reboot my computer anyway and did another MBAM quick scan which at 1m 33secs froze during scan at -

HKCR\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}

The mouse didn't respond until after about 3 minutes when, on click, the rotating circle appeared on MBAM only.

Shortly after a couple of other surrounding icons responded in short intervals before themselves freezing.

Shortly after that the screen blacked out. I waited 15 minutes and turned off the pc at the mains(arrrrghh!) to reboot.

I am now posting this.

Also, sorry I'm providing info piecemeal, Quietman7, but Resident Shield on my full AVG 2012 at 19.41 22/06/12 did detect the infection - Adware Generic5.FVQ - Object-c:\users\popster\AppData\Local\temp\88219BE4\_Setupx.dll Result-Object is inaccessible.

Thanks for your continued help.

Pardew.

Edited by Pardew, 24 June 2012 - 01:22 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 24 June 2012 - 05:28 PM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Then try completing another scan with Malwarebytes. If it still fails to complete, boot into safe mode and try doing it that way.


Please download SUPERAntiSpyware Free and follow these instructions for performing a scan.

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Be sure to update the definitions before scanning by selecting "Check for Updates".
    If you encounter any problems while downloading the updates, manually download them from here.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY) under Select Scan Type.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 30 June 2012 - 06:44 AM

Hi Quietman,

Sorry for the delay in replying.

I still have Funmoods on my browser and will follow your instructions tonight about 2000 UK time.

Please don't discontinue the thread.

Pardew.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 30 June 2012 - 03:03 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 30 June 2012 - 03:31 PM

Hi Quietman7.

Have run TFC, rebooted on request and ran an MBAM Quick Scan again in normal mode which after 1m 44secs froze on HKLM\SOFTWARE\Microsoft\CurrentVersion\Installer\UserData\S-1-5-18\Components\000021091A009040000000A0FE51DCC7.

Turned off at mains to reboot in safe mode for MBAM QS generating this log -

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
popster :: DAVE [administrator]

30/06/2012 21:08:05
mbam-log-2012-06-30 (21-08-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250657
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I already have SAS on my system and am about to do a scan. I don't think I am 'highly' infected. In light of this, before I proceed, should I just run a normal scan after an update?

Having said that, I'm not sure how 'highly infected' would be defined in this context...

Thanks for the continued help.

Pardew.

Edited by Pardew, 30 June 2012 - 03:33 PM.


#9 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 30 June 2012 - 04:02 PM

Here is the SAS log as requested -

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2012 at 09:57 PM

Application Version : 5.1.1002

Core Rules Database Version : 8827
Trace Rules Database Version: 6639

Scan type : Quick Scan
Total Scan Time : 00:10:13

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 657
Memory threats detected : 0
Registry items scanned : 30403
Registry threats detected : 0
File items scanned : 7061
File threats detected : 9

Adware.Tracking Cookie
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\QST6OL7B.txt [ Cookie:popster@statse.webtrendslive.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VA0HXBZ.txt [ Cookie:popster@invitemedia.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\T98DMCSA.txt [ Cookie:popster@kontera.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCCO0COV.txt [ Cookie:popster@doubleclick.net/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\N4JP11OW.txt [ Cookie:popster@serving-sys.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6DQ5QRI.txt [ Cookie:popster@at.atwola.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1AW8NZN.txt [ Cookie:popster@advertising.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\FLSWTSQI.txt [ Cookie:popster@bs.serving-sys.com/ ]
C:\USERS\POPSTER\AppData\Roaming\Microsoft\Windows\Cookies\Low\U26P8MLR.txt [ Cookie:popster@atdmt.com/ ]


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 01 July 2012 - 06:40 AM

Yes you can try another scan in normal mode.

Funmoods is a toolbar.

Many toolbars, Add-ons, screensavers, and weather monitoring programs come bundled with other software and can be the source of various issues and problems to include Adware. They usually can be removed via Add/Remove Programs or Programs and Features in Vista/Windows 7, so always check there first.

If nothing is listed in Add/Remove or Programs and Features, check Internet Explorer's Manage Add-ons where they can be disabled:
If using Firefox or Google Chrome, please refer to:
Repeat the above steps for any other toolbars/extensions you do not want or don't recognize.


To reset the browser home page if it was changed, please refer to:
To reset or restore all browser settings in Internet Explorer, please refer to resetting Internet Explorer settings or use Posted Image to automatically reset registry keys and the browser back to the way it was when initially installed.
If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.
-- Windows 7 users can also use the Internet Explorer Troubleshooter to achieve this automatically.

If using FireFox, please refer to:If using Chrome, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 01 July 2012 - 03:30 PM

Hi quietman7,

Right at the time I 'acquired' Funmoods, I removed it via Progs & Features and I have deleted/disabled from Add-ons but when I open my Opera Speed dial page Funmoods search engine page still tries to open and I have to close it every time.

If I do another MBAM Quick scan in normal mode, it'll probably freeze again but here goes...

Pardew

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 01 July 2012 - 03:35 PM

As you can see all the links I provided for resetting a browser to defaults do not include Opera. I've never used it but I'm sure it has similar settings so you may want to try doing that. While most toolbars are not malicious, some are a pain to complete remove.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 01 July 2012 - 04:08 PM

Hi quietman,

Ran another MBAM quick scan and 'left the room'. Got back to find desktop had rebooted to this 'Shutdown unexpectedly' message -

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 77
BCP1: 00000001
BCP2: 2034302D
BCP3: 00000000
BCP4: A098AB78
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini070112-01.dmp
C:\Users\popster\AppData\Local\temp\WER-1171130-0.sysdata.xml
C:\Users\popster\AppData\Local\temp\WER6A46.tmp.version.txt


Whilst the only hassle it seems to cause is the 'having to close it' when I open Opera speed dial, it's annoying to know MBAM reacts to it in this way which, in turn, leads me to believe it's something quite 'serious'?

No MBAM log generated because scan incomplete.

Pardew

Edited by Pardew, 01 July 2012 - 04:17 PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:45 AM

Posted 02 July 2012 - 08:00 AM

Uninstall your version of Malwarebytes, reboot, install this new versiion, then try doing another scan.

Did you find the settings in Opera to restore everything to default?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Pardew

Pardew
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 AM

Posted 04 July 2012 - 03:15 PM

Hi Quietman7.

Quick scan completed with the new version of MBAM and logged 'clear'.

Got rid of 'funmoods'thru the settings.

Thanks for your tolerance. As always, BP staff've been excellent.

If anything, however petty, comes up again, you guys'll be the first I'll pester...........

Pardew




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users