MBAM log, need help

View previous topic View next topic Go down

jack lame.org

Post by jackstokes11 on Sun 02 Sep 2012, 10:18 am

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.09.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taghreed :: TAGHREED-PC [administrator]

Protection: Enabled

9/1/2012 6:59:10 PM
mbam-log-2012-09-01 (18-59-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208690
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\PremierOpinion\pmropn.exe (Trojan.Agent) -> 4976 -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmropn64.exe (Trojan.Agent) -> 4344 -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmservice.exe (Trojan.Agent) -> 1376 -> Delete on reboot.

Memory Modules Detected: 2
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmls.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 50
HKCR\CLSID\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\PremierOpinion (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\ProgramData\TheBflix (PUP.BFlix) -> Delete on reboot.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\components (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Detected: 40
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\VidSaver13_20120508.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\penghdenokfnnmckodphmnlpfjciapfd.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\chrome.manifest (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\install.rdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\ncncf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\nscf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmcm.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmcm.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmls.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmls64.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmoci.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmph.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmropn.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmropn64.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmservice.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmxf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Member of GRID - Goodware Repository Information Database.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.

(end)

jackstokes11

Unborn
Unborn

Posts : 1
Joined : 2012-09-02
Operating System : window 7

View user profile

Back to top Go down

MBAM log, need help

Post by DragonMaster Jay on Mon 03 Sep 2012, 9:31 am

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBAM log, need help

Post by DragonMaster Jay on Sun 16 Sep 2012, 8:48 pm

Hi, are you still with us? Please update us on the state of your computer.

If you already solved the problem you were having, let us know. The feedback is invaluable.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MBAM log, need help

Post by Sponsored content Today at 11:24 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum