WiredWX Hobby Weather ToolsLog in

 


descriptionMBAM log, need help Emptyjack lame.org

more_horiz
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taghreed :: TAGHREED-PC [administrator]

Protection: Enabled

9/1/2012 6:59:10 PM
mbam-log-2012-09-01 (18-59-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208690
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\PremierOpinion\pmropn.exe (Trojan.Agent) -> 4976 -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmropn64.exe (Trojan.Agent) -> 4344 -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmservice.exe (Trojan.Agent) -> 1376 -> Delete on reboot.

Memory Modules Detected: 2
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmls.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Detected: 50
HKCR\CLSID\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F5EBA75-EBE2-FE0D-1A66-135141D34235} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{eeb86aef-4a5d-4b75-9d74-f16d438fc286} (Adware.PremierOpinion) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\3491 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\PremierOpinion (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\ProgramData\TheBflix (PUP.BFlix) -> Delete on reboot.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\components (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion (Adware.PremierOpinion) -> Quarantined and deleted successfully.

Files Detected: 40
C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Delete on reboot.
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\VidSaver13_20120508.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Taghreed\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\penghdenokfnnmckodphmnlpfjciapfd.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\chrome.manifest (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\install.rdf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\ncncf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\nscf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmcm.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmcm.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmls.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmls64.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmoci.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmph.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\pmropn.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmropn64.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmservice.exe (Trojan.Agent) -> Delete on reboot.
C:\Program Files (x86)\PremierOpinion\pmxf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxg.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PremierOpinion\components\pmxk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\About PremierOpinion.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Member of GRID - Goodware Repository Information Database.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Privacy Policy and User License Agreement.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Support.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk (Adware.PremierOpinion) -> Quarantined and deleted successfully.

(end)

descriptionMBAM log, need help EmptyMBAM log, need help

more_horiz
Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

descriptionMBAM log, need help EmptyRe: MBAM log, need help

more_horiz
Hi, are you still with us? Please update us on the state of your computer.

If you already solved the problem you were having, let us know. The feedback is invaluable.

descriptionMBAM log, need help EmptyRe: MBAM log, need help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum