Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Illume :: ILLUME-PC [administrator]
Protection: Disabled
9/14/2012 6:28:48 PM
mbam-log-2012-09-14 (18-28-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203975
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCR\CLSID{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) → No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) → No action taken.
HKCR\TypeLib{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) → No action taken.
HKCR\Interface{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) → No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → Quarantined and repaired successfully.
Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) → No action taken.
Files Detected: 18
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) → No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\lnofjfgpjkcbabcepdemehgpegljjmel.crx (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\nbciagcealjdgkihkfgcccohddefbbdd.crx (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflixUpdater\updater.exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Codec-V.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Rap Drum One Shots.rar.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (1).exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (2).exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (3).exe (Adware.Agent) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup.exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\62S9BP94\4fdbe76448e58[1].exe (Adware.Dropper) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\8BK83PWH\updater[1].exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\V3N5G5XV\updater[1].exe (Trojan.Dropper) → Quarantined and deleted successfully.
(end)
OTL did not open up 2 notepad documents…no Extras.Txt is found.
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.14.07
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Illume :: ILLUME-PC [administrator]
Protection: Disabled
9/14/2012 6:28:48 PM
mbam-log-2012-09-14 (18-28-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203975
Time elapsed: 2 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCR\CLSID{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) → No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3A4020E2-87CF-10ED-CD11-CB75071E38FF} (PUP.DownloadnSave) → No action taken.
HKCR\TypeLib{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) → No action taken.
HKCR\Interface{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) → No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) → Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) → Quarantined and repaired successfully.
Folders Detected: 1
C:\ProgramData\TheBflix (PUP.BFlix) → No action taken.
Files Detected: 18
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) → No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\lnofjfgpjkcbabcepdemehgpegljjmel.crx (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\nbciagcealjdgkihkfgcccohddefbbdd.crx (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) → No action taken.
C:\ProgramData\TheBflixUpdater\updater.exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Codec-V.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\DownloadSetup.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\Rap Drum One Shots.rar.exe (Affiliate.Downloader) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (1).exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (2).exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup (3).exe (Adware.Agent) → Quarantined and deleted successfully.
C:\Users\Illume\Downloads\XvidSetup.exe (Adware.Hotbar) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\62S9BP94\4fdbe76448e58[1].exe (Adware.Dropper) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\8BK83PWH\updater[1].exe (Trojan.Dropper.H) → Quarantined and deleted successfully.
C:\Users\Illume\Local Settings\Temporary Internet Files\Content.IE5\V3N5G5XV\updater[1].exe (Trojan.Dropper) → Quarantined and deleted successfully.
(end)