Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.25.05 Windows 7 x86 NTFS Internet Explorer 8.0.7600.

16385 acer :: ACER-PC [administrator] Protection: Enabled 9/25/2012 12:47:52 PM mbam-log-2012-09-25 (12-47-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Ext ra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184760 Time elapsed: 10 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 39 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfu lly. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfull y. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ 75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB490EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90E C-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfull y. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantine d and deleted successfully. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACEA6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F 2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantine d and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfull y. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarant ined and deleted successfully. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted suc cessfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and del eted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A51 3-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKCR\CLSID\{edec5cdc-b714-4b45-9b66-c370451a74f9} (PUP.MyWebSearch) -> Quarantin ed and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantine d and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quaranti ned and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F91FE-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91F E-074A666F6425} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF9CC5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC 5-FCEC0837FFD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE9014-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-901 4-800A2ADCDEB0} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4C2743F0-A2E2-41A0-9E6 5-798943109F42} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99b340f7-7 6e0-44ab-9948-b95a1b475d39} (PUP.MyWebSearch) -> Quarantined and deleted success fully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1da22a28-324d-4d d4-b2dc-66a3cebf447f} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Fun moods) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet 7F29EF3} (PUP.Funmoods) -> Data: cessfully. HKLM\SOFTWARE\Microsoft\Internet 7F29EF3} (PUP.Funmoods) -> Data: Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\acer\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan. Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C Funmoods Toolbar -> Quarantined and deleted suc Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C -> Quarantined and deleted successfully.

Downloader) -> Quarantined and deleted successfully. C:\Users\acer\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.OfferBu ndler.ST) -> Quarantined and deleted successfully. C:\Users\acer\Downloads\oi_avengerszip.exe (PUP.BundleInstaller.OI) -> Quarantin ed and deleted successfully. C:\Users\acer\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and delet ed successfully. C:\Users\acer\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Qua rantined and deleted successfully. (end)