tonydandre
01-16-2010, 06:24 AM
Malwarebytes' Anti-Malware 1.43
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/16/2010 5:56:32 AM
mbam-log-2010-01-16 (05-56-28).txt
Scan type: Quick Scan
Objects scanned: 178651
Time elapsed: 1 hour(s), 8 minute(s), 6 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 12
Folders Infected: 31
Files Infected: 444
Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\adwarealert (Rogue.AdwareAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-21-510 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-32-040 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\3 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\4 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\5 (Refog.Keylogger) -> No action taken.
C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken.
Files Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Local Settings\Temporary Internet Files\Content.IE5\5O7DSXEZ\8e6a4[1].exe (Spyware.Amber) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 09_03_48 AM_198.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 10_09_41 AM_828.log (Rogue.AdwareAlert) -> No action taken.
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/16/2010 5:56:32 AM
mbam-log-2010-01-16 (05-56-28).txt
Scan type: Quick Scan
Objects scanned: 178651
Time elapsed: 1 hour(s), 8 minute(s), 6 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 5
Registry Data Items Infected: 12
Folders Infected: 31
Files Infected: 444
Memory Processes Infected:
C:\Program Files\InternetSecurity2010\IS2010.exe (Rogue.InternetSecurity2010) -> No action taken.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> No action taken.
Memory Modules Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\zango.desktopflash.1 (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UACd.sys (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\smss32.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\adwarealert (Rogue.AdwareAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\ActiveDesktop\NoChangingWallpap er (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\activedesktop\NoChangingWallpa per (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoActiveDesktopChange s (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-21-510 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\QuarantineW\2009-04-01 11-32-040 (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\FunWebProducts\Data\Owner (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\3 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\4 (Refog.Keylogger) -> No action taken.
C:\Documents and Settings\All Users\Application Data\MPK\5 (Refog.Keylogger) -> No action taken.
C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> No action taken.
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> No action taken.
Files Infected:
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Local Settings\Temporary Internet Files\Content.IE5\5O7DSXEZ\8e6a4[1].exe (Spyware.Amber) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 09_03_48 AM_198.log (Rogue.AdwareAlert) -> No action taken.
C:\Documents and Settings\Owner.YOUR-5970C7B1D6\Application Data\AdwareAlert\Log\2009 Apr 10 - 10_09_41 AM_828.log (Rogue.AdwareAlert) -> No action taken.