Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
mwilt :: SHP06 [administrator]
6/14/2012 2:27:29 PM
mbam-log-2012-06-15 (08-32-04).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 517869
Time elapsed: 2 hour(s), 52 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 18
HKCRCLSID{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCRTypeLib{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCRInterface{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCRFunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> No action taken.
HKCRFunWebProductsInstaller.Start (PUP.MyWebSearch) -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExtStats{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorer{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.
HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionExplorer{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.
HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionExplorer{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> No action taken.
HKLMSOFTWAREFunWebProducts (PUP.MyWebSearch) -> No action taken.
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifydbbin (Trojan.Goldun) -> No action taken.
Registry Values Detected: 6
HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|{E930AC18-34DF-9FEB-63C0-198472B84820} (Trojan.Agent) -> Data: "C:Documents and SettingsmwiltApplication DataOroxeveykzi.exe" -> No action taken.
HKCUControl Paneldon't load|scui.cpl (Hijack.SecurityCenter) -> Data: No -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> No action taken.
HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun|ttool (Trojan.Agent) -> Data: C:WINDOWS9129837.exe -> No action taken.
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionNetwork|UID (Malware.Trace) -> Data: SHP06_0BA8C06F -> No action taken.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun|Antivirus Pro 2010 (Rogue.AntiVirusPro2010) -> Data: "C:Program FilesAntivirusPro_2010AntivirusPro_2010.exe" /hide -> No action taken.
Registry Data Items Detected: 4
HKLMSOFTWAREMicrosoftSecurity Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLMSOFTWAREMicrosoftSecurity Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLMSOFTWAREMicrosoftSecurity Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon|Userinit (Hijack.UserInit) -> Bad: (C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32sdra64.exe,) Good: (userinit.exe) -> No action taken.
Folders Detected: 1
C:WINDOWSsystem32lowsec (Stolen.data) -> No action taken.
Files Detected: 22
C:Documents and SettingsmwiltApplication DataOroxeveykzi.exe (Trojan.Agent) -> No action taken.
C:RECYCLERS-1-5-21-4157305413-1978939531-3247275655-1394Dc1htmlayout.dll (Spyware.OnlineGames) -> No action taken.
C:RECYCLERS-1-5-21-4157305413-1978939531-3247275655-1394Dc1wscui.cpl (Malware.Packer.Gen) -> No action taken.
C:System Volume Information_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}RP325A0079970.dll (Adware.Gamevance) -> No action taken.
C:System Volume Information_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}RP325A0079971.exe (Adware.Gamevance) -> No action taken.
C:System Volume Information_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}RP346A0117209.DLL (PUP.FunWebProducts) -> No action taken.
C:System Volume Information_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}RP346A0117210.DLL (PUP.FunWebProducts) -> No action taken.
C:System Volume Information_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}RP346A0117211.DLL (PUP.FunWebProducts) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTempTemporary Directory 3 for UPS Delivery Notification -NYS1U2CP5MHQ -Jan-2012 (2).zipUPS Delivery Notification - Jan-2012.exe (Trojan.Agent) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTempTemporary Directory 1 for UPS Delivery Notification -NYS1U2CP5MHQ -Jan-2012 (2).zipUPS Delivery Notification - Jan-2012.exe (Trojan.Agent) -> No action taken.
C:Documents and SettingsmwiltApplication Datawiaserva.log (Malware.Trace) -> No action taken.
C:WINDOWSsystem32z98a.bin (Malware.Trace) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr2 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr3 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr4 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr5 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr6 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr7 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr8 (Rogue.Installer) -> No action taken.
C:Documents and SettingsmwiltLocal SettingsTemp mpwr9 (Rogue.Installer) -> No action taken.
C:WINDOWSsystem32lowseclocal.ds (Stolen.data) -> No action taken.
C:WINDOWSsystem32lowsecuser.ds (Stolen.data) -> No action taken.
(end)
Best answer by Kit
View original