Malwarebytes' Anti-Malware 1.45
www.malwarebytes.orgDatabase version: 4051
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
4/29/2010 8:29:14 AM
mbam-log-2010-04-29 (08-29-14).txt
Scan type: Full scan (A:\|C:\|)
Objects scanned: 207385
Time elapsed: 23 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\xrovqpfof\eeenncntssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\RaaH.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yCVO.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CEZD4KV5\n002102304801r0409J11000601R83a99fdaW046d99ddX9c4de30dYd79ec259Z03009f350[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WK60Y5LU\n002102304801r0409J11000601R83a99fdaW046d99ddX9430cb2fYdfe815a9Z03009f350[1] (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Here are quarantine notes in AVG:
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\PDFFORGETOOLBAR\IE\4.5\PDFFORGETOOLBARIE.DLL
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\COMMONFILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE
Malware UNKNOWN C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\F4D55F3B0001836367169D4ED151FC84\F4D55F3B0001836367169D4ED151FC84.EXE
Corrupted executable file C:\Documents and Settings\Owner\Local Settings\Temp\SkypeSetup.exe
Infection Trojan horse Agent_r.BMS C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000032.@.vir
Infection Trojan horse Backdoor.Generic15.BIXF C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\000000cb.@.vir
And a Quarantine Report:
Time : 01/09/2012 19:43:26
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
Time : 01/09/2012 19:48:38
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
Time : 01/09/2012 19:49:12
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
Time : 01/09/2012 19:57:51
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
Time : 01/09/2012 21:16:58
--------------------------
Time : 01/09/2012 21:25:50
--------------------------
Time : 05/09/2012 00:22:53
--------------------------