5-22
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/22/2012 7:52:58 PM
mbam-log-2012-05-22 (19-52-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342719
Time elapsed: 54 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent) -> Data: explorer.exe "C:\Users\owner\winlogon.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^-^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc|Start (Disabled.Cryptsvc) -> Bad: (4) Good: (2) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Windows\System32\%APPDATA%\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\df****.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Antivirus Protection 2012\AntivirusProtection2012.exe (Rogue.AntiVirusProtection) -> Quarantined and deleted successfully.

(end)

5-23 10 AM
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/23/2012 10:00:02 AM
mbam-log-2012-05-23 (10-00-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191328
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winlogon (Trojan.Agent) -> Data: C:\Users\owner\winlogon.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

5-23 5:54

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/23/2012 5:54:24 PM
mbam-log-2012-05-23 (17-54-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193175
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Trojan.LockScreen) -> Data: C:\ProgramData\qqjpqdpo.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\qqjpqdpo.exe (Trojan.LockScreen) -> Quarantined and deleted successfully.

(end)

5-24

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18904
owner :: OWNER-PC [administrator]

5/24/2012 12:13:36 PM
mbam-log-2012-05-24 (12-13-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191293
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)