Malwarebytes' Anti-Malware 1.46
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4088
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
5/10/2010 9:32:07 PM
mbam-log-2010-05-10 (21-32-07).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 287255
Time elapsed: 1 hour(s), 11 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 10
Folders Infected: 1
Files Infected: 15
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security essentials 2010 (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Securityessentials2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Securityessentials2010\SE2010.exe (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MEVO0HE\exe[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBS4KVWB\SetupSE2010[1].exe (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\195C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\B29E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\Temp\A60F.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\Temp\B33C.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Windows\System32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Windows\System32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Administrator\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.