Initial MBAM Scan Log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.08.08
Windows Server 2008 R2 x64 NTFS
Internet Explorer 9.0.8112.16421
frank :: WINDOWS-WQH0732 [administrator]
8/8/2012 12:33:27 PM
mbam-log-2012-08-08 (12-33-27).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 795620
Time elapsed: 1 hour(s), 5 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 26
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR124\1ind[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR143\alisha2[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR144\lexi1[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR149\pubbannr.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR235\Log\4326f31b.LOG (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR26\carman4[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR26\inescap3[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR26\taylor2[1].jpg (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\LOSTFILE\DIR270\buttonslaunch_02-sel[1].gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks 2005\Components\DownloadQB15\NewFeatures\.update\.target\accmax.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\DecisionTools\Images\CE_b2_off.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\DecisionTools\Images\weblinks-ratio.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\ECredit\Pages\Images\misc1_btn.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\ECredit\Pages\Images\misc2_btn.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Help\Images\com_header.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\com_11.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\master_overview.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\merchant_head.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\order_cache_exp_r4_c3.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\order_cache_exp_r5_c2.gif (Extension.Mismatch) -> No action taken.
D:\Share\EHD\Compusa Backup\Program Files\Intuit\QuickBooks Pro\Components\Services\Images\payreferral_head.gif (Extension.Mismatch) -> No action taken.
C:\Users\frank\AppData\Local\Temp\2\2E86.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\frank\AppData\Local\{72a5a74b-8002-844d-644c-f60ea090ba88}\n (Trojan.Sirefef) -> Delete on reboot.
C:\Users\Rick\AppData\Local\Temp\5\sdhttt.exe (Exploit.Drop.COD) -> Quarantined and deleted successfully.
C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\77c33b52-4131f7d0 (Exploit.Drop.COD) -> Quarantined and deleted successfully.
C:\Windows\Installer\{72a5a74b-8002-844d-644c-f60ea090ba88}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
(end)