www.malwarebytes.org
Database version: 6320
Windows 6.1.7600
Internet Explorer 9.0.7930.16406
09/04/2011 21:53:01
mbam-log-2011-04-09 (21-53-01).txt
Scan type: Quick scan
Objects scanned: 180614
Time elapsed: 2 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhiteSmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790570B576555236A098 (Malware.Trace) -> Value: SRS_IT_E8790570B576555236A098 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790774B37655523FAB91 (Malware.Trace) -> Value: SRS_IT_E8790774B37655523FAB91 -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\Users\Harry\AppData\Roaming\whitesmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\programdata\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
Files Infected:
c:\Windows\Temp\~nsu.tmp\whitesmokewriter.exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Jazz\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\internet explorer\quick launch\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\Users\Harry\AppData\Roaming\whitesmoke\stat.log (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\launch whitesmoke.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\uninstall.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\whitesmoke\whitesmoke registration.lnk (PUP.Whitesmoke) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery\scanquery.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\program files (x86)\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\programdata\scanquery\scanquery117.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.