Malwarebytes' Anti-Malware 1.41
Database version: 3172
Windows 5.1.2600 Service Pack 3
11/14/2009 3:43:08 PM
mbam-log-2009-11-14 (15-43-08).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 177476
Time elapsed: 44 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 81
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\config\Media Ce.evt (Rootkit.Agent.H) -> Delete on reboot.
C:\WINDOWS\system32\Config\6to4nt.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\htco.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\msch24.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\sysrun.exe (Password.Stealer) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\pcant.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\pkz.ini (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\application data\printer.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\cftmon.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\ftpdll.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\kufwin32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\Config\Win.exe (IM.Worm) -> Delete on reboot.
C:\WINDOWS\repair\1sass.exe (Backdoor.Agent) -> Delete on reboot.
C:\WINDOWS\repair\kasutio (Rootkit.Rustock) -> Delete on reboot.
C:\WINDOWS\repair\loprt.cmd (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\repair\Mirror.exe (Worm.AutoRun) -> Delete on reboot.
C:\WINDOWS\repair\sql.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\repair\whw.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\SystemProfile\Application Data\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
C:\WINDOWS\system32\Config\Systemprofile\Start Menu\Programs\Startup\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.