************' Anti-Malware 1.50.1.1100
Database version: 6260
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09/04/11 21:05:30
mbam-log-2011-04-09 (21-05-30).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 362624
Time elapsed: 1 hour(s), 13 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 6
Registry Data Items Infected: 5
Folders Infected: 28
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8BDFF85-F8C2-4281-8669-31253E646518} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ScanQuery (Adware.ScanQuery) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Seekmo@Seekmo.com (Adware.SeekMo) -> Value:
Seekmo@Seekmo.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\MALY MALY\Local Settings\Application Data\nyk.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\MALY MALY\Local Settings\Application Data\nyk.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\application data (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\application data (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\documents and settings (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\maly maly (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\documents and settings (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\maly maly (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\scanquery (Adware.ScanQuery) -> Quarantined and deleted successfully.
Files Infected:
c:\art\aosama\??????\cnx_uptool_810_original.exe (Adware.Agent) -> Delete on reboot.
c:\documents and settings\maly maly\??? ??????\hussam\program\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\documents and settings\maly maly\??? ??????\hussam\program\???? ???? (2)\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\documents and settings\maly maly\??? ??????\hussam\program\???? ???? (2)\games\sapper2000\register.exe (Malware.Packer) -> Delete on reboot.
c:\documents and settings\maly maly\??? ??????\hussam\program\???? ???? (2)\games\sapper2000\sapper.exe (Malware.Packer) -> Delete on reboot.
c:\documents and settings\maly maly\??? ??????\hussam\program\????? ???????? ???????\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\documents and settings\maly maly\??? ??????\hussam\program\hussam .arion.art\art\aosama\??????\cnx_uptool_810_original.exe (Adware.Agent) -> Delete on reboot.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP567\A0246943.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP567\A0247936.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP568\A0249045.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP568\A0249046.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP569\A0249068.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP569\A0249056.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP569\A0249065.dll (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{334c4a9f-adc6-4127-98e9-d4248f532ad0}\RP569\A0249067.dll (Adware.SeekMo) -> Quarantined and deleted successfully.
c:\program files\scanquery\uninstall.exe (Adware.ScanQuery) -> Quarantined and deleted successfully.
d:\hussam\portprintmaker701\Pm70.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\hussam\portprintmaker701\MSVCP60.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\hussam\proggggggg\pr new\windows proply\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
d:\hussam\proggggggg\?????? ???????? xp ???????\vista key finder.exe (Application.FindKey) -> Delete on reboot.
d:\hussam\proggggggg\????? ???????? ???????\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
d:\portprintmaker701\Pm70.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\portprintmaker701\MSVCP60.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\documents and settings\hussam\Desktop\????? ?????\removewga.exe (PUP.RemoveWGA) -> Not selected for removal.
c:\documents and settings\maly maly\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\Seekmo\blackdomain.list (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\maly maly\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\shoppingreport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
