Malwarebytes' Anti-Malware 1.50.1.

1100
www.malwarebytes.org
Database version: 5871
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
2/25/2011 3:18:56 AM
mbam-log-2011-02-25 (03-18-56).txt
Scan type: Quick scan
Objects scanned: 138079
Time elapsed: 6 minute(s), 45 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 103
Memory Processes Infected:
c:\WINDOWS\ggdrive32.exe (Worm.Palevo.Gen) -> 268 -> Unloaded process successful
ly.
c:\WINDOWS\Idepaf.exe (Trojan.Agent) -> 1192 -> Not selected for removal.
Memory Modules Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> Not selected for removal.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and dele
ted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted suc
cessfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and d
eleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zo
nes\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Qu
arantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\R
un\Microsoft Driver Setup (Worm.Palevo.Gen) -> Value: Microsoft Driver Setup ->
Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Troj
an.Agent) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tnaww (Trojan.Fa
keAlert) -> Value: Tnaww -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.
Agent) -> Value: msnsc -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (W
orm.Palevo) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
(Worm.Palevo) -> Value: Taskman -> Delete on reboot.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman
 (Worm.Palevo.Gen) -> Bad: (c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330
-1013\acleaner.exe) Good: () -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (H
ijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781
863308-1413\syitm.exe) Good: (Explorer.exe) -> Not selected for removal.
Folders Infected:
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413 (Worm.AutoRun) -> Quara
ntined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013 (Worm.AutoRun.Gen) ->
Delete on reboot.
Files Infected:
c:\WINDOWS\system32\sshnas21.dll (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\ggdrive32.exe (Worm.Palevo.Gen) -> Quarantined and deleted successful
ly.
c:\WINDOWS\Idepaf.exe (Trojan.Agent) -> Not selected for removal.
c:\Documents and Settings\ocsena\Local Settings\Temp\Ico.exe (Trojan.Agent) -> D
elete on reboot.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe (Trojan.FakeA
lert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successf
ully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe (Worm.Pal
evo.Gen) -> Delete on reboot.
c:\documents and settings\ocsena\application data\PlugPlay.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
c:\documents and settings\ocsena\application data\spoolsv.exe (Trojan.Agent) ->
Quarantined and deleted successfully.
c:\120.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\150.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\151.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\163.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\193.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\195.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\xdx.exe (Worm.Palevo.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\10.exe (Worm.Palevo.Gen) -> Not selected for removal.
c:\WINDOWS\system32\54.exe (Worm.Palevo.Gen) -> Not selected for removal.
c:\WINDOWS\system32\62.exe (Worm.Palevo.Gen) -> Not selected for removal.
c:\WINDOWS\system32\irqd.exe (Trojan.Agent) -> Not selected for removal.
c:\documents and settings\ocsena\local settings\Temp\sshnas21.dll (Trojan.Agent)
-> Quarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic0.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic1.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic2.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic3.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic4.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic5.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic6.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic7.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic8.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ic9.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icj.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ick.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icl.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icm.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idh.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icn.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icp.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icq.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icr.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ics.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ict.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icu.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icv.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icw.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icx.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icy.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Icz.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Id0.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ida.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idb.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idc.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idd.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ide.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idf.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idg.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idi.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idj.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idk.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idl.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idm.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idn.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ido.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idp.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idq.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idr.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Ids.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idt.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idu.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idv.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idw.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idx.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idy.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\local settings\Temp\Idz.exe (Trojan.Agent) -> Q
uarantined and deleted successfully.
c:\documents and settings\ocsena\dq.exe (Trojan.FakeAlert) -> Quarantined and de
leted successfully.
c:\documents and settings\ocsena\ms.exe (Worm.Palevo.Gen) -> Quarantined and del
eted successfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\content.ie5\1wexe3la\282[1].gif (Extension.Mismatch) -> Quarantined and deleted
successfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\1WEXE3LA\7[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted succ
essfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\1WEXE3LA\wpc[1].exe (Trojan.Agent) -> Quarantined and deleted succe
ssfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\5E5W5AZE\wpc[1].exe (Trojan.Agent) -> Quarantined and deleted succe
ssfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\5E5W5AZE\wp[1].exe (Trojan.Agent) -> Quarantined and deleted succes
sfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\5E5W5AZE\xudv[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted s
uccessfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\5E5W5AZE\x[1] (Worm.AutoRun) -> Quarantined and deleted successfull
y.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\DAF1T1IQ\ep[1].exe (Trojan.Agent) -> Quarantined and deleted succes
sfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\DAF1T1IQ\wp[1].exe (Trojan.Agent) -> Quarantined and deleted succes
sfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\DAF1T1IQ\xudv[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted s
uccessfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\DAF1T1IQ\xudv[2].exe (Worm.Palevo.Gen) -> Quarantined and deleted s
uccessfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\content.ie5\f8hhouxk\282[1].gif (Extension.Mismatch) -> Quarantined and deleted
successfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\F8HHOUXK\7[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted succ
essfully.
c:\documents and settings\networkservice\local settings\temporary internet files
\Content.IE5\F8HHOUXK\ep[1].exe (Trojan.Agent) -> Quarantined and deleted succes
sfully.
c:\documents and settings\ocsena\local settings\temporary internet files\Content
.IE5\01KZAIT0\xudv[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted successfu
lly.
c:\documents and settings\ocsena\local settings\temporary internet files\Content
.IE5\T9SDH3AW\ms[1].exe (Worm.Palevo.Gen) -> Quarantined and deleted successfull
y.
c:\WINDOWS\Idepaa.exe (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\Idepab.exe (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\Idepac.exe (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\Idepad.exe (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\Idepae.exe (Trojan.Agent) -> Not selected for removal.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader)
-> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -
> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1413\Desktop.ini (Worm.AutoR
un) -> Quarantined and deleted successfully.
c:\RECYCLER\r-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Worm.Auto
Run.Gen) -> Quarantined and deleted successfully.