Malwarebytes' Anti-Malware 1.41 Database version: 2866 Windows 5.1.2600 Service Pack 2 28/09/2009 05:24:26 mbam-log-2009-09-28 (05-24-21).txt Scan type: Quick Scan Objects scanned: 158903 Time elapsed: 20 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 9 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 3 Files Infected: 32 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\lsphum.dll (Trojan.Agent) -> No action taken. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realteks (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Folders Infected: C:\Documents and Settings\LocalService\Application Data\sysproc64 (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken. C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> No action taken. Files Infected: C:\WINDOWS\system32\lsphum.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\ntvars.dll (Backdoor.Agent) -> No action taken. C:\WINDOWS\system32\netenv_1_1.dll (Backdoor.Agent) -> No action taken. C:\WINDOWS\Temp\152.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\153.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\154.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\155.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\15E.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\15F.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\160.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\161.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\191.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\192.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\193.tmp (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\Temp\194.tmp (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Jamie\Local Settings\Temp\c.exe (Spyware.Passwords) -> No action taken. C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5\EKWH521W\common3[1].htm (Spyware.Passwords) -> No action taken. C:\Documents and Settings\LocalService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken. C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> No action taken. C:\Documents and Settings\Jamie\Application Data\Google\Shell32.dll (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\cryptdiag.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\dxvars.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\ipcmd.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\sysdiag.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\winntcmd_2_0.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\winntlog_uni.dll (Trojan.Agent) -> No action taken.