Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/4/2011 6:50:27 PM
mbam-log-2011-06-04 (18-50-27).txt

Scan type: Quick scan
Objects scanned: 183751
Time elapsed: 10 minute(s), 46 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> 3656 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sqoXnmCuXYw (Trojan.FakeMS) -> Value: sqoXnmCuXYw -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\WIlliam\AppData\Local\hiq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\sqoxnmcuxyw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\31121144.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Local\Temp\tmpACA1.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\hiq.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\local settings\application data\yue.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\Users\WIlliam\AppData\Roaming\microsoft\Windows\start menu\Programs\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.