Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.05.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 5/5/2013 12:58:35 AM mbam-log-2013-05-05 (00-58-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213341 Time elapsed: 8 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uPc+nloZkfgog+Jsiv (Trojan.Downloader.Gen) -> Data: rundll32.exe C:\Users\Owner\AppData\Local\Temp\g0cwv08.dll, SystemServer -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lvkdhfngruf (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.0 (KHTML, like Gecko) Chrome/6.0.408.1 Safari/534.0 (Trojan.Downloader.Gen) -> Data: C:\Users\Owner\AppData\Local\Temp\wininst.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lvkdhfngruf (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.9 (KHTML, like Gecko) Chrome/6.0.401.1 Safari/533.9 (Trojan.Downloader.Gen) -> Data: C:\Users\Owner\AppData\Local\Temp\wininst.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lvkdhfngruf (Trojan.Downloader.Gen) -> Data: C:\Users\Owner\AppData\Local\Temp\wininst.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LvkdhfngrA (Trojan.Downloader.Gen) -> Data: C:\Users\Owner\AppData\Local\Temp\win32.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Lvkdhfngmve (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (Trojan.Downloader.Gen) -> Data: C:\Users\Owner\AppData\Local\Temp\hexdump.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. (end)