I've been getting some bad spyware. So I ran the Malwarebytes' Anti-Spyware and this is the log: Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.18702 2/15/2010 6:28:15 PM mbam-log-2010-02-15 (18-28-15).txt Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|) Objects scanned: 197747 Time elapsed: 2 hour(s), 37 minute(s), 59 second(s) Memory Processes Infected: 2 Memory Modules Infected: 4 Registry Keys Infected: 3 Registry Values Infected: 10 Registry Data Items Infected: 16 Folders Infected: 1 Files Infected: 42 Memory Processes Infected: C:\Program Files\InternetSecurity2010\is2010.exe (Rogue.InternetSecurity2010) -> Unloaded process successfully. C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\halaneho.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nejehavi.dll (Trojan.Vundo.H) -> Delete on reboot. c:\WINDOWS\system32\raganapo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{08412375-d11b-4386-88ba-59d12290254d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{53e04b2d-bc77-49a1-aec7-a6119a87939a} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zabazeheg (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{08412375-d11b-4386-88ba-59d12290254d} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\nubisujem (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security 2010 (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\asg984jgkfmgasi8ug98jgkfgfb (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bodisowega (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: nejehavi.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: halaneho.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\raganapo.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\raganapo.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe lkmj.bdo igtvkg) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\InternetSecurity2010 (Rogue.InternetSecurity2010) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\busekuja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dorugeba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\halaneho.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nejehavi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\raganapo.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vazoguti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yoduvofa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yovinumo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zovujiwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zuragiwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Program Files\Antares\AutoTuneDX\Antares Autotune DX Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Program Files\InternetSecurity2010\is2010 .exe (Rogue.InternetSecurity2010) -> Delete on reboot. C:\Program Files\InternetSecurity2010\is2010.exe (Rogue.InternetSecurity2010) -> Delete on reboot. C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\helper32.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Delete on reboot. C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Delete on reboot. C:\Documents and Settings\HP_Administrator\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winscent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\certofSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Explorers.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Microsoftdefend.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\regp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\secureit.com (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\spoos.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\winlogon.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Administrator\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Local Settings\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Microsoft PData\track.wid (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\HP_Administrator\Desktop\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
