Possible FPs

[Cloud13]

I'm making sure the computer at our business is secure, so I ran a scan with Avast, which we already had on it, then I decided to dl MBAM to make sure it was clean. It came up with 3 results. I quarantined and deleted them, but then when I was looking to see wat they were about, it seemed like they could be false positives, so I came here to make sure it's safe to restore them.

Malwarebytes' Anti-Malware 1.30

Database version: 1310

Windows 6.0.6001 Service Pack 1

10/23/2008 12:45:19 PM

mbam-log-2008-10-23 (12-45-19).txt

Scan type: Quick Scan

Objects scanned: 55851

Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc721bba-7958-4b7e-8f88-81bc0b6dfa73} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Cloud13]

I couldn't see any edit button... *tear*

After posting this I saw the "Before Posting" topic, lol!

If it's likely that these are false positives, I'll redo the scan in developer mode, but I won't if you're are certain these are legit results.

[AdvancedSetup]

They are not FP according to a Google search. They all come up as a fake installer malware entry.

[mona7865]

I too have two infections, after updating to database version 1310, both located in KEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats :

Malwarebytes' Anti-Malware 1.30

Database version: 1310

Windows 5.1.2600 Service Pack 3

23/10/2008 20:29:42

mbam-log-2008-10-23 (20-29-37).txt

Scan type: Quick Scan

Objects scanned: 59848

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. [4054423730346988668370154690567067527066836873130192202467252266191814232619671

42119172214266866691419231923702126262021172194]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. [4054423730346988668370154690567067527066836873130192202467252266196714232619671

42119172214266866691419231923702126262021172194]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I would appreciate it very much if someone would look into this and advise me on whether these are FP's or real infections.

Heartfelt thanks.

[Raid]

They are real... registry entries. We are cleaning up some of the trash left behind is all.

[Cloud13]

So they're harmless, but unnecessary?

[nosirrah]

I expanded where MBAM looks for malware GUIDs today , these are old traces of long dead malware .

long and short , neither malware nor anything to worry about

[Cloud13]

All righty.

*thumb up*

[mona7865]

You have set my mind at rest, thanks.

[melboy]

I got this. (I had problems with drive cleaner some time ago before i got clued up! )

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

It's nice to see the back of the last remnants of it, thanks Bruce!

[JeanInMontana]

My Web Search is malware. Just for the record. Wouldn't it be best to just fix them?

[mona7865]

My Web Search is malware. Just for the record. Wouldn't it be best to just fix them?

After posting the scan, run in developer mode, and Nosirrah's answer, I reran a quick scan and both infections are deleted now.