Re: Hupigon13 infecting my system - PreWork done
I ran SpyBot again to be certain, and there were the entries for hupigon13 again.
Malwarebytes' Anti-Malware 1.15
Database version: 841
10:19:33 PM 08/06/2008
mbam-log-6-8-2008 (22-19-33).txt
Scan type: Quick Scan
Objects scanned: 38475
Time elapsed: 3 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 11
Registry Keys Infected: 178
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 58
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newdcocmediazpop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newdcocmediazpop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newscocomediapop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newscocomediapop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpopuppushad.arlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpopuppushad.arlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpoupad.aclogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newpoupad.aclogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta ll\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ntptdb (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.Too lbarDetector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.Too lbarDetector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.bro wser (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.bro wser.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ Objects\Effects\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a cpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\a cpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Kav\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> Delete on reboot.
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2036.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH\cpush.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (Trojan.Yigather) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axptajpg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azzxaime.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghwxattb.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbhxabyt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lojxadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lpsgajba.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spjhahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpfsajbo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxcsahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_bnyunxing26.znb (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\13[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\17[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\26[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\2[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\32[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\5[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\81126YOI\19[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\8DUQK9R0\14[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\8DUQK9R0\27[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\16[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\1[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\25[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\CPUSH\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlbar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpidisk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tempaq (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> Delete on reboot.
C:\Documents and Settings\Luke.S\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url (Trojan.Agent) -> Quarantined and deleted successfully.
Then...
Malwarebytes' Anti-Malware 1.15
Database version: 841
10:37:55 PM 08/06/2008
mbam-log-6-8-2008 (22-37-49).txt
Scan type: Quick Scan
Objects scanned: 38885
Time elapsed: 3 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 12
Registry Keys Infected: 128
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> No action taken.
C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> No action taken.
C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> No action taken.
C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> No action taken.
C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\axptajpg.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\azzxaime.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\ghwxattb.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\jbhxabyt.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\lojxadwd.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\lpsgajba.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\spjhahlp.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\tpfsajbo.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\zxcsahlp.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> No action taken.
I don't think this is going to fly. Going to start burning my some personal files to CD's and wipe my hard drive. Appreciate your time and effort, but this self-replicating virus is getting the best of us.
Linear Mode
