Hupigon13 infecting my system - PreWork done

Thread Status:
Not open for further replies.
  1. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    Hello, first off I have no clue how this happened, but after getting some strange behavior from a restart I decided to run SpyBot and it came up with 20 entires for "Hupigon13". I removed them, restarted, began to scan again and did some research in the meanwhile. Apparently it's not as easy to get rid of as that. My SpyBot Resident is, even now, constantly denying registry changes. I read the post at the top and did the necessary PreWork, now I hope one of you fine people can help me out here. One last thing... I couldn't even run HijackThis until I had renamed it to "fooledyou.exe", because this trojan or whatever it is, is blocking it somehow.

    Cheers.

    HijackThis and "main.txt" log from Deckard's System Scanner to follow. "extra.txt" is attached.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:45:52 PM, on 08/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\gpr8.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Luke.S\Desktop\Luke.S.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
    O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
    O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
    O2 - BHO: lofsdjbo.dll - {470165F1-9F65-569F-F895-F14F58F41074} - C:\WINDOWS\system32\lofsdjbo.dll
    O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll
    O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll
    O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
    O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
    O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
    O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll
    O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
    O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll
    O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:\WINDOWS\system32\zyzxjime.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [kcomc] kcomc32.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180744496281
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D25BE72-FA66-4201-BFF6-80948260FFCC}: NameServer = 192.168.0.1,192.168.0.133
    O20 - AppInit_DLLs: SysWmWacz.dll,yzztimsn.dll,nhmxcjkl.dll
    O21 - SSODL: midimapfy - {4F4F0064-71E0-4f0d-0013-708476C7815F} - C:\WINDOWS\system32\midimapfy.dll
    O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll
    O21 - SSODL: midimapqn3 - {4F4F0064-71E0-4f0d-0022-708476C7815F} - C:\WINDOWS\system32\midimapqn3.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9505 bytes

    Deckard's System Scanner v20071014.68
    Run by Luke.S on 2008-06-08 17:34:55
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.


    -- Last 1 Restore Point(s) --
    1: 2008-06-08 23:34:58 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Luke.S.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:35:51 PM, on 08/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\gpr8.exe
    C:\Documents and Settings\Luke.S\Desktop\dss.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\DOCUME~1\Luke.S\Desktop\Luke.S.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll
    O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll
    O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll
    O2 - BHO: lofsdjbo.dll - {470165F1-9F65-569F-F895-F14F58F41074} - C:\WINDOWS\system32\lofsdjbo.dll
    O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll
    O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll
    O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll
    O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll
    O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll
    O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll
    O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll
    O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll
    O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:\WINDOWS\system32\zyzxjime.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKLM\..\Policies\Explorer\Run: [kcomc] kcomc32.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180744496281
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D25BE72-FA66-4201-BFF6-80948260FFCC}: NameServer = 192.168.0.1,192.168.0.133
    O20 - AppInit_DLLs: SysWmWacz.dll,yzztimsn.dll,nhmxcjkl.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9175 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 atitray - c:\program files\radeon omega drivers\v3.8.330\ati tray tools\atitray.sys
    R2 HiddFldy - c:\windows\system32\d32dx9.sys
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.10) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.10>
    R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
    R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
    R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>

    S3 cel90xbe - c:\docume~1\luke.s\locals~1\temp\cel90xbe.sys (file missing)
    S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
    S3 IPN2120 (Instant Wireless-B PCI Adapter Driver) - c:\windows\system32\drivers\lsipnds.sys <Not Verified; Inprocomm, Inc.; Driver for INPROCOMM IPN2120 Wireless LAN Cards>
    S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    S3 RT73 (Linksys Home Wireless-G USB Adapter Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
    R2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; OuterTechnologies; >


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: USB Human Interface Device
    Device ID: USB\VID_06A3&PID_8020&MI_01\6&36E9625B&0&0001
    Manufacturer: (Standard system devices)
    Name: USB Human Interface Device
    PNP Device ID: USB\VID_06A3&PID_8020&MI_01\6&36E9625B&0&0001
    Service: HidUsb

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&55C493A&0&00
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&55C493A&0&00
    Service: NVENETFD


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-08 17:34:46 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2008-06-08 06:00:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-08 and 2008-06-08 -----------------------------

    2008-06-08 17:34:16 27376 --a------ C:\WINDOWS\system32\gpr8.exe
    2008-06-08 17:00:54 0 d-------- C:\WINDOWS\pss
    2008-06-08 16:21:00 24 --a------ C:\WINDOWS\system32\tiwxattb.sys
    2008-06-08 16:20:47 6592 --a-s---- C:\WINDOWS\system32\d32dx9.sys
    2008-06-08 16:20:46 27376 --a------ C:\WINDOWS\system32\gpr197.exe
    2008-06-08 16:20:01 24 --a------ C:\WINDOWS\system32\wymxajkl.sys
    2008-06-08 16:19:33 24 --a------ C:\WINDOWS\system32\ijsgajba.sys
    2008-06-08 16:18:49 21060 --a------ C:\WINDOWS\system32\SysWmWacz.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
    2008-06-08 16:18:11 20367 --a------ C:\WINDOWS\system32\SysWoWCt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Operating System>
    2008-06-08 16:18:09 17755 --a------ C:\WINDOWS\system32\kcomc32.dll
    2008-06-08 16:17:36 6769 --a------ C:\WINDOWS\system32\atielf.dat
    2008-05-23 13:06:56 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
    2008-05-23 12:48:30 0 d-------- C:\Program Files\Driver Sweeper
    2008-05-22 13:53:03 0 --a------ C:\WINDOWS\ativpsrm.bin
    2008-05-20 16:51:37 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
    2008-05-20 15:52:39 0 d-------- C:\Program Files\Funcom


    -- Find3M Report ---------------------------------------------------------------

    2008-06-08 16:51:27 0 d-------- C:\Program Files\CachemanXP
    2008-06-08 15:07:24 0 d-------- C:\Program Files\World of Warcraft
    2008-05-22 13:38:15 0 d-------- C:\Documents and Settings\Luke.S\Application Data\SystemRequirementsLab
    2008-05-22 13:38:14 0 d-------- C:\Program Files\SystemRequirementsLab
    2008-05-12 15:20:41 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-05-04 21:11:06 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-05-04 21:10:57 1086 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
    2008-05-04 11:52:51 0 d-------- C:\Program Files\Activision
    2008-05-04 11:50:24 0 d-------- C:\Documents and Settings\Luke.S\Application Data\Gearbox Software
    2008-05-04 11:49:46 0 d-------- C:\Documents and Settings\Luke.S\Application Data\IGN_DLM
    2008-04-27 21:06:38 0 d-------- C:\Documents and Settings\Luke.S\Application Data\Real


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35671234-7890-ABCD-CDEF-567801237653}]
    08/08/2004 04:26 PM 533512 ---hs---- C:\WINDOWS\system32\yxcschlp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37AC9076-C898-B098-D098-A18319080973}]
    08/08/2004 04:20 PM 535560 ---hs---- C:\WINDOWS\system32\nhmxcjkl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43512378-9874-5641-1025-985420368734}]
    08/08/2004 04:28 PM 535048 ---hs---- C:\WINDOWS\system32\oswxdttb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{470165F1-9F65-569F-F895-F14F58F41074}]
    08/08/2004 04:27 PM 534024 ---hs---- C:\WINDOWS\system32\lofsdjbo.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C648541-1025-9650-9057-6541258720C4}]
    08/08/2004 04:25 PM 536072 ---hs---- C:\WINDOWS\system32\mndhddwd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FD45A54-9875-698F-E56E-65102358FDF4}]
    08/08/2004 04:27 PM 536584 ---hs---- C:\WINDOWS\system32\apsgdjba.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{528DF602-9541-A985-210A-984A698C6F25}]
    08/08/2004 04:27 PM 535048 ---hs---- C:\WINDOWS\system32\ptjhehlp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54FAE856-AD58-20CB-A025-CD4895FA6E45}]
    08/08/2004 04:26 PM 535048 ---hs---- C:\WINDOWS\system32\pjjxedwd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5}]
    08/08/2004 04:26 PM 536584 ---hs---- C:\WINDOWS\system32\oohxdbyt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8D1401-A58D-A81C-CD24-A5915C4517C7}]
    08/08/2004 04:25 PM 538120 ---hs---- C:\WINDOWS\system32\mnmhgsrv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91698482-6555-3666-1222-954784129019}]
    08/08/2004 04:27 PM 534536 ---hs---- C:\WINDOWS\system32\zxptejpg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91954FAC-1023-154F-895A-1458258AD819}]
    08/08/2004 04:27 PM 537096 ---hs---- C:\WINDOWS\system32\ypdjgbmp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9490415F-65F8-B5C5-D8BA-9405FB120549}]
    08/08/2004 04:18 PM 536072 ---hs---- C:\WINDOWS\system32\yzztimsn.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA59145F-315D-BC23-AC1F-145DF81A34AA}]
    08/08/2004 04:26 PM 537096 ---hs---- C:\WINDOWS\system32\zyzxjime.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [30/04/2006 08:07 PM]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/04/2006 09:19 AM]
    "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [02/11/2004 08:24 PM]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [29/02/2004 04:44 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [18/08/2006 02:25 PM]
    "amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [28/06/2006 03:42 PM]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [16/02/2007 10:54 AM]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14/03/2007 07:05 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [21/04/2004 10:26 AM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 10:24 AM]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:00 AM]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [04/10/2007 09:20 AM]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43 PM]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 08:05 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t


    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 Command - Keeping Software Free
    127.0.0.1 032439.com

    7902 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-06-08 17:36:25 ------------

    Attached Files:

  2. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    14:29
    My System
    Loading...

    Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry.
    Please visit this webpage for download links, and instructions for running ComboFix
    When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
    NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
    =======================================
    Please download SDFix from here and save it to your desktop
    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)
    Please then reboot your computer in Safe Mode by doing the following :
    Restart your computer
    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    Instead of Windows loading as normal, the Advanced Options Menu should appear;
    Select the first option, to run Windows in Safe Mode, then press Enter.
    Choose your usual account.
    Open the extracted SDFix folder and double click RunThis.bat to start the script.
    Type Y to begin the cleanup process.
    It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    Press any Key and it will restart the PC.
    When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    Please copy and paste that log in your next reply.
  3. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    I'm getting errors with ComboFix, saying I can't "rename ComboFix as ComboFix". Tried restarting, did nothing. Moved onto SDFix, got into safemode, ran it, and it crashed after bringing up an error saying "Cmd.exe is corrupt and unreadable" or some such. I have no idea what to do here anymore.
  4. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    Christ, at this point i'm more keen to reformat my harddrive... this is the worst PC infection i've ever had, and i've had quite a few :(
  5. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    14:29
    My System
    Loading...

    Please download the OTMoveIt2 by OldTimer. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    Save it to your desktop.
    Please double-click OTMoveIt2.exe to run it.
    Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\WINDOWS\system32\yxcschlp.dll
    C:\WINDOWS\system32\nhmxcjkl.dll
    C:\WINDOWS\system32\oswxdttb.dll
    C:\WINDOWS\system32\lofsdjbo.dll
    C:\WINDOWS\system32\mndhddwd.dll
    C:\WINDOWS\system32\apsgdjba.dll
    C:\WINDOWS\system32\ptjhehlp.dll
    C:\WINDOWS\system32\pjjxedwd.dll
    C:\WINDOWS\system32\oohxdbyt.dll
    C:\WINDOWS\system32\mnmhgsrv.dll
    C:\WINDOWS\system32\zxptejpg.dll
    C:\WINDOWS\system32\ypdjgbmp.dll
    C:\WINDOWS\system32\yzztimsn.dll
    C:\WINDOWS\system32\zyzxjime.dll
    C:\WINDOWS\system32\wymxajkl.sys
    C:\WINDOWS\system32\ijsgajba.sys
    C:\WINDOWS\system32\gpr197.exe
    C:\WINDOWS\system32\tiwxattb.sys
    C:\WINDOWS\system32\d32dx9.sys
    C:\WINDOWS\system32\gpr8.exe
    C:\WINDOWS\system32\kcomc32.dll


    Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    Click the red Moveit! button.
    OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
    Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    Post the log along with a new HJT log when done.


    When done see if you can run Combofix again
  6. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    I moved 3 more dll's that i found to be problematic and related to Hupigon13.. they are at the bottom of the OT log. ComboFix is still not running unfortunately



    OTMoveIT Log:

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yxcschlp.dll
    C:\WINDOWS\system32\yxcschlp.dll NOT unregistered.
    C:\WINDOWS\system32\yxcschlp.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\nhmxcjkl.dll
    C:\WINDOWS\system32\nhmxcjkl.dll NOT unregistered.
    C:\WINDOWS\system32\nhmxcjkl.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\oswxdttb.dll
    C:\WINDOWS\system32\oswxdttb.dll NOT unregistered.
    C:\WINDOWS\system32\oswxdttb.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\lofsdjbo.dll
    C:\WINDOWS\system32\lofsdjbo.dll NOT unregistered.
    C:\WINDOWS\system32\lofsdjbo.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mndhddwd.dll
    C:\WINDOWS\system32\mndhddwd.dll NOT unregistered.
    C:\WINDOWS\system32\mndhddwd.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\apsgdjba.dll
    C:\WINDOWS\system32\apsgdjba.dll NOT unregistered.
    C:\WINDOWS\system32\apsgdjba.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ptjhehlp.dll
    C:\WINDOWS\system32\ptjhehlp.dll NOT unregistered.
    C:\WINDOWS\system32\ptjhehlp.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\pjjxedwd.dll
    C:\WINDOWS\system32\pjjxedwd.dll NOT unregistered.
    C:\WINDOWS\system32\pjjxedwd.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\oohxdbyt.dll
    C:\WINDOWS\system32\oohxdbyt.dll NOT unregistered.
    C:\WINDOWS\system32\oohxdbyt.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mnmhgsrv.dll
    C:\WINDOWS\system32\mnmhgsrv.dll NOT unregistered.
    C:\WINDOWS\system32\mnmhgsrv.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\zxptejpg.dll
    C:\WINDOWS\system32\zxptejpg.dll NOT unregistered.
    C:\WINDOWS\system32\zxptejpg.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ypdjgbmp.dll
    C:\WINDOWS\system32\ypdjgbmp.dll NOT unregistered.
    C:\WINDOWS\system32\ypdjgbmp.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\yzztimsn.dll
    C:\WINDOWS\system32\yzztimsn.dll NOT unregistered.
    C:\WINDOWS\system32\yzztimsn.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\zyzxjime.dll
    C:\WINDOWS\system32\zyzxjime.dll NOT unregistered.
    C:\WINDOWS\system32\zyzxjime.dll moved successfully.
    C:\WINDOWS\system32\wymxajkl.sys moved successfully.
    C:\WINDOWS\system32\ijsgajba.sys moved successfully.
    C:\WINDOWS\system32\gpr197.exe moved successfully.
    C:\WINDOWS\system32\tiwxattb.sys moved successfully.
    C:\WINDOWS\system32\d32dx9.sys moved successfully.
    C:\WINDOWS\system32\gpr8.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\kcomc32.dll
    C:\WINDOWS\system32\kcomc32.dll NOT unregistered.
    C:\WINDOWS\system32\kcomc32.dll moved successfully.
    C:\WINDOWS\system32\midimapfy.dll NOT unregistered.
    C:\WINDOWS\system32\midimapfy.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\midimaptl.dll
    C:\WINDOWS\system32\midimaptl.dll NOT unregistered.
    C:\WINDOWS\system32\midimaptl.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\midimapqn3.dll
    C:\WINDOWS\system32\midimapqn3.dll NOT unregistered.
    C:\WINDOWS\system32\midimapqn3.dll moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06082008_212102


    New HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:21 PM, on 08/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\WINDOWS\TEMP\~KCGIS1.upi
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Luke.S\Desktop\fooledyou.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    F2 - REG:system.ini: Shell=Explorer.exe,gprA.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
    O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll (file missing)
    O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
    O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll (file missing)
    O2 - BHO: lofsdjbo.dll - {470165F1-9F65-569F-F895-F14F58F41074} - C:\WINDOWS\system32\lofsdjbo.dll (file missing)
    O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll (file missing)
    O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll (file missing)
    O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll (file missing)
    O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll (file missing)
    O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll (file missing)
    O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
    O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
    O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
    O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
    O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:\WINDOWS\system32\zyzxjime.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKLM\..\Policies\Explorer\Run: [kcomc] kcomc32.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O9 - Extra button: ֪ʶ¿â - {06926B30-424E-4f1c-8EE3-543CD96573DC} - about:blank (file missing)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180744496281
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D25BE72-FA66-4201-BFF6-80948260FFCC}: NameServer = 192.168.0.1,192.168.0.133
    O20 - AppInit_DLLs: yzztimsn.dll,nhmxcjkl.dll
    O21 - SSODL: midimapfy - {4F4F0064-71E0-4f0d-0013-708476C7815F} - C:\WINDOWS\system32\midimapfy.dll (file missing)
    O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll (file missing)
    O21 - SSODL: midimapqn3 - {4F4F0064-71E0-4f0d-0022-708476C7815F} - C:\WINDOWS\system32\midimapqn3.dll (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 9726 bytes
  7. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    14:29
    My System
    Loading...

    Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

    F2 - REG:system.ini: Shell=Explorer.exe,gprA.exe
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: yxcschlp.dll - {35671234-7890-ABCD-CDEF-567801237653} - C:\WINDOWS\system32\yxcschlp.dll (file missing)
    O2 - BHO: nhmxcjkl.dll - {37AC9076-C898-B098-D098-A18319080973} - C:\WINDOWS\system32\nhmxcjkl.dll (file missing)
    O2 - BHO: oswxdttb.dll - {43512378-9874-5641-1025-985420368734} - C:\WINDOWS\system32\oswxdttb.dll (file missing)
    O2 - BHO: lofsdjbo.dll - {470165F1-9F65-569F-F895-F14F58F41074} - C:\WINDOWS\system32\lofsdjbo.dll (file missing)
    O2 - BHO: mndhddwd.dll - {4C648541-1025-9650-9057-6541258720C4} - C:\WINDOWS\system32\mndhddwd.dll (file missing)
    O2 - BHO: apsgdjba.dll - {4FD45A54-9875-698F-E56E-65102358FDF4} - C:\WINDOWS\system32\apsgdjba.dll (file missing)
    O2 - BHO: ptjhehlp.dll - {528DF602-9541-A985-210A-984A698C6F25} - C:\WINDOWS\system32\ptjhehlp.dll (file missing)
    O2 - BHO: pjjxedwd.dll - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - C:\WINDOWS\system32\pjjxedwd.dll (file missing)
    O2 - BHO: oohxdbyt.dll - {5B1AEF69-DDAE-FDAD-DCAB-698F026ABDB5} - C:\WINDOWS\system32\oohxdbyt.dll (file missing)
    O2 - BHO: mnmhgsrv.dll - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - C:\WINDOWS\system32\mnmhgsrv.dll (file missing)
    O2 - BHO: zxptejpg.dll - {91698482-6555-3666-1222-954784129019} - C:\WINDOWS\system32\zxptejpg.dll (file missing)
    O2 - BHO: ypdjgbmp.dll - {91954FAC-1023-154F-895A-1458258AD819} - C:\WINDOWS\system32\ypdjgbmp.dll (file missing)
    O2 - BHO: yzztimsn.dll - {9490415F-65F8-B5C5-D8BA-9405FB120549} - C:\WINDOWS\system32\yzztimsn.dll (file missing)
    O2 - BHO: zyzxjime.dll - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - C:\WINDOWS\system32\zyzxjime.dll (file missing)
    O4 - HKLM\..\Policies\Explorer\Run: [kcomc] kcomc32.exe
    O20 - AppInit_DLLs: yzztimsn.dll,nhmxcjkl.dll
    O21 - SSODL: midimapfy - {4F4F0064-71E0-4f0d-0013-708476C7815F} - C:\WINDOWS\system32\midimapfy.dll (file missing)
    O21 - SSODL: midimaptl - {4F4F0064-71E0-4f0d-0017-708476C7815F} - C:\WINDOWS\system32\midimaptl.dll (file missing)
    O21 - SSODL: midimapqn3 - {4F4F0064-71E0-4f0d-0022-708476C7815F} - C:\WINDOWS\system32\midimapqn3.dll (file missing)

    Reboot.............................

    ========================================
    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.15
    http://www.besttechie.net/tools/mbam-setup.exe
    Double Click mbam-setup.exe to install the application.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

    ===================================

    First off please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
    Close all applications and windows.
    Double-click on dss.exe to run it, and follow the prompts.
    When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized.
    Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt to here.
    Please attach extra.txt to your post.
    To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
    copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
    Click Upload.
    What DSS will do:
    Create a new System Restore point in Windows XP and Vista.
    Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
  8. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    I was hopeful when I saw the Malwarebyte program find and delete all of the entries... when I restarted I scanned again and that hope was dashed :(

    I ran SpyBot again to be certain, and there were the entries for hupigon13 again.

    Malwarebytes' Anti-Malware 1.15
    Database version: 841

    10:19:33 PM 08/06/2008
    mbam-log-6-8-2008 (22-19-33).txt

    Scan type: Quick Scan
    Objects scanned: 38475
    Time elapsed: 3 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 11
    Registry Keys Infected: 178
    Registry Values Infected: 14
    Registry Data Items Infected: 0
    Folders Infected: 10
    Files Infected: 58

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Unloaded module successfully.
    C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
    C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Unloaded module successfully.
    C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> Unloaded module successfully.
    C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> Unloaded module successfully.
    C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> Unloaded module successfully.
    C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
    HKEY_CURRENT_USER\Kav\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Kav\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Delete on reboot.
    HKEY_CURRENT_USER\Kav\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7dbc6adb-5788-4fb9-aec3-b40a58ac11df} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d3342887-aab1-428c-90c6-642be0b6cffe} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{e6bec792-a39d-4512-aa44-41627908dc2e} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{986488af-13d5-9ddf-4fef-9fb88698cfc1} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newdcocmediazpop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newdcocmediazpop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newscocomediapop.popcoco (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newscocomediapop.popcoco.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newpopuppushad.arlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newpopuppushad.arlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newpoupad.aclogc (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\newpoupad.aclogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Adware.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Kav\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> Quarantined and deleted successfully.
    \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apcdli (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntptdb (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Webbrowser.browser.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YiqilaiLyrics (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Yiqilai (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Adware.Cinmus) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Kav\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch (Adware.CPush) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools (Trojan.Yigather) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\CPUSH (Adware.CPush) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\foobar (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\html (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\lib (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\realplayer (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\tools (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\winamp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\wmp (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> Delete on reboot.
    C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> Delete on reboot.
    C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> Delete on reboot.
    C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> Delete on reboot.
    C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2036.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\CPUSH\cpush.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (Trojan.Yigather) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\axptajpg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\azzxaime.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ghwxattb.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jbhxabyt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lojxadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lpsgajba.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spjhahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tpfsajbo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxcsahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\_bnyunxing26.znb (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\13[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\17[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\26[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\2[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\32[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\5ZGLMJ9P\5[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\81126YOI\19[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\8DUQK9R0\14[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\8DUQK9R0\27[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\16[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\1[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Luke.S\Local Settings\Temporary Internet Files\Content.IE5\UJDWB8L8\25[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\Program Files\Common Files\CPUSH\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\YQL_Lyrics_Common.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dlbar.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysloader.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\acpidisk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> Delete on reboot.
    C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mprmsgse.axz (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\tempaq (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> Delete on reboot.
    C:\Documents and Settings\Luke.S\Favorites\Ò»ÆðÀ´ÒôÀÖÉçÇø.url (Trojan.Agent) -> Quarantined and deleted successfully.


    Then...

    Malwarebytes' Anti-Malware 1.15
    Database version: 841

    10:37:55 PM 08/06/2008
    mbam-log-6-8-2008 (22-37-49).txt

    Scan type: Quick Scan
    Objects scanned: 38885
    Time elapsed: 3 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 12
    Registry Keys Infected: 128
    Registry Values Infected: 14
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 24

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> No action taken.
    C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> No action taken.
    C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> No action taken.
    C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Trojan.Yigather) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ESAFE.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVsvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rising.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5b1aef69-ddae-fdad-dcab-698f026abdb5} (Spyware.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91698482-6555-3666-1222-954784129019} (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1db3c525-5271-46f7-887a-d4e1adaa7632} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c41b7f7-3168-400d-a702-0e7efe0ba304} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{470165f1-9f65-569f-f895-f14f58f41074} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4c648541-1025-9650-9057-6541258720c4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4fd45a54-9875-698f-e56e-65102358fdf4} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91954fac-1023-154f-895a-1458258ad819} (Spyware.OnlineGames) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{54fae856-ad58-20cb-a025-cd4895fa6e45} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9490415f-65f8-b5c5-d8ba-9405fb120549} (Trojan.vundo) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\zyzxjime.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\yxcschlp.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\ptjhehlp.dll (Spyware.BHO) -> No action taken.
    C:\WINDOWS\system32\oohxdbyt.dll (Spyware.BHO) -> No action taken.
    C:\WINDOWS\system32\zxptejpg.dll (Trojan.BHO) -> No action taken.
    C:\WINDOWS\system32\lofsdjbo.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\mndhddwd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\apsgdjba.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\axptajpg.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\azzxaime.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\ghwxattb.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\jbhxabyt.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\lojxadwd.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\lpsgajba.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\pldhadwd.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\spjhahlp.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\tpfsajbo.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\ypdjgbmp.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\zsdjabmp.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\zxcsahlp.exe (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\SysWoWCt.dll (Spyware.OnlineGames) -> No action taken.
    C:\WINDOWS\system32\pjjxedwd.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\yzztimsn.dll (Trojan.vundo) -> No action taken.


    I don't think this is going to fly. Going to start burning my some personal files to CD's and wipe my hard drive. Appreciate your time and effort, but this self-replicating virus is getting the best of us.
  9. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    14:29
    My System
    Loading...

    Ok.So do you want me to carry on or are you going to format ? I can fix it but it will take time.
  10. lsyriste

    lsyriste New Member Bronze Member

    Joined:
    Jun 8, 2008
    Posts:
    6
    Likes Received:
    0
    Local time:
    05:29
    My System
    Loading...

    I'm overdue for a format anyway, I only hope this thing will not spread when I burn my personal files to a dvd. Appreciate your time and efforts!

    Cheers.
Similar Threads
Forum Title Date
System Security Hupigon13 won't go away - ugh!! May 13, 2009
System Security Hupigon13 infection. HELP_! Dec 6, 2008
System Security Hupigon13 Aug 16, 2008
System Security Hupigon13 infection - ugh Aug 2, 2008

Thread Status:
Not open for further replies.