Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.10.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.

5512 Student 61 :: STUDENT61 [administrator] 10/01/2012 3:54:32 PM mbam-log-2012-01-10 (15-54-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Ext ra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 165289 Time elapsed: 8 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 128 HKCR\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted succe ssfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3 60hotfix.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3 60rpt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3 60Safe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3 60safebox.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\3 60tray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a dam.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A gentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A ntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A ppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a rvmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A utoGuarder.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a utoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a vgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A vMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a vp.com (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\C

Center.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c cSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F ileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f indt2005.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F TCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\H ijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\I ceSword.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\i parmo.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\I parmor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\I sHelp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\i sPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k abaload.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K aScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K ASMain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K ASTask.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K AV32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K AVDX.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K AVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K AVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K AVStart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k illhidepid.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K ISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K MailMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K MFilter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K PFW32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K PFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K PFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K Repair.COM (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K sLoader.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K

vDetect.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k vfw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K vfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k vol.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k volself.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K vReport.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VScan.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K VStub.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k vupload.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\k vwsc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K vXP.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K vXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K Watch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K Watch9x.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K WatchX.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\L iveUpdate360.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\l oaddll.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\M agicSet.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\m cconsol.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\m mqczj.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\m msk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\N AVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n od32krn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n od32kui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\P FW.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\P FWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Q HSET.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R

as.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R av.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avCopy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avMon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avMonD.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avStore.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avStub.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r avt08.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R avTask.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R egClean.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R egEx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r fwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R fwMain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r fwolusr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r fwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r fwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R sAgent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R saupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R sMain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r snetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\R STray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\r uniep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s afebank.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s afeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s afelive.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s can32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S canFrm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s hcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s martassistant.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S martUp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S

REng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S REngPS.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s ymlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\s yscheck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S yscheck2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\S ysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\T oolsUp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\T rojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\T rojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\T rojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U IHost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U mxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U mxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U mxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U mxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U mxPol.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\U pLive.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W optiClean.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\z xsweep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\A VP.EXE (Security.Hijack) -> Quarantined and deleted successfully. HKLM\System\CurrentControlSet\Services\DrvKiller (Spyware.OnlineGames) -> Quaran tined and deleted successfully. Registry Values Detected: 14 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.Palevo) > Data: C:\Documents and Settings\Student 61\csrss.exe,C:\RECYCLER\S-1-5-21-5470 483776-1083919982-124602937-8811\yv8g67.exe,C:\Documents and Settings\Student 61 \msgvn.exe,C:\RECYCLER\S-1-5-21-4546357793-0634093388-551741821-7150\yv8g67.exe, explorer.exe,C:\Documents and Settings\Student 61\Application Data\qmkin.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NofolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|userini (Tr ojan.Agent) -> Data: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yahoo Messengger (Backdoor.Bo t) -> Data: C:\WINDOWS\system32\RVHOST.exe -> Quarantined and deleted successful ly. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Firewall (Trojan.Agen t) -> Data: C:\DOCUME~1\STUDEN~1\LOCALS~1\Temp\lsass.exe -> Quarantined and dele ted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userini (Trojan.Agent) -> Dat a: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Services (Trojan.Agent) -> Da ta: C:\windows\system32\system.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a vp.exe|Debugger (Security.Hijack) -> Data: ntsd -d -> Quarantined and deleted su ccessfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Palevo) -> Data: C:\Documents and Settings\Student 61\Application Data\qmkin.exe -> Qua rantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|userini (Tr ojan.Agent) -> Data: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|csrcs (Troj an.Agent) -> Data: C:\WINDOWS\system32\csrcs.exe -> Quarantined and deleted succ essfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|SysAnti (Sp yware.OnlineGames) -> Data: C:\Program Files\Common Files\SysAnti.exe -> Quarant ined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Firewall (Trojan.Agen t) -> Data: C:\DOCUME~1\STUDEN~1\LOCALS~1\Temp\lsass.exe -> Quarantined and dele ted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|userini (Trojan.Agent) -> Dat a: C:\WINDOWS\system32\userini.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\Student 61\csrss.exe,C:\RECYCLER\S-1-5-21-547 0483776-1083919982-124602937-8811\yv8g67.exe,C:\Documents and Settings\Student 6 1\msgvn.exe,C:\RECYCLER\S-1-5-21-4546357793-0634093388-551741821-7150\yv8g67.exe ,explorer.exe,C:\Documents and Settings\Student 61\Application Data\qmkin.exe) G ood: (Explorer.exe) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTo ols (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired succe ssfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (Explorer.exe RVHOST.exe) Good: (Explorer.exe) -> Quarantined and repair ed successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\S HOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quaranti ned and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Documents and Settings\Student 61\Local Settings\Temp\886.exe (Trojan.Dropper ) -> Quarantined and deleted successfully. C:\Documents and Settings\Student 61\Local Settings\Temp\zsk.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Student 61\Application Data\wiaservg.log (Malware.Trac e) -> Quarantined and deleted successfully. (end)