Malwarebytes' Anti-Malware 1.36 Database version: 1952 Windows 5.1.2600 Service Pack 3 4/8/2009 11:50:15 AM mbam-log-2009-04-08 (11-50-15).txt Scan type: Quick Scan Objects scanned: 81917 Time elapsed: 2 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 5 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\hasfien.dll (Trojan.Hiloti) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\AppID\{e81cf86b-f683-422a-b742-3f2427ea9d6a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ghaqu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: hasfien.dll -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\hasfien.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\instsp2.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kovaweba.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pajohebu.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\poviwumi.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\puzasuve.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sumonibe.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\woliluzo.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\wicnin.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\aoqckrns.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\dmsiacq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\opinufuq.dll (Trojan.Agent) -> Delete on reboot.