Trojan:Win32/Vundo.gen! [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

Trojan:Win32/Vundo.gen! [RESOLVED], Random pop-ups and slow performance

Options

jchevier View Member Profile	Jul 4 2008, 06:23 PM Post #1
New Member Posts: 9 From: NC, USA OS: Windows Vista	I tried my best to follow the "You Must Read This Before Posting A Hijackthis Log, Malware Cleaning Guide" thread. As a result, I have several logs to copy over, any help would be appreciated. Thank you - jchevier. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:10:20 PM, on 7/4/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\aestsrv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\csrss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\OEM02Mon.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\p2phost.exe C:\Windows\System32\rundll32.exe C:\ProgramData\psbsjwxi\rexihudq.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\ProgramData\adecazxn\lavyjadc.exe C:\Windows\System32\rundll32.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\wuauclt.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe \?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Summer\lsass.exe O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winkye32.rom,HdyRun O4 - HKCU\..\Run: [ammhpupd] C:\ProgramData\ammhpupd\jcbwhohe.exe O4 - HKCU\..\Run: [2PTRR1Iziz] C:\ProgramData\psbsjwxi\rexihudq.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [adecazxn] C:\ProgramData\adecazxn\lavyjadc.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O15 - Trusted Zone: .whataboutadog.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUplden-us.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13745 bytes ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.19 Database version: 921 Windows 6.0.6000 3:18:06 PM 7/4/2008 mbam-log-7-4-2008 (15-18-06).txt Scan type: Quick Scan Objects scanned: 40634 Time elapsed: 3 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 29 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Summer\AppData\Local\Temp\ssqoPHYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\ssqPfcCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00009c2f (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000a015 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000a275 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000a63d (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000acc2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000adfa (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000b125 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000b441 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000b672 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000bd84 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000c59f (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000d873 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000da85 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0000ff35 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00010d0a (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00010d39 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00013976 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00016e5b (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0001e8b8 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp00024b13 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0004bd26 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\AppData\Local\Temp\tmp0008842c (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\IBZX3LYH\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Users\Summer\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ SUPERAntiSpyware Scan Log Generated 07/04/2008 at 05:47 PM Application Version : 3.6.1000 Core Rules Database Version : 3497 Trace Rules Database Version: 1488 Scan type : Complete Scan Total Scan Time : 00:47:45 Memory items scanned : 757 Memory threats detected : 0 Registry items scanned : 7528 Registry threats detected : 0 File items scanned : 79389 File threats detected : 147 Adware.Tracking Cookie C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@4.adbrite[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@a.findarticles[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@a.websponsors[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ad.flux[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ad.lookery[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ad1.clickhype[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adbrite[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adfi.adbureau[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adinterax[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adnetserver[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adnetwork2go[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adopt.euroclick[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.bleepingcomputer[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.bmezine[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.clicksor[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.contextualmarketplace.54mms[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.mediamayhemcorp[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.monster[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.pno[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.revsci[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.sun[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.techguy[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.us.e-planning[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.verticalscope[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.vlaze[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.widgetbucks[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads.youthink[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads3.blastro[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@ads4.blastro[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adserver.topspeed[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@advertising[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@aff.primaryads[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@anad.tacoda[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@anat.tacoda[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@angleinteractive.directtrack[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@apmebf[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@banner.iflipit[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@bestdiscountoffers[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@cgm.adbureau[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@chitika[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clickbank[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clickshift[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clicksor[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@collective-media[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@consumergain[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@crackle[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@csi.valueclick[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@directtrack[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@display.mediafire[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@dmtracker[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wak4sodpwfp.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wfkyqocpmcq.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wfl4shc5ggp.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wgkouhd5ihp.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wglicgc5mco.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6whkocmdjekq.stats.esomniture[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wjkoalazsko.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wjkowkc5cao.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wjmiajdpcao.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wjny-1kc5gf.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@e-2dj6wjny-1sdjkg.stats.esomniture[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@eas.apm.emediate[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@eb.adbureau[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@eyewonder[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@financialcontent.advertserve[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@findarticles[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@findwhat[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@freecodesource.advertserve[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@hearsomethingcountry[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@hornymatches[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@iacas.adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@image.masterstats[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@insightexpressai[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@interclick[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@kontera[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@linkto.mediafire[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@lynxtrack[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@media.mtvnservices[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@media.sensis.com[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@media.vlzserver[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@media6degrees[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediafileshost[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediafire[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediaresponder[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mobileentertainment.directtrack[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@myroitracking[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mystats[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@optimize.indieclick[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@optimost[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@partner2profit[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@partners.tattomedia[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@path.pureadstracking[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@petfinder[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@precisionclick[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@prospect.adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@publishers.clickbooth[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@qnsr[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@redorbit[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@revsci[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@richmedia.yahoo[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@rocku.adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@roiservice[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@royaladultvideo[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@servedby.adxpower[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@servedby.adxpower[3].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@servedby.onlinemediadiva[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@server.cpmstar[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@server1.discountclick[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@server2.bkvtrack[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@service.tremormedia[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@sixapart.adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@smileycentral[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@sportsad.adbureau[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@stats.adbrite[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@stats.gamestop[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@stats.gamestop[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@stats01.pointshop[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@tacoda[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@testquestionsandanswers[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@track.bestbuy[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@track.trackads[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@tracking.hearthstoneonline[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@tracking.vindicosuite[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@trafficregenerator[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@tremor.adbureau[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@valueclick[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.adultwholesaledirect[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.advertyz[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.directnetadvertising[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.findit-quick[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.findstuff[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[10].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[11].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[3].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[4].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[6].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[7].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.googleadservices[8].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.insight-intermark[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.iysextoys[2].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.royaladultvideo[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.ticketsnow[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@www.trackspace[1].txt C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@zillow.adbureau[2].txt ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ;**************************************************************************** ***************************************************************************** *************** ANALYSIS: 2008-07-04 19:59:20 PROTECTIONS: 3 MALWARE: 1 SUSPECTS: 0 ;*************************************************************************** ***************************************************************************** ***************** PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== Trend Micro PC-Cillin Internet Security 14 14.70.1014 No Yes Windows Defender 1.1.3704.0 No No Trend Micro Internet Security 2008 14.70.1014 No No ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 03184317 Adware/Lop Adware Yes 1 Yes No C:\ProgramData\psbsjwxi\rexihudq.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ܨ~��s5 ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ܨ~��s5 ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- [07/04/2008, 12:57:24] - VirtumundoBeGone v1.5 ( "C:\Users\Summer\Desktop\VirtumundoBeGone.exe" ) [07/04/2008, 12:57:30] - Detected System Information: [07/04/2008, 12:57:30] - Windows Version: 6.0.6000, [07/04/2008, 12:57:30] - Current Username: Summer (Admin) [07/04/2008, 12:57:30] - Windows is in SAFE mode with Networking. [07/04/2008, 12:57:30] - Searching for Browser Helper Objects: [07/04/2008, 12:57:30] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper) [07/04/2008, 12:57:30] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [07/04/2008, 12:57:30] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [07/04/2008, 12:57:30] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [07/04/2008, 12:57:30] - WARNING: BHO has no default name. Checking for Winlogon reference. [07/04/2008, 12:57:30] - No filename found. Continuing. [07/04/2008, 12:57:30] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [07/04/2008, 12:57:30] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [07/04/2008, 12:57:30] - BHO 7: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [07/04/2008, 12:57:30] - Finished Searching Browser Helper Objects [07/04/2008, 12:57:30] - Finishing up... [07/04/2008, 12:57:30] - Nothing found! Exiting...

loophole View Member Profile	Jul 4 2008, 06:58 PM Post #2
Geek Mod Posts: 9,218 From: Indiana U.S. A. OS: 2000, xp, xp pro, Linux	Hi, Certainly some things amiss, lets see if we can get it sorted Your using vista so all the apps I ask you tou run: you will need to right click them and choose "run as administrator" Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

jchevier

Jul 4 2008, 07:26 PM

Post #3

New Member

Posts: 9
From: NC, USA
OS: Windows Vista

ComboFix 08-07-04.2 - Summer 2008-07-04 21:10:28.1 - NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.1.1033.18.2042 [GMT -4:00]
Running from: C:\Users\Summer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 01:05 --------- d---a-w C:\ProgramData\TEMP
2008-07-05 00:53 27,430 ----a-w C:\Users\Summer\AppData\Roaming\nvModes.dat
2008-07-05 00:06 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-04 22:27 --------- d-----w C:\Program Files\Panda Security
2008-07-04 21:53 --------- d-----w C:\ProgramData\adecazxn
2008-07-04 20:57 --------- d-----w C:\Users\Summer\AppData\Roaming\SUPERAntiSpyware.com
2008-07-04 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 19:58 --------- d-----w C:\Program Files\LimeWire
2008-07-04 19:22 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-04 19:13 --------- d-----w C:\Users\Summer\AppData\Roaming\Malwarebytes
2008-07-04 19:13 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-04 19:13 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 19:11 --------- d-----w C:\Users\Summer\AppData\Roaming\Download Manager
2008-07-04 18:53 --------- d-----w C:\Program Files\Trend Micro
2008-07-01 18:25 --------- d-----w C: