Emsisoft Anti-Malware - Version 6.0 Last update: N/A Scan settings: Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\ Scan archives: On ADS Scan: On Scan start: 11/4/2011 10:42:02 PM c:\program files (x86)\aws\weatherbug detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local detected: Trace.File.weatherbug!E1 c:\users\USERNAME\appdata\roaming\weatherbug detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\lfimg10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\lfcmp10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\lfbmp10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\background60.jpg detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\alert_failed.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\download.txt detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\bot_default.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\bot_failed2.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\bot_loading.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\bot_loading.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\def_bot.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\center_failed.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\leftnavbar60.jpg detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\center_loading.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\topnavbar60.jpg detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\weather_window_loading.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wbug_loading.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\skinmask60.bmp detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wxbuglogo_hor.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wxwindow_loading.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wxbug.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wxwindow_failed.html detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\ltfil10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\local\wxwindow_noconnection.gif detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\ltkrn10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\ltdis10n.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\weather.exe detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxdist.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxreg.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxpref.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxlocm.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxutil.dll detected: Trace.File.weatherbug!E1 c:\program files (x86)\aws\weatherbug\wxweb.dll detected: Trace.File.weatherbug!E1 Value: hkey_current_user\software\aws\weather\warning --> tvnetwork detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\warning --> warninginterval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\microsoft\windows\currentversion\run --> weather detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\currentstation --> stationcitystate detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\currentstation --> stationid detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\currentstation --> stationname detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\currentstation --> zipcitystate detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> addormantfreshinterval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> adfreshinterval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> affiliateclick detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> affiliatelogo detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionb detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditiong detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionr detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionshadowb detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionshadowdepth detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionshadowg detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> conditionshadowr detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datab detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datag detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datar detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datashadownb detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datashadowndepth detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> arrowg detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datashadownr detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> designinterval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> fillerb detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> fillerg detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> fillerr detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> la detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> lastpopupid detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> pmclicks detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> tdinterval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> timetodormant detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\forecast --> interval detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkname0 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkname1 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkname2 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkname3 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkname4 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkurl0 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkurl1 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkurl2 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkurl3 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> arrowb detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> datashadowng detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\design --> arrowr detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\options --> path detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\setup --> unit detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\setup --> x detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\setup --> y detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\setup --> zipcode detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> clinkurl4 detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\links --> customlinknum detected: Trace.Registry.weatherbug!E1 Value: hkey_current_user\software\aws\weather\options --> checkinstance detected: Trace.Registry.weatherbug!E1 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101815\citeulike_icon.gif detected: Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\citeulike_icon.gif detected: Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\chicago.gif detected: Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101815\delicious_icon.gif detected: Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\delicious_icon.gif detected: Attached PE/Script!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\49bfe789-4f265e9c -> encode/Unicode.class detected: Trojan.Java.Agent!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\49bfe789-4f265e9c -> setup/lang.class detected: Trojan-Downloader.Java.OpenConnection!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\52e12a03-7a681605 -> dogs/mian.class detected: Trojan-Downloader.Java.Agent!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> g6k1.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> y6u7.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> g5z6.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> main.class detected: Exploit.Java.CVE!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> Tuggoaerffb.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> h6l4.class detected: Trojan-Downloader.Java.OpenConnection!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> b5n3.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> q3p0.class detected: Exploit.Java.CVE-2010-0094!E2 C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2SRTAS\bottom_player_track[1].js detected: Trojan.JS.Pegel!E2 C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2SRTAS\bottom_player_track[2].js detected: Trojan.JS.Pegel!E2 C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ15NWT5\ads_247uk[1].js detected: Trojan-Downloader.HTML.Agent!E2 C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVPEB5BM\ads_247us[1].js detected: Trojan-Downloader.HTML.Agent!E2 C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPY5DZHY\ads_247us[1].js detected: Trojan-Downloader.HTML.Agent!E2 C:\ProgramData\Rosetta Stone\TOTALe\Content\data\ee\c\eec3a9658e7e3bc32dbac384271dd869712a2edc detected: Exploit.Flash!E2 C:\ProgramData\Rosetta Stone\TOTALe\Content\data\e9\0\e90123b8e34a4ffb0ae3e42e99e3fcbf9d4201fc detected: Exploit.Flash!E2 Scanned 815758 Found 114 Scan end: 11/5/2011 12:38:50 AM Scan time: 1:56:48 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\11d5729c-1f4bedc5 -> main.class Quarantined Exploit.Java.CVE!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\52e12a03-7a681605 -> dogs/mian.class Quarantined Trojan-Downloader.Java.Agent!E2 C:\Users\USERNAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\49bfe789-4f265e9c -> setup/lang.class Quarantined Trojan-Downloader.Java.OpenConnection!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101815\citeulike_icon.gif Quarantined Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\citeulike_icon.gif Quarantined Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\chicago.gif Quarantined Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101815\delicious_icon.gif Quarantined Attached PE/Script!E2 C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\x7gswfp9.default\ScrapBook\data\20090908101351\delicious_icon.gif Quarantined Attached PE/Script!E2 Quarantined 26