Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:20 PM, on 7/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\psbsjwxi\rexihudq.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\ProgramData\adecazxn\lavyjadc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Summer\lsass.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winkye32.rom,HdyRun
O4 - HKCU\..\Run: [ammhpupd] C:\ProgramData\ammhpupd\jcbwhohe.exe
O4 - HKCU\..\Run: [2PTRR1Iziz] C:\ProgramData\psbsjwxi\rexihudq.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [adecazxn] C:\ProgramData\adecazxn\lavyjadc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-us.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 13745 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 6.0.6000
3:18:06 PM 7/4/2008
mbam-log-7-4-2008 (15-18-06).txt
Scan type: Quick Scan
Objects scanned: 40634
Time elapsed: 3 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Summer\AppData\Local\Temp\ssqoPHYP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\ssqPfcCV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00009c2f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000a015 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000a275 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000a63d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000acc2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000adfa (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000b125 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000b441 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000b672 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000bd84 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000c59f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000d873 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000da85 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0000ff35 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00010d0a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00010d39 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00013976 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00016e5b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0001e8b8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp00024b13 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0004bd26 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\AppData\Local\Temp\tmp0008842c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\IBZX3LYH\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\Local Settings\Temporary Internet Files\Content.IE5\W9IMB2AY\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Summer\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 07/04/2008 at 05:47 PM
Application Version : 3.6.1000
Core Rules Database Version : 3497
Trace Rules Database Version: 1488
Scan type : Complete Scan
Total Scan Time : 00:47:45
Memory items scanned : 757
Memory threats detected : 0
Registry items scanned : 7528
Registry threats detected : 0
File items scanned : 79389
File threats detected : 147
Adware.Tracking Cookie
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adbrite[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adbureau[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adinterax[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adnetserver[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@adnetwork2go[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@advertising[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@apmebf[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@bestdiscountoffers[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@chitika[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clickbank[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clickshift[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@clicksor[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@collective-media[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@consumergain[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@crackle[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@directtrack[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@dmtracker[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@eyewonder[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@findarticles[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@findwhat[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@hearsomethingcountry[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@hornymatches[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@insightexpressai[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@interclick[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@kontera[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@lynxtrack[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@media6degrees[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediafileshost[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediafire[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mediaresponder[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@myroitracking[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@mystats[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@optimost[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@partner2profit[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@petfinder[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@precisionclick[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@qnsr[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@redorbit[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@revsci[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@roiservice[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@royaladultvideo[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@smileycentral[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@tacoda[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@testquestionsandanswers[2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@trafficregenerator[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\summer@valueclick[1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][10].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][11].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][6].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][7].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][8].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Summer\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-04 19:59:20
PROTECTIONS: 3
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Trend Micro PC-Cillin Internet Security 14 14.70.1014 No Yes
Windows Defender 1.1.3704.0 No No
Trend Micro Internet Security 2008 14.70.1014 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
03184317 Adware/Lop Adware Yes 1 Yes No C:\ProgramData\psbsjwxi\rexihudq.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location ܨ~��s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description ܨ~��s5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[07/04/2008, 12:57:24] - VirtumundoBeGone v1.5 ( "C:\Users\Summer\Desktop\VirtumundoBeGone.exe" )
[07/04/2008, 12:57:30] - Detected System Information:
[07/04/2008, 12:57:30] - Windows Version: 6.0.6000,
[07/04/2008, 12:57:30] - Current Username: Summer (Admin)
[07/04/2008, 12:57:30] - Windows is in SAFE mode with Networking.
[07/04/2008, 12:57:30] - Searching for Browser Helper Objects:
[07/04/2008, 12:57:30] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/04/2008, 12:57:30] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/04/2008, 12:57:30] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/04/2008, 12:57:30] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/04/2008, 12:57:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/04/2008, 12:57:30] - No filename found. Continuing.
[07/04/2008, 12:57:30] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/04/2008, 12:57:30] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/04/2008, 12:57:30] - BHO 7: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[07/04/2008, 12:57:30] - Finished Searching Browser Helper Objects
[07/04/2008, 12:57:30] - Finishing up...
[07/04/2008, 12:57:30] - Nothing found! Exiting...