Hah! My high school's computers are infested!

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Hah! My high school's computers are infested! The network security is only a router!

#1 jangles345

Member

Group: Full Member
Posts: 23
Joined: 28-April 06

Posted 11 May 2006 - 08:30 PM

yes i will post ad-aware scan results tommorrow. I seriously think my high school only has a router for protection. Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient).

When i post the results you people will laugh

This is how much our government cares for its technology. I mean jesus 79 infections. I only scanned 1 computer, ill pick another one at random tommorrow as well.

If your at a college or a high school that has poorly protected computers with infestations, download ad-aware and scan that computer, post results here! God this is really pathetic :rofl:

Back to top of the page up there ^
MultiQuote
Reply

#2 jangles345

Member

Group: Full Member
Posts: 23
Joined: 28-April 06

Posted 12 May 2006 - 11:43 AM

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, May 12, 2006 9:43:42 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Atelys(TAC index:6):2 total references
IBIS Toolbar(TAC index:5):2 total references
JRaun(TAC index:6):4 total references
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):6 total references
Windows(TAC index:3):4 total references
WinFavorites(TAC index:6):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

5-12-2006 9:43:42 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2104
ThreadCreationTime : 5-12-2006 3:26:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:2 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2496
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:3 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2528
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:4 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2536
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE

#:5 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2548
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 9
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:6 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2556
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:7 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2592
ThreadCreationTime : 5-12-2006 3:27:06 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:8 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 2616
ThreadCreationTime : 5-12-2006 3:27:07 PM
BasePriority : Normal
FileVersion : 9.0.1.1000
ProductVersion : 9.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:9 [sboeaddon.exe]
FilePath : C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\
ProcessID : 2636
ThreadCreationTime : 5-12-2006 3:27:08 PM
BasePriority : Normal
FileVersion : 4.7.5.2500
ProductVersion : 4.7.5.2500
ProductName : SpamBlockerUtility
CompanyName : SpamBlockerUtility.com Inc.
LegalCopyright : Copyright © 2002-2005 SpamBlockerUtility.com, Inc.
LegalTrademarks : SpamBlockerUtility.com®; SpamBlockerUtility®

#:10 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2752
ThreadCreationTime : 5-12-2006 3:27:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:11 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2912
ThreadCreationTime : 5-12-2006 4:42:45 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a}

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : speedup.speedctrl

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : speedup.speedctrl.1

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b8ac03f2-9d1f-4d8b-a04e-6fbd1f51c109}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 21

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\press enter\Cookies\press enter@stat.onestat[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@hitbox[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 27

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : alchem.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 2, 1, 3
ProductVersion : 0, 2, 1, 3
CompanyName : ClickAlchemy
FileDescription : www.clickalchemy.com
LegalCopyright : Copyright © 2004

VX2 Object Recognized!
Type : File
Data : preInsBI.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\

VX2 Object Recognized!
Type : File
Data : preInsTT.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\

WinFavorites Object Recognized!
Type : File
Data : a.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright © 2003
OriginalFilename : a.exe

Atelys Object Recognized!
Type : File
Data : iexplore.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright © 2003
OriginalFilename : Redirect.EXE

VX2 Object Recognized!
Type : File
Data : twaintec.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
ProductName : Twaintec
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : Twaintec.dll
Comments : www.twain-tech.com

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Data Miner
Comment : IBIS Toolbar
Object : C:\Program Files\Common Files\WinTools

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Atelys Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpcproxy

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 36

9:48:03 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:20.763
Objects scanned:115065
Objects identified:24
Objects ignored:0
New critical objects:24

this is only for one computer, the others have more

Back to top of the page up there ^
MultiQuote
Reply

#3 jangles345

Member

Group: Full Member
Posts: 23
Joined: 28-April 06

Posted 12 May 2006 - 11:54 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:57:43 AM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MasterSolution\Vision\MeUiHlp.exe
C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\DOCUME~1\PRESSE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woodsideh...LMC/library.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [MeUiHelper] C:\Program Files\MasterSolution\Vision\MeUiHlp.exe
O4 - HKLM\..\Run: [MePointer] "C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe"
O4 - HKLM\..\Run: [MeControlDL] C:\WINDOWS\system32\MESUAX.exe /DetectLogin
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121887363396
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WS-WHS.EDU
O17 - HKLM\Software\..\Telephony: DomainName = WS-WHS.EDU
O17 - HKLM\System\CCS\Services\Tcpip\..\{9736742B-C03E-41F0-B766-9519B48DBEB1}: NameServer = 10.7.1.40,10.1.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WS-WHS.EDU
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MeWlxNot - C:\WINDOWS\system32\MeWlxNot.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MasterEye control manager (MeSuSrvc) - MasterEye ltd. - C:\WINDOWS\system32\MESUAX.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

heres hijack log

heres ad aware log of other comp

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, May 12, 2006 9:52:40 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer(TAC index:5):1 total references
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):18 total references
Windows(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

5-12-2006 9:52:40 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1824
ThreadCreationTime : 5-12-2006 3:25:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:2 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 176
ThreadCreationTime : 5-12-2006 3:25:22 PM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:3 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 432
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:4 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE

#:5 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 612
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:6 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 9
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:7 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1316
ThreadCreationTime : 5-12-2006 3:25:25 PM
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:8 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1672
ThreadCreationTime : 5-12-2006 3:25:26 PM
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:9 [meuihlp.exe]
FilePath : C:\Program Files\MasterSolution\Vision\
ProcessID : 1712
ThreadCreationTime : 5-12-2006 3:25:26 PM
BasePriority : Normal
FileVersion : 5.0.1.0
ProductVersion : 5.0.0.0
ProductName : MasterEye XL
CompanyName : MasterSolution AG
FileDescription : MasterEye UI Helper
InternalName : MeUIHlp
LegalCopyright : Copyright © 1996-2002 MasterSolution AG
OriginalFilename : MeUIHlp.exe

#:10 [mpointer.exe]
FilePath : C:\Program Files\MasterSolution\Vision\Pointer\
ProcessID : 1744
ThreadCreationTime : 5-12-2006 3:25:27 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : MasterEye Marker
CompanyName : MasterEye
FileDescription : Marker
InternalName : Marker
LegalCopyright : Copyright © 1999
OriginalFilename : Marker.exe

#:11 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1204
ThreadCreationTime : 5-12-2006 3:25:29 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:12 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 1876
ThreadCreationTime : 5-12-2006 3:25:30 PM
BasePriority : Normal
FileVersion : 9.0.1.1000
ProductVersion : 9.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:13 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2272
ThreadCreationTime : 5-12-2006 3:25:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:14 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3892
ThreadCreationTime : 5-12-2006 4:50:40 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:15 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2776
ThreadCreationTime : 5-12-2006 4:52:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 16

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@media.fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@media.fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@hitbox[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 34

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
TAC Rating : 5
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\
FileVersion : 1, 8, 1, 0
ProductVersion : 1, 8, 1, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35

9:58:02 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:21.914
Objects scanned:116366
Objects identified:23
Objects ignored:0
New critical objects:23

Back to top of the page up there ^
MultiQuote
Reply

#4 jangles345

Member

Group: Full Member
Posts: 23
Joined: 28-April 06

Posted 12 May 2006 - 02:14 PM

heres another computers ad-aware scan

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, May 12, 2006 12:11:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):10 total references
Coulomb Dialer(TAC index:5):1 total references
eUniverse(TAC index:10):9 total references
MRU List(TAC index:0):13 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
SahAgent(TAC index:9):15 total references
Tracking Cookie(TAC index:3):7 total references
WhenU(TAC index:3):2 total references
Windows(TAC index:3):4 total references
VX2(TAC index:10):29 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

5-12-2006 12:11:17 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1660
ThreadCreationTime : 5-12-2006 4:45:38 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

VX2 Object Recognized!
Type : Process
Data : bi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 0, 4, 17
ProductVersion : 0, 0, 4, 17
ProductName : Win32 BI Application
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
LegalCopyright : Copyright © 2003
OriginalFilename : BI.DLL
Comments : www.abetterinternet.com

#:2 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2212
ThreadCreationTime : 5-12-2006 4:45:52 PM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:3 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2228
ThreadCreationTime : 5-12-2006 4:45:53 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:4 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2300
ThreadCreationTime : 5-12-2006 4:45:55 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:5 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 2320
ThreadCreationTime : 5-12-2006 4:45:56 PM
BasePriority : Normal
FileVersion : 9.0.1.1000
ProductVersion : 9.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:6 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2460
ThreadCreationTime : 5-12-2006 4:46:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:7 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3356
ThreadCreationTime : 5-12-2006 7:01:48 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

VX2 Object Recognized!
Type : Process
Data : bi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 0, 4, 17
ProductVersion : 0, 0, 4, 17
ProductName : Win32 BI Application
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
LegalCopyright : Copyright © 2003
OriginalFilename : BI.DLL
Comments : www.abetterinternet.com

#:8 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 664
ThreadCreationTime : 5-12-2006 7:08:08 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bho.incredifindbho.1

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5d60ff48-95be-4956-b4c6-6bb168a70310}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}

WhenU Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000ef1-0786-4633-87c6-1aa7a44296da}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{000006b1-19b5-414a-849f-2a3c64ae6939}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bidll.bidllobj.1

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\ncase

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\ncase
Value : Changed

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\msbb

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\msbb
Value : UninstallString

180Solutions Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ncase

180Solutions Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ncase
Value : UninstallString

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}

SahAgent Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup

SahAgent Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PackageName

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsServer

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : PrefsXML

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : CookieUserAgent

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BrowserType

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleProgress

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleKey

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : UniqueBundleID

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : GUID

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : ReadyToInstall

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : BundleInstall

SahAgent Object Recognized!
Type : RegValue
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vgroup\sahagent
Value : LSPInstallNeed

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{000006b1-19b5-414a-849f-2a3c64ae6939}

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 38
Objects found so far: 53

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data : C:\WINDOWS\System32\msbb321.dll
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}

180Solutions Object Recognized!
Type : File
Data : msbb321.dll
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL

Possible Browser Hijack attempt : {00000EF1-0786-4633-87C6-1AA7A44296DA} (http://www.addictivetechnologies.net/dm0/cab/pl4yb0y.cab)

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://www.addictive...cab/pl4yb0y.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Vulnerability
Comment : Possible Browser Hijack attempt : http://www.addictive...cab/pl4yb0y.cab
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}
Value : Installer

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 57

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@bluestreak[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@stats1.clicktracks[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@stats1.clicktracks[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@hitbox[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 64

VX2 Object Recognized!
Type : File
Data : bi.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 0, 4, 17
ProductVersion : 0, 0, 4, 17
ProductName : Win32 BI Application
CompanyName : Better Internet, Inc.
FileDescription : www.abetterinternet.com
InternalName : Win32 Bi Application
LegalCopyright : Copyright © 2003
OriginalFilename : BI.DLL
Comments : www.abetterinternet.com

VX2 Object Recognized!
Type : File
Data : biprep.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\

WhenU Object Recognized!
Type : File
Data : WUInst.dll
TAC Rating : 3
Category : Misc
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 3, 1
ProductVersion : 1, 0, 3, 1
ProductName : WUInst Module
FileDescription : WUInst Module
InternalName : WUInst
LegalCopyright : Copyright 2003
OriginalFilename : WUInst.DLL

VX2 Object Recognized!
Type : File
Data : bi6.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\

VX2 Object Recognized!
Type : File
Data : in10b6s.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL

Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
TAC Rating : 5
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\
FileVersion : 1, 8, 1, 0
ProductVersion : 1, 8, 1, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32

180Solutions Object Recognized!
Type : File
Data : msbb.exe
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4.2
ProductVersion : 4.2
ProductName : n-CASE
CompanyName : 180Solutions Inc
FileDescription : msbb
InternalName : msbb
LegalCopyright : Copyright © 2001 180Solutions, Inc
OriginalFilename : msbb.exe

SahAgent Object Recognized!
Type : File
Data : sahagent1019.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

eUniverse Object Recognized!
Type : File
Data : setup_incred_10.exe
TAC Rating : 10
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dbi

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dbi
Value : UninstallString

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BII1d2OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIT1o2pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BII1n2ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BII1n2ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BII1n2ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1S2Insur

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2trSEvnt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BI1C2ntrSTransac

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIL1a2stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BIC1n2tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dbi
Value : BID1s2tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\incredifind

eUniverse Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\updater

180Solutions Object Recognized!
Type : File
Data : ncase.ini
TAC Rating : 6
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 92

12:15:41 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:24.431
Objects scanned:118762
Objects identified:77
Objects ignored:0
New critical objects:77

Back to top of the page up there ^
MultiQuote
Reply

#5 SirPeter

Hugging kitties

Group: Helper Trainee
Posts: 224
Joined: 06-June 04

Posted 13 May 2006 - 02:05 PM

High school pc's are used the whole day by multiple students. It's no wonder that pc's there are infested. Most schools clean there pc reguraly.

SpywareInfo Forum: Hah! My high school's computers are infested! - SpywareInfo Forum

Hah! My high school's computers are infested! The network security is only a router!

#1 jangles345

#2 jangles345

#3 jangles345

#4 jangles345

#5 SirPeter

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

SpywareInfo Forum: Hah! My high school's computers are infested! - SpywareInfo Forum

Hah! My high school's computers are infested! The network security is only a router!

#1 jangles345

#2 jangles345

#3 jangles345

#4 jangles345

#5 SirPeter

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users