Jump to content


Photo

Hah! My high school's computers are infested!, The network security is only a router!


  • Please log in to reply
11 replies to this topic

#1 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 08:24 PM

yes i will post ad-aware scan results right now. I seriously think my high school only has a router for protection. Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient).

When i post the results you people will laugh This is how much our government cares for its technology. I mean jesus 79 infections. I only scanned 1 computer, ill pick another one at random tommorrow as well.

If your at a college or a high school that has poorly protected computers with infestations, download ad-aware and scan that computer, post results here! God this is really pathetic.

heres one

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, May 12, 2006 9:43:42 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Atelys(TAC index:6):2 total references
IBIS Toolbar(TAC index:5):2 total references
JRaun(TAC index:6):4 total references
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):6 total references
Windows(TAC index:3):4 total references
WinFavorites(TAC index:6):1 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2006 9:43:42 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2104
ThreadCreationTime : 5-12-2006 3:26:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:2 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 2496
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:3 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2528
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:4 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2536
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE

#:5 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2548
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 9
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:6 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2556
ThreadCreationTime : 5-12-2006 3:27:04 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:7 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2592
ThreadCreationTime : 5-12-2006 3:27:06 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:8 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 2616
ThreadCreationTime : 5-12-2006 3:27:07 PM
BasePriority : Normal
FileVersion : 9.0.1.1000
ProductVersion : 9.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:9 [sboeaddon.exe]
FilePath : C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\
ProcessID : 2636
ThreadCreationTime : 5-12-2006 3:27:08 PM
BasePriority : Normal
FileVersion : 4.7.5.2500
ProductVersion : 4.7.5.2500
ProductName : SpamBlockerUtility
CompanyName : SpamBlockerUtility.com Inc.
LegalCopyright : Copyright © 2002-2005 SpamBlockerUtility.com, Inc.
LegalTrademarks : SpamBlockerUtility.com®; SpamBlockerUtility®

#:10 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2752
ThreadCreationTime : 5-12-2006 3:27:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:11 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2912
ThreadCreationTime : 5-12-2006 4:42:45 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a}

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : speedup.speedctrl

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : speedup.speedctrl.1

JRaun Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b8ac03f2-9d1f-4d8b-a04e-6fbd1f51c109}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\btiein

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 21


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 21


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : www.searchtraffic.com
Value : C:\Documents and Settings\press enter\Cookies\press enter@stat.onestat[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@hitbox[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 27



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : alchem.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 2, 1, 3
ProductVersion : 0, 2, 1, 3
CompanyName : ClickAlchemy
FileDescription : www.clickalchemy.com
LegalCopyright : Copyright © 2004


VX2 Object Recognized!
Type : File
Data : preInsBI.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



VX2 Object Recognized!
Type : File
Data : preInsTT.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



WinFavorites Object Recognized!
Type : File
Data : a.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright © 2003
OriginalFilename : a.exe


Atelys Object Recognized!
Type : File
Data : iexplore.exe
TAC Rating : 6
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Redirect Application
FileDescription : Redirect MFC Application
InternalName : Redirect
LegalCopyright : Copyright © 2003
OriginalFilename : Redirect.EXE


VX2 Object Recognized!
Type : File
Data : twaintec.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 1, 4, 19
ProductVersion : 0, 1, 4, 19
ProductName : Twaintec
CompanyName : Twain Tech
FileDescription : www.twain-tech.com
InternalName : Twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : Twaintec.dll
Comments : www.twain-tech.com


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Data Miner
Comment : IBIS Toolbar
Object : C:\Program Files\Common Files\WinTools

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Atelys Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\dpcproxy

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 36

9:48:03 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:20.763
Objects scanned:115065
Objects identified:24
Objects ignored:0
New critical objects:24



this is only for one computer, the others have more

#2 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 08:26 PM

heres hijack log of one computer

Logfile of HijackThis v1.99.1
Scan saved at 9:57:43 AM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MasterSolution\Vision\MeUiHlp.exe
C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
C:\DOCUME~1\PRESSE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woodsideh...LMC/library.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [MeUiHelper] C:\Program Files\MasterSolution\Vision\MeUiHlp.exe
O4 - HKLM\..\Run: [MePointer] "C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe"
O4 - HKLM\..\Run: [MeControlDL] C:\WINDOWS\system32\MESUAX.exe /DetectLogin
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121887363396
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WS-WHS.EDU
O17 - HKLM\Software\..\Telephony: DomainName = WS-WHS.EDU
O17 - HKLM\System\CCS\Services\Tcpip\..\{9736742B-C03E-41F0-B766-9519B48DBEB1}: NameServer = 10.7.1.40,10.1.1.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WS-WHS.EDU
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MeWlxNot - C:\WINDOWS\system32\MeWlxNot.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MasterEye control manager (MeSuSrvc) - MasterEye ltd. - C:\WINDOWS\system32\MESUAX.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#3 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 08:27 PM

heres ad aware log of other comp

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, May 12, 2006 9:52:40 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer(TAC index:5):1 total references
MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):18 total references
Windows(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-12-2006 9:52:40 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\press enter\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist
Description : list of recent folders used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1824
ThreadCreationTime : 5-12-2006 3:25:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:2 [smtray.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 176
ThreadCreationTime : 5-12-2006 3:25:22 PM
BasePriority : Normal
FileVersion : 3, 2, 17, 0
ProductVersion : 3, 2, 0, 0
ProductName : SoundMAX Integrated Digital Audio
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX System Tray
InternalName : SMTray
LegalCopyright : Copyright © 2003 Analog Devices
OriginalFilename : SMTray.exe

#:3 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 432
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:4 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE

#:5 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 612
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 6.0.2
ProductVersion : QuickTime 6.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:6 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 5-12-2006 3:25:23 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 9
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.

#:7 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1316
ThreadCreationTime : 5-12-2006 3:25:25 PM
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:8 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1672
ThreadCreationTime : 5-12-2006 3:25:26 PM
BasePriority : Normal
FileVersion : 3.0.0.2209
ProductVersion : 7.0.0.2209
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:9 [meuihlp.exe]
FilePath : C:\Program Files\MasterSolution\Vision\
ProcessID : 1712
ThreadCreationTime : 5-12-2006 3:25:26 PM
BasePriority : Normal
FileVersion : 5.0.1.0
ProductVersion : 5.0.0.0
ProductName : MasterEye XL
CompanyName : MasterSolution AG
FileDescription : MasterEye UI Helper
InternalName : MeUIHlp
LegalCopyright : Copyright © 1996-2002 MasterSolution AG
OriginalFilename : MeUIHlp.exe

#:10 [mpointer.exe]
FilePath : C:\Program Files\MasterSolution\Vision\Pointer\
ProcessID : 1744
ThreadCreationTime : 5-12-2006 3:25:27 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : MasterEye Marker
CompanyName : MasterEye
FileDescription : Marker
InternalName : Marker
LegalCopyright : Copyright © 1999
OriginalFilename : Marker.exe

#:11 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1204
ThreadCreationTime : 5-12-2006 3:25:29 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:12 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 1876
ThreadCreationTime : 5-12-2006 3:25:30 PM
BasePriority : Normal
FileVersion : 9.0.1.1000
ProductVersion : 9.0.1.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:13 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2272
ThreadCreationTime : 5-12-2006 3:25:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:14 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3892
ThreadCreationTime : 5-12-2006 4:50:40 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:15 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 2776
ThreadCreationTime : 5-12-2006 4:52:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from customizing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoToolbarCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unwanted restriction from adding/removing toolbars
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer
Value : NoBandCustomize
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 16


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@bfast[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@bfast[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@cgi-bin[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@media.fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@media.fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@tradedoubler[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@tribalfusion[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : press enter@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\press enter@zedo[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@ehg-foxsports.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@ehg-foxsports.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : setup@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\press enter\Cookies\setup@hitbox[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 34



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
TAC Rating : 5
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\
FileVersion : 1, 8, 1, 0
ProductVersion : 1, 8, 1, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35

9:58:02 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:21.914
Objects scanned:116366
Objects identified:23
Objects ignored:0
New critical objects:23

#4 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 08:30 PM

more coming soon

#5 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 12 May 2006 - 09:32 PM

Nick,
can you only post one PC in each topic you confustion is going to get the better of the elderly around here Posted Image
I will advise you on the first PC the one witch you started this topic with.
I advise you to edit /remove the other and then when starting a new topic call it some thing like PC 2 ETC

GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown

#6 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 12 May 2006 - 09:44 PM

Nick,
please follow these instructions carefully, and in the order given.
Please can you download VundoFix.exe to your desktop.
Double-click on the VundoFix.exe to run it.
Click the Scan for Vundo button.
When the scan is complete, click the Remove Vundo button.
click yes to remove the files,
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, Reboot (ie: Re-start your PC)


After your PC has restarted there will be a log called vundofix.txt will be created in your C:\ directory, please keep this log file as you may be asked to post it by the support staff

Lavasoft does have a BETA version of its own Virtumondo Remover
See Lavasoft Virtumondo Remover Released!

To download this tool, you must register as a Beta Application Tester, accepting the terms and conditions of our beta testing program.


Now can you please go and download a plug-in (i.e.: vx2cleaner.exe) that will assist you in the cleanup of your PC. (if you have not already have done so)
After you have downloaded and installed the VX2 Plug-in as described there,
DO NOT RUN IT YET
please can you clear out your cache folder ie: temporary internet folder.
There are some free programs that you can use that will do that for you if needed like :angry:
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
Then open Ad-Aware SE use the WebUpDate to ensure that you have the latest Definitions File
ie: (SE1R107 09.05.2006) then close Ad-Aware SE.
Now please save and close any open programs and disconnect from the internet.
(For broadband/cable users, it is recommended that you disconnect the cable connection)
Then
Please Reboot (i.e.: Re-start your PC)
Then open Ad-Aware SE but nothing else.

Please can you un-tick this option if you have it ticked
"Include negligible objects information".

To do this Open Ad-aware SE
Click “settings? (the Gear)
then Click “Tweaks“,
then click Scanning engine,
then un-tick "Include negligible objects information".
And then click the proceed button.
Now please scan doing a "Full Scan".
When the scan has finished select Next. In the Scanning Results window select the "Scan Summary" tab. tick the box next to a "target family’" you wish to remove. Click next, Click OK.
then rescan and do the same thing till you have removed all the "target family's"
Then please run the VX2 cleaner by Selecting the VX2 Cleaner plug-in and click “Run Plug-in? Select “Clean System?
Then please Reboot (i.e.: Re-start your PC)
Then after your PC has restarted please open Ad-Aware SE, but nothing else and
scan doing a "Full Scan". then and once the scan has finished mark and remove items then Reboot (i.e.: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your log file here by using the Add-Reply Feature

GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown

#7 Guest_winchester73_*

Guest_winchester73_*
  • Guests

Posted 12 May 2006 - 10:09 PM

Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient).

When i post the results you people will laugh



Neither log you posted shows 79 infections ... :angry:

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:20.763
Objects scanned:115065
Objects identified:24
Objects ignored:0
New critical objects:24


this is only for one computer, the others have more


Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:21.914
Objects scanned:116366
Objects identified:23
Objects ignored:0
New critical objects:23


:)

BTW, we are all stunned to learn that you are a high school student. You sounded so much older ... :)

#8 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 11:47 PM

well i lost some log files when at school, also i was trying to port this topic i made from

SWI forums

http://spywareinfofo...showtopic=75427

yes one computer had 72 i just lost the log. 4/5 computers at my school have a vx2 varient...

Edited by LS CalamityJane, 11 December 2008 - 09:25 PM.
Fixed outdated URL


#9 Guest_winchester73_*

Guest_winchester73_*
  • Guests

Posted 12 May 2006 - 11:50 PM

It's shocking that high school students might have 'infected' computers ... :)

That's one of the reasons that spyware hunter/killers stay as busy as they do. :angry:

#10 Nick

Nick

    Member

  • Members
  • PipPip
  • 23 posts

Posted 12 May 2006 - 11:55 PM

yes well im not suprised. I even found bonzi buddy on one of the computers. How the student got it when their web page is blocked is beyond me. But some search engine like www.pimpmyip.com allow free surfing of the web without the school blocking it. That might explain the download. That or active X driveby download.


No popup adds or toolbars show up on the school computers though.


On my old windows 2000 computer, ad-aware found 368 files. You would be suprised. I had everything from Bonzi Buddy to Cool Web Search to VX2. It was crazy. I used to get popups when i wasn't even using the internet plus i would have tons of extra toolbars and my browser was hijacked frequently. :angry:

I have no wish of fixing the computers at school. I already contacted the T.A (techincal administrator) and he is very slow to react. He said he will deal with this a month from now. I told him to get a Corperate edition of Lavasoft Ad-Aware SE and download Spyware Blaster to block Active X driveby downloads and tracking cookies (spyware blaster allows for their software to be used on a large scale for schools and non profit organizations). Hopefully that will make a differance.

#11 Pat H

Pat H

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 14 May 2006 - 03:10 AM

I am having trouble getting the VX2 Varient off my computer. I have run the Ad-Aware SE and the Cleaner but the cleanre keeps coming up with "system Clean" but then when I run the Ad Aware again it finds the 2 again. Help!

#12 GRAFX

GRAFX

    Advanced Member

  • Members
  • PipPipPip
  • 515 posts

Posted 14 May 2006 - 05:44 PM

Pat H,
please can you start a new topic posting a full log file.
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders
and for Windows 98/ME users your logs are stored in
C:\WINDOWS\All Users\Application Data\ ) by default.

GRAFX Posted Image
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least
LandzDown




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users