Jangles

Members
  • Content Count

    22
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Jangles

  • Rank
    Member
  1. its about 3 mb in winrar. its filled with compressed tracking cookies, trojans, and adware that ewido detected but yours didn't. Some of these might already be on your data base but there is alot that arn't so i will try to send an attachment friday. Have fun sifting through 1,275 items!
  2. yes i have some +1000 trojans, viruses, tracking cookies, and adware. I compress the quarantine file with winrar. I fill out all the info for submission. I browse for the file and submit it, but then after a minute it says the file contains 0 bytes. What the hell, im trying to help out and its not working. Please tell me how to submit! Am i submiting too much? Answers!!!
  3. anyway i compressed a copy of the quarantine folder into win rar. A very LARGE winrar folder of compressed tracking cookies and a trojan Sp00n3r :angry: will be arriving at lavasoft soon.
  4. yes well im not suprised. I even found bonzi buddy on one of the computers. How the student got it when their web page is blocked is beyond me. But some search engine like www.pimpmyip.com allow free surfing of the web without the school blocking it. That might explain the download. That or active X driveby download. No popup adds or toolbars show up on the school computers though. On my old windows 2000 computer, ad-aware found 368 files. You would be suprised. I had everything from Bonzi Buddy to Cool Web Search to VX2. It was crazy. I used to get popups when i wasn't even using the internet plus i would have tons of extra toolbars and my browser was hijacked frequently. :angry: I have no wish of fixing the computers at school. I already contacted the T.A (techincal administrator) and he is very slow to react. He said he will deal with this a month from now. I told him to get a Corperate edition of Lavasoft Ad-Aware SE and download Spyware Blaster to block Active X driveby downloads and tracking cookies (spyware blaster allows for their software to be used on a large scale for schools and non profit organizations). Hopefully that will make a differance.
  5. well i lost some log files when at school, also i was trying to port this topic i made from SWI forums http://spywareinfoforum.com/index.php?showtopic=75427 yes one computer had 72 i just lost the log. 4/5 computers at my school have a vx2 varient...
  6. wow thats weird! and no, id rather just submit it to lavasoft :angry: seeing how i bought your product and i don't want to take the time to improve other companies. i bought lavasoft for a reason, i know your one of the best, but i use ewido as a second opinion..
  7. heres ad aware log of other comp Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, May 12, 2006 9:52:40 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R47 24.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Coulomb Dialer(TAC index:5):1 total references MRU List(TAC index:0):12 total references Tracking Cookie(TAC index:3):18 total references Windows(TAC index:3):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-12-2006 9:52:40 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\press enter\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1824 ThreadCreationTime : 5-12-2006 3:25:21 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:2 [smtray.exe] FilePath : C:\Program Files\Analog Devices\SoundMAX\ ProcessID : 176 ThreadCreationTime : 5-12-2006 3:25:22 PM BasePriority : Normal FileVersion : 3, 2, 17, 0 ProductVersion : 3, 2, 0, 0 ProductName : SoundMAX Integrated Digital Audio CompanyName : Analog Devices, Inc. FileDescription : SoundMAX System Tray InternalName : SMTray LegalCopyright : Copyright © 2003 Analog Devices OriginalFilename : SMTray.exe #:3 [ico.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 432 ThreadCreationTime : 5-12-2006 3:25:23 PM BasePriority : Normal FileVersion : 1, 0, 1, 0 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:4 [fsrremos.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 500 ThreadCreationTime : 5-12-2006 3:25:23 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 1 ProductName : sysinf_s Application FileDescription : sysinf_s MFC Application InternalName : sysinf_s LegalCopyright : Copyright © 2003 OriginalFilename : sysinf_s.EXE #:5 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 612 ThreadCreationTime : 5-12-2006 3:25:23 PM BasePriority : Normal FileVersion : 6.0.2 ProductVersion : QuickTime 6.0.2 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2002 OriginalFilename : QTTask.exe #:6 [pelmiced.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 552 ThreadCreationTime : 5-12-2006 3:25:23 PM BasePriority : Normal FileVersion : 1, 0, 9, 9 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:7 [igfxtray.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1316 ThreadCreationTime : 5-12-2006 3:25:25 PM BasePriority : Normal FileVersion : 3.0.0.2209 ProductVersion : 7.0.0.2209 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : igfxTray Module InternalName : IGFXTRAY LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : IGFXTRAY.EXE #:8 [hkcmd.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1672 ThreadCreationTime : 5-12-2006 3:25:26 PM BasePriority : Normal FileVersion : 3.0.0.2209 ProductVersion : 7.0.0.2209 ProductName : Intel® Common User Interface CompanyName : Intel Corporation FileDescription : hkcmd Module InternalName : HKCMD LegalCopyright : Copyright 1999-2003, Intel Corporation OriginalFilename : HKCMD.EXE #:9 [meuihlp.exe] FilePath : C:\Program Files\MasterSolution\Vision\ ProcessID : 1712 ThreadCreationTime : 5-12-2006 3:25:26 PM BasePriority : Normal FileVersion : 5.0.1.0 ProductVersion : 5.0.0.0 ProductName : MasterEye XL CompanyName : MasterSolution AG FileDescription : MasterEye UI Helper InternalName : MeUIHlp LegalCopyright : Copyright © 1996-2002 MasterSolution AG OriginalFilename : MeUIHlp.exe #:10 [mpointer.exe] FilePath : C:\Program Files\MasterSolution\Vision\Pointer\ ProcessID : 1744 ThreadCreationTime : 5-12-2006 3:25:27 PM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : MasterEye Marker CompanyName : MasterEye FileDescription : Marker InternalName : Marker LegalCopyright : Copyright © 1999 OriginalFilename : Marker.exe #:11 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1204 ThreadCreationTime : 5-12-2006 3:25:29 PM BasePriority : Normal FileVersion : 2.2.1.004 ProductVersion : 2.2.1.004 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:12 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~2\ ProcessID : 1876 ThreadCreationTime : 5-12-2006 3:25:30 PM BasePriority : Normal FileVersion : 9.0.1.1000 ProductVersion : 9.0.1.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved. #:13 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2272 ThreadCreationTime : 5-12-2006 3:25:41 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:14 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 3892 ThreadCreationTime : 5-12-2006 4:50:40 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:15 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\ ProcessID : 2776 ThreadCreationTime : 5-12-2006 4:52:15 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unwanted restriction from customizing toolbars Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer Value : NoToolbarCustomize Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unwanted restriction from adding/removing toolbars Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer Value : NoBandCustomize Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unintended lockout from Task Manager (Task manager access disabled) Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system Value : DisableTaskMgr Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Manual changing of browser start-page restricted Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel Value : Homepage Data : Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 16 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 16 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][2].txt Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 18 Objects found so far: 34 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Coulomb Dialer Object Recognized! Type : File Data : Groove.x32 TAC Rating : 5 Category : Dialer Comment : Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\ FileVersion : 1, 8, 1, 0 ProductVersion : 1, 8, 1, 0 ProductName : GROOVE FileDescription : GROOVE InternalName : GROOVE LegalCopyright : Copyright 2001 OriginalFilename : GROOVE.x32 Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 35 9:58:02 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:21.914 Objects scanned:116366 Objects identified:23 Objects ignored:0 New critical objects:23
  8. heres hijack log of one computer Logfile of HijackThis v1.99.1 Scan saved at 9:57:43 AM, on 5/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\Pelmiced.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\MasterSolution\Vision\MeUiHlp.exe C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe C:\DOCUME~1\PRESSE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woodsidehs.org/WHS_LMC/library.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [MeUiHelper] C:\Program Files\MasterSolution\Vision\MeUiHlp.exe O4 - HKLM\..\Run: [MePointer] "C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe" O4 - HKLM\..\Run: [MeControlDL] C:\WINDOWS\system32\MESUAX.exe /DetectLogin O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121887363396 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WS-WHS.EDU O17 - HKLM\Software\..\Telephony: DomainName = WS-WHS.EDU O17 - HKLM\System\CCS\Services\Tcpip\..\{9736742B-C03E-41F0-B766-9519B48DBEB1}: NameServer = 10.7.1.40,10.1.1.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WS-WHS.EDU O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: MeWlxNot - C:\WINDOWS\system32\MeWlxNot.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MasterEye control manager (MeSuSrvc) - MasterEye ltd. - C:\WINDOWS\system32\MESUAX.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  9. yes i will post ad-aware scan results right now. I seriously think my high school only has a router for protection. Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient). When i post the results you people will laugh This is how much our government cares for its technology. I mean jesus 79 infections. I only scanned 1 computer, ill pick another one at random tommorrow as well. If your at a college or a high school that has poorly protected computers with infestations, download ad-aware and scan that computer, post results here! God this is really pathetic. heres one Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, May 12, 2006 9:43:42 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R47 24.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Atelys(TAC index:6):2 total references IBIS Toolbar(TAC index:5):2 total references JRaun(TAC index:6):4 total references MRU List(TAC index:0):12 total references Tracking Cookie(TAC index:3):6 total references Windows(TAC index:3):4 total references WinFavorites(TAC index:6):1 total references VX2(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-12-2006 9:43:42 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\press enter\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist Description : list of recent folders used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2104 ThreadCreationTime : 5-12-2006 3:26:46 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:2 [smtray.exe] FilePath : C:\Program Files\Analog Devices\SoundMAX\ ProcessID : 2496 ThreadCreationTime : 5-12-2006 3:27:04 PM BasePriority : Normal FileVersion : 3, 2, 17, 0 ProductVersion : 3, 2, 0, 0 ProductName : SoundMAX Integrated Digital Audio CompanyName : Analog Devices, Inc. FileDescription : SoundMAX System Tray InternalName : SMTray LegalCopyright : Copyright © 2003 Analog Devices OriginalFilename : SMTray.exe #:3 [ico.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2528 ThreadCreationTime : 5-12-2006 3:27:04 PM BasePriority : Normal FileVersion : 1, 0, 1, 0 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:4 [fsrremos.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2536 ThreadCreationTime : 5-12-2006 3:27:04 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 1 ProductName : sysinf_s Application FileDescription : sysinf_s MFC Application InternalName : sysinf_s LegalCopyright : Copyright © 2003 OriginalFilename : sysinf_s.EXE #:5 [pelmiced.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2548 ThreadCreationTime : 5-12-2006 3:27:04 PM BasePriority : Normal FileVersion : 1, 0, 9, 9 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright © 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:6 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 2556 ThreadCreationTime : 5-12-2006 3:27:04 PM BasePriority : Normal FileVersion : 6.0.2 ProductVersion : QuickTime 6.0.2 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2002 OriginalFilename : QTTask.exe #:7 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2592 ThreadCreationTime : 5-12-2006 3:27:06 PM BasePriority : Normal FileVersion : 2.2.1.004 ProductVersion : 2.2.1.004 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:8 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~2\ ProcessID : 2616 ThreadCreationTime : 5-12-2006 3:27:07 PM BasePriority : Normal FileVersion : 9.0.1.1000 ProductVersion : 9.0.1.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved. #:9 [sboeaddon.exe] FilePath : C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\ ProcessID : 2636 ThreadCreationTime : 5-12-2006 3:27:08 PM BasePriority : Normal FileVersion : 4.7.5.2500 ProductVersion : 4.7.5.2500 ProductName : SpamBlockerUtility CompanyName : SpamBlockerUtility.com Inc. LegalCopyright : Copyright © 2002-2005 SpamBlockerUtility.com, Inc. LegalTrademarks : SpamBlockerUtility.com®; SpamBlockerUtility® #:10 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2752 ThreadCreationTime : 5-12-2006 3:27:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:11 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\ ProcessID : 2912 ThreadCreationTime : 5-12-2006 4:42:45 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» JRaun Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} JRaun Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : speedup.speedctrl JRaun Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : speedup.speedctrl.1 JRaun Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{b8ac03f2-9d1f-4d8b-a04e-6fbd1f51c109} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\btiein Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unwanted restriction from customizing toolbars Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer Value : NoToolbarCustomize Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unwanted restriction from adding/removing toolbars Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer Value : NoBandCustomize Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Possible unintended lockout from Task Manager (Task manager access disabled) Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system Value : DisableTaskMgr Data : Windows Object Recognized! Type : RegData Data : TAC Rating : 3 Category : Vulnerability Comment : Manual changing of browser start-page restricted Rootkey : HKEY_USERS Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel Value : Homepage Data : Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 9 Objects found so far: 21 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 21 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : press [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : www.searchtraffic.com Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : [email protected][2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\press enter\Cookies\[email protected][2].txt Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 27 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : File Data : alchem.exe TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 2, 1, 3 ProductVersion : 0, 2, 1, 3 CompanyName : ClickAlchemy FileDescription : www.clickalchemy.com LegalCopyright : Copyright © 2004 VX2 Object Recognized! Type : File Data : preInsBI.exe TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : preInsTT.exe TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ WinFavorites Object Recognized! Type : File Data : a.exe TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 LegalCopyright : Copyright © 2003 OriginalFilename : a.exe Atelys Object Recognized! Type : File Data : iexplore.exe TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Redirect Application FileDescription : Redirect MFC Application InternalName : Redirect LegalCopyright : Copyright © 2003 OriginalFilename : Redirect.EXE VX2 Object Recognized! Type : File Data : twaintec.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 1, 4, 19 ProductVersion : 0, 1, 4, 19 ProductName : Twaintec CompanyName : Twain Tech FileDescription : www.twain-tech.com InternalName : Twaintec LegalCopyright : Copyright © 2003 OriginalFilename : Twaintec.dll Comments : www.twain-tech.com Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» IBIS Toolbar Object Recognized! Type : Folder TAC Rating : 5 Category : Data Miner Comment : IBIS Toolbar Object : C:\Program Files\Common Files\WinTools VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} Atelys Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\dpcproxy Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 36 9:48:03 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:04:20.763 Objects scanned:115065 Objects identified:24 Objects ignored:0 New critical objects:24 this is only for one computer, the others have more
  10. Yes well, ewido found 100 tracking cookies that leached on my computer and 1 trojan dropper. I know that its hard to get signatures, but that is really ridiculous. Now i use spyblaster activeX/cookie blocker + mozilla firefox so i only get a cookie or 2 now and then but i really think that finding a trojan and some 100 + tracking cookies really is disturbing. the trojan was called Sp00n3r. I will submit them seeing how all of them are in my ewido quarantine. Hopefully by doing this i will be helping you guys improve your program. :angry:
  11. yeah i did, one is to clean out the registry, the other is to make logos for a game...
  12. Incident Status Location Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Victor\Application Data\Registry Cleaner Hacktool:Hacktool/Hammer Not disinfected C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, May 05, 2006 11:49:54 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 6/05/2006 Kaspersky Anti-Virus database records: 180424 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 80274 Number of viruses found: 10 Number of infected objects: 47 Number of suspicious objects: 1 Duration of the scan process: 00:53:50 Infected Object Name / Virus Name / Last Action C:\Program Files\Norton AntiVirus\Quarantine\115A1A2A.cla Infected: Trojan-Downloader.Java.OpenStream.w skipped C:\Program Files\Norton AntiVirus\Quarantine\19507F84.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\26A03278.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\2B053B54 Infected: Trojan-Clicker.JS.Linker.h skipped C:\Program Files\Norton AntiVirus\Quarantine\2C8D222E Infected: Trojan-Clicker.JS.Linker.h skipped C:\Program Files\Norton AntiVirus\Quarantine\2F5D25D1.cla Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\34F1142B.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped C:\Program Files\Norton AntiVirus\Quarantine\36A03A51.exe Infected: Trojan-Spy.Win32.Perfloger.f skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\36F505FE.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\3BC367E8.cla Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\3DA86BFA.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.cla Infected: Trojan.Java.ClassLoader.f skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\3E664DF9.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\438C5329.cla Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\49CF6FA7.cla Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\4F3D51C2.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped C:\Program Files\Norton AntiVirus\Quarantine\54EA3C81.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\607638EC.wmf Suspicious: Exploit.Win32.IMG-WMF skipped C:\Program Files\Norton AntiVirus\Quarantine\62AA2D55 Infected: Trojan-Clicker.JS.Linker.h skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip ZIP: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\70CD1422.zip CryptFF: infected - 4 skipped C:\Program Files\Norton AntiVirus\Quarantine\70D03E1F.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Program Files\Norton AntiVirus\Quarantine\76514F1D.cla Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\79582DF0.cla Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Program Files\Norton AntiVirus\Quarantine\7ACB0725.cla Infected: Trojan.Java.ClassLoader.c skipped C:\Program Files\Norton AntiVirus\Quarantine\7C086480.cla Infected: Trojan.Java.ClassLoader.Dummy.a skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 11:54:54 PM, on 5/5/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\program files\valve\steam\steam.exe C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe C:\Program Files\PerSono\perstray.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Victor\Desktop\Stuff\Hijack This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" O4 - Startup: LifeDriveâ„¢ Manager.lnk = C:\Program Files\palmOne\LifeDriveMgrTray.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Perstray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113710506767 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  13. is there any other way to delete, i downloaded and uninstalled and it still is here...
  14. Well how do i get rid of the bearshare. It has basically thwarted all my attempts to remove it. Also, yes Steve, I would be delighted if you put it back on the detection list. Is there any petition I have to sign?