• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
Jangles

Hah! My high school's computers are infested!, The network security is only a router!

12 posts in this topic

yes i will post ad-aware scan results right now. I seriously think my high school only has a router for protection. Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient).

 

When i post the results you people will laugh This is how much our government cares for its technology. I mean jesus 79 infections. I only scanned 1 computer, ill pick another one at random tommorrow as well.

 

If your at a college or a high school that has poorly protected computers with infestations, download ad-aware and scan that computer, post results here! God this is really pathetic.

 

heres one

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, May 12, 2006 9:43:42 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R47 24.05.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Atelys(TAC index:6):2 total references

IBIS Toolbar(TAC index:5):2 total references

JRaun(TAC index:6):4 total references

MRU List(TAC index:0):12 total references

Tracking Cookie(TAC index:3):6 total references

Windows(TAC index:3):4 total references

WinFavorites(TAC index:6):1 total references

VX2(TAC index:10):5 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

5-12-2006 9:43:42 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\press enter\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist

Description : list of recent folders used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 2104

ThreadCreationTime : 5-12-2006 3:26:46 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:2 [smtray.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 2496

ThreadCreationTime : 5-12-2006 3:27:04 PM

BasePriority : Normal

FileVersion : 3, 2, 17, 0

ProductVersion : 3, 2, 0, 0

ProductName : SoundMAX Integrated Digital Audio

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX System Tray

InternalName : SMTray

LegalCopyright : Copyright © 2003 Analog Devices

OriginalFilename : SMTray.exe

 

#:3 [ico.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2528

ThreadCreationTime : 5-12-2006 3:27:04 PM

BasePriority : Normal

FileVersion : 1, 0, 1, 0

ProductVersion : 1.0.0.0

ProductName : MouseSuite 98

CompanyName : Primax Electronics Ltd.

FileDescription : Mouse Suite 98 Daemon

InternalName : pelmiced.exe

LegalCopyright : Copyright © 1997, Primax Electronics Ltd.

LegalTrademarks : Primax Electronics Ltd.

 

#:4 [fsrremos.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2536

ThreadCreationTime : 5-12-2006 3:27:04 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 1

ProductName : sysinf_s Application

FileDescription : sysinf_s MFC Application

InternalName : sysinf_s

LegalCopyright : Copyright © 2003

OriginalFilename : sysinf_s.EXE

 

#:5 [pelmiced.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2548

ThreadCreationTime : 5-12-2006 3:27:04 PM

BasePriority : Normal

FileVersion : 1, 0, 9, 9

ProductVersion : 1.0.0.0

ProductName : MouseSuite 98

CompanyName : Primax Electronics Ltd.

FileDescription : Mouse Suite 98 Daemon

InternalName : pelmiced.exe

LegalCopyright : Copyright © 1997, Primax Electronics Ltd.

LegalTrademarks : Primax Electronics Ltd.

 

#:6 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2556

ThreadCreationTime : 5-12-2006 3:27:04 PM

BasePriority : Normal

FileVersion : 6.0.2

ProductVersion : QuickTime 6.0.2

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2002

OriginalFilename : QTTask.exe

 

#:7 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 2592

ThreadCreationTime : 5-12-2006 3:27:06 PM

BasePriority : Normal

FileVersion : 2.2.1.004

ProductVersion : 2.2.1.004

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:8 [vptray.exe]

FilePath : C:\PROGRA~1\SYMANT~2\

ProcessID : 2616

ThreadCreationTime : 5-12-2006 3:27:07 PM

BasePriority : Normal

FileVersion : 9.0.1.1000

ProductVersion : 9.0.1.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

 

#:9 [sboeaddon.exe]

FilePath : C:\Program Files\SpamBlockerUtility\Bin\4.7.5.0\

ProcessID : 2636

ThreadCreationTime : 5-12-2006 3:27:08 PM

BasePriority : Normal

FileVersion : 4.7.5.2500

ProductVersion : 4.7.5.2500

ProductName : SpamBlockerUtility

CompanyName : SpamBlockerUtility.com Inc.

LegalCopyright : Copyright © 2002-2005 SpamBlockerUtility.com, Inc.

LegalTrademarks : SpamBlockerUtility.com®; SpamBlockerUtility®

 

#:10 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2752

ThreadCreationTime : 5-12-2006 3:27:12 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:11 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\

ProcessID : 2912

ThreadCreationTime : 5-12-2006 4:42:45 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 12

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

JRaun Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a}

 

JRaun Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : speedup.speedctrl

 

JRaun Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : speedup.speedctrl.1

 

JRaun Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : typelib\{b8ac03f2-9d1f-4d8b-a04e-6fbd1f51c109}

 

IBIS Toolbar Object Recognized!

Type : Regkey

Data :

TAC Rating : 5

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\btiein

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unwanted restriction from customizing toolbars

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer

Value : NoToolbarCustomize

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unwanted restriction from adding/removing toolbars

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer

Value : NoBandCustomize

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unintended lockout from Task Manager (Task manager access disabled)

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system

Value : DisableTaskMgr

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Manual changing of browser start-page restricted

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel

Value : Homepage

Data :

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 9

Objects found so far: 21

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 21

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment : www.searchtraffic.com

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][2].txt

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 6

Objects found so far: 27

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

VX2 Object Recognized!

Type : File

Data : alchem.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\

FileVersion : 0, 2, 1, 3

ProductVersion : 0, 2, 1, 3

CompanyName : ClickAlchemy

FileDescription : www.clickalchemy.com

LegalCopyright : Copyright © 2004

 

 

VX2 Object Recognized!

Type : File

Data : preInsBI.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\

 

 

 

VX2 Object Recognized!

Type : File

Data : preInsTT.exe

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\

 

 

 

WinFavorites Object Recognized!

Type : File

Data : a.exe

TAC Rating : 6

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

LegalCopyright : Copyright © 2003

OriginalFilename : a.exe

 

 

Atelys Object Recognized!

Type : File

Data : iexplore.exe

TAC Rating : 6

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : Redirect Application

FileDescription : Redirect MFC Application

InternalName : Redirect

LegalCopyright : Copyright © 2003

OriginalFilename : Redirect.EXE

 

 

VX2 Object Recognized!

Type : File

Data : twaintec.dll

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\

FileVersion : 0, 1, 4, 19

ProductVersion : 0, 1, 4, 19

ProductName : Twaintec

CompanyName : Twain Tech

FileDescription : www.twain-tech.com

InternalName : Twaintec

LegalCopyright : Copyright © 2003

OriginalFilename : Twaintec.dll

Comments : www.twain-tech.com

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 33

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

IBIS Toolbar Object Recognized!

Type : Folder

TAC Rating : 5

Category : Data Miner

Comment : IBIS Toolbar

Object : C:\Program Files\Common Files\WinTools

 

VX2 Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\toolbar\webbrowser

Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

 

Atelys Object Recognized!

Type : Regkey

Data :

TAC Rating : 6

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\dpcproxy

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 3

Objects found so far: 36

 

9:48:03 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:04:20.763

Objects scanned:115065

Objects identified:24

Objects ignored:0

New critical objects:24

 

 

 

this is only for one computer, the others have more

Share this post


Link to post
Share on other sites

heres hijack log of one computer

 

Logfile of HijackThis v1.99.1

Scan saved at 9:57:43 AM, on 5/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\MasterSolution\Vision\MeUiHlp.exe

C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~2\VPTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe

C:\DOCUME~1\PRESSE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.woodsidehs.org/WHS_LMC/library.htm

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [MeUiHelper] C:\Program Files\MasterSolution\Vision\MeUiHlp.exe

O4 - HKLM\..\Run: [MePointer] "C:\Program Files\MasterSolution\Vision\Pointer\MPointer.exe"

O4 - HKLM\..\Run: [MeControlDL] C:\WINDOWS\system32\MESUAX.exe /DetectLogin

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121887363396

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WS-WHS.EDU

O17 - HKLM\Software\..\Telephony: DomainName = WS-WHS.EDU

O17 - HKLM\System\CCS\Services\Tcpip\..\{9736742B-C03E-41F0-B766-9519B48DBEB1}: NameServer = 10.7.1.40,10.1.1.2

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WS-WHS.EDU

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: MeWlxNot - C:\WINDOWS\system32\MeWlxNot.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MasterEye control manager (MeSuSrvc) - MasterEye ltd. - C:\WINDOWS\system32\MESUAX.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Share this post


Link to post
Share on other sites

heres ad aware log of other comp

 

Ad-Aware SE Build 1.06r1

Logfile Created on:Friday, May 12, 2006 9:52:40 AM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R47 24.05.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Coulomb Dialer(TAC index:5):1 total references

MRU List(TAC index:0):12 total references

Tracking Cookie(TAC index:3):18 total references

Windows(TAC index:3):4 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

5-12-2006 9:52:40 AM - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\press enter\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\press enter\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\office\11.0\powerpoint\recentfolderlist

Description : list of recent folders used by microsoft powerpoint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1824

ThreadCreationTime : 5-12-2006 3:25:21 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:2 [smtray.exe]

FilePath : C:\Program Files\Analog Devices\SoundMAX\

ProcessID : 176

ThreadCreationTime : 5-12-2006 3:25:22 PM

BasePriority : Normal

FileVersion : 3, 2, 17, 0

ProductVersion : 3, 2, 0, 0

ProductName : SoundMAX Integrated Digital Audio

CompanyName : Analog Devices, Inc.

FileDescription : SoundMAX System Tray

InternalName : SMTray

LegalCopyright : Copyright © 2003 Analog Devices

OriginalFilename : SMTray.exe

 

#:3 [ico.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 432

ThreadCreationTime : 5-12-2006 3:25:23 PM

BasePriority : Normal

FileVersion : 1, 0, 1, 0

ProductVersion : 1.0.0.0

ProductName : MouseSuite 98

CompanyName : Primax Electronics Ltd.

FileDescription : Mouse Suite 98 Daemon

InternalName : pelmiced.exe

LegalCopyright : Copyright © 1997, Primax Electronics Ltd.

LegalTrademarks : Primax Electronics Ltd.

 

#:4 [fsrremos.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 500

ThreadCreationTime : 5-12-2006 3:25:23 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 3

ProductVersion : 1, 0, 0, 1

ProductName : sysinf_s Application

FileDescription : sysinf_s MFC Application

InternalName : sysinf_s

LegalCopyright : Copyright © 2003

OriginalFilename : sysinf_s.EXE

 

#:5 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 612

ThreadCreationTime : 5-12-2006 3:25:23 PM

BasePriority : Normal

FileVersion : 6.0.2

ProductVersion : QuickTime 6.0.2

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2002

OriginalFilename : QTTask.exe

 

#:6 [pelmiced.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 552

ThreadCreationTime : 5-12-2006 3:25:23 PM

BasePriority : Normal

FileVersion : 1, 0, 9, 9

ProductVersion : 1.0.0.0

ProductName : MouseSuite 98

CompanyName : Primax Electronics Ltd.

FileDescription : Mouse Suite 98 Daemon

InternalName : pelmiced.exe

LegalCopyright : Copyright © 1997, Primax Electronics Ltd.

LegalTrademarks : Primax Electronics Ltd.

 

#:7 [igfxtray.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1316

ThreadCreationTime : 5-12-2006 3:25:25 PM

BasePriority : Normal

FileVersion : 3.0.0.2209

ProductVersion : 7.0.0.2209

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : igfxTray Module

InternalName : IGFXTRAY

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : IGFXTRAY.EXE

 

#:8 [hkcmd.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1672

ThreadCreationTime : 5-12-2006 3:25:26 PM

BasePriority : Normal

FileVersion : 3.0.0.2209

ProductVersion : 7.0.0.2209

ProductName : Intel® Common User Interface

CompanyName : Intel Corporation

FileDescription : hkcmd Module

InternalName : HKCMD

LegalCopyright : Copyright 1999-2003, Intel Corporation

OriginalFilename : HKCMD.EXE

 

#:9 [meuihlp.exe]

FilePath : C:\Program Files\MasterSolution\Vision\

ProcessID : 1712

ThreadCreationTime : 5-12-2006 3:25:26 PM

BasePriority : Normal

FileVersion : 5.0.1.0

ProductVersion : 5.0.0.0

ProductName : MasterEye XL

CompanyName : MasterSolution AG

FileDescription : MasterEye UI Helper

InternalName : MeUIHlp

LegalCopyright : Copyright © 1996-2002 MasterSolution AG

OriginalFilename : MeUIHlp.exe

 

#:10 [mpointer.exe]

FilePath : C:\Program Files\MasterSolution\Vision\Pointer\

ProcessID : 1744

ThreadCreationTime : 5-12-2006 3:25:27 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : MasterEye Marker

CompanyName : MasterEye

FileDescription : Marker

InternalName : Marker

LegalCopyright : Copyright © 1999

OriginalFilename : Marker.exe

 

#:11 [ccapp.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 1204

ThreadCreationTime : 5-12-2006 3:25:29 PM

BasePriority : Normal

FileVersion : 2.2.1.004

ProductVersion : 2.2.1.004

ProductName : Common Client

CompanyName : Symantec Corporation

FileDescription : Common Client User Session

InternalName : ccApp

LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.

OriginalFilename : ccApp.exe

 

#:12 [vptray.exe]

FilePath : C:\PROGRA~1\SYMANT~2\

ProcessID : 1876

ThreadCreationTime : 5-12-2006 3:25:30 PM

BasePriority : Normal

FileVersion : 9.0.1.1000

ProductVersion : 9.0.1.1000

ProductName : Symantec AntiVirus

CompanyName : Symantec Corporation

FileDescription : Symantec AntiVirus

LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

 

#:13 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2272

ThreadCreationTime : 5-12-2006 3:25:41 PM

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:14 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ProcessID : 3892

ThreadCreationTime : 5-12-2006 4:50:40 PM

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : IEXPLORE.EXE

 

#:15 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\

ProcessID : 2776

ThreadCreationTime : 5-12-2006 4:52:15 PM

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 12

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unwanted restriction from customizing toolbars

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer

Value : NoToolbarCustomize

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unwanted restriction from adding/removing toolbars

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\explorer

Value : NoBandCustomize

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Possible unintended lockout from Task Manager (Task manager access disabled)

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\microsoft\windows\currentversion\policies\system

Value : DisableTaskMgr

Data :

 

Windows Object Recognized!

Type : RegData

Data :

TAC Rating : 3

Category : Vulnerability

Comment : Manual changing of browser start-page restricted

Rootkey : HKEY_USERS

Object : S-1-5-21-2166734528-1295040742-3919625757-1110\software\policies\microsoft\internet explorer\control panel

Value : Homepage

Data :

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 4

Objects found so far: 16

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 16

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : press [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\press [email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : C:\Documents and Settings\press enter\Cookies\[email protected][2].txt

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 18

Objects found so far: 34

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Coulomb Dialer Object Recognized!

Type : File

Data : Groove.x32

TAC Rating : 5

Category : Dialer

Comment :

Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\

FileVersion : 1, 8, 1, 0

ProductVersion : 1, 8, 1, 0

ProductName : GROOVE

FileDescription : GROOVE

InternalName : GROOVE

LegalCopyright : Copyright 2001

OriginalFilename : GROOVE.x32

 

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

 

9:58:02 AM Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:21.914

Objects scanned:116366

Objects identified:23

Objects ignored:0

New critical objects:23

Share this post


Link to post
Share on other sites

Nick,

can you only post one PC in each topic you confustion is going to get the better of the elderly around here thumbs-up.gif

I will advise you on the first PC the one witch you started this topic with.

I advise you to edit /remove the other and then when starting a new topic call it some thing like PC 2 ETC

 

GRAFX 206729.gif

Share this post


Link to post
Share on other sites

Nick,

please follow these instructions carefully, and in the order given.

Please can you download VundoFix.exe to your desktop.

Double-click on the VundoFix.exe to run it.

Click the Scan for Vundo button.

When the scan is complete, click the Remove Vundo button.

click yes to remove the files,

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, Reboot (ie: Re-start your PC)

 

 

After your PC has restarted there will be a log called vundofix.txt will be created in your C:\ directory, please keep this log file as you may be asked to post it by the support staff

 

Lavasoft does have a BETA version of its own Virtumondo Remover

See Lavasoft Virtumondo Remover Released!

To download this tool, you must register as a Beta Application Tester, accepting the terms and conditions of our beta testing program.

 

Now can you please go and download a plug-in (i.e.: vx2cleaner.exe) that will assist you in the cleanup of your PC. (if you have not already have done so)

After you have downloaded and installed the VX2 Plug-in as described there,

DO NOT RUN IT YET

please can you clear out your cache folder ie: temporary internet folder.

There are some free programs that you can use that will do that for you if needed like :angry:

CCleaner

(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up

Then open Ad-Aware SE use the WebUpDate to ensure that you have the latest Definitions File

ie: (SE1R107 09.05.2006) then close Ad-Aware SE.

Now please save and close any open programs and disconnect from the internet.

(For broadband/cable users, it is recommended that you disconnect the cable connection)

Then

Please Reboot (i.e.: Re-start your PC)

Then open Ad-Aware SE but nothing else.

 

Please can you un-tick this option if you have it ticked

"Include negligible objects information".

 

To do this Open Ad-aware SE

Click “settings� (the Gear)

then Click “Tweaks“,

then click Scanning engine,

then un-tick "Include negligible objects information".

And then click the proceed button.

Now please scan doing a "Full Scan".

When the scan has finished select Next. In the Scanning Results window select the "Scan Summary" tab. tick the box next to a "target family’" you wish to remove. Click next, Click OK.

then rescan and do the same thing till you have removed all the "target family's"

Then please run the VX2 cleaner by Selecting the VX2 Cleaner plug-in and click “Run Plug-in� Select “Clean System�

Then please Reboot (i.e.: Re-start your PC)

Then after your PC has restarted please open Ad-Aware SE, but nothing else and

scan doing a "Full Scan". then and once the scan has finished mark and remove items then Reboot (i.e.: Re-start your PC)

Then re-scan doing a "Full Scan" and then post your log file here by using the Add-Reply Feature

 

GRAFX 206729.gif

Share this post


Link to post
Share on other sites
Against all school policies i downloaded ad-aware, i saw like 79 infections (12 were VX2 varient).

 

When i post the results you people will laugh

 

Neither log you posted shows 79 infections ... :angry:

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:04:20.763

Objects scanned:115065

Objects identified:24

Objects ignored:0

New critical objects:24

 

this is only for one computer, the others have more

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:05:21.914

Objects scanned:116366

Objects identified:23

Objects ignored:0

New critical objects:23

 

:)

 

BTW, we are all stunned to learn that you are a high school student. You sounded so much older ... :)

Share this post


Link to post
Share on other sites

It's shocking that high school students might have 'infected' computers ... :)

 

That's one of the reasons that spyware hunter/killers stay as busy as they do. :angry:

Share this post


Link to post
Share on other sites

yes well im not suprised. I even found bonzi buddy on one of the computers. How the student got it when their web page is blocked is beyond me. But some search engine like www.pimpmyip.com allow free surfing of the web without the school blocking it. That might explain the download. That or active X driveby download.

 

 

No popup adds or toolbars show up on the school computers though.

 

 

On my old windows 2000 computer, ad-aware found 368 files. You would be suprised. I had everything from Bonzi Buddy to Cool Web Search to VX2. It was crazy. I used to get popups when i wasn't even using the internet plus i would have tons of extra toolbars and my browser was hijacked frequently. :angry:

 

I have no wish of fixing the computers at school. I already contacted the T.A (techincal administrator) and he is very slow to react. He said he will deal with this a month from now. I told him to get a Corperate edition of Lavasoft Ad-Aware SE and download Spyware Blaster to block Active X driveby downloads and tracking cookies (spyware blaster allows for their software to be used on a large scale for schools and non profit organizations). Hopefully that will make a differance.

Share this post


Link to post
Share on other sites

I am having trouble getting the VX2 Varient off my computer. I have run the Ad-Aware SE and the Cleaner but the cleanre keeps coming up with "system Clean" but then when I run the Ad Aware again it finds the 2 again. Help!

Share this post


Link to post
Share on other sites

Pat H,

please can you start a new topic posting a full log file.

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

 

(note The Application Data is a hidden folder, so you will need to show hidden files and folders

and for Windows 98/ME users your logs are stored in

C:\WINDOWS\All Users\Application Data\ ) by default.

 

GRAFX 206729.gif

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0