Di-AR Posted November 23, 2011 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/23/2011 at 06:02 PM Application Version : 5.0.1136 Core Rules Database Version : 7979 Trace Rules Database Version: 5791 Scan type : Quick Scan Total Scan Time : 00:02:20 Operating System Information Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 627 Memory threats detected : 0 Registry items scanned : 30023 Registry threats detected : 24 File items scanned : 6988 File threats detected : 10 Security.HiJack[imageFileExecutionOptions] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE#Debugger Share this post Link to post Share on other sites
Di-AR Posted November 24, 2011 SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 11/23/2011 at 06:02 PM Application Version : 5.0.1136 Core Rules Database Version : 7979 Trace Rules Database Version: 5791 Scan type : Quick Scan Total Scan Time : 00:02:20 Operating System Information Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 627 Memory threats detected : 0 Registry items scanned : 30023 Registry threats detected : 24 File items scanned : 6988 File threats detected : 10 Security.HiJack[imageFileExecutionOptions] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE#Debugger no response of my problem?? SAS Admin common help me!!! Share this post Link to post Share on other sites
kcazzie Posted December 5, 2011 Di-AR ... I bet you have the new 'TUNE UP 2012'... After I installed TU 2012 on three of my PCs... SuperAntiSpyware picked them up as, 'Security.HiJack[imageFileExecutionOptions]...Plus Software\MicrsoftVersion|Image File Exec... etc. None of my other SpyWare apps did... like Malwarebytes and others...It had me going just about all last night... This morning, I put 2 and 2 together and sure enough I found out what was going down... Then I came here and this sure settled it... -->> SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 12/04/2011 at 03:15 AM Application Version : 5.0.1136 Core Rules Database Version : 8012 Trace Rules Database Version: 5824 Scan type : Complete Scan Total Scan Time : 01:15:42 Operating System Information Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 930 Memory threats detected : 0 Registry items scanned : 40066 Registry threats detected : 67 File items scanned : 59724 File threats detected : 0 Security.HiJack[imageFileExecutionOptions] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#DisableExceptionChainValidation HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CHROME.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CHROME.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DISCSPEED.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DISCSPEED.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNTRAY.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNTRAY.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNUPCONFIG.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNUPCONFIG.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEENCRYPT.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEENCRYPT.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILESPLITTER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILESPLITTER.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPQDIREC.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPQDIREC.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INTEGRATOR.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INTEGRATOR.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITUNES.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITUNES.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LIGHTSCRIBECONTROLPANEL.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LIGHTSCRIBECONTROLPANEL.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSLAUNCHER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSLAUNCHER.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NCC.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NCC.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROBURNRIGHTS.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROBURNRIGHTS.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROEXPRESS.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROEXPRESS.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERORESCUEAGENT.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERORESCUEAGENT.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCDR5CUIW32.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCDR5CUIW32.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RUNTROUBLESHOOTER.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RUNTROUBLESHOOTER.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE#Debugger HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE#Debugger EDIT; All three scans on my three PCs looks just about the same... But there is a difference after this part... 'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options...' When I checked the registry all are coming from just about the same spot... Share this post Link to post Share on other sites
Di-AR Posted December 5, 2011 Yup your right I downloaded Tune-up 2012... so I guess sure it is false positive... thnx mate... Share this post Link to post Share on other sites