Jump to content
Sign in to follow this  
Followers 0
Di-AR

Is this False Positive or not ?

By Di-AR, in False Positives

Recommended Posts

Di-AR   

Di-AR
Posted

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 11/23/2011 at 06:02 PM

Application Version : 5.0.1136

Core Rules Database Version : 7979

Trace Rules Database Version: 5791

Scan type : Quick Scan

Total Scan Time : 00:02:20

Operating System Information

Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 627

Memory threats detected : 0

Registry items scanned : 30023

Registry threats detected : 24

File items scanned : 6988

File threats detected : 10

Security.HiJack[imageFileExecutionOptions]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE#Debugger

Share this post

Link to post
Share on other sites

Di-AR   

Di-AR
Posted

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 11/23/2011 at 06:02 PM

Application Version : 5.0.1136

Core Rules Database Version : 7979

Trace Rules Database Version: 5791

Scan type : Quick Scan

Total Scan Time : 00:02:20

Operating System Information

Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 627

Memory threats detected : 0

Registry items scanned : 30023

Registry threats detected : 24

File items scanned : 6988

File threats detected : 10

Security.HiJack[imageFileExecutionOptions]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXCEL.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GROOVE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOPATH.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSACCESS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSPUB.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSTORE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ONENOTE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\POWERPNT.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINWORD.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YAHOOMESSENGER.EXE#Debugger

no response of my problem?? SAS Admin common help me!!!

Share this post

Link to post
Share on other sites

kcazzie   

kcazzie
Posted

Di-AR ...

I bet you have the new 'TUNE UP 2012'... After I installed TU 2012 on three of my PCs... SuperAntiSpyware picked them up as, 'Security.HiJack[imageFileExecutionOptions]...Plus Software\MicrsoftVersion|Image File Exec... etc.

None of my other SpyWare apps did... like Malwarebytes and others...It had me going just about all last night... This morning, I put 2 and 2 together and sure enough I found out what was going down...

Then I came here and this sure settled it...

-->>

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 12/04/2011 at 03:15 AM

Application Version : 5.0.1136

Core Rules Database Version : 8012

Trace Rules Database Version: 5824

Scan type : Complete Scan

Total Scan Time : 01:15:42

Operating System Information

Windows 7 Ultimate 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 930

Memory threats detected : 0

Registry items scanned : 40066

Registry threats detected : 67

File items scanned : 59724

File threats detected : 0

Security.HiJack[imageFileExecutionOptions]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#DisableExceptionChainValidation

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACRORD32.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CHROME.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CHROME.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DISCSPEED.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DISCSPEED.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNTRAY.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNTRAY.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNUPCONFIG.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DYNUPCONFIG.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEENCRYPT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILEENCRYPT.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILESPLITTER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILESPLITTER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLIPSHARE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPQDIREC.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HPQDIREC.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INTEGRATOR.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INTEGRATOR.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITUNES.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITUNES.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LIGHTSCRIBECONTROLPANEL.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LIGHTSCRIBECONTROLPANEL.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSLAUNCHER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSLAUNCHER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NCC.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NCC.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROBURNRIGHTS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROBURNRIGHTS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROEXPRESS.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROEXPRESS.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERORESCUEAGENT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERORESCUEAGENT.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCDR5CUIW32.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCDR5CUIW32.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RUNTROUBLESHOOTER.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RUNTROUBLESHOOTER.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNINS000.EXE#Debugger

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE#Debugger

EDIT; All three scans on my three PCs looks just about the same... But there is a difference after this part...

'HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options...' When I checked the registry all are coming from just about the same spot...

Share this post

Link to post
Share on other sites

Di-AR   

Di-AR
Posted

Yup your right I downloaded Tune-up 2012... so I guess sure it is false positive... thnx mate...

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...