W32.Alcan.A causing havoc [CLOSED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Jun 16 2005, 04:03 PM
Post
#1
|
|
|
New Member  Posts: 8 OS: Windows XP  |
I have the the W32.Alcan.a worm in my system and it refuses to leave and it's really causing havoc with my system (installing malware etc!). Please see Ad-aware log below. I have Killbox and CCleaner installed. One major problem for the fix is that my computer no longer starts in Safe Mode (but perhaps this is a result of the worm??) Many Thanks for any advice. Ad-Aware SE Build 1.06r1 Logfile Created on:16 June 2005 23:12:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R50 13.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R50 13.06.2005 Internal build : 58 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 481146 Bytes Total size : 1456012 Bytes Signature data size : 1427935 Bytes Reference data size : 27565 Bytes Signatures total : 40456 CSI Fingerprints total : 904 CSI data size : 31134 Bytes Target categories : 15 Target families : 692 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:25 % Total physical memory:261196 kb Available physical memory:64596 kb Total page file size:632988 kb Available on page file:420068 kb Total virtual memory:2097024 kb Available virtual memory:2044644 kb OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Play sound at scan completion if scan locates critical objects 16-06-2005 23:12:45 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 608 ThreadCreationTime : 16-06-2005 21:09:10 BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 680 ThreadCreationTime : 16-06-2005 21:09:16 BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 704 ThreadCreationTime : 16-06-2005 21:09:17 BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 748 ThreadCreationTime : 16-06-2005 21:09:18 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 760 ThreadCreationTime : 16-06-2005 21:09:18 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 924 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 976 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [incdsrv.exe] ModuleName : C:\Program Files\Ahead\InCD\InCDsrv.exe Command Line : "C:\Program Files\Ahead\InCD\InCDsrv.exe" ProcessID : 992 ThreadCreationTime : 16-06-2005 21:09:19 BasePriority : Normal FileVersion : 4, 2, 14, 0 ProductVersion : 4, 2, 14, 0 ProductName : Ahead Software AG incdsrv CompanyName : Ahead Software AG FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : incdsrv.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1220 ThreadCreationTime : 16-06-2005 21:09:20 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1248 ThreadCreationTime : 16-06-2005 21:09:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : n/a ProcessID : 1312 ThreadCreationTime : 16-06-2005 21:09:22 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : n/a ProcessID : 1324 ThreadCreationTime : 16-06-2005 21:09:22 BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [spbbcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe Command Line : n/a ProcessID : 1352 ThreadCreationTime : 16-06-2005 21:09:23 BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:14 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : n/a ProcessID : 1596 ThreadCreationTime : 16-06-2005 21:09:23 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1828 ThreadCreationTime : 16-06-2005 21:09:26 BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1884 ThreadCreationTime : 16-06-2005 21:09:26 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [incd.exe] ModuleName : C:\Program Files\Ahead\InCD\InCD.exe Command Line : "C:\Program Files\Ahead\InCD\InCD.exe" ProcessID : 200 ThreadCreationTime : 16-06-2005 21:09:28 BasePriority : Normal FileVersion : 4, 2, 14, 0 ProductVersion : 4, 2, 14, 0 ProductName : Ahead Software AG InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : InCD.exe #:18 [usisrv.exe] ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" ProcessID : 236 ThreadCreationTime : 16-06-2005 21:09:28 BasePriority : Normal FileVersion : 1, 0, 1, 15 ProductVersion : 1, 0, 1, 15 ProductName : Ulead Systems USISrv CompanyName : Ulead Systems FileDescription : USISrv InternalName : USISrv LegalCopyright : Copyright © 2003 Ulead Systems OriginalFilename : USISrv.exe #:19 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 260 ThreadCreationTime : 16-06-2005 21:09:29 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:20 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : n/a ProcessID : 296 ThreadCreationTime : 16-06-2005 21:09:29 BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:21 [realsched.exe] ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ProcessID : 312 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 0.1.0.3018 ProductVersion : 0.1.0.3018 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:22 [winupdates.exe] ModuleName : C:\Program Files\winupdates\winupdates.exe Command Line : "C:\Program Files\winupdates\winupdates.exe" /auto ProcessID : 320 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 3.06 ProductVersion : 3.06 ProductName : inno setup CompanyName : inno setup FileDescription : inno setup InternalName : Setup LegalCopyright : inno setup LegalTrademarks : inno setup OriginalFilename : Setup.exe Comments : inno setup #:23 [invbn.exe] ModuleName : C:\WINDOWS\System32\invbn.exe Command Line : "C:\WINDOWS\System32\invbn.exe" ProcessID : 336 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal #:24 [ctfmon.exe] ModuleName : C:\WINDOWS\System32\ctfmon.exe Command Line : "C:\WINDOWS\System32\ctfmon.exe" ProcessID : 340 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:25 [msnmsgr.exe] ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background ProcessID : 476 ThreadCreationTime : 16-06-2005 21:09:30 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright © Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:26 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 972 ThreadCreationTime : 16-06-2005 21:09:32 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:27 [appservices.exe] ModuleName : C:\PROGRA~1\Iomega\System32\AppServices.exe Command Line : "C:\PROGRA~1\Iomega\System32\AppServices.exe" ProcessID : 1168 ThreadCreationTime : 16-06-2005 21:09:32 BasePriority : Normal FileVersion : 2, 0, 2, 5 ProductVersion : 2, 0, 2, 5 ProductName : Iomega App Services CompanyName : Iomega Corporation FileDescription : AppServices InternalName : AppServices LegalCopyright : Copyright © 2000 OriginalFilename : AppService.exe Comments : Iomega App Services For Windows 2000/NT #:28 [navapsvc.exe] ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe Command Line : n/a ProcessID : 1192 ThreadCreationTime : 16-06-2005 21:09:33 BasePriority : Normal FileVersion : 11.0.9.16 ProductVersion : 11.0.9 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:29 [npfmntor.exe] ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe Command Line : n/a ProcessID : 1372 ThreadCreationTime : 16-06-2005 21:09:35 BasePriority : Normal FileVersion : 11.0.9.16 ProductVersion : 11.0.9 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:30 [nprotect.exe] ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE Command Line : n/a ProcessID : 1440 ThreadCreationTime : 16-06-2005 21:09:36 BasePriority : Normal FileVersion : 18.0.0.62 ProductVersion : 18.0.0.62 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright © 1997-2004 Symantec Corporation LegalTrademarks : Norton Utilities® and UnErase® are registered trademarks of Symantec Corporation. OriginalFilename : NPROTECT.EXE #:31 [nvsvc32.exe] ModuleName : C:\WINDOWS\System32\nvsvc32.exe Command Line : C:\WINDOWS\System32\nvsvc32.exe ProcessID : 1816 ThreadCreationTime : 16-06-2005 21:09:40 BasePriority : Normal FileVersion : 6.14.10.5216 ProductVersion : 6.14.10.5216 ProductName : NVIDIA Driver Helper Service, Version 52.16 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 52.16 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:32 [nopdb.exe] ModuleName : C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE Command Line : n/a ProcessID : 2100 ThreadCreationTime : 16-06-2005 21:09:46 BasePriority : Normal FileVersion : 7.00.0.24 ProductVersion : 7.00.0.24 ProductName : Norton Speed Disk CompanyName : Symantec Corporation FileDescription : NOPDB InternalName : NOPDB LegalCopyright : Copyright © 1997-2004 Symantec Corporation OriginalFilename : NOPDB.dll #:33 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 2120 ThreadCreationTime : 16-06-2005 21:09:47 BasePriority : Normal FileVersion : 4.7.2010 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:34 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 2164 ThreadCreationTime : 16-06-2005 21:09:48 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:35 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : n/a ProcessID : 2176 ThreadCreationTime : 16-06-2005 21:09:48 BasePriority : Normal FileVersion : 1, 8, 54, 478 ProductVersion : 1, 8, 54, 478 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright © 2003 OriginalFilename : symlcsvc.exe #:36 [ulcdrsvr.exe] ModuleName : C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Command Line : "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ProcessID : 2288 ThreadCreationTime : 16-06-2005 21:09:52 BasePriority : Normal FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 ProductName : Ulead Systems ULCDRSvr CompanyName : Ulead Systems, Inc. FileDescription : ULCDRSvr InternalName : ULCDRSvr LegalCopyright : Copyright © 2002 Ulead Systems, Inc. OriginalFilename : ULCDRSvr.exe #:37 [wdfmgr.exe] ModuleName : C:\WINDOWS\System32\wdfmgr.exe Command Line : C:\WINDOWS\System32\wdfmgr.exe ProcessID : 2356 ThreadCreationTime : 16-06-2005 21:09:54 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:38 [adservice.exe] ModuleName : C:\Program Files\Iomega\AutoDisk\ADService.exe Command Line : "C:\Program Files\Iomega\AutoDisk\ADService.exe" ProcessID : 2436 ThreadCreationTime : 16-06-2005 21:09:55 BasePriority : Normal FileVersion : 3, 2, 1, 5 ProductVersion : 3, 2, 1, 5 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk Service InternalName : ADService LegalCopyright : Copyright © 2002 OriginalFilename : ADService.exe #:39 [wuauclt.exe] ModuleName : C:\WINDOWS\System32\wuauclt.exe Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[3d0]SUSDS70350bc292b32f48ad71b89e7cd0d49d ProcessID : 2880 ThreadCreationTime : 16-06-2005 21:10:49 BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:40 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3036 ThreadCreationTime : 16-06-2005 21:11:18 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:41 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 3144 ThreadCreationTime : 16-06-2005 21:12:04 BasePriority : Normal FileVersion : 4.8.0.32 ProductVersion : 4.8.0.32 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52} istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : istbar.barobj SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper.1 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder.1 SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe} ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : testcontentmatchcontrol1.contentmatchtag.1 ZyncosMark Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : account_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : config DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\ist Value : Recover DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\avenue media SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : RestartADPDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TimeOutInterval BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TempUniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastADPRestart BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : last_conn_l DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : we DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : cdata DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : TimeOffset DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_last_chunk DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : action_url_last_full_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : key_file DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-329068152-1202660629-1957994488-1003\software\sais Value : kw_last_chunk DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : duid DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : partner_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : product_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt1 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt2 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt3 DyFuCA Object Recognized! Type : RegValue Data |
 |
 
|
|
Jun 16 2005, 04:09 PM
Post
#2
|
|
|
New Member Posts: 8 OS: Windows XP |
(ad-aware log cont.) DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : mt3 DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gma DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gvi DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : gpi DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : boom DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sais Value : boom_ver DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\dyfuca DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_name DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_url DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : ui DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_initial_delay DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_limit DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_version DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_count DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : account_id DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_date DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_last DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_last DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_interval DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_last DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : UninstallString istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : NoModify istbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : barTitle istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : serverpath istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : urlAfterInstall istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : gUpdate istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : TBRowMode istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : xml_istbar.xml istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : imagemap_normal.bmp istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : imagemap_over.bmp istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : showcorrupted istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : updatever istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : refreshscope istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : allowupdate istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : LastCheckTime istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : version.txt istbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istbar Value : UpdateBegin SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : ButtonText SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : HotIcon SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : Icon SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : CLSID SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : BandCLSID SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind Value : shoppingautosearch SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind Value : UninstallString SideFind Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathBHO SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathDLL SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathXML SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathEXE SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : InstallDate SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : SearchSite SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : update SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : ver SideFind Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : IntervalBetweenShows istbar Object Recognized! Type : RegValue Data |