Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred] My Ad-Aware Log

Started by Daryn , Apr 23 2005 11:34 PM

  • This topic is locked This topic is locked

#1
Daryn
Posted 23 April 2005 - 11:34 PM

Daryn

    Member

  • Member
  • PipPip
  • 34 posts
I deleted the contents of this post since the log was not correct. The new log is a few posts down)

Edited by Daryn, 24 April 2005 - 10:57 AM.

  • 0

Advertisements

#2
Rawe
Posted 24 April 2005 - 01:32 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Your logfile is incomplete, you should keep copying it ..
You know that it is complete when you see "Scan summary".
Also, your definition files are old, there's a new update..
Experts will take it from there when you post a new logfile..
(Also you should remove all tracking cookies for prior to posting)

- Rawe :tazz:
  • 0

#3
Guest_Andy_veal_*
Posted 24 April 2005 - 04:47 AM

Guest_Andy_veal_*
  • Guest
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.
  • 0

#4
Daryn
Posted 24 April 2005 - 10:31 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I see what happened, I didn't realize it didn't post the whole thing in the first post. And here is the original full scan.


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, April 24, 2005 12:11:31 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):16 total references
AdDestroyer(TAC index:5):15 total references
Adintelligence.AproposToolbar(TAC index:5):10 total references
DyFuCA(TAC index:3):76 total references
IBIS Toolbar(TAC index:5):391 total references
istbar(TAC index:7):37 total references
MediaMotor(TAC index:8):75 total references
Other(TAC index:5):1 total references
PeopleOnPage(TAC index:9):34 total references
Possible Browser Hijack attempt(TAC index:3):14 total references
PromulGate(TAC index:5):12 total references
SideFind(TAC index:5):44 total references
Tracking Cookie(TAC index:3):65 total references
WindUpdates(TAC index:8):25 total references
VirtualBouncer(TAC index:5):25 total references
YourSiteBar(TAC index:6):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:60 %
Total physical memory:1047784 kb
Available physical memory:622640 kb
Total page file size:2521688 kb
Available on page file:2176656 kb
Total virtual memory:2097024 kb
Available virtual memory:2040688 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-24-2005 12:11:31 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1148
ThreadCreationTime : 4-23-2005 9:29:01 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1460
ThreadCreationTime : 4-23-2005 9:32:49 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 1488
ThreadCreationTime : 4-23-2005 9:32:57 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 4-23-2005 9:33:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 4-23-2005 9:33:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1720
ThreadCreationTime : 4-23-2005 9:33:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1984
ThreadCreationTime : 4-23-2005 9:33:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 320
ThreadCreationTime : 4-23-2005 9:33:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 472
ThreadCreationTime : 4-23-2005 9:33:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 840
ThreadCreationTime : 4-23-2005 9:33:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [basfipm.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1088
ThreadCreationTime : 4-23-2005 9:33:29 PM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:12 [cvpnd.exe]
FilePath : C:\Program Files\GW\GBUSSNet Client 2.0\
ProcessID : 1120
ThreadCreationTime : 4-23-2005 9:33:29 PM
BasePriority : Normal
FileVersion : 4.0.2 (D)
ProductVersion : 4.0.2 (D)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1256
ThreadCreationTime : 4-23-2005 9:33:31 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:14 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1300
ThreadCreationTime : 4-23-2005 9:33:32 PM
BasePriority : Normal
FileVersion : 6.14.10.4586
ProductVersion : 6.14.10.4586
ProductName : NVIDIA Driver Helper Service, Version 45.86
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.86
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1452
ThreadCreationTime : 4-23-2005 9:33:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1620
ThreadCreationTime : 4-23-2005 9:33:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1676
ThreadCreationTime : 4-23-2005 9:33:36 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 596
ThreadCreationTime : 4-23-2005 9:34:57 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:19 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 608
ThreadCreationTime : 4-23-2005 9:34:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:20 [aim.exe]
FilePath : C:\Program Files\AIM95\
ProcessID : 624
ThreadCreationTime : 4-23-2005 9:34:59 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)


#:21 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 2072
ThreadCreationTime : 4-23-2005 9:46:21 PM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:22 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 880
ThreadCreationTime : 4-23-2005 9:46:22 PM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:23 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 2064
ThreadCreationTime : 4-23-2005 9:46:26 PM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:24 [itunes.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2240
ThreadCreationTime : 4-23-2005 11:50:06 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunes
InternalName : iTunes
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunes.exe

WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\Program Files\iTunes\iTunes.exe"Process terminated successfully

#:25 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 3756
ThreadCreationTime : 4-23-2005 11:50:19 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:26 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2712
ThreadCreationTime : 4-24-2005 2:41:01 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

Warning! DyFuCA Object found in memory(C:\Program Files\SideFind\sfbho.dll)

DyFuCA Object Recognized!
Type : Process
Data : sfbho.dll
Category : Malware
Comment :
Object : C:\Program Files\SideFind\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL

Warning! 180Solutions Object found in memory(c:\windows\180axhook.dll)

180Solutions Object Recognized!
Type : Process
Data : 180axhook.dll
Category : Data Miner
Comment :
Object : c:\windows\


Warning! MediaMotor Object found in memory(C:\WINDOWS\Pynix.dll)

MediaMotor Object Recognized!
Type : Process
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


#:27 [adstatserv.exe]
FilePath : C:\Program Files\AdStatus Service\
ProcessID : 3344
ThreadCreationTime : 4-24-2005 4:07:37 AM
BasePriority : Normal


WindUpdates Object Recognized!
Type : Process
Data : AdStatServ.exe
Category : Malware
Comment : full-search IE hijacker
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatServ.exe)

"C:\Program Files\AdStatus Service\AdStatServ.exe"Process terminated successfully
"C:\Program Files\AdStatus Service\AdStatServ.exe"Process terminated successfully

#:28 [adstatkeep.exe]
FilePath : C:\Program Files\AdStatus Service\
ProcessID : 3472
ThreadCreationTime : 4-24-2005 4:07:39 AM
BasePriority : Normal


WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\Program Files\AdStatus Service\AdStatKeep.exe"Process terminated successfully

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 520
ThreadCreationTime : 4-24-2005 4:07:40 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\Program Files\Internet Explorer\iexplore.exe"Process terminated successfully

#:30 [istsvc.exe]
FilePath : C:\Program Files\ISTsvc\
ProcessID : 1516
ThreadCreationTime : 4-24-2005 4:07:45 AM
BasePriority : Normal


WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\Program Files\ISTsvc\istsvc.exe"Process terminated successfully

#:31 [ncasep~1.exe]
FilePath : C:\temp\
ProcessID : 3516
ThreadCreationTime : 4-24-2005 4:07:45 AM
BasePriority : Normal

Warning! 180Solutions Object found in memory(C:\temp\NCASEP~1.EXE)

180Solutions Object Recognized!
Type : Process
Data : NCASEP~1.EXE
Category : Data Miner
Comment :
Object : C:\temp\


"C:\temp\NCASEP~1.EXE"Process terminated successfully
"C:\temp\NCASEP~1.EXE"Process terminated successfully

#:32 [otnexdc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2752
ThreadCreationTime : 4-24-2005 4:07:48 AM
BasePriority : Normal


WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\WINDOWS\otnexdc.exe"Process terminated successfully

#:33 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2976
ThreadCreationTime : 4-24-2005 4:07:51 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:34 [180ax.exe]
FilePath : c:\windows\
ProcessID : 2996
ThreadCreationTime : 4-24-2005 4:08:08 AM
BasePriority : Normal
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Warning! 180Solutions Object found in memory(c:\windows\180ax.exe)

180Solutions Object Recognized!
Type : Process
Data : 180ax.exe
Category : Data Miner
Comment :
Object : c:\windows\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.

"c:\windows\180ax.exe"Process terminated successfully
"c:\windows\180ax.exe"Process terminated successfully

#:35 [wtoolsa.exe]
FilePath : C:\Program Files\Common Files\WinTools\
ProcessID : 3596
ThreadCreationTime : 4-24-2005 4:08:34 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WToolsA.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WToolsA.exe)

"C:\Program Files\Common Files\WinTools\WToolsA.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WToolsA.exe"Process terminated successfully

#:36 [wsup.exe]
FilePath : C:\Program Files\Common Files\WinTools\
ProcessID : 3288
ThreadCreationTime : 4-24-2005 4:08:41 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : WSup.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Common Files\WinTools\


Warning! IBIS Toolbar Object found in memory(C:\Program Files\Common Files\WinTools\WSup.exe)

"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully
"C:\Program Files\Common Files\WinTools\WSup.exe"Process terminated successfully

#:37 [optimize.exe]
FilePath : C:\Program Files\Internet Optimizer\
ProcessID : 1780
ThreadCreationTime : 4-24-2005 4:09:15 AM
BasePriority : Normal

Warning! DyFuCA Object found in memory(C:\Program Files\Internet Optimizer\optimize.exe)

DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer\


"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully

#:38 [tbps.exe]
FilePath : C:\Program Files\Toolbar\
ProcessID : 2904
ThreadCreationTime : 4-24-2005 4:09:36 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : TBPS.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\Toolbar\


Warning! IBIS Toolbar Object found in memory(C:\Program Files\Toolbar\TBPS.exe)

"C:\Program Files\Toolbar\TBPS.exe"Process terminated successfully
"C:\Program Files\Toolbar\TBPS.exe"Process terminated successfully

#:39 [pib.exe]
FilePath : C:\PROGRA~1\Toolbar\
ProcessID : 3232
ThreadCreationTime : 4-24-2005 4:09:40 AM
BasePriority : Realtime


IBIS Toolbar Object Recognized!
Type : Process
Data : PIB.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Toolbar\


Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\Toolbar\PIB.exe)

"C:\PROGRA~1\Toolbar\PIB.exe"Process terminated successfully
"C:\PROGRA~1\Toolbar\PIB.exe"Process terminated successfully

#:40 [ctfad1.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3368
ThreadCreationTime : 4-24-2005 4:09:45 AM
BasePriority : Normal


#:41 [virtua~1.exe]
FilePath : C:\PROGRA~1\VBOUNCER\
ProcessID : 1324
ThreadCreationTime : 4-24-2005 4:10:14 AM
BasePriority : Normal
FileVersion : 0.00.0102
ProductVersion : 0.00.0102
ProductName : Virtual Bouncer
CompanyName : Spyware Labs
InternalName : VirtualBouncer
OriginalFilename : VirtualBouncer.exe

#:42 [addest~1.exe]
FilePath : C:\PROGRA~1\ADDEST~1\
ProcessID : 3584
ThreadCreationTime : 4-24-2005 4:10:14 AM
BasePriority : Normal
FileVersion : 0.00.0107
ProductVersion : 0.00.0107
ProductName : AdDestroyer
CompanyName : Spyware Labs
InternalName : AdDestroyer
OriginalFilename : AdDestroyer.exe

WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)


#:43 [radio.exe]
FilePath : c:\PROGRA~1\Toolbar\
ProcessID : 3644
ThreadCreationTime : 4-24-2005 4:10:18 AM
BasePriority : Normal


#:44 [hlicert6.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 276
ThreadCreationTime : 4-24-2005 4:10:21 AM
BasePriority : Normal


#:45 [swkzfv.exe]
FilePath : c:\windows\system32\
ProcessID : 4008
ThreadCreationTime : 4-24-2005 4:10:23 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! MediaMotor Object found in memory(c:\windows\system32\swkzfv.exe)

MediaMotor Object Recognized!
Type : Process
Data : swkzfv.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

"c:\windows\system32\swkzfv.exe"Process terminated successfully
"c:\windows\system32\swkzfv.exe"Process terminated successfully

#:46 [nsvsvc.exe]
FilePath : C:\WINDOWS\System32\nsvsvc\
ProcessID : 3640
ThreadCreationTime : 4-24-2005 4:10:41 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:47 [autoupdate.exe]
FilePath : C:\Program Files\AutoUpdate\
ProcessID : 1904
ThreadCreationTime : 4-24-2005 4:10:43 AM
BasePriority : Normal

Warning! PeopleOnPage Object found in memory(C:\Program Files\AutoUpdate\AutoUpdate.exe)

PeopleOnPage Object Recognized!
Type : Process
Data : AutoUpdate.exe
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate\


"C:\Program Files\AutoUpdate\AutoUpdate.exe"Process terminated successfully
"C:\Program Files\AutoUpdate\AutoUpdate.exe"Process terminated successfully

#:48 [picsvr.exe]
FilePath : C:\WINDOWS\System32\picsvr\
ProcessID : 3712
ThreadCreationTime : 4-24-2005 4:10:44 AM
BasePriority : Normal


WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\WINDOWS\System32\picsvr\picsvr.exe"Process terminated successfully

#:49 [cxtpls.exe]
FilePath : C:\Program Files\CxtPls\
ProcessID : 2356
ThreadCreationTime : 4-24-2005 4:10:46 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe
Warning! PeopleOnPage Object found in memory(C:\Program Files\CxtPls\ace.dll)

PeopleOnPage Object Recognized!
Type : Process
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


WindUpdates Object Recognized!
Type : Process
Data : AdStatComm.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\AdStatus Service\


Warning! WindUpdates Object found in memory(C:\Program Files\AdStatus Service\AdStatComm.dll)

"C:\Program Files\CxtPls\CxtPls.exe"Process terminated successfully

#:50 [wtoolss.exe]
FilePath : C:\Program Files\Common Files\WinTools\
ProcessID : 2460
ThreadCreationTime : 4-24-2005 4:10:54 AM
BasePriority : Normal


#:51 [tbpssvc.exe]
FilePath : C:\PROGRA~1\Toolbar\
ProcessID : 2744
ThreadCreationTime : 4-24-2005 4:11:17 AM
BasePriority : Normal


IBIS Toolbar Object Recognized!
Type : Process
Data : TBPSSvc.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Toolbar\


Warning! IBIS Toolbar Object found in memory(C:\PROGRA~1\Toolbar\TBPSSvc.exe)

"C:\PROGRA~1\Toolbar\TBPSSvc.exe"Process terminated successfully
"C:\PROGRA~1\Toolbar\TBPSSvc.exe"Process terminated successfully

#:52 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2300
ThreadCreationTime : 4-24-2005 4:11:21 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 25


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\handler\tpro

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\handler\tpro
Value :

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\handler\tpro
Value : CLSID

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\toolbar.resprotocol

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\toolbar.resprotocol
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\wtoolsb.resprotocol
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.resprotocol

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.resprotocol
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wtoolsb.resprotocol
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{37ac49e3-e906-4bd8-ae83-d0f7fb48fd17}

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}

IBIS Toolbar Obje

Edited by Daryn, 24 April 2005 - 10:33 AM.

  • 0

#5
Daryn
Posted 24 April 2005 - 10:40 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : radio.radioplayer

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : radio.radioplayer
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindownadd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindownadd
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj.1

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj.1
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ysb.ysbobj
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iobjsafety.democtl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : iobjsafety.democtl
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9f61cfdf-5c79-4d35-b4da-766b28367223}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9f61cfdf-5c79-4d35-b4da-766b28367223}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e832ffde-8ed2-47b7-be50-729a238040a0}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e832ffde-8ed2-47b7-be50-729a238040a0}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{78a163d2-2358-464d-807b-0e2a078c7727}

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0ce16cb-741c-4b24-8d04-a817856e07f4}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0ce16cb-741c-4b24-8d04-a817856e07f4}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e4bcf50-865b-4ef4-a0bc-bf57229ea525}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e4bcf50-865b-4ef4-a0bc-bf57229ea525}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{64a5bd22-8d8a-4193-9cf8-7db5212abb17}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{64a5bd22-8d8a-4193-9cf8-7db5212abb17}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

AdDestroyer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\vb and vba program settings\addestroyer

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist
Value : InstallDate

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\avenue media

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : ICheck

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hminlzz2ym5hx3rk4irx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : a4ix

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : alk3hm

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : 4irx2y4mnrk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hrl4nyirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hr8g8kmi4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hrhrirlx2j4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hrhrirlx2j25s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\wintools
Value : hrjy3ralsr4xz

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYE2v3nt

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\pynix
Value : PYC2n3tFyl

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\apropos

VirtualBouncer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\vb and vba program settings\vbouncer

AdDestroyer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer

AdDestroyer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer
Value : DisplayName

AdDestroyer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer
Value : UninstallString

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : UninstallString

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : DisplayName

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : DisplayIcon

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayIcon

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayName

DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3rk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzzrwrz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkjhn2j

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkbd4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lkixw4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : libkrzl7

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s2jr2bjy4x

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25swrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62lalk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62labd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62laiar2

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3t

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7i

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzz2ym5hx3i7iru

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : hminlzzijyd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlcy4nhm5y

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmin2ym5hx3

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminml3r

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhmina4czhijrx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : wrxcyir

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rlkbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mml3rrihri

IBIS Toolbar Object Recognized!
  • 0

#6
Daryn
Posted 24 April 2005 - 10:44 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5yt

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mhminlzzhm5y1

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5hxinrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 5x62larbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zrirua

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : x4zriinya

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : lk4mh4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrjy3ralsr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczr8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 8g84xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : li4xz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : librmlczrhri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkralk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrabd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrari

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkrahri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 4mkraja

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrl4nyhmin

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : rmlczrbdlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : n4hk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : k25s4ak

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 24irxi

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydmklnr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2lki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrlki

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2bd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2rrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zrrbd

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2xhr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zxhr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 28g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2z8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2li

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 2zli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrmli

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : llrm8g8

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : z225s

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25s6xri

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : khminlzz

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : 25sixwwlx

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xziw2

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xzihnr

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xzkr5

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xzaxr5

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xzbd4

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : kydm4xzbdk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wintools
Value : zlh

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media-motor

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media-motor
Value : DisplayName

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\media-motor
Value : UninstallString

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\apropos

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

PeopleOnPage Object Recognized!
Type : Regkey
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate

PeopleOnPage Object Recognized!
Type : RegValue
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate
Value : UninstallString

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
Value :

PromulGate Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}

PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : Default Visible

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : ButtonText

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : HotIcon

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : Icon

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : CLSID

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
Value : BandCLSID

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : webautosearch

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind
Value : shoppingautosearch

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind
Value : DisplayName

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind
Value : UninstallString

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : account_id

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathBHO

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathDLL

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathXML

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : PathEXE

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : InstallDate

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : SearchSite

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : update

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : ver

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind
Value : IntervalBetweenShows

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : param

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : track

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : LastUpdate

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : reqcount

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : DownloadPath

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : Language

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : SoftwareTable

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\adstatus service
Value : Request

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\adstatus service

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\adstatus service
Value : UninstallString

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\adstatus service
Value : DisplayName

VirtualBouncer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer

VirtualBouncer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer
Value : DisplayName

VirtualBouncer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer
Value : UninstallString

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar\historyfiles

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar\historyfiles
Value : C:\PROGRA~1\YOURSI~1\yoursitebar.xml

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar\historyfiles
Value : C:\PROGRA~1\YOURSI~1\imagemap_normal.bmp

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar\historyfiles
Value : C:\PROGRA~1\YOURSI~1\version.txt

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\microsoft\internet explorer\toolbar\webbrowser
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{8952A998-1E7E-4716-B23D-3DBE03910972}"
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\microsoft\internet explorer\urlsearchhooks
Value : {8952A998-1E7E-4716-B23D-3DBE03910972}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Internet Optimizer"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Internet Optimizer

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "gUpdate"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : gUpdate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {86227D9C-0EFE-4f8a-AA55-30386A3F5686}

PeopleOnPage Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoLoaderAproposClient"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : AutoLoaderAproposClient

WindUpdates Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "AdStatus Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : AdStatus Service

VirtualBouncer Object Recognized!
Type : RegValue
Data : .redearthsystems.com
Category : Malware
Comment : "RURL"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : RURL

VirtualBouncer Object Recognized!
Type : RegValue
Data : 100
Category : Malware
Comment : "DistID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : DistID

VirtualBouncer Object Recognized!
Type : RegValue
Data : spywarelabs.com
Category : Malware
Comment : "CURL"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : CURL

VirtualBouncer Object Recognized!
Type : RegValue
Data : spywarelabs.com
Category : Malware
Comment : "DURL"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\cryptography\services
Value : DURL

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 399
Objects found so far: 424


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearchAssistantwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50213"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : SearchAssistant
Data : "http://www.websearch...px?tb_id=50213"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50213"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.websearch...px?tb_id=50213"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearch\toolbar.dll/sa

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "res://C:\PROGRA~1\Toolbar\toolbar.dll/sa"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "res://C:\PROGRA~1\Toolbar\toolbar.dll/sa"
Possible Browser Hijack attempt : S-1-5-21-3112206496-2994604276-3448640103-1006\Software\Microsoft\Internet Explorer\MainSearch Barwww.websearch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.websearch...px?tb_id=50213"
Category : Malware
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://www.websearch...px?tb_id=50213"

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com"
Category : Malware
Comment : (http://www.ysbweb.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
Value : HelpLink

MediaMotor Object Recognized!
Type : Regkey
Data : C:\WINDOWS\Pynix.dll
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59}

MediaMotor Object Recognized!
Type : File
Data : pynix.dll
Category : Malware
Comment :
Object : c:\windows\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({00000000-DD60-0064-6EC2-6E0100000000})
Rootkey : HKEY_CLASSES_ROOT
Object : PynixDll.PynixDllObj.1
Value :
Trusted zone presumably compromised : media-motor.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : media-motor.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : media-motor.net
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net
Value : *
Trusted zone presumably compromised : popuppers.com

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : popuppers.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : popuppers.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com
Value : *

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "180ax"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : 180ax

180Solutions Object Recognized!
Type : File
Data : 180ax.exe
Category : Data Miner
Comment :
Object : c:\windows\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "sixtysix"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : sixtysix

MediaMotor Object Recognized!
Type : File
Data : sixtypopsix.exe
Category : Malware
Comment :
Object : c:\windows\
FileVersion : 6.04
ProductVersion : 6.04
ProductName : pop64
CompanyName : Network1
InternalName : sixtypopsix
OriginalFilename : sixtypopsix.exe


MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "swkzfv"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : swkzfv

MediaMotor Object Recognized!
Type : File
Data : swkzfv.exe
Category : Malware
Comment :
Object : c:\windows\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


PeopleOnPage Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoUpdater"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : AutoUpdater

PeopleOnPage Object Recognized!
Type : File
Data : autoupdate.exe
Category : Data Miner
Comment :
Object : c:\program files\autoupdate\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 452


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@centrport[2].txt
Category : Data Miner
Comment : Hits:28
Value : Cookie:d$@centrport.net/
Expires : 12-31-2029 8:00:00 PM
LastSync : Hits:28
UseCount : 0
Hits : 28

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:d$@questionmarket.com/
Expires : 6-14-2006 3:48:24 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@atdmt[2].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:d$@atdmt.com/
Expires : 4-15-2010 8:00:00 PM
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@tribalfusion[2].txt
Category : Data Miner
Comment : Hits:23
Value : Cookie:d$@tribalfusion.com/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:23
UseCount : 0
Hits : 23

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@bluestreak[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:d$@bluestreak.com/
Expires : 4-15-2015 6:00:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@2o7[2].txt
Category : Data Miner
Comment : Hits:637
Value : Cookie:d$@2o7.net/
Expires : 4-22-2010 11:53:46 PM
LastSync : Hits:637
UseCount : 0
Hits : 637

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@mediaplex[1].txt
Category
  • 0

#7
Daryn
Posted 24 April 2005 - 10:49 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Category : Data Miner
Comment : Hits:4
Value : Cookie:d$@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@advertising[2].txt
Category : Data Miner
Comment : Hits:154
Value : Cookie:d$@advertising.com/
Expires : 4-22-2010 7:49:58 PM
LastSync : Hits:154
UseCount : 0
Hits : 154

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@doubleclick[1].txt
Category : Data Miner
Comment : Hits:40
Value : Cookie:d$@doubleclick.net/
Expires : 4-15-2008 8:55:38 PM
LastSync : Hits:40
UseCount : 0
Hits : 40

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@servedby.advertising[2].txt
Category : Data Miner
Comment : Hits:1274
Value : Cookie:d$@servedby.advertising.com/
Expires : 5-23-2005 9:09:34 PM
LastSync : Hits:1274
UseCount : 0
Hits : 1274

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@z1.adserver[1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:d$@z1.adserver.com/
Expires : 4-23-2006 8:13:30 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@adrevolver[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:d$@media.adrevolver.com/adrevolver/
Expires : 1-9-2008 12:00:04 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@premiumnetworkrocks.valuead[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:d$@premiumnetworkrocks.valuead.com/
Expires : 12-31-2020 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@maxserving[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:d$@maxserving.com/
Expires : 4-15-2015 1:17:34 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@fastclick[2].txt
Category : Data Miner
Comment : Hits:105
Value : Cookie:d$@fastclick.net/
Expires : 4-17-2007 10:04:26 PM
LastSync : Hits:105
UseCount : 0
Hits : 105

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@casalemedia[2].txt
Category : Data Miner
Comment : Hits:21
Value : Cookie:d$@casalemedia.com/
Expires : 4-14-2006 8:11:06 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@valueclick[2].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:d$@valueclick.com/
Expires : 4-10-2030 11:45:12 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ads.pointroll[1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:d$@ads.pointroll.com/
Expires : 12-31-2009 8:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ehg-dig.hitbox[1].txt
Category : Data Miner
Comment : Hits:19
Value : Cookie:d$@ehg-dig.hitbox.com/
Expires : 4-18-2006 8:42:50 PM
LastSync : Hits:19
UseCount : 0
Hits : 19

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@0[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:d$@jbeet.cjt1.net/HTM/676/0
Expires : 4-18-2006 9:35:12 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@statcounter[2].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:d$@statcounter.com/
Expires : 4-18-2010 1:25:38 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@tripod[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:d$@tripod.com/
Expires : 4-17-2006 1:16:50 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@citi.bridgetrack[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:d$@citi.bridgetrack.com/
Expires : 4-12-2006
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ehg-mastercard.hitbox[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:d$@ehg-mastercard.hitbox.com/
Expires : 4-19-2006 1:07:10 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@zedo[2].txt
Category : Data Miner
Comment : Hits:11
Value : Cookie:d$@zedo.com/
Expires : 4-14-2015 11:49:18 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@twci.coremetrics[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:d$@twci.coremetrics.com/
Expires : 4-16-2020 1:55:12 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@realmedia[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:d$@realmedia.com/
Expires : 12-31-2010 8:00:00 PM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@trafficmp[1].txt
Category : Data Miner
Comment : Hits:59
Value : Cookie:d$@trafficmp.com/
Expires : 4-16-2006 9:15:26 PM
LastSync : Hits:59
UseCount : 0
Hits : 59

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ads.addynamix[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:d$@ads.addynamix.com/
Expires : 4-19-2005 9:44:44 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@hitbox[2].txt
Category : Data Miner
Comment : Hits:30
Value : Cookie:d$@hitbox.com/
Expires : 4-19-2006 1:07:10 AM
LastSync : Hits:30
UseCount : 0
Hits : 30

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@spylog[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:d$@spylog.com/
Expires : 10-20-2005 7:41:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 31
Objects found so far: 483



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\SYSTEM32\



MediaMotor Object Recognized!
Type : File
Data : mm63.ocx
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 6.03
ProductVersion : 6.03
ProductName : DemoCtla
CompanyName : df
InternalName : mm63
OriginalFilename : mm63.ocx


MediaMotor Object Recognized!
Type : File
Data : unstall.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


DyFuCA Object Recognized!
Type : File
Data : nem220.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


180Solutions Object Recognized!
Type : File
Data : 180axhook.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\



IBIS Toolbar Object Recognized!
Type : File
Data : EDow_AS2.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



180Solutions Object Recognized!
Type : File
Data : NCasePackage.exe
Category : Data Miner
Comment :
Object : C:\temp\



180Solutions Object Recognized!
Type : File
Data : salm.exe
Category : Data Miner
Comment :
Object : C:\temp\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@questionmarket[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@questionmarket[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@centrport[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@centrport[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@0[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@0[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@maxserving[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@maxserving[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@atdmt[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@targetnet[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@targetnet[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ads.pointroll[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@ads.pointroll[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@server.iad.liveperson[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@server.iad.liveperson[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@twci.coremetrics[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@twci.coremetrics[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@0[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@0[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@fortunecity[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@fortunecity[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@audioadserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@audioadserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@ehg-mastercard.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@ehg-mastercard.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@z1.adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@z1.adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@advertising[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@advertising[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@edge.ru4[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@edge.ru4[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@servedby.advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@valueclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@counter1.sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@counter1.sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@sextracker[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@statcounter[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@cgi-bin[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@cgi-bin[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@as-us.falkag[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@as-us.falkag[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@trafficmp[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@www.123count[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\D$\Local Settings\Temp\Cookies\d$@www.123count[2].txt

MediaMotor Object Recognized!
Type : File
Data : mmximbuddy.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : 63mm
OriginalFilename : 63mm.exe


MediaMotor Object Recognized!
Type : File
Data : farmmext.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\THI60F.tmp\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\AutoUpdate0\



DyFuCA Object Recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\



MediaMotor Object Recognized!
Type : File
Data : pynix.cab
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\THI382C.tmp\



MediaMotor Object Recognized!
Type : File
Data : Pynix.dll
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\THI382C.tmp\
FileVersion : 0, 8, 4, 89
ProductVersion : 0, 8, 4, 89
ProductName : Pynix
CompanyName : Pynix
FileDescription : www.Pynix.com
InternalName : Pynix
LegalCopyright : Copyright © 2005
OriginalFilename : Pynix.dll
Comments : www.Pynix.com


IBIS Toolbar Object Recognized!
Type : File
Data : WToolsA.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : EDow_AS2[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\O12VGTQR\


Object "WToolsD.cfg" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WToolsD[1].cab
Category : Data Miner
Comment : Object "WToolsD.cfg" found in this archive.
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\O12VGTQR\


Object "TBPSSvc.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : TBPSSvc[1].cab
Category : Data Miner
Comment : Object "TBPSSvc.exe" found in this archive.
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\O12VGTQR\



180Solutions Object Recognized!
Type : File
Data : 180ax[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\EFQBU7SZ\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


MediaMotor Object Recognized!
Type : File
Data : sixtypopsix[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\EFQBU7SZ\
FileVersion : 6.04
ProductVersion : 6.04
ProductName : pop64
CompanyName : Network1
InternalName : sixtypopsix
OriginalFilename : sixtypopsix.exe

Object "WToolsS.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : WinTS[1].cab
Category : Data Miner
Comment : Object "WToolsS.exe" found in this archive.
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\EFQBU7SZ\



DyFuCA Object Recognized!
Type : File
Data : optimize[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\EFQBU7SZ\



DyFuCA Object Recognized!
Type : File
Data : nem220[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\EFQBU7SZ\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


180Solutions Object Recognized!
Type : File
Data : ncase_new[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


MediaMotor Object Recognized!
Type : File
Data : unstall[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


DyFuCA Object Recognized!
Type : File
Data : sfbho13[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL

Object "IExploreSkins.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : Toolbar3[1].cab
Category : Data Miner
Comment : Object "IExploreSkins.exe" found in this archive.
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\


Object "radio.exe" found in this archive.

IBIS Toolbar Object Recognized!
Type : File
Data : Toolbar3[1].cab
Category : Data Miner
Comment : Object "radio.exe" found in this archive.
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\



PeopleOnPage Object Recognized!
Type : File
Data : AutoUpdaterInstaller[1].exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\GNGP2DKV\



MediaMotor Object Recognized!
Type : File
Data : mm63[1].ocx
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\MVWDWHYJ\
FileVersion : 6.03
ProductVersion : 6.03
ProductName : DemoCtla
CompanyName : df
InternalName : mm63
OriginalFilename : mm63.ocx


MediaMotor Object Recognized!
Type : File
Data : thin-143-1-x-x[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\MVWDWHYJ\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : DrInstall Application
FileDescription : DrInstall Application
InternalName : DrInstal
LegalCopyright : Copyright © 2004
OriginalFilename : DrInstall.exe


DyFuCA Object Recognized!
Type : File
Data : sidefind13[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Local Settings\Temporary Internet Files\Content.IE5\MVWDWHYJ\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL


180Solutions Object Recognized!
Type : File
Data : sais.exe
Category : Data Miner
Comment :
Object : C:\Program Files\180Solutions\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.


DyFuCA Object Recognized!
Type : File
Data : optimize.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer\



DyFuCA Object Recognized!
Type : File
Data : sfbho.dll
Category : Malware
Comment :
Object : C:\Program Files\SideFind\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BrowserHelperObject Module
FileDescription : BrowserHelperObject Module
InternalName : BrowserHelperObject
LegalCopyright : Copyright 2003
OriginalFilename : BrowserHelperObject.DLL


DyFuCA Object Recognized!
Type : File
Data : sidefind.dll
Category : Malware
Comment :
Object : C:\Program Files\SideFind\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : SideFind Module
CompanyName : IST
FileDescription : SideFind Module
InternalName : SideFind
LegalCopyright : Copyright 2004
OriginalFilename : SideFind.DLL


PeopleOnPage Object Recognized!
Type : File
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


IBIS Toolbar Object Recognized!
Type : File
Data : IExploreSkins.exe
Category : Data Miner
Comment :
Object : C:\Program Files\Toolbar\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 555


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 555




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\policies\ameopt

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout
Value : Comment

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\kapabout
Value : DComment

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\SideFind

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\180Solutions

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\FLEOK

180Solutions Object Recognized!
Type : File
Data : salm.log
Category : Data Miner
Comment :
Object : c:\temp\



180Solutions Object Recognized!
Type : File
Data : sais.log
Category : Data Miner
Comment :
Object : C:\Program Files\180solutions\



MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mm
Value : check

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : common.buttons\clsid

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : common.buttons\clsid
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ACSize

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : LastSA

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : JDBINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : JDBINFOShow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : SEAINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : SEAINFOShow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ASINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ASINFOShow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ERINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ERINFOShow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : BBAINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : BBAINFOShow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : KImport_Hash

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ErCount

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : LastDll

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : FirstHomeAsk

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : AsQ

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : CSHOW

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : BCount

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : LastSE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ShowTray

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : FirstDone

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : DEAINFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : Defskinused

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
Value : ST_AUTOSHOW

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto
Value : C

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto
Value : A

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : UninstallString

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayIcon

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : STUI

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : TB_ID

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : CFG_VER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : CHECK_DAYS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : CAPTION

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTOHIGHLIGHT

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTOSEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTOSESEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTOCOMPLETE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_
  • 0

#8
Daryn
Posted 24 April 2005 - 10:52 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USECTRLENTER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USEALTENTER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USESHIFTENTER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : ALLOWUPDATE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : KEEPHISTORY

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : PRESERVEHISTORY

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : NARROWSEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTOSHOW

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : TAKEADSUPPORTSETTINGS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : DISABLEADSUPPORTSEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : DIALOG_PAUSE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : REGISTRATION_PAUSE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : URL_FOLDER_NAME

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : URL_ITEMS_1

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : URL_ITEMS_2

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : URL_ITEMS_3

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : URL_ITEMS_4

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : INSTALL_CONFIRM_1

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : UNINSTALL_CONFIRM

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : INSTALL_CONFIRM_SYS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : INSTALL_CONFIRM_SYSEX

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : RECOVERY_URL

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : NONUTF_DOMAINS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : KEYWORDS_IMPORT

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : BB_HELP_URL

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : SEARCH_INST

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : BBDSERVICE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OBE_FCAP

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_HOMEPAGE_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USEENTER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USEAUTOSEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : ERROR404

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_AUTOSEARCH_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AUTO_SEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : ERROR_PAGE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : NO_AUTOSEARCH_HOOK

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USESEARCHASSISTANT

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_IESEARCH_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : SEARCH_PAGE

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : SEARCH_PAGE_INFO

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USEBB

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_BBACTIVATE_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : USEBBENH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : POPUPBLOCKER

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_JSDEBUG_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : DEACTIVATETOOLBARS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : OVERRIDE_DEACTIVATE_DIALOG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : IE_RESET

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : INSTALL_SHOW

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : INSTALL_SHOW_TIMEOUT

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : ITime

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : IEC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : SEC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : SOC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : GSTC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : UC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AllowUseDefskin

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : RTime

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : IE4

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : IAS

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : STC

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AVGSEARCH

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : UCL

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : LastCFG

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : FIT

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : LogCount

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : UninstallString

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : Publisher

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\wintools
Value : URLInfoAbout

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : Type

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\wintoolssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : Type

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\wintoolssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc
Value : NextInstance

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
Value : NextInstance

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : Type

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\tbpssvc
Value : Description

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : Type

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : Start

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : ErrorControl

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : ImagePath

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : DisplayName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : ObjectName

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\tbpssvc
Value : Description

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer
Value : ServerProc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WinTools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : TBPS

IBIS Toolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Toolbar

IBIS Toolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\common files\WinTools

IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.exe
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : common.dll
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : radio.exe
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : toolbar.dll
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : PIB.exe
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : gykhxlmu.rmr
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : nzqlihv.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : TBPSSvc.exe
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : yywr.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : yywsv.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : xlmurin.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : yildhvi.olt
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : rw.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : xzxsv.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : zwipvbh.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsA.exe
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsB.dll
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : rmhgxlmu.wzg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WSup.exe
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsS.exe
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsC.cfg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsP.cfg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsD.cfg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsR.cfg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsU.cfg
Category : Data Miner
Comment :
Object : C:\Program Files\common files\wintools\



IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.ini
Category : Data Miner
Comment :
Object : c:\windows\system32\



IBIS Toolbar Object Recognized!
Type : File
Data : Frequently Asked Questions.url
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\web search tools\



IBIS Toolbar Object Recognized!
Type : File
Data : Home.url
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\web search tools\



IBIS Toolbar Object Recognized!
Type : File
Data : Privacy Policy.url
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\web search tools\



IBIS Toolbar Object Recognized!
Type : File
Data : Terms of Use.url
Category : Data Miner
Comment :
Object : c:\documents and settings\all users\start menu\programs\web search tools\



PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\autoloader

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\DOCUME~1\D$\LOCALS~1\Temp\AutoUpdate0

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\DOCUME~1\D$\LOCALS~1\Temp\Atf

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls

PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\autoupdate\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



PeopleOnPage Object Recognized!
Type : File
Data : auf0.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\D$\LOCALS~1\Temp\



PeopleOnPage Object Recognized!
Type : File
Data : popcaploader.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\downloaded program files\
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : PopCapLoader Module
CompanyName : PopCap Games
FileDescription : PopCapLoader Module
InternalName : PopCapLoader
LegalCopyright : Copyright 2003
OriginalFilename : PopCapLoader.DLL


PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\DOCUME~1\D$\LOCALS~1\Temp\autoupdate0\



PeopleOnPage Object Recognized!
Type : File
Data : setup.inf
Category : Data Miner
Comment :
Object : C:\DOCUME~1\D$\LOCALS~1\Temp\autoupdate0\



PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe


PeopleOnPage Object Recognized!
Type : File
Data : ProxyStub.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : WinGenerics.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : uninstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : atl.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : ATL.DLL


PeopleOnPage Object Recognized!
Type : File
Data : data.bin
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_24-04-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .sta

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .sta
Value : PerceivedType

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .sta
Value :

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : .sta
Value : Photoshop8_SetByPhotoshop8

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : installTitle

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : serverpath

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : urlAfterInstall

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : TBRowMode

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : yoursitebar.xml

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : imagemap_normal.bmp

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : showcorrupted

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : updatever

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : refreshscope

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : allowupdate

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : LastCheckTime

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : version.txt

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\yoursitebar
Value : UpdateBegin

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : RegData
Data : Never
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : BandRest
Data : Never

istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
Value :

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}

SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
Value :

SideFind
  • 0

#9
Rawe
Posted 24 April 2005 - 10:53 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You have old definition file on your Ad-aware SE personal, so it would be recommended to update your Ad-aware and read corrine's pinned post "Ad-aware logfile posting instructions", then remove all tracking cookies, run the scan, yet AGAIN. And post a new log.
Then our excellent Ad-aware expert's will take a look..

- Rawe :tazz:
  • 0

#10
Daryn
Posted 24 April 2005 - 10:55 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : File
Data : sfexd001
Category : Malware
Comment :
Object : C:\Program Files\sidefind\



AdDestroyer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\Startup\AdDestroyer.lnk

AdDestroyer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\AdDestroyer

AdDestroyer Object Recognized!
Type : File
Data : AdDestroyer.WAV
Category : Malware
Comment :
Object : C:\Program Files\addestroyer\



AdDestroyer Object Recognized!
Type : File
Data : AdDestroyer.exe
Category : Malware
Comment :
Object : C:\Program Files\addestroyer\
FileVersion : 0.00.0107
ProductVersion : 0.00.0107
ProductName : AdDestroyer
CompanyName : Spyware Labs
InternalName : AdDestroyer
OriginalFilename : AdDestroyer.exe


AdDestroyer Object Recognized!
Type : File
Data : ADXML43.dll
Category : Malware
Comment :
Object : C:\Program Files\addestroyer\



AdDestroyer Object Recognized!
Type : File
Data : PopOops.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 2, 1, 0, 3
ProductVersion : 2, 1, 0, 3
ProductName : PopOops
CompanyName : Shahin Gasanov
FileDescription : PopOops
InternalName : PopOops
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops.dll
Comments : Freeware


AdDestroyer Object Recognized!
Type : File
Data : PopOops2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.01.0001
ProductVersion : 1.01.0001
ProductName : PopOops2
CompanyName : Shahin Gasanov
FileDescription : PopOops2
InternalName : PopOops2
LegalCopyright : © 2002-2003 Gasanov.net
LegalTrademarks : Gasanov.net
OriginalFilename : PopOops2.dll
Comments : PopOops2


AdDestroyer Object Recognized!
Type : File
Data : SWLAD1.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : PopOops2
CompanyName : Globes
InternalName : SWLAD1
OriginalFilename : SWLAD1.dll


AdDestroyer Object Recognized!
Type : File
Data : SWLAD2.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



VirtualBouncer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\Virtual Bouncer

VirtualBouncer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\VBouncer

VirtualBouncer Object Recognized!
Type : File
Data : Help.lnk
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\virtual bouncer\



VirtualBouncer Object Recognized!
Type : File
Data : Virtual Bouncer.lnk
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\virtual bouncer\



VirtualBouncer Object Recognized!
Type : File
Data : Uninstall Virtual Bouncer.lnk
Category : Malware
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\virtual bouncer\



VirtualBouncer Object Recognized!
Type : File
Data : BundleOuter.EXE
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : AdDestroyerInner.EXE
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : VBouncerInner.EXE
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : chilkatZip.dll
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\
FileVersion : 10, 0, 0, 0
ProductVersion : 10, 0, 0, 0
ProductName : Chilkat Zip
CompanyName : Chilkat Software, Inc.
FileDescription : Chilkat Zip ActiveX Component
InternalName : ChilkatZip
LegalCopyright : Copyright 2000-2002, Chilkat Software, Inc.
OriginalFilename : ChilkatZip.DLL
Comments : http://www.chilkatsoft.com


VirtualBouncer Object Recognized!
Type : File
Data : ProcManager.exe
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\
FileVersion : 0.00.0001
ProductVersion : 0.00.0001
ProductName : ProcManager
InternalName : ProcManager
OriginalFilename : ProcManager.exe


VirtualBouncer Object Recognized!
Type : File
Data : VirtualBouncer.exe
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\
FileVersion : 0.00.0102
ProductVersion : 0.00.0102
ProductName : Virtual Bouncer
CompanyName : Spyware Labs
InternalName : VirtualBouncer
OriginalFilename : VirtualBouncer.exe


VirtualBouncer Object Recognized!
Type : File
Data : VirtualBouncerUninstaller.EXE
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : USER.XML
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : SWSettings.xml
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



VirtualBouncer Object Recognized!
Type : File
Data : VBXML23.dll
Category : Malware
Comment :
Object : C:\Program Files\vbouncer\



PromulGate Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : motoin

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : InstallDate

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : account_id

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : config

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : Recover

YourSiteBar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\YourSiteBar

YourSiteBar Object Recognized!
Type : File
Data : ysb.dll
Category : Malware
Comment :
Object : C:\Program Files\yoursitebar\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll


YourSiteBar Object Recognized!
Type : File
Data : yoursitebar.xml
Category : Malware
Comment :
Object : C:\Program Files\yoursitebar\



YourSiteBar Object Recognized!
Type : File
Data : imagemap_normal.bmp
Category : Malware
Comment :
Object : C:\Program Files\yoursitebar\



YourSiteBar Object Recognized!
Type : File
Data : version.txt
Category : Malware
Comment :
Object : C:\Program Files\yoursitebar\



AdDestroyer Object Recognized!
Type : File
Data : AdDestroyer.lnk
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\D$\Start Menu\Programs\AdDestroyer\AdDestroyer.lnk
Object : C:\Documents and Settings\D$\Start Menu\Programs\AdDestroyer\



AdDestroyer Object Recognized!
Type : File
Data : AdDestroyer.lnk
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\D$\Start Menu\Programs\Startup\AdDestroyer.lnk
Object : C:\Documents and Settings\D$\Start Menu\Programs\Startup\



VirtualBouncer Object Recognized!
Type : File
Data : Virtual Bouncer.lnk
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\D$\Start Menu\Programs\Virtual Bouncer\Virtual Bouncer.lnk
Object : C:\Documents and Settings\D$\Start Menu\Programs\Virtual Bouncer\



VirtualBouncer Object Recognized!
Type : File
Data : Uninstall Virtual Bouncer.lnk
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\D$\Start Menu\Programs\Virtual Bouncer\Uninstall Virtual Bouncer.lnk
Object : C:\Documents and Settings\D$\Start Menu\Programs\Virtual Bouncer\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 299
Objects found so far: 854

12:20:43 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:11.514
Objects scanned:138503
Objects identified:842
Objects ignored:0
New critical objects:842
  • 0

Advertisements

#11
Daryn
Posted 24 April 2005 - 11:01 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Un-Needed Log

Edited by Daryn, 24 April 2005 - 12:14 PM.

  • 0

#12
Daryn
Posted 24 April 2005 - 11:20 AM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Un-needed Log.

Edited by Daryn, 24 April 2005 - 12:14 PM.

  • 0

#13
Daryn
Posted 24 April 2005 - 12:04 PM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Okay, so I ran CCleaner and then ran Ad-Aware. Ad-Aware told me there is no newer definition, so this should be good:


Ad-Aware SE Build 1.05
Logfile Created on:Sunday, April 24, 2005 1:56:01 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):7 total references
DyFuCA(TAC index:3):25 total references
EzuLa(TAC index:6):163 total references
istbar(TAC index:7):8 total references
PeopleOnPage(TAC index:9):24 total references
Possible Browser Hijack attempt(TAC index:3):4 total references
Tracking Cookie(TAC index:3):2 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:66 %
Total physical memory:1047784 kb
Available physical memory:684364 kb
Total page file size:2521688 kb
Available on page file:2313816 kb
Total virtual memory:2097024 kb
Available virtual memory:2045228 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


4-24-2005 1:56:01 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 1148
ThreadCreationTime : 4-24-2005 4:44:12 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\winlogon.exe
Command Line : n/a
ProcessID : 1308
ThreadCreationTime : 4-24-2005 4:44:21 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 1352
ThreadCreationTime : 4-24-2005 4:44:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 1364
ThreadCreationTime : 4-24-2005 4:44:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1536
ThreadCreationTime : 4-24-2005 4:44:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1764
ThreadCreationTime : 4-24-2005 4:44:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 764
ThreadCreationTime : 4-24-2005 4:44:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [basfipm.exe]
ModuleName : C:\WINDOWS\System32\basfipm.exe
Command Line : n/a
ProcessID : 976
ThreadCreationTime : 4-24-2005 4:44:37 AM
BasePriority : Normal
FileVersion : 6.0.3
ProductVersion : 6.0.3
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2003 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:9 [cvpnd.exe]
ModuleName : C:\Program Files\GW\GBUSSNet Client 2.0\cvpnd.exe
Command Line : n/a
ProcessID : 1004
ThreadCreationTime : 4-24-2005 4:44:37 AM
BasePriority : Normal
FileVersion : 4.0.2 (D)
ProductVersion : 4.0.2 (D)
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2003 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:10 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : n/a
ProcessID : 1024
ThreadCreationTime : 4-24-2005 4:44:37 AM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:11 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : n/a
ProcessID : 1052
ThreadCreationTime : 4-24-2005 4:44:37 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:12 [rtvscan.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Command Line : n/a
ProcessID : 1100
ThreadCreationTime : 4-24-2005 4:44:38 AM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:13 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : rundll32.exe "C:\WINDOWS\system32\SDPRV.DLL",DllGetVersion
ProcessID : 1188
ThreadCreationTime : 4-24-2005 4:44:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Warning! EzuLa Object found in memory(C:\PROGRA~1\ezula\CHCON.dll)

EzuLa Object Recognized!
Type : Process
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\PROGRA~1\ezula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : n/a
ProcessID : 1880
ThreadCreationTime : 4-24-2005 4:44:41 AM
BasePriority : Normal
FileVersion : 6.14.10.4586
ProductVersion : 6.14.10.4586
ProductName : NVIDIA Driver Helper Service, Version 45.86
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.86
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:15 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1980
ThreadCreationTime : 4-24-2005 4:44:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 724
ThreadCreationTime : 4-24-2005 4:45:19 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:17 [vptray.exe]
ModuleName : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
Command Line : "C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe"
ProcessID : 292
ThreadCreationTime : 4-24-2005 4:45:22 AM
BasePriority : Normal
FileVersion : 8.1.0.821
ProductVersion : 8.1.0.821
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:18 [nsvsvc.exe]
ModuleName : C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
Command Line : "C:\WINDOWS\System32\nsvsvc\nsvsvc.exe"
ProcessID : 2196
ThreadCreationTime : 4-24-2005 4:45:28 AM
BasePriority : Normal
FileVersion : 2.17.0000
ProductVersion : 2, 1, 7, 0

#:19 [picsvr.exe]
ModuleName : C:\WINDOWS\System32\picsvr\picsvr.exe
Command Line : "C:\WINDOWS\System32\picsvr\picsvr.exe"
ProcessID : 2204
ThreadCreationTime : 4-24-2005 4:45:29 AM
BasePriority : Normal


#:20 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 2216
ThreadCreationTime : 4-24-2005 4:45:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [mmod.exe]
ModuleName : C:\PROGRA~1\EZULA\mmod.exe
Command Line : C:\PROGRA~1\EZULA\mmod.exe -Embedding
ProcessID : 3740
ThreadCreationTime : 4-24-2005 5:03:50 AM
BasePriority : Normal
FileVersion : 3, 0, 70, 11
ProductVersion : 1, 0, 0, 1
ProductName : mmod Module
CompanyName : BundlewareWO
FileDescription : mmod Module
InternalName : mmod
LegalCopyright : Copyright 2000
OriginalFilename : mmod.EXE

#:22 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : C:\WINDOWS\explorer.exe
ProcessID : 3952
ThreadCreationTime : 4-24-2005 5:04:55 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! EzuLa Object found in memory(C:\PROGRA~1\ezula\CHCON.dll)

EzuLa Object Recognized!
Type : Process
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\PROGRA~1\ezula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


#:23 [jwagqdd.exe]
ModuleName : c:\windows\system32\jwagqdd.exe
Command Line : "c:\windows\system32\jwagqdd.exe" tioelza
ProcessID : 840
ThreadCreationTime : 4-24-2005 5:07:06 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! EzuLa Object found in memory(C:\PROGRA~1\ezula\CHCON.dll)

EzuLa Object Recognized!
Type : Process
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\PROGRA~1\ezula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

"c:\windows\system32\jwagqdd.exe"Process terminated successfully

#:24 [infeapi.exe]
ModuleName : C:\WINDOWS\System32\infeapi.exe
Command Line : C:\WINDOWS\System32\infeapi.exe
ProcessID : 2584
ThreadCreationTime : 4-24-2005 5:46:43 AM
BasePriority : Normal


#:25 [iphmdmat.exe]
ModuleName : C:\WINDOWS\System32\iphmdmat.exe
Command Line : C:\WINDOWS\System32\iphmdmat.exe
ProcessID : 1240
ThreadCreationTime : 4-24-2005 5:46:46 AM
BasePriority : Normal


#:26 [cxtpls.exe]
ModuleName : C:\Program Files\CxtPls\CxtPls.exe
Command Line : "C:\Program Files\CxtPls\CxtPls.exe" -Embedding
ProcessID : 3288
ThreadCreationTime : 4-24-2005 5:48:22 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe
Warning! PeopleOnPage Object found in memory(C:\Program Files\CxtPls\ace.dll)

PeopleOnPage Object Recognized!
Type : Process
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL

Warning! EzuLa Object found in memory(C:\PROGRA~1\ezula\CHCON.dll)

EzuLa Object Recognized!
Type : Process
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\PROGRA~1\ezula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


#:27 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3148
ThreadCreationTime : 4-24-2005 5:55:13 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Warning! EzuLa Object found in memory(C:\PROGRA~1\ezula\CHCON.dll)

EzuLa Object Recognized!
Type : Process
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\PROGRA~1\ezula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{8a044396-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58359011-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{58359010-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{58359010-bf36-11d3-99a2-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{55910916-8b4e-4c1e-9253-cce296ea71eb}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{55910916-8b4e-4c1e-9253-cce296ea71eb}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2079884b-6ef3-11d4-8a74-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2079884b-6ef3-11d4-8a74-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{19dfb2cb-9b27-11d4-b192-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{19dfb2cb-9b27-11d4-b192-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ist
Value : Recover

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : Hook

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : STRUP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : TPV

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : EP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : PP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : NP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : ZP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : HP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : BP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\ezula
Value : WP

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\software\apropos

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\aproposclient
Value : UninstallString

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ezula

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ezula
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ezula
Value : DisplayName

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ezula
Value : UninstallString

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{8a044396-5da2-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{58359011-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\typelib\{07f0a536-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372de-f552-11d3-8528-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372de-f552-11d3-8528-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372dc-f552-11d3-8528-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{ef0372dc-f552-11d3-8528-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{c4fee4a6-4b8b-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{8ebb1743-9a2f-11d4-8a7e-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{7edc96e1-5dd3-11d4-b185-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{7edc96e1-5dd3-11d4-b185-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{58359012-bf36-11d3-99a2-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{4fd8645f-9b3e-46c1-9727-9837842a84ab}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{3d7247f1-5db8-11d4-8a72-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{27bc6871-4d5a-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{19dfb2ca-9b27-11d4-b192-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{1823bc4b-a253-4767-9cfc-9aca62a6b136}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a544-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a544-47ba-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a542-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{07f0a542-47ba-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulamain.ezulasearchpipe
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.toolbarband.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.toolbarband.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.toolbarband

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.toolbarband<
  • 0

#14
Daryn
Posted 24 April 2005 - 12:11 PM

Daryn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.toolbarband
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.plugprot.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.plugprot.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.plugprot

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.plugprot
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.ezulactrlhost.1

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.ezulactrlhost.1
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.ezulactrlhost

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\ezulaagent.ezulactrlhost
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{58359010-bf36-11d3-99a2-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{58359010-bf36-11d3-99a2-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{55910916-8b4e-4c1e-9253-cce296ea71eb}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{55910916-8b4e-4c1e-9253-cce296ea71eb}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2babd334-5c3f-11d4-b184-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value :

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2babd334-5c3f-11d4-b184-0050dab79376}
Value : AppID

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2079884b-6ef3-11d4-8a74-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{2079884b-6ef3-11d4-8a74-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{19dfb2cb-9b27-11d4-b192-0050dab79376}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{19dfb2cb-9b27-11d4-b192-0050dab79376}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}
Value :

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\apropos

PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\envolo

PeopleOnPage Object Recognized!
Type : Regkey
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate

PeopleOnPage Object Recognized!
Type : RegValue
Data : e_uninstall.log
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\autoupdate
Value : UninstallString

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : Hook

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : STRUP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : TPV

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : EP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : PP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : NP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : ZP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : HP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : BP

EzuLa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3112206496-2994604276-3448640103-1006\\software\ezula
Value : WP

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 177
Objects found so far: 183


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

PeopleOnPage Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AutoUpdater"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : AutoUpdater

PeopleOnPage Object Recognized!
Type : File
Data : autoupdate.exe
Category : Data Miner
Comment :
Object : c:\program files\autoupdate\



Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 185


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:d$@doubleclick.net/
Expires : 4-23-2008 1:49:44 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d$@2o7[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:d$@2o7.net/
Expires : 4-23-2010 1:55:30 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 187



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : File
Data : CHCON.dll
Category : Data Miner
Comment :
Object : C:\Program Files\eZula\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000


PeopleOnPage Object Recognized!
Type : File
Data : ace.dll
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls\
FileVersion : 5.1.18
ProductVersion : 5.1.18
ProductName : ACE
FileDescription : ACE
InternalName : ACEDLL
OriginalFilename : ACE.DLL


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 189


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
12 entries scanned.
New critical objects:0
Objects found so far: 189



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Online Dating.url
Category : Misc
Comment : Problematic URL discovered: http://www.zestyfind...keywords=dating
Object : C:\Documents and Settings\D$\Desktop\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cheap Holiday Travel.url
Category : Misc
Comment : Problematic URL discovered: http://www.zestyfind...keywords=travel
Object : C:\Documents and Settings\D$\Desktop\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Free Online Music.url
Category : Misc
Comment : Problematic URL discovered: http://www.zestyfind...?keywords=music
Object : C:\Documents and Settings\D$\Desktop\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : REMOVE SPYWARE.url
Category : Misc
Comment : Problematic URL discovered: http://hop.clickbank.../swnuker06&pg=7
Object : C:\Documents and Settings\D$\Desktop\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

EzuLa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Documents and Settings\D$\Start Menu\Programs\TopText iLookup

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\eZula

EzuLa Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\Web Offer

EzuLa Object Recognized!
Type : File
Data : eZinstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\



EzuLa Object Recognized!
Type : File
Data : UNWISE.EXE
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : wndbannn.src
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : version.vrn
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : upgrade.vrn
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : seng.dll
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\
FileVersion : 3, 0, 70, 11
ProductVersion : 1, 0, 0, 1
ProductName : seng Module
CompanyName : BundlewareWO
FileDescription : seng Module
InternalName : seng
LegalCopyright : Copyright 2000
OriginalFilename : seng.DLL


EzuLa Object Recognized!
Type : File
Data : search.src
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : rwds.rst
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : param.ez
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : mmod.exe
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\
FileVersion : 3, 0, 70, 11
ProductVersion : 1, 0, 0, 1
ProductName : mmod Module
CompanyName : BundlewareWO
FileDescription : mmod Module
InternalName : mmod
LegalCopyright : Copyright 2000
OriginalFilename : mmod.EXE


EzuLa Object Recognized!
Type : File
Data : legend.lgn
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : genun.ez
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : eabh.dll
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\
FileVersion : 3, 0, 70, 11
ProductVersion : 2, 0, 0, 1
ProductName : eabh Module
CompanyName : BundlewareWO
FileDescription : eabh Module
InternalName : eabh
LegalCopyright : Copyright 1999
OriginalFilename : eabh.DLL


EzuLa Object Recognized!
Type : File
Data : basis.rst
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : basis.pu
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : basis.kwd
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : basis.dst
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : INSTALL.LOG
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : ids.tmp
Category : Data Miner
Comment :
Object : C:\Program Files\ezula\



EzuLa Object Recognized!
Type : File
Data : eapbh.dll
Category : Data Miner
Comment :
Object : C:\Program Files\web offer\
FileVersion : 3, 0, 80, 0
ProductVersion : 2, 0, 0, 1
ProductName : eapbh Module
CompanyName : BundlewareWO
FileDescription : eapbh Module
InternalName : eapbh
LegalCopyright : Copyright 1999
OriginalFilename : eapbh.DLL


EzuLa Object Recognized!
Type : File
Data : sepng.dll
Category : Data Miner
Comment :
Object : C:\Program Files\web offer\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : sepng Module
CompanyName : BundlewareWO
FileDescription : sepng Module
InternalName : sepng
LegalCopyright : Copyright 2000
OriginalFilename : sepng.DLL


PeopleOnPage Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\autoloader

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate

PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\CxtPls

PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\autoupdate\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



PeopleOnPage Object Recognized!
Type : File
Data : auto_update_uninstall.log
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : CxtPls.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe


PeopleOnPage Object Recognized!
Type : File
Data : ProxyStub.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : libexpat.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : WinGenerics.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : uninstaller.exe
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : atl.dll
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\
FileVersion : 3.00.9435
ProductVersion : 6.00.9435
ProductName : Microsoft ® Visual C++
CompanyName : Microsoft Corporation
FileDescription : ATL Module for Windows NT (Unicode)
InternalName : ATL
LegalCopyright : Copyright © Microsoft Corp. 1996-1998
OriginalFilename : ATL.DLL


PeopleOnPage Object Recognized!
Type : File
Data : data.bin
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



PeopleOnPage Object Recognized!
Type : File
Data : AI_24-04-2005.log
Category : Data Miner
Comment :
Object : C:\Program Files\cxtpls\



VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

DyFuCA Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 45
Objects found so far: 238

2:01:29 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:27.180
Objects scanned:115259
Objects identified:232
Objects ignored:0
New critical objects:232
  • 0

#15
Rawe
Posted 24 April 2005 - 12:16 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Looks better.
Wait for an expert to help you with your log.

- Rawe :tazz:
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP