Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

1st Ad-aware logfile


  • This topic is locked This topic is locked

#1
wysiwyg

wysiwyg

    New Member

  • Member
  • Pip
  • 8 posts
Ad-Aware SE Build 1.05
Logfile Created on:22 April 2005 23:04:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):4 total references.
AdDestroyer(TAC index:5):4 total references.
Adtomi(TAC index:5):2 total references.
Alexa(TAC index:5):3 total references.
BargainBuddy(TAC index:8):2 total references.
begin2search(TAC index:3):173 total references.
BlazeFind(TAC index:5):14 total references.
BookedSpace(TAC index:10):9 total references.
BroadCastPC(TAC index:7):1 total references.
CoolWebSearch(TAC index:10):55 total references.
Dialer.UDconnect(TAC index:5):5 total references.
DownloadPlus(TAC index:5):1 total references.
Ebates MoneyMaker(TAC index:4):4 total references.
EffectiveBrandToolbar(TAC index:7):2 total references.
eUniverse(TAC index:10):2 total references.
EzuLa(TAC index:6):2 total references.
FactoryNetwork Dialer(TAC index:5):3 total references.
Favoriteman(TAC index:8):6 total references.
Holystic-Dialer(TAC index:5):166 total references.
IBIS Toolbar(TAC index:5):12 total references.
IGetNet(TAC index:8):3 total references.
iSearch Toolbar(TAC index:3):3 total references.
Lycos Sidesearch(TAC index:7):2 total references.
MediaMotor(TAC index:8):60 total references.
MyDailyHoroscope(TAC index:5):7 total references.
NavExcel(TAC index:5):17 total references.
Other(TAC index:5):1 total references.
PeopleOnPage(TAC index:9):4 total references.
Possible Browser Hijack attempt(TAC index:3):13 total references.
PurityScan(TAC index:6):3 total references.
RiverSoftware(TAC index:7):4 total references.
SahAgent(TAC index:9):14 total references.
StatBlaster(TAC index:8):3 total references.
Surfairy(TAC index:5):8 total references.
Tracking Cookie(TAC index:3):139 total references.
TVMedia(TAC index:5):3 total references.
UKVideo2 Dialer(TAC index:5):7 total references.
Windows(TAC index:3):4 total references.
WurldMedia(TAC index:9):29 total references.
VX2(TAC index:10):65 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

22-04-2005 22:54:15 Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


22-04-2005 22:54:26 Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:20 %
Total physical memory:228848 kb
Available physical memory:44616 kb
Total page file size:2264428 kb
Available on page file:1909772 kb
Total virtual memory:2097024 kb
Available virtual memory:2038716 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


22-04-2005 23:04:21 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 368
ThreadCreationTime : 22-04-2005 17:48:07
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 456
ThreadCreationTime : 22-04-2005 17:48:20
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 22-04-2005 17:48:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 512
ThreadCreationTime : 22-04-2005 17:48:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 688
ThreadCreationTime : 22-04-2005 17:48:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 728
ThreadCreationTime : 22-04-2005 17:48:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 932
ThreadCreationTime : 22-04-2005 17:48:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [nhksrv.exe]
ModuleName : C:\Apps\ActivBoard\nhksrv.exe
Command Line : n/a
ProcessID : 1028
ThreadCreationTime : 22-04-2005 17:48:47
BasePriority : Normal


#:9 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
Command Line : n/a
ProcessID : 1064
ThreadCreationTime : 22-04-2005 17:48:49
BasePriority : Normal
FileVersion : 7,1,0,299
ProductVersion : 7.1.0.299
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:10 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
Command Line : n/a
ProcessID : 1108
ThreadCreationTime : 22-04-2005 17:48:53
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:11 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : n/a
ProcessID : 1180
ThreadCreationTime : 22-04-2005 17:48:55
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1224
ThreadCreationTime : 22-04-2005 17:48:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [spybotsd.exe]
ModuleName : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Command Line : "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /AUTOCHECK /AUTOFIX /AUTOCLOSE
ProcessID : 192
ThreadCreationTime : 22-04-2005 19:00:24
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.

#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 5604
ThreadCreationTime : 22-04-2005 20:55:49
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! BlazeFind Object found in memory(C:\Windows\System32\omniband.dll)

BlazeFind Object Recognized!
Type : Process
Data : omniband.dll
Category : Malware
Comment :
Object : C:\Windows\System32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : WindowsSaBand Module
FileDescription : WindowsSaBand Module
InternalName : WindowsSaBand
LegalCopyright : Copyright 2004
OriginalFilename : WindowsSaBand.DLL


#:15 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe" /STARTUP
ProcessID : 5720
ThreadCreationTime : 22-04-2005 20:56:07
BasePriority : Normal
FileVersion : 7,1,0,298
ProductVersion : 7.1.0.298
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:16 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe"
ProcessID : 5824
ThreadCreationTime : 22-04-2005 20:56:08
BasePriority : Normal
FileVersion : 7,1,0,300
ProductVersion : 7.1.0.300
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:17 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 3\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
ProcessID : 5948
ThreadCreationTime : 22-04-2005 20:56:14
BasePriority : Normal


#:18 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3256
ThreadCreationTime : 22-04-2005 20:56:15
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:19 [controlpad.exe]
ModuleName : C:\Program Files\solarSoft\madeSafe\ControlPad.exe
Command Line : "C:\Program Files\solarSoft\madeSafe\ControlPad.exe"
ProcessID : 5992
ThreadCreationTime : 22-04-2005 20:56:16
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : madeSafe ControlPad
CompanyName : solarSoft
InternalName : ControlPad
OriginalFilename : ControlPad.exe
Comments : Written By Daniel John

#:20 [smsh1.exe]
ModuleName : C:\Program Files\solarSoft\madeSafe\smsh1.exe
Command Line : "C:\Program Files\solarSoft\madeSafe\smsh1.exe"
ProcessID : 6036
ThreadCreationTime : 22-04-2005 20:56:16
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : madeSafe Shield
CompanyName : solarSoft
InternalName : Smsh1
OriginalFilename : Smsh1.exe
Comments : Written By Daniel John

#:21 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 6060
ThreadCreationTime : 22-04-2005 20:56:17
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:22 [teatimer.exe]
ModuleName : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Command Line : "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
ProcessID : 5796
ThreadCreationTime : 22-04-2005 20:56:21
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:23 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3044
ThreadCreationTime : 22-04-2005 20:56:23
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:24 [dslmon.exe]
ModuleName : C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
Command Line : "C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe"
ProcessID : 3284
ThreadCreationTime : 22-04-2005 20:56:26
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright © 2000
OriginalFilename : ADIMON.EXE

#:25 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 3172
ThreadCreationTime : 22-04-2005 20:56:28
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:26 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 4456
ThreadCreationTime : 22-04-2005 20:56:56
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:27 [avgw.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgw.exe
Command Line : n/a
ProcessID : 4908
ThreadCreationTime : 22-04-2005 21:20:01
BasePriority : Normal
FileVersion : 7,1,0,295
ProductVersion : 7.1.0.295
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE

#:28 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" /598853 +483832
ProcessID : 3376
ThreadCreationTime : 22-04-2005 21:53:48
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{64440e59-a0dd-421c-aa4b-268141d764bb}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{081de2f6-927b-4aa9-88c1-f531c9387383}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f912c325-5b26-4ad6-bf39-84370833e972}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f912c325-5b26-4ad6-bf39-84370833e972}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e38924f7-f290-4c13-beec-e8c587f58128}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e38924f7-f290-4c13-beec-e8c587f58128}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b12508ad-ca55-4238-8db3-55808ba6915a}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b12508ad-ca55-4238-8db3-55808ba6915a}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42f58f60-9299-4564-9abd-8e9324844560}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42f58f60-9299-4564-9abd-8e9324844560}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo.1

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo.1
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff81672f-13ff-401f-8662-6e895c564cc4}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff81672f-13ff-401f-8662-6e895c564cc4}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e4776f3a-6936-4a9c-b2da-e57c239fd2f8}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e4776f3a-6936-4a9c-b2da-e57c239fd2f8}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6024fcd5-91fc-4dc7-8481-63eabd5051d8}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6024fcd5-91fc-4dc7-8481-63eabd5051d8}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}
Value :

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}
Value :

BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband.1

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband.1
Value :

BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband
Value :

BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
Value :

BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0b3569d7-1ea4-4cba-ac13-225902619789}

Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect.1

Dialer.UDconnect Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect.1
Value :

Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect

Dialer.UDconnect Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect
Value :

Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{dc3185ae-864f-4e62-9321-0e9fa1cbe6a4}

EffectiveBrandToolbar Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}

EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :

NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}
Value :

RiverSoftware Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse.1

RiverSoftware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse.1
Value :

RiverSoftware Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse

RiverSoftware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse
Value :

Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6ca75bdc-877a-4707-96de-673f499bb92a}

Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6ca75bdc-877a-4707-96de-673f499bb92a}
Value :

Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e253eab6-0e42-4c53-b74d-f1d3565bd611}

Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e253eab6-0e42-4c53-b74d-f1d3565bd611}
Value :

Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e442547b-7ee6-4163-aa52-5964755ec6b0}

Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e442547b-7ee6-4163-aa52-5964755ec6b0}
Value :

Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{2d530003-1fb3-4a28-8251-779118473bff}

WurldMedia Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1
Value :

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3fa866ac-40d7-4fe6-babf-78ee854a4325}

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
Value :

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
Value :

AdDestroyer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\vb and vba program settings\addestroyer

Adtomi Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\adtomi

Adtomi Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\adtomi
Value : version

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : ccat

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : ffafid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : uiuid

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar
Value : NumRuns

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar
Value : PanelNumber

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\serg

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg

DownloadPlus Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\0x7a69

Ebates MoneyMaker Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\microsoft\internet explorer\menuext\web savings

Ebates MoneyMaker Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\menuext\web savings

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
O
Holystic-Dialer Object

Edited by wysiwyg, 23 April 2005 - 04:47 PM.

  • 0

Advertisements


#2
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello there

Please could you complete your current logfile

Please could you find the rest of your logfile and complete posting it here.
Logs are stored in:

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
There are in order of date,

Make sure you have all the log posted

(The Application Data is a hidden folder, so you will need to show hidden files and folders and for Windows 98*admin users your logs are stored in C:\WINDOWS\All Users\Application Data\ )

This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next. Please post back if you have any questions or other problems.

Good luck

Andy

- A tip is to delete from your logfile, Tracking cookies and MRU's.

:tazz:
  • 0

#3
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi11190265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi12443281

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi12452984

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi12457937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17183015

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17200937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17209328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17403062

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17408250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi17414328

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi19406296

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi1
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi19438171

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5175250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5193937

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5207421

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5911843

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5930562

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5938000

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi5944265

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\local appwizard-generated applications\holi6205343

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\local appwizard-generated applications\holi6205343

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\local appwizard-generated applications\holi6205343

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\local appwizard-generated applications\holi6205343

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\local appwizard-generated applications\holi6205343

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi6160234

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi6186250

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi6202078

Holystic-Dialer Object Recognized!
Type : RegKey
Data : holi6
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\local appwizard-generated applications\holi6205343

IBIS Toolbar Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\wintools

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\wintools
Value : ICheck

MediaMotor Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYS2t3atusOfSInst

MediaMotor Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type
  • 0

#4
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
MediaMotor Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\pynix
Value : PYS2t3atusOfSInst

MediaMotor Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2n3ProgSCab

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2n3ProgSEx

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2n3ProgSLstest

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYL2a3stSSChckin

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYB2D3om

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC2u3rrentSMode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYC2n3tFyl

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYM2o3deSSync

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2h3rshSBath

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2h3rshSysSInf

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2h3rshSCheckSIn

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYT2h3rshSMots

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYL2n3Title

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYI2g3noreS

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYL2a3stMotsSDay

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\pynix
Value : PYS2t3atusOfSInst

MyDailyHoroscope Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\enconfidence

MyDailyHoroscope Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\enconfidence
Value : UID

MyDailyHoroscope Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\enconfidence\al

MyDailyHoroscope Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\enconfidence\channelmanager

MyDailyHoroscope Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\enconfidence\mydailyhoroscope

NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\navexcel ltd

PeopleOnPage Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\apropos

PeopleOnPage Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\apropos

UKVideo2 Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\video1\dialers

UKVideo2 Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\video1\dialers

WurldMedia Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\wurld media

AdDestroyer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer

AdDestroyer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer
Value : SlowInfoCache

AdDestroyer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer
Value : Changed

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{cb5b2bc6-f957-4d8a-be67-83f3ec58ba01}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{4d568f0f-8ac9-40ab-88b7-415134c78777}

FactoryNetwork Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windowsrts

FactoryNetwork Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\windowsrts
Value : SerialID

NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : DisplayName

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : UninstallString

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navhelper
Value : HelpLink

NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\navexcel

NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : DisplayName

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : UninstallString

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : NoModify

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\navexcel search toolbar
Value : NoRepair

StatBlaster Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores

StatBlaster Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia\licensestores
Value : 35f05749-e699-45df-a27f-79c05110c180

UKVideo2 Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1\dialers

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr
Value : llupdtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr
Value : mmsgtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr
Value : ccat

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr
Value : ffafid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr
Value : iinst

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr
Value : llupdtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr
Value : mmsgtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr
Value : ccat

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr
Value : ffafid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr
Value : iinst

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : llupdtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : mmsgtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : ccat

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : 4404

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : llicotim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : llico

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : ffafid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : iinst

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : llmsgid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : uiuid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : ppusid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\_dsktptr
Value : uupdt

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : ccat

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : ffafid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : iinst

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : mmsgtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : llupdtim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : 4404

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : llicotim

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : llico

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : llmsgid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : uiuid

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : uupdt

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_dsktptr
Value : ppusid

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aaa_soft
Value : showbar

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\aaa_soft
Value : showbar

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\aaa_soft
Value : showbar

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\aaa_soft
Value : showbar

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "cccc"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\aaa_soft
Value : cccc

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Counter"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\windows
Value : Counter

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Server"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\windows
Value : Server

Favoriteman Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Object"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\windows
Value : Object

iSearch Toolbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{1C78AB3F-A857-482E-80C0-3A1E5238A565}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\toolbar\webbrowser
Value : {1C78AB3F-A857-482E-80C0-3A1E5238A565}

PurityScan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "ScannerPath"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\privacy champion
Value : ScannerPath

TVMedia Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\microsoft\internet explorer\urlsearchhooks
Value : {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}

TVMedia Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\urlsearchhooks
Value : {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LNI0d1OfSInst"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\localnrd
Value : LNI0d1OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LNI0d1OfSInst"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\localnrd
Value : LNI0d1OfSInst

TVMedia Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "ltr2"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx
Value : ltr2

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Possible unwanted enabling of browser button restriction ability
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\windows\currentversion\policies\explorer
Value : SpecifyDefaultButtons
Data :

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Possible unwanted block of search button
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\windows\currentversion\policies\explorer
Value : Btn_Search
Data :

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Manual changing of browser start-page restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\policies\microsoft\internet explorer\control panel
Value : Homepage
Data :

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Manual changing of internet-settings restricted
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\policies\microsoft\internet explorer\restrictions
Value : NoBrowserOptions
Data :

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 421
Objects found so far: 422


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : RegKey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : Contact

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : Comments

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley "http://www.gamehouse.com/"
Category : Vulnerability
Comment : (http://www.gamehouse.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\Mah Jong Medley
Value : DisplayIcon

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/rundlg32.dll

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/rundlg32.dll
Value : .Owner

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/rundlg32.dll
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

CoolWebSearch Object Recognized!
Type : File
Data : /windows/downloaded program files/rundlg32.dll
Category : Malware
Comment :
Object : c:\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Search Bar
FileDescription : Search Bar plug-in for Internet Explorer
InternalName : ToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : ToolBand.dll


CoolWebSearch Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\rundlg32.dll
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\rundlg32
  • 0

#5
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
CoolWebSearch Object Recognized!
Type : File
Data : barlinks.ini
Category : Malware
Comment :
Object : C:\Documents and Settings\Stephen\Application Data\SBSoft\



CoolWebSearch Object Recognized!
Type : File
Data : links.ini
Category : Malware
Comment :
Object : C:\Documents and Settings\Stephen\Application Data\SBSoft\



Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Stephen\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Stephen\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Stephen\Cookies\[email protected][2].txt

PeopleOnPage Object Recognized!
Type : File
Data : auto_update_install.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Stephen\Local Settings\Temp\AutoUpdate0\



PurityScan Object Recognized!
Type : File
Data : pscan.exe
Category : Malware
Comment :
Object : C:\Program Files\Privacy Champion\



SahAgent Object Recognized!
Type : File
Data : Dc296.exe
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-117609710-796845957-682003330-1004\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


begin2search Object Recognized!
Type : File
Data : A0157057.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP355\
FileVersion : 2, 6, 0, 0
ProductVersion : 2, 6, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCopyright : Copyright 2002
OriginalFilename : Winb2s32.DLL


begin2search Object Recognized!
Type : File
Data : A0157076.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP357\
FileVersion : 2, 6, 0, 0
ProductVersion : 2, 6, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCopyright : Copyright 2002
OriginalFilename : Winb2s32.DLL


SahAgent Object Recognized!
Type : File
Data : A0178719.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0178721.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0178742.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0178743.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


VX2 Object Recognized!
Type : File
Data : A0178793.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


SahAgent Object Recognized!
Type : File
Data : A0178795.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0178797.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


SahAgent Object Recognized!
Type : File
Data : A0178799.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{90340404-A0D3-4C2D-B68B-40BDAB915061}\RP379\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


CoolWebSearch Object Recognized!
Type : File
Data : rundlg32.dll
Category : Malware
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Search Bar
FileDescription : Search Bar plug-in for Internet Explorer
InternalName : ToolBar
LegalCopyright : Copyright © 2004
OriginalFilename : ToolBand.dll


IGetNet Object Recognized!
Type : File
Data : Update_BHO.DLL
Category : Data Miner
Comment :
Object : C:\WINDOWS\system\
FileVersion : 6, 0, 0, 5
ProductVersion : 6, 0, 0, 5
ProductName : iGetNet, LLC - Update_BHO
CompanyName : iGetNet, LLC
FileDescription : Update_BHO
InternalName : Update_BHO
LegalCopyright : Copyright © 2002
OriginalFilename : Update_BHO.dll


IGetNet Object Recognized!
Type : File
Data : Update_Hosts.DLL
Category : Data Miner
Comment :
Object : C:\WINDOWS\system\
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 2
ProductName : iGetNet, LLC - Update_Hosts
CompanyName : iGetNet, LLC
FileDescription : Update_Hosts
InternalName : Update_Hosts
LegalCopyright : Copyright © 2002, 2003
OriginalFilename : Update_Hosts.dll


IGetNet Object Recognized!
Type : File
Data : Update_RSP.DLL
Category : Data Miner
Comment :
Object : C:\WINDOWS\system\
FileVersion : 6, 0, 0, 5
ProductVersion : 6, 0, 0, 5
ProductName : iGetNet, LLC - Update_RSP
CompanyName : iGetNet, LLC
FileDescription : Update_RSP
InternalName : Update_RSP
LegalCopyright : Copyright © 2002, 2003
OriginalFilename : Update_RSP.dll


VX2 Object Recognized!
Type : File
Data : 6ao4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6bo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6co4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6do4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6go4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6ho4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6io4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6jo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6ko4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6lo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6mo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6no4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6oo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6po4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6qo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6ro4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6so4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6vo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6wo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6xo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6yo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : 6zo4svc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : akmparse.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : AlADIx32.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : anlui.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : antxprxy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : aqtiveds.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : AsCWIZ.DLL
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : avmparse.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : awledit.cpy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : awledit.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : ayctres.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



EzuLa Object Recognized!
Type : File
Data : ezSt4.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 2, 0, 69, 13
ProductVersion : 1, 0, 0, 1
ProductName : eZstub Module
CompanyName : MindSet3
FileDescription : eZstub Module
InternalName : eZstub
LegalCopyright : Copyright 2000
OriginalFilename : eZstub.EXE


eUniverse Object Recognized!
Type : File
Data : in10b6s.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL


SahAgent Object Recognized!
Type : File
Data : lsp.dll_tobedeleted
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL


Lycos Sidesearch Object Recognized!
Type : File
Data : Lycos.dll
Category : Misc
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL


BargainBuddy Object Recognized!
Type : File
Data : mbbi8016.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL


BargainBuddy Object Recognized!
Type : File
Data : mbbi8016.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



WurldMedia Object Recognized!
Type : File
Data : mobho.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : mobho
CompanyName : Wurld Media Inc.
FileDescription : mobho module
InternalName : mobho
LegalCopyright : Copyright 2000, 2001, 2002, 2003 Wurld Media Inc.
OriginalFilename : mobho.dll
Comments : Patents Pending


180Solutions Object Recognized!
Type : File
Data : msbb321.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : exe_in_dll Module
FileDescription : exe_in_dll Module
InternalName : exe_in_dll
LegalCopyright : Copyright 2001
OriginalFilename : exe_in_dll.DLL


VX2 Object Recognized!
Type : File
Data : msg120.cpy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : msg120.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : msg121.cpy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : msg121.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : msg124.cpy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



BlazeFind Object Recognized!
Type : File
Data : omniband.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : WindowsSaBand Module
FileDescription : WindowsSaBand Module
InternalName : WindowsSaBand
LegalCopyright : Copyright 2004
OriginalFilename : WindowsSaBand.DLL


SahAgent Object Recognized!
Type : File
Data : qh4mkbv9.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


BookedSpace Object Recognized!
Type : File
Data : reg6523.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



eUniverse Object Recognized!
Type : File
Data : setup_incred_10.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



MyDailyHoroscope Object Recognized!
Type : File
Data : setup_silent_26222.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Lycos Sidesearch Object Recognized!
Type : File
Data : ss_msi1_setup.exe
Category : Misc
Comment :
Object : C:\WINDOWS\system32\



iSearch Toolbar Object Recognized!
Type : File
Data : toolbar.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 1
ProductName : iSearch Toolbar
CompanyName : iDownload.com
FileDescription : iSearch Toolbar
InternalName : iSearch Toolbar
LegalCopyright : Copyright 2004. All rights reserved.
OriginalFilename : toolbar.dll


begin2search Object Recognized!
Type : File
Data : trgen.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 2, 8, 0, 0
ProductVersion : 2, 8, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCopyright : Copyright 2002
OriginalFilename : Winb2s32.DLL


BlazeFind Object Recognized!
Type : File
Data : wsaupdater.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



VX2 Object Recognized!
Type : File
Data : INTLRECO.exe
Category : Malware
Comment :
Object : C:\WINDOWS\Temp\DrTemp\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.


BroadCastPC Object Recognized!
Type : File
Data : GLKD.tmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



SahAgent Object Recognized!
Type : File
Data : K7NR6HQH.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\
FileVersion : 4, 0, 0, 1
ProductVersion : 4, 0, 0, 1

Object "abasa5jrp_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : setup4002b.cab
Category : Data Miner
Comment : Object "abasa5jrp_.exe" found in this archive.
Object : C:\WINDOWS\Temp\


Object "lkir8l2gm_.dll" found in this archive.

SahAgent Object Recognized!
Type : File
Data : setup4002b.cab
Category : Data Miner
Comment : Object "lkir8l2gm_.dll" found in this archive.
Object : C:\WINDOWS\Temp\


Object "u6f6uftuc_.exe" found in this archive.

SahAgent Object Recognized!
Type : File
Data : setup4002b.cab
Category : Data Miner
Comment : Object "u6f6uftuc_.exe" found in this archive.
Object : C:\WINDOWS\Temp\



IBIS Toolbar Object Recognized!
Type : File
Data : WToolsB.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Temp\



Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 662


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 662


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1119 entries scanned.
New Critical Objects:0
Objects found so far: 662



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Anti Virus Software.url
Category : Misc
Comment : Problematic URL discovered: http://in.virushunte...track/MjY6Mzox/
Object : C:\Documents and Settings\John\Desktop\Unused Desktop Shortcuts\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Get Rid of Ads.url
Category : Misc
Comment : Problematic URL discovered: http://www3.killalls...111419&s=18&p=1
Object : C:\Documents and Settings\John\Desktop\Unused Desktop Shortcuts\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Pop up Killer.url
Category : Misc
Comment : Problematic URL discovered: http://www3.killinte...111419&s=16&p=1
Object : C:\Documents and Settings\John\Desktop\Unused Desktop Shortcuts\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Popup Killer.url
Category : Misc
Comment : Problematic URL discovered: http://www3.killinte...111419&s=16&p=1
Object : C:\Documents and Settings\John\Desktop\Unused Desktop Shortcuts\




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : DisplayName

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0
Value : UninstallString

BlazeFind Object Recognized!
Type : RegData
Data : wsaupdater.exe
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit
Data : wsaupdater.exe

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : uiui

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : ttttlll

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : iiiilll

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : itmm

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : cclts

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : showbar

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : didi

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : 44444

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\aaa_soft
Value : ssssppp

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : uiui

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : itmm

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : ttttlll

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : iiiilll

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : cclts

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : 44444

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft
Value : ssssppp

begin2search Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache

begin2search Object Recognized!
Type : File
Data : vh e2.ico
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



begin2search Object Recognized!
Type : File
Data : dice2.ico
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



begin2search Object Recognized!
Type : File
Data : dice21.ico
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



begin2search Object Recognized!
Type : File
Data : airplane.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : bball.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : bingo2.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : box1.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : computer1.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : creditcard.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : creditcard1.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : disk 1.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : football.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : heart.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : jackinthebox12.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : mail unreaded.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : money.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : msg.bin
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : peoples 1.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : poker.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : search find 2.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : shop basket.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : star.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : tools calculator.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : weather.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : weather21.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : web.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



begin2search Object Recognized!
Type : File
Data : yellow folder closed.bmp
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\b2s_cache\



NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\nhelper.dll

NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\nhelper.dll
Value : AppID

NavExcel Object Recognized!
Type : File
Data : remover.dll
Category : Malware
Comment :
Object : C:\WINDOWS\



NavExcel Object Recognized!
Type : File
Data : nxstinst.exe
Category : Malware
Comment :
Object : C:\WINDOWS\



Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gentee

WurldMedia Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : file

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : shopopt

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : rlc

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : alc

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE162

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE158

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : lvmd

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE86

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : mv

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE186

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE97

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE205

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE204

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE153

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE207

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE104

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE178

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE169

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE120432

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE159

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE106

WurldMedia Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx

WurldMedia Object Recognized!
Type : File
Data : moad02020217.de
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNT0o1pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNI0n1ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNI0n1ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNI0n1ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNC0n1trSEvnt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNC0n1trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNC0S1Insur

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNT0h1rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LN0C1ntrSTransac

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .default\software\localnrd
Value : LNC0n1tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : twaintec.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : biP.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : biP.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value :

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\serg

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
  • 0

#6
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\serg

CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\media
Value : GUID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\SBSoft

CoolWebSearch Object Recognized!
Type : File
Data : hosts
Category : Malware
Comment :
Object : C:\WINDOWS\



CoolWebSearch Object Recognized!
Type : File
Data : rundlg32.inf
Category : Malware
Comment :
Object : C:\WINDOWS\downloaded program files\



CoolWebSearch Object Recognized!
Type : File
Data : dating.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : dating1.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : desk.ini
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : finance.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : gambling.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : home.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : hot.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : kliksrch.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : mortgages.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : pharmaci.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : pharmacy.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : poker.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : privacy1.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : realest.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : search.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : sport.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : spyware.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : switch.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : toolbar.ini
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



CoolWebSearch Object Recognized!
Type : File
Data : travel1.ico
Category : Malware
Comment :
Object : C:\Documents and Settings\John\application data\sbsoft\



Holystic-Dialer Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\WINDOWS\Icons

Holystic-Dialer Object Recognized!
Type : File
Data : Hol1093.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol1094.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol1227.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol1241.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol1269.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol263851.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol263941.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol263992.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol321.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol322.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol324.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol326.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol328.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol329.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol332.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : Hol557.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt1093.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt1094.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt1227.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt1241.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt1269.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt263851.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt263941.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt321.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt324.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt328.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



Holystic-Dialer Object Recognized!
Type : File
Data : HolMkt332.ico
Category : Malware
Comment :
Object : C:\WINDOWS\icons\



IBIS Toolbar Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrShadow

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrHighlight

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrForeColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrBackColor

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrDownload

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrViewed

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\mediaplayer\control\playbar
Value : ClrStatic

IBIS Toolbar Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WildArcade

MyDailyHoroscope Object Recognized!
Type : File
Data : setup_silent_26198.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



PeopleOnPage Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\AutoUpdate

UKVideo2 Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
Value : IUG

UKVideo2 Dialer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1

UKVideo2 Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\netscape\netscape navigator\viewers
Value : TYPE33

FactoryNetwork Dialer Object Recognized!
Type : File
Data : wininetd.log
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



StatBlaster Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\wildmedia

BookedSpace Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : ApplyToWebOC

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : BlockUserInit

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : UseTimerMethod

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : UseHooks

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : AllowHTTPS

Favoriteman Object Recognized!
Type : File
Data : XPSP2Blocker.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



Favoriteman Object Recognized!
Type : File
Data : setup_incred_1.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



Favoriteman Object Recognized!
Type : File
Data : setup_incred_7.exe
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



iSearch Toolbar Object Recognized!
Type : File
Data : version.txt
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



PurityScan Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\Privacy Champion

EzuLa Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

180Solutions Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize

180Solutions Object Recognized!
Type : File
Data : didduid.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 193
Objects found so far: 859

23:30:40 Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:26:19.422
Objects scanned:154992
Objects identified:862
Objects ignored:0
New Critical Objects:862

Andy

thanks for the tips. Apart from deleting them, what should I do about tracking cookies?

WYSIWYG
  • 0

#7
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R40 20.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please only remove Sahagent first

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.


Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

Edited by Andy_veal, 23 April 2005 - 05:15 PM.

  • 0

#8
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Andy

Done as suggested and I post the following.....


Ad-Aware SE Build 1.05
Logfile Created on:26 April 2005 01:08:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search(TAC index:3):7 total references.
Ebates MoneyMaker(TAC index:4):1 total references.
VX2(TAC index:10):1 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:28 %
Total physical memory:228848 kb
Available physical memory:62476 kb
Total page file size:2264428 kb
Available on page file:2107072 kb
Total virtual memory:2097024 kb
Available virtual memory:2049792 kb
OS:Microsoft Windows XP Home Edition (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


26-04-2005 01:08:20 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 364
ThreadCreationTime : 26-04-2005 00:04:12
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 460
ThreadCreationTime : 26-04-2005 00:04:30
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 504
ThreadCreationTime : 26-04-2005 00:04:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 516
ThreadCreationTime : 26-04-2005 00:04:35
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 692
ThreadCreationTime : 26-04-2005 00:04:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 732
ThreadCreationTime : 26-04-2005 00:04:47
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 928
ThreadCreationTime : 26-04-2005 00:04:53
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [nhksrv.exe]
ModuleName : C:\Apps\ActivBoard\nhksrv.exe
Command Line : n/a
ProcessID : 1028
ThreadCreationTime : 26-04-2005 00:04:56
BasePriority : Normal


#:9 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
Command Line : n/a
ProcessID : 1064
ThreadCreationTime : 26-04-2005 00:04:58
BasePriority : Normal
FileVersion : 7,1,0,299
ProductVersion : 7.1.0.299
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:10 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
Command Line : n/a
ProcessID : 1092
ThreadCreationTime : 26-04-2005 00:05:00
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:11 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : n/a
ProcessID : 1164
ThreadCreationTime : 26-04-2005 00:05:02
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1180
ThreadCreationTime : 26-04-2005 00:05:02
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1504
ThreadCreationTime : 26-04-2005 00:05:10
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1888
ThreadCreationTime : 26-04-2005 00:05:31
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:15 [taskmgr.exe]
ModuleName : C:\WINDOWS\System32\taskmgr.exe
Command Line : taskmgr.exe
ProcessID : 2020
ThreadCreationTime : 26-04-2005 00:05:43
BasePriority : High
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe

#:16 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : n/a
ProcessID : 384
ThreadCreationTime : 26-04-2005 00:06:09
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:17 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2032
ThreadCreationTime : 26-04-2005 00:07:45
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ebates MoneyMaker Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\microsoft\internet explorer\menuext\web savings

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{cb5b2bc6-f957-4d8a-be67-83f3ec58ba01}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{4d568f0f-8ac9-40ab-88b7-415134c78777}

VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\_dsktptr

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\_dsktptr

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\aaa_soft
Value : showbar

begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "showbar"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\aaa_soft
Value : showbar

Registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 8
Objects found so far: 8


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 8


Started tracking cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 8



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 8


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk scan result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 8


Scanning Hosts file...
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1119 entries scanned.
New Critical Objects:0
Objects found so far: 8




Performing conditional scans..
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .default\software\aaa_soft

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 1
Objects found so far: 9

01:23:07 Scan Complete

Summary of this scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:47.516
Objects scanned:142907
Objects identified:10
Objects ignored:0
New Critical Objects:10

WYSIWYG
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Using definitions file:SE1R40 20.04.2005


New update is out. Please, update your ad-aware and post a new log.

- Rawe :tazz:
  • 0

#10
DinoT

DinoT

    Ad-Aware Expert

  • Member
  • PipPip
  • 17 posts
Thankyou Rawe for your post. I think Andy is quite capable of replying to this post without being reminded of AAWSE updates. A matter of fact is Andy posts the updates when they become available anyway, so no need for the reminder...OK.
  • 0

#11
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
So, what do I do now?
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1119 entries scanned.


If your system is running a program which changes the hosts file or you have added listings to the hosts file, then there is no need to check further. Otherwise, download the "Host file viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your host file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

- Rawe :tazz:
  • 0

#13
Guest_Andy_veal_*

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R41 25.04.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#14
wysiwyg

wysiwyg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Andy

Don't know what happened but while I was connecting to safe mode my Windows XP Home refused to start up. kept on restarting but no further. Anyway, I have set up Windows XP Professional on Drive D: (partitioned) and will run from here and maybe send in new log. if all OK I will clear C: drive.
Do you know what may have occured and do you have any advice.

regards

WYSIWYG
  • 0

#15
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry for the really late answer.
Do you still need assistance with your problem, or have you already fixed it?
If you need help, rescan with "Full system scan", and post a fresh log.
Keep us updated.
And again, sorry for the late answer.

- Rawe :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP