Logfile Created on:22 April 2005 23:04:20
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):4 total references.
AdDestroyer(TAC index:5):4 total references.
Adtomi(TAC index:5):2 total references.
Alexa(TAC index:5):3 total references.
BargainBuddy(TAC index:8):2 total references.
begin2search(TAC index:3):173 total references.
BlazeFind(TAC index:5):14 total references.
BookedSpace(TAC index:10):9 total references.
BroadCastPC(TAC index:7):1 total references.
CoolWebSearch(TAC index:10):55 total references.
Dialer.UDconnect(TAC index:5):5 total references.
DownloadPlus(TAC index:5):1 total references.
Ebates MoneyMaker(TAC index:4):4 total references.
EffectiveBrandToolbar(TAC index:7):2 total references.
eUniverse(TAC index:10):2 total references.
EzuLa(TAC index:6):2 total references.
FactoryNetwork Dialer(TAC index:5):3 total references.
Favoriteman(TAC index:8):6 total references.
Holystic-Dialer(TAC index:5):166 total references.
IBIS Toolbar(TAC index:5):12 total references.
IGetNet(TAC index:8):3 total references.
iSearch Toolbar(TAC index:3):3 total references.
Lycos Sidesearch(TAC index:7):2 total references.
MediaMotor(TAC index:8):60 total references.
MyDailyHoroscope(TAC index:5):7 total references.
NavExcel(TAC index:5):17 total references.
Other(TAC index:5):1 total references.
PeopleOnPage(TAC index:9):4 total references.
Possible Browser Hijack attempt(TAC index:3):13 total references.
PurityScan(TAC index:6):3 total references.
RiverSoftware(TAC index:7):4 total references.
SahAgent(TAC index:9):14 total references.
StatBlaster(TAC index:8):3 total references.
Surfairy(TAC index:5):8 total references.
Tracking Cookie(TAC index:3):139 total references.
TVMedia(TAC index:5):3 total references.
UKVideo2 Dialer(TAC index:5):7 total references.
Windows(TAC index:3):4 total references.
WurldMedia(TAC index:9):29 total references.
VX2(TAC index:10):65 total references.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560
22-04-2005 22:54:15 Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
22-04-2005 22:54:26 Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:20 %
Total physical memory:228848 kb
Available physical memory:44616 kb
Total page file size:2264428 kb
Available on page file:1909772 kb
Total virtual memory:2097024 kb
Available virtual memory:2038716 kb
OS:Microsoft Windows XP Home Edition (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Prior to deletion, allow unloading Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic settings in log file
Set : Include additional settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
22-04-2005 23:04:21 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 368
ThreadCreationTime : 22-04-2005 17:48:07
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 456
ThreadCreationTime : 22-04-2005 17:48:20
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 22-04-2005 17:48:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 512
ThreadCreationTime : 22-04-2005 17:48:25
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 688
ThreadCreationTime : 22-04-2005 17:48:36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 728
ThreadCreationTime : 22-04-2005 17:48:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 932
ThreadCreationTime : 22-04-2005 17:48:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:8 [nhksrv.exe]
ModuleName : C:\Apps\ActivBoard\nhksrv.exe
Command Line : n/a
ProcessID : 1028
ThreadCreationTime : 22-04-2005 17:48:47
BasePriority : Normal
#:9 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
Command Line : n/a
ProcessID : 1064
ThreadCreationTime : 22-04-2005 17:48:49
BasePriority : Normal
FileVersion : 7,1,0,299
ProductVersion : 7.1.0.299
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:10 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
Command Line : n/a
ProcessID : 1108
ThreadCreationTime : 22-04-2005 17:48:53
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:11 [slserv.exe]
ModuleName : C:\WINDOWS\system32\slserv.exe
Command Line : n/a
ProcessID : 1180
ThreadCreationTime : 22-04-2005 17:48:55
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe
#:12 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1224
ThreadCreationTime : 22-04-2005 17:48:55
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [spybotsd.exe]
ModuleName : C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Command Line : "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /AUTOCHECK /AUTOFIX /AUTOCLOSE
ProcessID : 192
ThreadCreationTime : 22-04-2005 19:00:24
BasePriority : Normal
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : SpyBot-S&D
CompanyName : Safer Networking Limited
FileDescription : Spybot - Search & Destroy
InternalName : SpybotSD
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : SpyBotSD.exe
Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen.
#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 5604
ThreadCreationTime : 22-04-2005 20:55:49
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Warning! BlazeFind Object found in memory(C:\Windows\System32\omniband.dll)
BlazeFind Object Recognized!
Type : Process
Data : omniband.dll
Category : Malware
Comment :
Object : C:\Windows\System32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : WindowsSaBand Module
FileDescription : WindowsSaBand Module
InternalName : WindowsSaBand
LegalCopyright : Copyright 2004
OriginalFilename : WindowsSaBand.DLL
#:15 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe" /STARTUP
ProcessID : 5720
ThreadCreationTime : 22-04-2005 20:56:07
BasePriority : Normal
FileVersion : 7,1,0,298
ProductVersion : 7.1.0.298
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:16 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe"
ProcessID : 5824
ThreadCreationTime : 22-04-2005 20:56:08
BasePriority : Normal
FileVersion : 7,1,0,300
ProductVersion : 7.1.0.300
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:17 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 3\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
ProcessID : 5948
ThreadCreationTime : 22-04-2005 20:56:14
BasePriority : Normal
#:18 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3256
ThreadCreationTime : 22-04-2005 20:56:15
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:19 [controlpad.exe]
ModuleName : C:\Program Files\solarSoft\madeSafe\ControlPad.exe
Command Line : "C:\Program Files\solarSoft\madeSafe\ControlPad.exe"
ProcessID : 5992
ThreadCreationTime : 22-04-2005 20:56:16
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : madeSafe ControlPad
CompanyName : solarSoft
InternalName : ControlPad
OriginalFilename : ControlPad.exe
Comments : Written By Daniel John
#:20 [smsh1.exe]
ModuleName : C:\Program Files\solarSoft\madeSafe\smsh1.exe
Command Line : "C:\Program Files\solarSoft\madeSafe\smsh1.exe"
ProcessID : 6036
ThreadCreationTime : 22-04-2005 20:56:16
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : madeSafe Shield
CompanyName : solarSoft
InternalName : Smsh1
OriginalFilename : Smsh1.exe
Comments : Written By Daniel John
#:21 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 6060
ThreadCreationTime : 22-04-2005 20:56:17
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:22 [teatimer.exe]
ModuleName : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Command Line : "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
ProcessID : 5796
ThreadCreationTime : 22-04-2005 20:56:21
BasePriority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.
#:23 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 3044
ThreadCreationTime : 22-04-2005 20:56:23
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:24 [dslmon.exe]
ModuleName : C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Command Line : "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe"
ProcessID : 3284
ThreadCreationTime : 22-04-2005 20:56:26
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright © 2000
OriginalFilename : ADIMON.EXE
#:25 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 3172
ThreadCreationTime : 22-04-2005 20:56:28
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:26 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 4456
ThreadCreationTime : 22-04-2005 20:56:56
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:27 [avgw.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVG Free\avgw.exe
Command Line : n/a
ProcessID : 4908
ThreadCreationTime : 22-04-2005 21:20:01
BasePriority : Normal
FileVersion : 7,1,0,295
ProductVersion : 7.1.0.295
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG 7.0
InternalName : avgw
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : AVGW.EXE
#:28 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" /598853 +483832
ProcessID : 3376
ThreadCreationTime : 22-04-2005 21:53:48
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New Critical Objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.ohb
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.momo
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.iiittt
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.dbi
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winb2s.amo
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{64440e59-a0dd-421c-aa4b-268141d764bb}
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{081de2f6-927b-4aa9-88c1-f531c9387383}
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{fa82a7ec-2afc-4ee0-8f83-3229f7c6437e}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f912c325-5b26-4ad6-bf39-84370833e972}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f912c325-5b26-4ad6-bf39-84370833e972}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e38924f7-f290-4c13-beec-e8c587f58128}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e38924f7-f290-4c13-beec-e8c587f58128}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{de53fa5d-11cc-4cb5-8d8e-eb5aa59c1e5a}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bf7cb2c3-55b6-44c1-9615-920d004c27f7}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b12508ad-ca55-4238-8db3-55808ba6915a}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b12508ad-ca55-4238-8db3-55808ba6915a}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a797a41d-f9f0-4a32-b9b5-af927cb5ae54}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8fc08358-3634-44c7-a8f2-96dc7f39acd2}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6fe4aadf-edac-4037-9164-0b60179a4f12}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{696d1af8-d0ff-42fd-bd8d-d0b20d64f508}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42f58f60-9299-4564-9abd-8e9324844560}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{42f58f60-9299-4564-9abd-8e9324844560}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{17973bd7-959c-4d8a-8b2f-ab200e20a75e}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.ohb
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.momo
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.iiittt
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo.1
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo.1
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dsktrf.amo
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff81672f-13ff-401f-8662-6e895c564cc4}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff81672f-13ff-401f-8662-6e895c564cc4}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e4776f3a-6936-4a9c-b2da-e57c239fd2f8}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e4776f3a-6936-4a9c-b2da-e57c239fd2f8}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7c5e5671-7a1d-4ae8-91f0-496adf2825f7}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6024fcd5-91fc-4dc7-8481-63eabd5051d8}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6024fcd5-91fc-4dc7-8481-63eabd5051d8}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{52fe5233-367c-4efb-bdd7-0be4d212c107}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{09c14745-90fd-42d1-9276-4924d7dbc274}
Value :
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{07e9cdf4-20d2-46b1-b681-663968f527ce}
Value :
BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband.1
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband.1
Value :
BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : windowssaband.winsaband
Value :
BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{14d2cffe-6656-4bec-8d9e-dde6f2d4eae5}
Value :
BlazeFind Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0b3569d7-1ea4-4cba-ac13-225902619789}
Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect.1
Dialer.UDconnect Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect.1
Value :
Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect
Dialer.UDconnect Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : udconn.udconnect
Value :
Dialer.UDconnect Object Recognized!
Type : RegKey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{dc3185ae-864f-4e62-9321-0e9fa1cbe6a4}
EffectiveBrandToolbar Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
EffectiveBrandToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}
Value :
NavExcel Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}
NavExcel Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4d6ced50-d6ae-40da-b87f-235593fc1f28}
Value :
RiverSoftware Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse.1
RiverSoftware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse.1
Value :
RiverSoftware Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse
RiverSoftware Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : x2ff.xbrowse
Value :
Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6ca75bdc-877a-4707-96de-673f499bb92a}
Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{6ca75bdc-877a-4707-96de-673f499bb92a}
Value :
Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e253eab6-0e42-4c53-b74d-f1d3565bd611}
Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e253eab6-0e42-4c53-b74d-f1d3565bd611}
Value :
Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e442547b-7ee6-4163-aa52-5964755ec6b0}
Surfairy Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e442547b-7ee6-4163-aa52-5964755ec6b0}
Value :
Surfairy Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{2d530003-1fb3-4a28-8251-779118473bff}
WurldMedia Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1
WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1
Value :
VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{3fa866ac-40d7-4fe6-babf-78ee854a4325}
VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
Value :
VX2 Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
Value :
AdDestroyer Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\vb and vba program settings\addestroyer
Adtomi Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\adtomi
Adtomi Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\adtomi
Value : version
begin2search Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : ccat
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : ffafid
begin2search Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\_trgen
Value : uiuid
CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar
Value : NumRuns
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg\searchbar
Value : PanelNumber
CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\serg
CoolWebSearch Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\serg
DownloadPlus Object Recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\0x7a69
Ebates MoneyMaker Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1004\software\microsoft\internet explorer\menuext\web savings
Ebates MoneyMaker Object Recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-117609710-796845957-682003330-1005\software\microsoft\internet explorer\menuext\web savings
Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
O
Holystic-Dialer Object
Edited by wysiwyg, 23 April 2005 - 04:47 PM.