Oz Belle
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, 8 May 2005 12:47:26 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):25 total references
istbar(TAC index:7):11 total references
MRU List(TAC index:0):42 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
SideFind(TAC index:5):2 total references
Tracking Cookie(TAC index:3):8 total references
WhenU(TAC index:3):7 total references
YourSiteBar(TAC index:6):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
8-05-2005 12:36:51 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
8-05-2005 12:37:07 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:523632 kb
Available physical memory:243704 kb
Total page file size:1280672 kb
Available on page file:1057296 kb
Total virtual memory:2097024 kb
Available virtual memory:2043744 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-05-2005 12:47:26 AM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 636
ThreadCreationTime : 7-05-2005 7:56:02 AM
BasePriority : Normal
#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 788
ThreadCreationTime : 7-05-2005 7:56:06 AM
BasePriority : High
#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 836
ThreadCreationTime : 7-05-2005 7:56:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 848
ThreadCreationTime : 7-05-2005 7:56:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1024
ThreadCreationTime : 7-05-2005 7:56:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1100
ThreadCreationTime : 7-05-2005 7:56:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1524
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:8 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1548
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:9 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : n/a
ProcessID : 1556
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:10 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1584
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 292
ThreadCreationTime : 7-05-2005 7:56:18 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : Normal
#:13 [crypserv.exe]
ModuleName : C:\WINDOWS\system32\crypserv.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths
#:14 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : n/a
ProcessID : 536
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : Normal
FileVersion : 1.1.4700.0
ProductVersion : 4.3.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe
#:15 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 616
ThreadCreationTime : 7-05-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:16 [nprotect.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Command Line : n/a
ProcessID : 680
ThreadCreationTime : 7-05-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE
#:17 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : n/a
ProcessID : 1448
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal
#:18 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Command Line : n/a
ProcessID : 1752
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll
#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1816
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 184
ThreadCreationTime : 7-05-2005 7:56:26 AM
BasePriority : Normal
FileVersion : 6.14.10.4000
ProductVersion : 6.14.10.4000
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:21 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2000
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:22 [lvcomsx.exe]
ModuleName : C:\WINDOWS\System32\LVCOMSX.EXE
Command Line : "C:\WINDOWS\System32\LVCOMSX.EXE"
ProcessID : 280
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:23 [readnotify.exe]
ModuleName : C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
Command Line : "C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe"
ProcessID : 336
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
#:24 [rn.exe]
ModuleName : C:\Program Files\RNmail\rn.exe
Command Line : "C:\Program Files\RNmail\rn.exe" /path "C:\Program Files\RNmail"
ProcessID : 1308
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
#:25 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 1244
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
#:26 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 400
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:27 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 3\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
ProcessID : 556
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 600
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:29 [hpztsb10.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 608
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004
#:30 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 216
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
#:31 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 696
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
FileVersion : 3, 0, 38, 1
ProductVersion : 3, 0, 38, 1
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:32 [time.exe]
ModuleName : C:\Program Files\Time Sync\time.exe
Command Line : "C:\Program Files\Time Sync\time.exe"
ProcessID : 1016
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
#:33 [jkaiat.exe]
ModuleName : C:\Program Files\Mffbgi\Jkaiat.exe
Command Line : "C:\Program Files\Mffbgi\Jkaiat.exe"
ProcessID : 1060
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
#:34 [neehkl.exe]
ModuleName : C:\WINDOWS\neehkl.exe
Command Line : "C:\WINDOWS\neehkl.exe"
ProcessID : 1096
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
#:35 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\istsvc.exe
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 1748
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
istbar Object Recognized!
Type : Process
Data : istsvc.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\ISTsvc\
Warning! istbar Object found in memory(C:\Program Files\ISTsvc\istsvc.exe)
"C:\Program Files\ISTsvc\istsvc.exe"Process terminated successfully
"C:\Program Files\ISTsvc\istsvc.exe"Process terminated successfully
#:36 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 2312
ThreadCreationTime : 7-05-2005 7:56:36 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2812
ThreadCreationTime : 7-05-2005 2:36:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-1563985344-854245398-1003\software\ist
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-1563985344-854245398-1003\software\ist
Value : Recover
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 30
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : yeak.net
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : yeak.net\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yeak.net\www
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : yeak.net\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yeak.net\www
Value : *
Trusted zone presumably compromised : master69.biz
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : master69.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz\www
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : master69.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz\www
Value : *
Trusted zone presumably compromised : sgrunt.biz
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : sgrunt.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\www
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : sgrunt.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\www
Value : *
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 36
MRU List Object Recognized!
Location: : C:\Documents and Settings\Colleen\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Colleen\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 7\general
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\excel\recent templates
Description : list of recent templates used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/cgi-bin
Expires : 5-05-2015 11:57:46 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@zedo[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 2-05-2015 4:24:24 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 7-05-2007 11:50:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@versiontracker[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-05-2007 11:24:46 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 7-05-2006 8:31:10 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/HTM/791/0
Expires : 4-05-2006 4:14:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@2o7[2].txt
Category : Data Miner
Comment : Hits:42
Value : Cookie:[email protected]/
Expires : 4-05-2010 11:21:12 PM
LastSync : Hits:42
UseCount : 0
Hits : 42
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-01-2038 10:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 86
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SideFind Object Recognized!
Type : File
Data : sidefind.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Colleen\Local Settings\Temp\
istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Colleen\Local Settings\Temp\temp.frCABF\
WhenU Object Recognized!
Type : File
Data : A0002648.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP10\
FileVersion : 1, 0, 1, 5
ProductVersion : 1, 0, 1, 5
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe
WhenU Object Recognized!
Type : File
Data : A0002710.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 1, 5
ProductVersion : 1, 0, 1, 5
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe
WhenU Object Recognized!
Type : File
Data : A0002714.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe
WhenU Object Recognized!
Type : File
Data : A0002715.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 1, 62
ProductVersion : 1, 0, 1, 62
ProductName : ClockSync
FileDescription : ClockSync
InternalName : TEST1
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : ClockSync.exe
WhenU Object Recognized!
Type : File
Data : A0002717.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ClockSync Uninstall
FileDescription : ClockSync Uninstall Program
InternalName : ClockSync Uninstall Program
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : Uninst.exe
WhenU Object Recognized!
Type : File
Data : A0002777.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP15\
FileVersion : 2, 2, 3, 14
ProductVersion : 2, 2, 3, 14
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe
WhenU Object Recognized!
Type : File
Data : A0002778.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP15\
FileVersion : 2, 2, 3, 14
ProductVersion : 2, 2, 3, 14
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe
SideFind Object Recognized!
Type : File
Data : A0001044.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP2\
YourSiteBar Object Recognized!
Type : File
Data : A0002394.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP7\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll
istbar Object Recognized!
Type : File
Data : A0002401.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP7\
istbar Object Recognized!
Type : File
Data : A0002561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP8\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 99
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 99
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc
istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\rotue
YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : Recover
YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar
Value : Locked
YourSiteBar Object Reco