Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

master69


  • Please log in to reply

#1
oz_belle

oz_belle

    New Member

  • Member
  • Pip
  • 1 posts
I have a browser hijacker and [bleep] popup on my laptop , it is really horrible , I also have random popups coming in although i use a the google popup protector , any help would be appreciated , i hope i am putting this in the right forum and that i am doing it correctly ....
Oz Belle

Ad-Aware SE Build 1.05
Logfile Created on:Sunday, 8 May 2005 12:47:26 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
DyFuCA(TAC index:3):25 total references
istbar(TAC index:7):11 total references
MRU List(TAC index:0):42 total references
Other(TAC index:5):2 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
SideFind(TAC index:5):2 total references
Tracking Cookie(TAC index:3):8 total references
WhenU(TAC index:3):7 total references
YourSiteBar(TAC index:6):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650

8-05-2005 12:36:51 AM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


8-05-2005 12:37:07 AM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:47 %
Total physical memory:523632 kb
Available physical memory:243704 kb
Total page file size:1280672 kb
Available on page file:1057296 kb
Total virtual memory:2097024 kb
Available virtual memory:2043744 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-05-2005 12:47:26 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 636
ThreadCreationTime : 7-05-2005 7:56:02 AM
BasePriority : Normal


#:2 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : n/a
ProcessID : 788
ThreadCreationTime : 7-05-2005 7:56:06 AM
BasePriority : High


#:3 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : n/a
ProcessID : 836
ThreadCreationTime : 7-05-2005 7:56:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : n/a
ProcessID : 848
ThreadCreationTime : 7-05-2005 7:56:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : n/a
ProcessID : 1024
ThreadCreationTime : 7-05-2005 7:56:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1100
ThreadCreationTime : 7-05-2005 7:56:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [lexbces.exe]
ModuleName : C:\WINDOWS\system32\LEXBCES.EXE
Command Line : n/a
ProcessID : 1524
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:8 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : n/a
ProcessID : 1548
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:9 [lexpps.exe]
ModuleName : C:\WINDOWS\system32\LEXPPS.EXE
Command Line : n/a
ProcessID : 1556
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 8.29
ProductVersion : 8.29
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:10 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : n/a
ProcessID : 1584
ThreadCreationTime : 7-05-2005 7:56:12 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 292
ThreadCreationTime : 7-05-2005 7:56:18 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : Normal


#:13 [crypserv.exe]
ModuleName : C:\WINDOWS\system32\crypserv.exe
Command Line : n/a
ProcessID : 500
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : High
FileVersion : 5.4.0
ProductVersion : 5.4
ProductName : CrypKey Software Licensing System
CompanyName : Kenonic Controls Ltd.
FileDescription : CrypKey NT Service
InternalName : crypserv
LegalCopyright : Copyright © 2000
LegalTrademarks : CrypKey
OriginalFilename : crypserv.exe
Comments : Operates in all directories, not just configured ones. Directory configuration only used for fille clean up and uninstall. 0/3 fixed problem with other partitions. 0/6 fixed problem with short paths

#:14 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : n/a
ProcessID : 536
ThreadCreationTime : 7-05-2005 7:56:19 AM
BasePriority : Normal
FileVersion : 1.1.4700.0
ProductVersion : 4.3.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe

#:15 [navapsvc.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
Command Line : n/a
ProcessID : 616
ThreadCreationTime : 7-05-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [nprotect.exe]
ModuleName : C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Command Line : n/a
ProcessID : 680
ThreadCreationTime : 7-05-2005 7:56:20 AM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:17 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : n/a
ProcessID : 1448
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal


#:18 [nopdb.exe]
ModuleName : C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Command Line : n/a
ProcessID : 1752
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:19 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : n/a
ProcessID : 1816
ThreadCreationTime : 7-05-2005 7:56:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 184
ThreadCreationTime : 7-05-2005 7:56:26 AM
BasePriority : Normal
FileVersion : 6.14.10.4000
ProductVersion : 6.14.10.4000
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:21 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2000
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:22 [lvcomsx.exe]
ModuleName : C:\WINDOWS\System32\LVCOMSX.EXE
Command Line : "C:\WINDOWS\System32\LVCOMSX.EXE"
ProcessID : 280
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe

#:23 [readnotify.exe]
ModuleName : C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe
Command Line : "C:\Program Files\ActiveTracker 2.0 for Outlook Express\ReadNotify.exe"
ProcessID : 336
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal


#:24 [rn.exe]
ModuleName : C:\Program Files\RNmail\rn.exe
Command Line : "C:\Program Files\RNmail\rn.exe" /path "C:\Program Files\RNmail"
ProcessID : 1308
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal


#:25 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
ProcessID : 1244
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal


#:26 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 400
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:27 [msgplus.exe]
ModuleName : C:\Program Files\Messenger Plus! 3\MsgPlus.exe
Command Line : "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
ProcessID : 556
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal


#:28 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 600
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [hpztsb10.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 608
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004

#:30 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 216
ThreadCreationTime : 7-05-2005 7:56:27 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe

#:31 [hpwuschd2.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
ProcessID : 696
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal
FileVersion : 3, 0, 38, 1
ProductVersion : 3, 0, 38, 1
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:32 [time.exe]
ModuleName : C:\Program Files\Time Sync\time.exe
Command Line : "C:\Program Files\Time Sync\time.exe"
ProcessID : 1016
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal


#:33 [jkaiat.exe]
ModuleName : C:\Program Files\Mffbgi\Jkaiat.exe
Command Line : "C:\Program Files\Mffbgi\Jkaiat.exe"
ProcessID : 1060
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal


#:34 [neehkl.exe]
ModuleName : C:\WINDOWS\neehkl.exe
Command Line : "C:\WINDOWS\neehkl.exe"
ProcessID : 1096
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal


#:35 [istsvc.exe]
ModuleName : C:\Program Files\ISTsvc\istsvc.exe
Command Line : "C:\Program Files\ISTsvc\istsvc.exe"
ProcessID : 1748
ThreadCreationTime : 7-05-2005 7:56:28 AM
BasePriority : Normal


istbar Object Recognized!
Type : Process
Data : istsvc.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Program Files\ISTsvc\


Warning! istbar Object found in memory(C:\Program Files\ISTsvc\istsvc.exe)

"C:\Program Files\ISTsvc\istsvc.exe"Process terminated successfully
"C:\Program Files\ISTsvc\istsvc.exe"Process terminated successfully

#:36 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 2312
ThreadCreationTime : 7-05-2005 7:56:36 AM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2812
ThreadCreationTime : 7-05-2005 2:36:04 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-1563985344-854245398-1003\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-299502267-1563985344-854245398-1003\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : DisplayName

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : yeak.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : yeak.net\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yeak.net\www

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : yeak.net\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yeak.net\www
Value : *
Trusted zone presumably compromised : master69.biz

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : master69.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz\www

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : master69.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\master69.biz\www
Value : *
Trusted zone presumably compromised : sgrunt.biz

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : sgrunt.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\www

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
Category : Vulnerability
Comment : Trusted zone presumably compromised : sgrunt.biz\www
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sgrunt.biz\www
Value : *

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 36

MRU List Object Recognized!
Location: : C:\Documents and Settings\Colleen\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Colleen\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 7\general
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 7\recent file list
Description : list of recently used files in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\jasc\paint shop pro 8\recent file list
Description : list of recently used files in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\excel\recent templates
Description : list of recent templates used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-299502267-1563985344-854245398-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:colleen@imrworldwide.com/cgi-bin
Expires : 5-05-2015 11:57:46 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@zedo[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:colleen@zedo.com/
Expires : 2-05-2015 4:24:24 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:colleen@fastclick.net/
Expires : 7-05-2007 11:50:04 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@versiontracker[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:colleen@versiontracker.com/
Expires : 4-05-2007 11:24:46 AM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@server.iad.liveperson[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:colleen@server.iad.liveperson.net/
Expires : 7-05-2006 8:31:10 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@0[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:colleen@jmbi24.cjt1.net/HTM/791/0
Expires : 4-05-2006 4:14:56 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@2o7[2].txt
Category : Data Miner
Comment : Hits:42
Value : Cookie:colleen@2o7.net/
Expires : 4-05-2010 11:21:12 PM
LastSync : Hits:42
UseCount : 0
Hits : 42

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : colleen@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:colleen@tribalfusion.com/
Expires : 1-01-2038 10:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 86



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SideFind Object Recognized!
Type : File
Data : sidefind.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Colleen\Local Settings\Temp\



istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Colleen\Local Settings\Temp\temp.frCABF\



WhenU Object Recognized!
Type : File
Data : A0002648.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP10\
FileVersion : 1, 0, 1, 5
ProductVersion : 1, 0, 1, 5
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe


WhenU Object Recognized!
Type : File
Data : A0002710.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 1, 5
ProductVersion : 1, 0, 1, 5
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe


WhenU Object Recognized!
Type : File
Data : A0002714.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : VVSN Module
CompanyName : WhenU.com
FileDescription : VVSN
InternalName : VVSN
LegalCopyright : Copyright 2003
OriginalFilename : VVSN.exe


WhenU Object Recognized!
Type : File
Data : A0002715.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 1, 62
ProductVersion : 1, 0, 1, 62
ProductName : ClockSync
FileDescription : ClockSync
InternalName : TEST1
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : ClockSync.exe


WhenU Object Recognized!
Type : File
Data : A0002717.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP13\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ClockSync Uninstall
FileDescription : ClockSync Uninstall Program
InternalName : ClockSync Uninstall Program
LegalCopyright : Copyright 2003 WhenU, Inc.
OriginalFilename : Uninst.exe


WhenU Object Recognized!
Type : File
Data : A0002777.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP15\
FileVersion : 2, 2, 3, 14
ProductVersion : 2, 2, 3, 14
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe


WhenU Object Recognized!
Type : File
Data : A0002778.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP15\
FileVersion : 2, 2, 3, 14
ProductVersion : 2, 2, 3, 14
ProductName : WhenUSearch
CompanyName : WhenU.com, Inc.
FileDescription : WhenUSearch
InternalName : WhenUSearch
LegalCopyright : Copyright 2001
OriginalFilename : Search.exe


SideFind Object Recognized!
Type : File
Data : A0001044.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP2\



YourSiteBar Object Recognized!
Type : File
Data : A0002394.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP7\
FileVersion : 1, 2, 0, 4
ProductVersion : 1, 2, 0, 4
ProductName : YourSiteBar
FileDescription : YourSiteBar
InternalName : YourSiteBar
LegalCopyright : Copyright 2004
OriginalFilename : ysb.dll


istbar Object Recognized!
Type : File
Data : A0002401.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP7\



istbar Object Recognized!
Type : File
Data : A0002561.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F3DD4083-687E-4A87-A724-CD2EDA7AD8CD}\RP8\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 99


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 99




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Program Files\ISTsvc

istbar Object Recognized!
Type : File
Data : istsvc.exe
Category : Malware
Comment :
Object : C:\Program Files\istsvc\



DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\rotue

YourSiteBar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ist
Value : Recover

YourSiteBar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar
Value : Locked

YourSiteBar Object Reco
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP