This is log file:
Ad-Aware SE Build 1.05
Logfile Created on:11. toukokuuta 2005 15:00:51
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):31 total references
BargainBuddy(TAC index:8):92 total references
DyFuCA(TAC index:3):87 total references
Hijacker.TopConverting(TAC index:5):1 total references
istbar.dotcomToolbar(TAC index:5):7 total references
istbar(TAC index:7):32 total references
Possible Browser Hijack attempt(TAC index:3):9 total references
Powerscan(TAC index:5):8 total references
Rads01.Quadrogram(TAC index:6):2 total references
SideFind(TAC index:5):15 total references
Tracking Cookie(TAC index:3):48 total references
ZyncosMark(TAC index:3):11 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:70 %
Total physical memory:523760 kb
Available physical memory:363520 kb
Total page file size:1278004 kb
Available on page file:1124180 kb
Total virtual memory:2097024 kb
Available virtual memory:2043516 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
11.5.2005 15:00:51 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 144
ThreadCreationTime : 11.5.2005 11:47:58
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 11.5.2005 11:48:14
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 11.5.2005 11:48:16
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 11.5.2005 11:48:18
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows® 2000 -käyttöjärjestelmä
CompanyName : Microsoft Corporation
FileDescription : Palvelu- ja ohjainohjelma
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981 - 1999
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 11.5.2005 11:48:18
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows® 2000 -käyttöjärjestelmä
CompanyName : Microsoft Corporation
FileDescription : Paikallisen suojaustoiminnon suoritustiedosto ja palvelimen DLL-tiedosto (vientiversio)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981 - 1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 388
ThreadCreationTime : 11.5.2005 11:48:21
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 440
ThreadCreationTime : 11.5.2005 11:48:22
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:8 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 492
ThreadCreationTime : 11.5.2005 11:48:22
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:9 [servic~1.exe]
ModuleName : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
Command Line : C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
ProcessID : 572
ThreadCreationTime : 11.5.2005 11:48:29
BasePriority : Normal
#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 624
ThreadCreationTime : 11.5.2005 11:48:31
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 648
ThreadCreationTime : 11.5.2005 11:48:31
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Tehtävien ajoitus
CompanyName : Microsoft Corporation
FileDescription : Tehtävien ajoitus -moduuli
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:12 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 772
ThreadCreationTime : 11.5.2005 11:48:37
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : WMI-palvelu (Windows Management Instrumentation)
CompanyName : Microsoft Corporation
FileDescription : WMI-palvelu (Windows Management Instrumentation)
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995 - 1999
#:13 [backweb-7681197.exe]
ModuleName : C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
Command Line : "C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe"
ProcessID : 592
ThreadCreationTime : 11.5.2005 11:48:37
BasePriority : Normal
#:14 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 784
ThreadCreationTime : 11.5.2005 11:48:37
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:15 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1000
ThreadCreationTime : 11.5.2005 11:48:57
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981 - 1999
OriginalFilename : EXPLORER.EXE
#:16 [mixer.exe]
ModuleName : C:\WINNT\Mixer.exe
Command Line : "C:\WINNT\Mixer.exe" /startup
ProcessID : 920
ThreadCreationTime : 11.5.2005 11:49:11
BasePriority : Normal
FileVersion : 1.58
ProductVersion : 1.58
ProductName : Mixer
CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw)
FileDescription : Mixer
InternalName : Mixer
LegalCopyright : Copyright © 1997-2002
LegalTrademarks : NONE
OriginalFilename : Mixer.EXE
Comments : Feng Min-Chih ([email protected])
#:17 [atiptaxx.exe]
ModuleName : C:\WINNT\system32\atiptaxx.exe
Command Line : "C:\WINNT\system32\atiptaxx.exe"
ProcessID : 912
ThreadCreationTime : 11.5.2005 11:49:11
BasePriority : Normal
FileVersion : 6.13.2519
ProductVersion : 6.13.2519
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:18 [datalayer.exe]
ModuleName : C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
Command Line : "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
ProcessID : 876
ThreadCreationTime : 11.5.2005 11:49:12
BasePriority : Normal
FileVersion : 6, 50, 101, 3
ProductVersion : 6, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2005. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe
#:19 [flcss.exe]
ModuleName : C:\WINNT\system32\flcss.exe
Command Line : "C:\WINNT\system32\flcss.exe"
ProcessID : 1124
ThreadCreationTime : 11.5.2005 11:49:12
BasePriority : Normal
FileVersion : 29.06.2001
ProductVersion : 29.06.2001
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corp.
FileDescription : AntiFun
InternalName : FSC
LegalCopyright : Copyright 2001 F-Secure Corp.
OriginalFilename : AntiFun
#:20 [optimize.exe]
ModuleName : C:\Program Files\Internet Optimizer\optimize.exe
Command Line : "C:\Program Files\Internet Optimizer\optimize.exe"
ProcessID : 1144
ThreadCreationTime : 11.5.2005 11:49:13
BasePriority : Normal
Warning! DyFuCA Object found in memory(C:\Program Files\Internet Optimizer\optimize.exe)
DyFuCA Object Recognized!
Type : Process
Data : optimize.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Optimizer\
Warning! "C:\Program Files\Internet Optimizer\optimize.exe"Process could not be terminated!
"C:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully
#:21 [sais.exe]
ModuleName : C:\program files\180solutions\sais.exe
Command Line : "C:\program files\180solutions\sais.exe"
ProcessID : 1148
ThreadCreationTime : 11.5.2005 11:49:14
BasePriority : Normal
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Warning! 180Solutions Object found in memory(C:\program files\180solutions\sais.exe)
180Solutions Object Recognized!
Type : Process
Data : sais.exe
Category : Data Miner
Comment :
Object : C:\program files\180solutions\
FileVersion : 5, 15, 0, 15
ProductVersion : 5, 15, 0, 15
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Warning! "C:\program files\180solutions\sais.exe"Process could not be terminated!
"C:\program files\180solutions\sais.exe"Process terminated successfully
#:22 [bargains.exe]
ModuleName : C:\Program Files\BullsEye Network\bin\bargains.exe
Command Line : "C:\Program Files\BullsEye Network\bin\bargains.exe"
ProcessID : 1164
ThreadCreationTime : 11.5.2005 11:49:15
BasePriority : Normal
FileVersion : 8, 0, 3, 6
ProductVersion : 8, 0, 3, 6
ProductName : BargainsBuddy ADP Module
CompanyName : eXact Advertising
FileDescription : bargains
InternalName : ADP
LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved.
OriginalFilename : bargains.exe
#:23 [time.exe]
ModuleName : C:\Program Files\Time Sync\time.exe
Command Line : "C:\Program Files\Time Sync\time.exe"
ProcessID : 1180
ThreadCreationTime : 11.5.2005 11:49:16
BasePriority : Normal
#:24 [internat.exe]
ModuleName : C:\WINNT\system32\internat.exe
Command Line : "C:\WINNT\system32\internat.exe"
ProcessID : 1220
ThreadCreationTime : 11.5.2005 11:49:17
BasePriority : Normal
FileVersion : 5.00.2920.0000
ProductVersion : 5.00.2920.0000
ProductName : Microsoft® Windows® 2000 -käyttöjärjestelmä
CompanyName : Microsoft Corporation
FileDescription : Näppäimistön kielen ilmaisinsovellus
InternalName : INTERNAT
LegalCopyright : Copyright © Microsoft Corp. 1994 - 1999
OriginalFilename : INTERNAT.EXE
#:25 [wp.exe]
ModuleName : C:\wp.exe
Command Line : "C:\wp.exe"
ProcessID : 1232
ThreadCreationTime : 11.5.2005 11:49:17
BasePriority : Normal
#:26 [fsscrctl.exe]
ModuleName : C:\WINNT\FSScrCtl.exe
Command Line : "C:\WINNT\FSScrCtl.exe"
ProcessID : 668
ThreadCreationTime : 11.5.2005 11:49:35
BasePriority : Normal
FileVersion : 2, 1, 0, 46
ProductVersion : 2, 1, 0, 46
ProductName : Stardust Screen Saver Toolkit 2.1
CompanyName : Stardust Software
FileDescription : Screen Saver Control applet
InternalName : FSScrCtl
LegalCopyright : Copyright © 1998-1999 Stardust Software.
LegalTrademarks : Stardust and Screen Saver Toolkit are trademarks of Stardust Software.
OriginalFilename : FSSCRCTL.EXE
Comments : www.stardustsoftware.com
#:27 [servic~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
Command Line : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE -Embedding
ProcessID : 336
ThreadCreationTime : 11.5.2005 11:49:38
BasePriority : Normal
FileVersion : 6, 50, 28, 2
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2005 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe
#:28 [x_server.exe]
ModuleName : C:\X_Net\System\X_Server.exe
Command Line : X_Server.exe
ProcessID : 1296
ThreadCreationTime : 11.5.2005 11:49:46
BasePriority : Normal
FileVersion : 4, 8, 0, 1
ProductVersion : 4, 8, 0, 1
ProductName : X-Cam Dnc Communications Server Application
CompanyName : Pathtrace A/S, Denmark
FileDescription : X-Cam Dnc Server
InternalName : COMMSERVER
LegalCopyright : Copyright © 1997 by Pathtrace A/S, Denmark
OriginalFilename : X_SERVER.EXE
#:29 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 820
ThreadCreationTime : 11.5.2005 11:50:09
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® -käyttöjärjestelmä
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Warning! DyFuCA Object found in memory(C:\WINNT\nem220.dll)
DyFuCA Object Recognized!
Type : Process
Data : nem220.dll
Category : Malware
Comment :
Object : C:\WINNT\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL
#:30 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 1508
ThreadCreationTime : 11.5.2005 11:50:13
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® -käyttöjärjestelmä
CompanyName : Microsoft Corporation
FileDescription : Microsoft Updaten AutoUpdate-asiakas
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Kaikki oikeudet pidätetään.
OriginalFilename : wuauclt.exe
#:31 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1348
ThreadCreationTime : 11.5.2005 11:57:45
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 3
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
Hijacker.TopConverting Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}
istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}
istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}
Value :
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
Value :
istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istbar.barobj
istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istbar.barobj
Value :
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
SideFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}
Value :
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag.1
ZyncosMark Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag.1
Value :
ZyncosMark Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\ist
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\ist
Value : InstallDate
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\ist
Value : account_id
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\ist
Value : config
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\ist
Value : NeverISTsvc
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\policies\avenue media
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MainDir
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : Binary
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SoftwareUpdateQueryUrl
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPath
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SliderLegalText
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ServerPort
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UpdateQueryFailedDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : BuildNumber
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : AdvDelaySec
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TrackingFileFlag
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : RestartADPDuration
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TimeOutInterval
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : FirstHit
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : PartnerID
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : SystemInstallTime
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : TempUniqueKey
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : UniqueKey
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : IdleMinutesThreshold
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinMinutesBetweenTwoADs
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDomainCap
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MinCountOfUrlsBetweenTwoADs
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : MaxDailyCapPerUSer
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ConfigVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : ADDataVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastQueryTime
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bargains
Value : LastADPRestart
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :
BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayName
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : UninstallString
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : Publisher
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : URLInfoAbout
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayVersion
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : DisplayIcon
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoModify
BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy
Value : NoRepair
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8}
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\DyFuCA
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayIcon
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : DisplayName
DyFuCA Object Recognized!
Type : RegValue
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer
Value : UninstallString
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\policies\avenue media
DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : last_conn_h
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : last_conn_l
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : we
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : cdata
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : TimeOffset
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : action_url_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : action_url_last_chunk
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : action_url_last_full_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : key_file
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : kw_last_chunk
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : geourl_last_full_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : geourl_current_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value : actionurl_last_full_version
DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-651377827-682003330-1141\software\sais
Value
Edited by aave, 11 May 2005 - 06:53 AM.