Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SERIOUS problems


  • This topic is locked This topic is locked

#1
ShoalBear

ShoalBear

    Member

  • Member
  • PipPipPip
  • 212 posts
;) I inheirited a computer and want to give it to my nephews for their birthday on Friday, but OMG the stuff I got on here! So..here is the log for you WONDERFUL people to analyze for me! ;)

EDITED: Reckon pasting the log would be helpful! :tazz:


Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 18, 2005 7:32:35 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

5-18-2005 7:28:10 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674


5-18-2005 7:28:23 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:37 %
Total physical memory:383728 kb
Available physical memory:139376 kb
Total page file size:927112 kb
Available on page file:738412 kb
Total virtual memory:2097024 kb
Available virtual memory:2039628 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


5-18-2005 7:32:35 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 620
ThreadCreationTime : 5-19-2005 12:36:49 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 696
ThreadCreationTime : 5-19-2005 12:36:51 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 720
ThreadCreationTime : 5-19-2005 12:36:52 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 764
ThreadCreationTime : 5-19-2005 12:36:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 776
ThreadCreationTime : 5-19-2005 12:36:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 920
ThreadCreationTime : 5-19-2005 12:36:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1000
ThreadCreationTime : 5-19-2005 12:36:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1036
ThreadCreationTime : 5-19-2005 12:36:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1084
ThreadCreationTime : 5-19-2005 12:36:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1172
ThreadCreationTime : 5-19-2005 12:36:53 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1336
ThreadCreationTime : 5-19-2005 12:36:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1540
ThreadCreationTime : 5-19-2005 12:36:57 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:13 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1720
ThreadCreationTime : 5-19-2005 12:36:58 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [wscntfy.exe]
ModuleName : C:\WINDOWS\system32\wscntfy.exe
Command Line : C:\WINDOWS\system32\wscntfy.exe
ProcessID : 1892
ThreadCreationTime : 5-19-2005 12:34:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1244
ThreadCreationTime : 5-19-2005 12:34:54 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:16 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 2036
ThreadCreationTime : 5-19-2005 12:34:55 AM
BasePriority : Normal
FileVersion : 3.0.0.2331
ProductVersion : 7.0.0.2331
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:17 [winampa.exe]
ModuleName : C:\Program Files\Winamp\winampa.exe
Command Line : "C:\Program Files\Winamp\winampa.exe"
ProcessID : 1684
ThreadCreationTime : 5-19-2005 12:34:55 AM
BasePriority : Normal


#:18 [rmctrl.exe]
ModuleName : C:\WINDOWS\System32\rmctrl.exe
Command Line : "C:\WINDOWS\System32\rmctrl.exe"
ProcessID : 180
ThreadCreationTime : 5-19-2005 12:34:55 AM
BasePriority : Normal


#:19 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 188
ThreadCreationTime : 5-19-2005 12:34:55 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:20 [nbbszgg.exe]
ModuleName : C:\WINDOWS\system32\nbbszgg.exe
Command Line : "C:\WINDOWS\system32\nbbszgg.exe"
ProcessID : 252
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
Warning! VX2 Object found in memory(C:\WINDOWS\system32\nbbszgg.exe)

VX2 Object Recognized!
Type : Process
Data : nbbszgg.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 2, 17
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

"C:\WINDOWS\system32\nbbszgg.exe"Process terminated successfully
"C:\WINDOWS\system32\nbbszgg.exe"Process terminated successfully

#:21 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" stlb2.dll,DllRunMain
ProcessID : 268
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
Warning! BrowserAid Object found in memory(C:\WINDOWS\system32\stlb2.dll)

BrowserAid Object Recognized!
Type : Process
Data : stlb2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\


"C:\WINDOWS\system32\rundll32.exe"Process terminated successfully

#:22 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" E6F1873B.DLL,D9EBC318C
ProcessID : 276
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:23 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : "C:\WINDOWS\system32\rundll32.exe" D0CE0C16B1,D0CE0C16B1
ProcessID : 284
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:24 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 336
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:25 [w?nword.exe]
ModuleName : C:\WINDOWS\system32\w?nword.exe
Command Line : "C:\WINDOWS\system32\w?nword.exe"
ProcessID : 380
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : w?nword.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\w?nword.exe)

"C:\WINDOWS\system32\w?nword.exe"Process terminated successfully
"C:\WINDOWS\system32\w?nword.exe"Process terminated successfully

#:26 [rare.exe]
ModuleName : C:\Documents and Settings\Justin Timberlake\Application Data\rare.exe
Command Line : "C:\Documents and Settings\Justin Timberlake\Application Data\rare.exe"
ProcessID : 408
ThreadCreationTime : 5-19-2005 12:34:56 AM
BasePriority : Normal


ClickSpring Object Recognized!
Type : Process
Data : rare.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\Documents and Settings\Justin Timberlake\Application Data\


Warning! ClickSpring Object found in memory(C:\Documents and Settings\Justin Timberlake\Application Data\rare.exe)

"C:\Documents and Settings\Justin Timberlake\Application Data\rare.exe"Process terminated successfully
"C:\Documents and Settings\Justin Timberlake\Application Data\rare.exe"Process terminated successfully

#:27 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 3584
ThreadCreationTime : 5-19-2005 12:53:01 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:28 [aoltray.exe]
ModuleName : C:\PROGRA~1\AMERIC~1.0\aoltray.exe
Command Line : "C:\PROGRA~1\AMERIC~1.0\aoltray.exe" -restart
ProcessID : 208
ThreadCreationTime : 5-19-2005 12:54:15 AM
BasePriority : Normal
FileVersion : 9.00.000
ProductVersion : 9.00.000
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2003

#:29 [acsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
ProcessID : 1784
ThreadCreationTime : 5-19-2005 1:19:42 AM
BasePriority : Normal


#:30 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 840
ThreadCreationTime : 5-19-2005 1:27:59 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:31 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3516
ThreadCreationTime : 5-19-2005 1:28:54 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Warning! BrowserAid Object found in memory(C:\WINDOWS\system32\stlb2.dll)

BrowserAid Object Recognized!
Type : Process
Data : stlb2.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



ClickSpring Object Recognized!
Type : Process
Data : omj.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! ClickSpring Object found in memory(C:\WINDOWS\system32\omj.dll)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}
Value :

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer

BlazeFind Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winadtoolsx.installer
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}
Value :

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}
Value : AppID

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}
Value :

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}
Value : AppID

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : uid2

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : Country

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho.1

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho.1
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname.1

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname.1
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693}

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693}
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81eb72d7-3949-450f-b035-de599959814f}

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81eb72d7-3949-450f-b035-de599959814f}
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaticketsinstaller.mediaticketsinstallerctrl.1

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaticketsinstaller.mediaticketsinstallerctrl.1
Value :

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0

ClickSpring Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0
Value :

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{da0882fb-49a3-4a9e-bb09-5e15347b5647}

CometSystems Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{da0882fb-49a3-4a9e-bb09-5e15347b5647}
Value :

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : puk.pukbho

CometSystems Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : puk.pukbho
Value :

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : puk.pukbho.1

CometSystems Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : puk.pukbho.1
Value :

CometSystems Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5d2d50f6-6be2-41a0-b827-1accd3e2e2f7}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.sinkobj
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
Value :

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.bottomframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.leftframe.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupbrowser.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : imitoolbar.popupwindow.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wbho.band.1
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
Value :

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}

ImIServer IEPlugin Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
Value :

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-dd60-0064-6ec2-6e0100000000}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a42c0ef4-1c76-43cc-989f-eadc7e4b755d}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{09049e4f-8d9e-4c8a-a952-5baf1a115c59}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pynixdll.pynixdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\policies\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\avenue media

MediaMotor Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYI2d3OfSInst

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYC2n3trMsgSDisp

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYI2d3OfSDist

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYT2o3pListSPos

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYs2t3icky1S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYs2t3icky2S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYs2t3icky3S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYs2t3icky4S

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYC1o2d3eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYT2i3m4eOfSFinalAd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYD2s3tSSEnd

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PY2N3a4tionSCode

MediaMotor Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-2000478354-436374069-725345543-1004\software\pynix
Value : PYP2D3om

MediaMotor Object Recognized!
Type : RegValue
D

Edited by ShoalBear, 18 May 2005 - 07:43 PM.

  • 0

Advertisements


#2
miles_obrien

miles_obrien

    Member

  • Member
  • PipPip
  • 33 posts
Is this a branded computer like a Dell or Compaq? If so, restore the original system from the branded utility folder, or CD's that may have come with the computer.
This will be easier than spending hours cleaning virus and malware.
Mike
  • 0

#3
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
I don't have the original CDs that came with this.....next suggestion?? ;)

EDITED:

Although the system restore is enabled....would that be of help?? :tazz:

WAIT...you aren't a staff member......

Edited by ShoalBear, 18 May 2005 - 09:12 PM.

  • 0

#4
miles_obrien

miles_obrien

    Member

  • Member
  • PipPip
  • 33 posts
Gosh, no I'm not a staff member Yet I make my living doing computer tech support. Hmmm kinda makes you wonder whether that old adage " It takes all kinds to make this world..." is true or not doesn't it?
Anyway, yes use the system restore point. If it were me, I would go back to the first day, but that's your decision.
Mike
  • 0

#5
ShoalBear

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
Whatever....it is taken care of WITHOUT doing a system restore, guess you better go back to school......
  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

Whatever....it is taken care of WITHOUT doing a system restore, guess you better go back to school......

View Post


This was uncalled for, and rude. The member was only offering advice, which you could have taken with a "no thank you, I'll wait for a Staff Member". I am closing this topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP