Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TrojanProxy.Agent Still Present/Connection Issues


  • Please log in to reply

#1
shelleyldejager

shelleyldejager

    New Member

  • Member
  • Pip
  • 1 posts
I have carefully followed all steps outline in your "ditto" document:

Run:
Cleanup!
Ad-Aware SE
CW Shredder
Spybot S&D
Ewido
Trend Housecall
Hijack This

Loaded:
Windows Updates
Switched to Firefox Browser

Issues:
1. Every time I reboot, Ewido alerts me to the following infection, despite the fact that I tell it to delete:
File: qbkp.dll
Path: C:\\WINNT\System32
Infection: TrojanProxy.Agent.df

2. I now have problems connecting to some sites on the internet - this is both with Firefox and IE. Some sites, such as yours and MS, come up now problem. Others, such at Google and Godaddy (my email site) will not load. I have run WinSockFix.

Here are my Adware, HijackThis and Ewido logs:


Ad-Aware SE Build 1.05
Logfile Created on:Thursday, May 26, 2005 7:27:25 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adintelligence.AproposToolbar(TAC index:5):10 total references
AdRotator(TAC index:6):3 total references
AdShooter(TAC index:6):8 total references
Alexa(TAC index:5):11 total references
BargainBuddy(TAC index:8):70 total references
BookedSpace(TAC index:10):16 total references
BrowserAid(TAC index:6):21 total references
DyFuCA(TAC index:3):32 total references
e2give(TAC index:7):34 total references
Elitum.ElitebarBHO(TAC index:5):39 total references
EzuLa(TAC index:6):204 total references
FizzleBar(TAC index:5):35 total references
Hijacker.TopConverting(TAC index:5):1 total references
IBIS Toolbar(TAC index:5):172 total references
ImIServer IEPlugin(TAC index:5):1 total references
MRU List(TAC index:0):23 total references
PeopleOnPage(TAC index:9):17 total references
Possible Browser Hijack attempt(TAC index:3):15 total references
Prutect(TAC index:8):14 total references
ReplaceSearch.BHO(TAC index:5):14 total references
Softomate Toolbar(TAC index:9):1 total references
Tracking Cookie(TAC index:3):3 total references
Virtumonde(TAC index:10):1 total references
VX2(TAC index:10):7 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560

05-26-2005 7:24:27 PM Performing WebUpdate...

Installing Update...
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
Fingerprints total : 886
Fingerprints size : 30371 Bytes
Target categories : 15
Target families : 679


05-26-2005 7:24:32 PM Success
Update successfully downloaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:252336 kb
Available physical memory:64156 kb
Total page file size:617504 kb
Available on page file:345312 kb
Total virtual memory:2097024 kb
Available virtual memory:2033892 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


05-26-2005 7:27:25 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 676
ThreadCreationTime : 05-27-2005 12:26:01 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 796
ThreadCreationTime : 05-27-2005 12:26:05 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 820
ThreadCreationTime : 05-27-2005 12:26:05 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 864
ThreadCreationTime : 05-27-2005 12:26:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 876
ThreadCreationTime : 05-27-2005 12:26:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 1048
ThreadCreationTime : 05-27-2005 12:26:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 1196
ThreadCreationTime : 05-27-2005 12:26:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k NetworkService
ProcessID : 1304
ThreadCreationTime : 05-27-2005 12:26:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k LocalService
ProcessID : 1352
ThreadCreationTime : 05-27-2005 12:26:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1580
ThreadCreationTime : 05-27-2005 12:26:10 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:11 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1736
ThreadCreationTime : 05-27-2005 12:26:10 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)


#:12 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1820
ThreadCreationTime : 05-27-2005 12:26:11 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 1972
ThreadCreationTime : 05-27-2005 12:26:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 184
ThreadCreationTime : 05-27-2005 12:26:12 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:15 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 236
ThreadCreationTime : 05-27-2005 12:26:12 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 512
ThreadCreationTime : 05-27-2005 12:26:12 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:17 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 544
ThreadCreationTime : 05-27-2005 12:26:13 AM
BasePriority : Normal
FileVersion : 10.00.13
ProductVersion : 10.00.13
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:18 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k imgsvc
ProcessID : 728
ThreadCreationTime : 05-27-2005 12:26:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [gwmdmmsg.exe]
ModuleName : C:\WINNT\GWMDMMSG.exe
Command Line : "C:\WINNT\GWMDMMSG.exe"
ProcessID : 1776
ThreadCreationTime : 05-27-2005 12:26:42 AM
BasePriority : Normal
FileVersion : 3.4.22 08/06/2002 14:26:16
ProductVersion : 3.4.22 08/06/2002 14:26:16
ProductName : GTW Modem Messaging Applet
CompanyName : GTW
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © GTW 1998-2000
OriginalFilename : smdmstat.exe

#:20 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 160
ThreadCreationTime : 05-27-2005 12:26:45 AM
BasePriority : Normal
FileVersion : 6.7.9 05Sep02
ProductVersion : 6.7.9 05Sep02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPLpr.exe

#:21 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 356
ThreadCreationTime : 05-27-2005 12:26:49 AM
BasePriority : Normal
FileVersion : 6.7.9 05Sep02
ProductVersion : 6.7.9 05Sep02
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2002
OriginalFilename : SynTPEnh.exe

#:22 [gwinkmonitor.exe]
ModuleName : C:\Program Files\Gateway Utilities\GWInkMonitor.exe
Command Line : "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
ProcessID : 696
ThreadCreationTime : 05-27-2005 12:26:52 AM
BasePriority : Normal
FileVersion : 1.0.0.21
ProductVersion : 1.0.0.21
ProductName : Gateway Online Ink Purchase Utility
CompanyName : Gateway
FileDescription : Gateway Ink Monitor
LegalCopyright : Copyright © BillP Studios 2000- 2003
Comments : http://www.billp.com

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)

"C:\Program Files\Gateway Utilities\GWInkMonitor.exe"Process terminated successfully

#:23 [directcd.exe]
ModuleName : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 1108
ThreadCreationTime : 05-27-2005 12:26:56 AM
BasePriority : Normal
FileVersion : 5.3.2.35
ProductVersion : 5.3.2.35
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:24 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 460
ThreadCreationTime : 05-27-2005 12:26:57 AM
BasePriority : Normal
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)


#:25 [sm1bg.exe]
ModuleName : C:\WINNT\SM1BG.EXE
Command Line : "C:\WINNT\SM1BG.EXE"
ProcessID : 1388
ThreadCreationTime : 05-27-2005 12:27:02 AM
BasePriority : Normal
FileVersion : 6.01.1000.0
ProductVersion : 6.01.1000.0
ProductName : Cypress USB Mass Storage Adapter
CompanyName : Cypress Semiconductor
FileDescription : Cypress USB Mass Storage Driver Background Application
InternalName : SM1BG.EXE
LegalCopyright : Copyright © 1998-2003 Cypress Semiconductor
OriginalFilename : SM1BG.EXE

#:26 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 1424
ThreadCreationTime : 05-27-2005 12:27:04 AM
BasePriority : Normal


#:27 [ezsp_px.exe]
ModuleName : C:\WINNT\System32\ezSP_Px.exe
Command Line : "C:\WINNT\System32\ezSP_Px.exe"
ProcessID : 1688
ThreadCreationTime : 05-27-2005 12:27:07 AM
BasePriority : Normal


#:28 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 944
ThreadCreationTime : 05-27-2005 12:27:25 AM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:29 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2216
ThreadCreationTime : 05-27-2005 12:27:37 AM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2224
ThreadCreationTime : 05-27-2005 12:27:38 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:31 [cfgbkend.exe]
ModuleName : C:\WINNT\System32\cfgbkend.exe
Command Line : "C:\WINNT\System32\cfgbkend.exe"
ProcessID : 2300
ThreadCreationTime : 05-27-2005 12:27:41 AM
BasePriority : Normal


#:32 [ctfmon.exe]
ModuleName : C:\WINNT\System32\ctfmon.exe
Command Line : "C:\WINNT\System32\ctfmon.exe"
ProcessID : 2312
ThreadCreationTime : 05-27-2005 12:27:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:33 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 2392
ThreadCreationTime : 05-27-2005 12:28:01 AM
BasePriority : Normal
FileVersion : 5.0.0527
ProductVersion : Version 5.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2002
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)


#:34 [wo.exe]
ModuleName : C:\PROGRA~1\Web Offer\wo.exe
Command Line : "C:\PROGRA~1\Web Offer\wo.exe"
ProcessID : 2436
ThreadCreationTime : 05-27-2005 12:28:07 AM
BasePriority : Normal
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOInt
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE

EzuLa Object Recognized!
Type : Process
Data : wo.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : wo Module
CompanyName : EARNSFIWOInt
FileDescription : wo Module
InternalName : wo
LegalCopyright : Copyright 2000
OriginalFilename : wo.EXE

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\wo.exe)

"C:\PROGRA~1\Web Offer\wo.exe"Process terminated successfully
"C:\PROGRA~1\Web Offer\wo.exe"Process terminated successfully

#:35 [wuauclt.exe]
ModuleName : C:\WINNT\System32\wuauclt.exe
Command Line : "C:\WINNT\System32\wuauclt.exe"
ProcessID : 2608
ThreadCreationTime : 05-27-2005 12:28:16 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)


#:36 [sonytray.exe]
ModuleName : C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
Command Line : "C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe"
ProcessID : 2696
ThreadCreationTime : 05-27-2005 12:28:22 AM
BasePriority : Normal


EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)

"C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe"Process terminated successfully

#:37 [hposol08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe"
ProcessID : 2788
ThreadCreationTime : 05-27-2005 12:28:25 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOSOL08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSOL08.EXE
Comments : HP OfficeJet <Solar> Series COM Device Objects

#:38 [hpoevm08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
ProcessID : 3192
ThreadCreationTime : 05-27-2005 12:28:53 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOEVM08.EXE
Comments : HP OfficeJet COM Event Manager

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe"Process terminated successfully

#:39 [hposts08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp officejet 6100 series#1114571024" /Startup
ProcessID : 3424
ThreadCreationTime : 05-27-2005 12:29:03 AM
BasePriority : Normal
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPOSTS08.EXE
Comments : HP OfficeJet Status

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)


#:40 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1336
ThreadCreationTime : 05-27-2005 12:36:56 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

EzuLa Object Recognized!
Type : Process
Data : sepng.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\WEBOFF~1\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : sepng Module
CompanyName : EARNSFIWOInt
FileDescription : sepng Module
InternalName : sepng
LegalCopyright : Copyright 2000
OriginalFilename : sepng.DLL

Warning! EzuLa Object found in memory(C:\PROGRA~1\WEBOFF~1\sepng.dll)


#:41 [cxtpls.exe]
ModuleName : C:\Program Files\CxtPls\CxtPls.exe
Command Line : "C:\Program Files\CxtPls\CxtPls.exe" -Embedding
ProcessID : 3444
ThreadCreationTime : 05-27-2005 12:47:42 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Ads
CompanyName : Apropos Media
FileDescription : Internet Explorer
InternalName : Ads.
LegalCopyright : Copyright © 2003
OriginalFilename : SysAI.exe

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)

"C:\Program Files\CxtPls\CxtPls.exe"Process terminated successfully

#:42 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3948
ThreadCreationTime : 05-27-2005 2:12:03 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

EzuLa Object Recognized!
Type : Process
Data : sepng.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\WEBOFF~1\
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
ProductName : sepng Module
CompanyName : EARNSFIWOInt
FileDescription : sepng Module
InternalName : sepng
LegalCopyright : Copyright 2000
OriginalFilename : sepng.DLL

Warning! EzuLa Object found in memory(C:\PROGRA~1\WEBOFF~1\sepng.dll)


#:43 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" /598853 +483832
ProcessID : 2852
ThreadCreationTime : 05-27-2005 2:24:14 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:44 [hh.exe]
ModuleName : C:\WINNT\hh.exe
Command Line : "C:\WINNT\hh.exe" manual.chm
ProcessID : 3120
ThreadCreationTime : 05-27-2005 2:24:14 AM
BasePriority : Normal
FileVersion : 5.2.3644.0
ProductVersion : 5.2.3644.0
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.4
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

EzuLa Object Recognized!
Type : Process
Data : CHPON.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\PROGRA~1\Web Offer\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
LegalCopyright : Copyright 2000

Warning! EzuLa Object found in memory(C:\PROGRA~1\Web Offer\CHPON.dll)

"C:\WINNT\hh.exe"Process terminated successfully

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}
Value :

Adintelligence.AproposToolbar Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}

Adintelligence.AproposToolbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}
Value :

AdRotator Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}

AdRotator Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{017c20c1-f86f-11d8-9b25-000acd002ae3}
Value :

AdShooter Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c109664b-ceb1-420b-b353-d55a561536dd}

AdShooter Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{c109664b-ceb1-420b-b353-d55a561536dd}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher.1

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher.1
Value :

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :

BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}
Value :

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76a-000000004d00}
Value : AppID

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}
Value :

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{12ee7a5e-0674-42f9-a76b-000000004d00}
Value : AppID

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e004800a-73c6-4587-b855-98d0ce0c16b1}
Value : uid2

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho.1

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarbho.1
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname
Value :

BrowserAid Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname.1

BrowserAid Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : _atl_generated.searchtoolbarname.1
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
Value :

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : dyfuca_bh.bhobj.1

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP