Here is the Scan Logfile from Ad-Aware:
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, August 14, 2005 1:18:30 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R61 10.08.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):53 total references
Other(TAC index:5):3 total references
SahAgent(TAC index:9):3 total references
VX2(TAC index:10):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679
8-14-2005 1:14:24 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R61 10.08.2005
Internal build : 71
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 508229 Bytes
Total size : 1531791 Bytes
Signature data size : 1498915 Bytes
Reference data size : 32364 Bytes
Signatures total : 42681
CSI Fingerprints total : 1003
CSI data size : 35408 Bytes
Target categories : 15
Target families : 729
8-14-2005 1:14:48 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:30 %
Total physical memory:261424 kb
Available physical memory:77368 kb
Total page file size:633132 kb
Available on page file:463460 kb
Total virtual memory:2097024 kb
Available virtual memory:2037480 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-14-2005 1:18:30 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 356
ThreadCreationTime : 8-14-2005 5:45:36 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 404
ThreadCreationTime : 8-14-2005 5:45:37 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 428
ThreadCreationTime : 8-14-2005 5:45:38 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 480
ThreadCreationTime : 8-14-2005 5:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 492
ThreadCreationTime : 8-14-2005 5:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 656
ThreadCreationTime : 8-14-2005 5:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 708
ThreadCreationTime : 8-14-2005 5:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k NetworkService
ProcessID : 900
ThreadCreationTime : 8-14-2005 5:45:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k LocalService
ProcessID : 1036
ThreadCreationTime : 8-14-2005 5:45:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 1168
ThreadCreationTime : 8-14-2005 5:45:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [alg.exe]
ModuleName : C:\WINNT\System32\alg.exe
Command Line : C:\WINNT\System32\alg.exe
ProcessID : 688
ThreadCreationTime : 8-14-2005 5:45:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:12 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 740
ThreadCreationTime : 8-14-2005 5:45:51 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:13 [nvsvc32.exe]
ModuleName : C:\WINNT\System32\nvsvc32.exe
Command Line : C:\WINNT\System32\nvsvc32.exe
ProcessID : 840
ThreadCreationTime : 8-14-2005 5:45:51 PM
BasePriority : Normal
FileVersion : 5.13.01.1520
ProductVersion : 5.13.01.1520
ProductName : NVIDIA Driver Helper Service, Version 15.20
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 15.20
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe
#:14 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k imgsvc
ProcessID : 1412
ThreadCreationTime : 8-14-2005 5:45:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:15 [wkufind.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
ProcessID : 3592
ThreadCreationTime : 8-14-2005 5:48:31 PM
BasePriority : Normal
FileVersion : 6.00.3215.0
ProductVersion : 6.00.3215.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © Microsoft Corporation 1987-2001. All rights reserved.
OriginalFilename : WkUFind.exe
#:16 [motivesb.exe]
ModuleName : C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
Command Line : "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe"
ProcessID : 3688
ThreadCreationTime : 8-14-2005 5:48:36 PM
BasePriority : Normal
FileVersion : 5.6.7.asst_classic.smartbridge.20031210_035000
ProductVersion : 5.6.7.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : SBC Self Support Tool Alerts
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version
#:17 [nslwsock.exe]
ModuleName : C:\WINNT\System32\nslwsock.exe
Command Line : "C:\WINNT\System32\nslwsock.exe"
ProcessID : 3960
ThreadCreationTime : 8-14-2005 5:48:49 PM
BasePriority : Normal
#:18 [hysksj.exe]
ModuleName : C:\WINNT\System32\hysksj.exe
Command Line : C:\WINNT\System32\hysksj.exe qmqwno r
ProcessID : 4056
ThreadCreationTime : 8-14-2005 5:48:52 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 7
ProductVersion : 0, 0, 7, 0
SahAgent Object Recognized!
Type : Process
Data : bbhu6il4.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\WINNT\System32\
FileVersion : 4, 0, 3, 0
ProductVersion : 4, 0, 3, 0
#:19 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 192
ThreadCreationTime : 8-14-2005 5:48:53 PM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:20 [money express.exe]
ModuleName : C:\Program Files\Microsoft Money\System\Money Express.exe
Command Line : "C:\Program Files\Microsoft Money\System\Money Express.exe"
ProcessID : 888
ThreadCreationTime : 8-14-2005 5:48:55 PM
BasePriority : Normal
FileVersion : 10.00.0809
ProductVersion : 10.00.0809
ProductName : Microsoft Money
CompanyName : Microsoft Corporation
FileDescription : Microsoft Money Express
InternalName : MoneyExpress
LegalCopyright : Copyright © Microsoft Corp. 1990-2001. All rights reserved.
OriginalFilename : MoneyExpress.EXE
#:21 [mpbtn.exe]
ModuleName : C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
Command Line : "C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe"
ProcessID : 1860
ThreadCreationTime : 8-14-2005 5:49:19 PM
BasePriority : Normal
#:22 [ymsgr_tray.exe]
ModuleName : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Command Line : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -ymsgr
ProcessID : 2320
ThreadCreationTime : 8-14-2005 5:49:22 PM
BasePriority : Normal
#:23 [wuauclt.exe]
ModuleName : C:\WINNT\System32\wuauclt.exe
Command Line : "C:\WINNT\System32\wuauclt.exe"
ProcessID : 1380
ThreadCreationTime : 8-14-2005 6:01:34 PM
BasePriority : Normal
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:24 [pib.exe]
ModuleName : C:\PROGRA~1\Toolbar\PIB.exe
Command Line : C:\PROGRA~1\Toolbar\PIB.exe
ProcessID : 3716
ThreadCreationTime : 8-14-2005 6:11:06 PM
BasePriority : Normal
FileVersion : 4.0.0.1500
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Plugin Server
LegalCopyright : © WebSearch
OriginalFilename : TBPS.exe
#:25 [tbps.exe]
ModuleName : C:\PROGRA~1\Toolbar\TBPS.exe
Command Line : C:\PROGRA~1\Toolbar\TBPS.exe
ProcessID : 1096
ThreadCreationTime : 8-14-2005 6:11:11 PM
BasePriority : Normal
FileVersion : 4.0.0.1500
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Plugin Server
LegalCopyright : © WebSearch
OriginalFilename : TBPS.exe
#:26 [radio.exe]
ModuleName : c:\PROGRA~1\Toolbar\radio.exe
Command Line : c:\PROGRA~1\Toolbar\radio.exe -Embedding
ProcessID : 2436
ThreadCreationTime : 8-14-2005 6:11:13 PM
BasePriority : Normal
#:27 [aurareco.exe]
ModuleName : C:\DOCUME~1\Owner\LOCALS~1\Temp\NFN\aurareco.exe
Command Line : C:\DOCUME~1\Owner\LOCALS~1\Temp\NFN\aurareco.exe
ProcessID : 1260
ThreadCreationTime : 8-14-2005 6:11:22 PM
BasePriority : Normal
FileVersion : 2, 0, 3, 1
ProductVersion : 2, 0, 3, 1
ProductName : Thinstaller
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2005
OriginalFilename : Thinstaller.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
#:28 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : explorer.exe
ProcessID : 3260
ThreadCreationTime : 8-14-2005 6:11:28 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:29 [ad-aware.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" /598853 +483832
ProcessID : 2044
ThreadCreationTime : 8-14-2005 6:13:46 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{310cc549-4541-46a9-940f-52b342a6e682}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{66c22569-f05c-4a70-a142-763b337e1002}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c380566d-f343-42ab-987b-6b38a1a35747}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d1951679-1d52-43fc-9585-0737143585f5}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f273d4ea-2025-4410-8408-251a0cd46be7}
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\handler\tpro
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\handler\tpro
Value : CLSID
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\name-space handler\res\toolbar.resprotocol
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginconfig
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindown
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugindownadd
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginevents
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.plugininst
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.pluginserver
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tbps.toolbarscript
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbar.resprotocol
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3894602836-1085806099-568186159-1003\software\aurora
Value : AUI3g5noreS
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{339BB23F-A864-48C0-A59F-29EA915965EC}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {339BB23F-A864-48C0-A59F-29EA915965EC}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 58
Objects found so far: 59
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 59
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : A0045129.exe
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP680\
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
SahAgent Object Recognized!
Type : File
Data : bbhu6il4.dll
TAC Rating : 9
Category : Data Miner
Comment :
Object : C:\WINNT\system32\
FileVersion : 4, 0, 3, 0
ProductVersion : 4, 0, 3, 0
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 61
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 61
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : UninstallString
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\ttool_uninstall
Value : DisplayIcon
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\toolbar
Value : AVGSEARCH
IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment : You will need to restart your computer and rescan in order to complete the removal of this item.
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer
Value : ServerProc
IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : TBPS
IBIS Toolbar Object Recognized!
Type : Folder
TAC Rating : 5
Category : Data Miner
Comment : IBIS Toolbar
Object : C:\Program Files\Toolbar
IBIS Toolbar Object Recognized!
Type : File
Data : common.dll
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
FileVersion : 4.0.0.296
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Common Object
LegalCopyright : © WebSearch
OriginalFilename : common.dll
IBIS Toolbar Object Recognized!
Type : File
Data : gykhxlmu.rmr
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : nzqlihv.wzg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : PIB.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
FileVersion : 4.0.0.1500
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Plugin Server
LegalCopyright : © WebSearch
OriginalFilename : TBPS.exe
IBIS Toolbar Object Recognized!
Type : File
Data : radio.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.dat
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
IBIS Toolbar Object Recognized!
Type : File
Data : TBPS.exe
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
FileVersion : 4.0.0.1500
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Plugin Server
LegalCopyright : © WebSearch
OriginalFilename : TBPS.exe
IBIS Toolbar Object Recognized!
Type : File
Data : toolbar.dll
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
FileVersion : 4.0.0.405
ProductName : WebSearch Toolbar
CompanyName : WebSearch
FileDescription : WebSearch Toolbar Browser Object
LegalCopyright : © WebSearch
OriginalFilename : toolbar.dll
IBIS Toolbar Object Recognized!
Type : File
Data : zwipvbh.wzg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\Program Files\toolbar\
VX2 Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe
Other Object Recognized!
Type : File
Data : PIB.EXE-04B1D98F.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINNT\prefetch\
Other Object Recognized!
Type : File
Data : RADIO.EXE-03115944.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINNT\prefetch\
Other Object Recognized!
Type : File
Data : TBPS.EXE-2F0D4C74.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINNT\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 85
1:39:05 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:20:35.391
Objects scanned:98831
Objects identified:87
Objects ignored:0
New critical objects:87
* * * * * * * *
Here is the report from the Ewido Scan:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:38:00 PM, 8/14/2005
+ Report-Checksum: 185D5288
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tpro -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Radio.RadioPlayer\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{37AC49E3-E906-4BD8-AE83-D0F7FB48FD17} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D8BD4DED-5BB2-4D4E-9A6A-F10244FED7D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\toolbar -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\toolbar\Install -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-3894602836-1085806099-568186159-1003\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-3894602836-1085806099-568186159-1003\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-3894602836-1085806099-568186159-1003\Software\toolbar