Ad-Aware SE Build 1.05 Logfile Created on:den 13 april 2005 14:57:28 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R38 11.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):37 total references AdDestroyer(TAC index:5):17 total references DyFuCA(TAC index:3):72 total references istbar(TAC index:7):31 total references MediaMotor(TAC index:8):5 total references Possible Browser Hijack attempt(TAC index:3):6 total references SahAgent(TAC index:9):17 total references SideFind(TAC index:5):44 total references Tracking Cookie(TAC index:3):5 total references WindUpdates(TAC index:8):1 total references VirtualBouncer(TAC index:5):24 total references YourSiteBar(TAC index:6):14 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2005-04-13 14:57:28 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 460 ThreadCreationTime : 2005-04-13 12:51:21 BasePriority : Normal #:2 [winlogon.exe] FilePath : \??\D:\WINDOWS\system32\ ProcessID : 568 ThreadCreationTime : 2005-04-13 12:51:32 BasePriority : High #:3 [services.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 612 ThreadCreationTime : 2005-04-13 12:51:33 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:4 [lsass.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 624 ThreadCreationTime : 2005-04-13 12:51:33 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:5 [svchost.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 788 ThreadCreationTime : 2005-04-13 12:51:34 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:6 [svchost.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 840 ThreadCreationTime : 2005-04-13 12:51:34 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [spoolsv.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1176 ThreadCreationTime : 2005-04-13 12:51:41 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:8 [cisvc.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1292 ThreadCreationTime : 2005-04-13 12:51:48 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:9 [vsmon.exe] FilePath : D:\WINDOWS\system32\ZoneLabs\ ProcessID : 1360 ThreadCreationTime : 2005-04-13 12:51:48 BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : vsmon.exe #:10 [rundll32.exe] FilePath : D:\WINDOWS\system32\ ProcessID : 1892 ThreadCreationTime : 2005-04-13 12:53:19 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Kör en DLL-fil som ett program InternalName : rundll LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : RUNDLL.EXE Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 "D:\WINDOWS\system32\rundll32.exe"Process terminated successfully #:11 [explorer.exe] FilePath : D:\WINDOWS\ ProcessID : 228 ThreadCreationTime : 2005-04-13 12:53:28 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Utforskaren InternalName : explorer LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : EXPLORER.EXE Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 Warning! DyFuCA Object found in memory(D:\Program\SideFind\sfbho.dll) DyFuCA Object Recognized! Type : Process Data : sfbho.dll Category : Malware Comment : Object : D:\Program\SideFind\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL #:12 [zlclient.exe] FilePath : D:\Program\Zone Labs\ZoneAlarm\ ProcessID : 680 ThreadCreationTime : 2005-04-13 12:54:10 BasePriority : Normal FileVersion : 5.5.062.004 ProductVersion : 5.5.062.004 ProductName : Zone Labs Client CompanyName : Zone Labs Inc. FileDescription : Zone Labs Client InternalName : zlclient LegalCopyright : Copyright © 1998-2004, Zone Labs Inc. OriginalFilename : zlclient.exe Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 #:13 [jusched.exe] FilePath : D:\Program\Java\jre1.5.0_01\bin\ ProcessID : 664 ThreadCreationTime : 2005-04-13 12:54:21 BasePriority : Normal #:14 [istsvc.exe] FilePath : D:\Program\ISTsvc\ ProcessID : 1112 ThreadCreationTime : 2005-04-13 12:54:22 BasePriority : Normal Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 "D:\Program\ISTsvc\istsvc.exe"Process terminated successfully #:15 [reqeei.exe] FilePath : D:\WINDOWS\ ProcessID : 1124 ThreadCreationTime : 2005-04-13 12:54:23 BasePriority : Normal Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 "D:\WINDOWS\reqeei.exe"Process terminated successfully #:16 [salm.exe] FilePath : D:\temp\ ProcessID : 1144 ThreadCreationTime : 2005-04-13 12:54:25 BasePriority : Normal FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. Warning! 180Solutions Object found in memory(D:\temp\salm.exe) 180Solutions Object Recognized! Type : Process Data : salm.exe Category : Data Miner Comment : Object : D:\temp\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. Warning! "D:\temp\salm.exe"Process could not be terminated! Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 Warning! "D:\temp\salm.exe"Process could not be terminated! #:17 [optimize.exe] FilePath : D:\Program Files\Internet Optimizer\ ProcessID : 1204 ThreadCreationTime : 2005-04-13 12:54:26 BasePriority : Normal DyFuCA Object Recognized! Type : Process Data : optimize.exe Category : Malware Comment : (CSI MATCH) Object : D:\Program Files\Internet Optimizer\ Warning! DyFuCA Object found in memory(D:\Program Files\Internet Optimizer\optimize.exe) "D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully "D:\Program Files\Internet Optimizer\optimize.exe"Process terminated successfully #:18 [abasa5jrp.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 348 ThreadCreationTime : 2005-04-13 12:54:27 BasePriority : Normal FileVersion : 4, 0, 0, 4 ProductVersion : 4, 0, 0, 4 SahAgent Object Recognized! Type : Process Data : abasa5jrp.exe Category : Data Miner Comment : (CSI MATCH) Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 4 ProductVersion : 4, 0, 0, 4 Warning! SahAgent Object found in memory(D:\WINDOWS\System32\abasa5jrp.exe) "D:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully "D:\WINDOWS\System32\abasa5jrp.exe"Process terminated successfully #:19 [virtualbouncer.exe] FilePath : D:\Program\VBouncer\ ProcessID : 1272 ThreadCreationTime : 2005-04-13 12:54:28 BasePriority : Normal FileVersion : 0.00.0102 ProductVersion : 0.00.0102 ProductName : Virtual Bouncer CompanyName : Spyware Labs InternalName : VirtualBouncer OriginalFilename : VirtualBouncer.exe Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 #:20 [addestroyer.exe] FilePath : D:\Program\AdDestroyer\ ProcessID : 1108 ThreadCreationTime : 2005-04-13 12:54:37 BasePriority : Normal FileVersion : 0.00.0107 ProductVersion : 0.00.0107 ProductName : AdDestroyer CompanyName : Spyware Labs InternalName : AdDestroyer OriginalFilename : AdDestroyer.exe Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 #:21 [taskmgr.exe] FilePath : D:\WINDOWS\System32\ ProcessID : 1940 ThreadCreationTime : 2005-04-13 12:55:26 BasePriority : High FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aktivitetshanteraren InternalName : taskmgr LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : taskmgr.exe #:22 [ad-aware.exe] FilePath : D:\Program\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1196 ThreadCreationTime : 2005-04-13 12:56:40 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Warning! SahAgent Object found in memory(D:\WINDOWS\System32\qh4mkbv9.dll) SahAgent Object Recognized! Type : Process Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\System32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 13 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ysb.ysbobj.1 istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ysb.ysbobj.1 Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ysb.ysbobj istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ysb.ysbobj Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} Value : SahAgent Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8} SahAgent Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8} Value : SahAgent Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc} SahAgent Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper.1 SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : browserhelperobject.bahelper.1 Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder.1 SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : sidefind.finder.1 Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da} AdDestroyer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\vb and vba program settings\addestroyer DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\ist DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\ist Value : InstallDate DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\ist Value : account_id DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\ist Value : config DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\ist Value : Recover DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\policies\avenue media VirtualBouncer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\vb and vba program settings\vbouncer AdDestroyer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer AdDestroyer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer Value : SlowInfoCache AdDestroyer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\app management\arpcache\addestroyer Value : Changed AdDestroyer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\addestroyer AdDestroyer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\addestroyer Value : DisplayName AdDestroyer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\addestroyer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\dyfuca DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayIcon DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_name DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_url DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : ui DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_initial_delay DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_day_limit DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_version DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_count DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : account_id DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : app_date DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : popup_last DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : update_last DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_interval DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\istsvc Value : config_last istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : DisplayName istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : UninstallString istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\istsvc Value : NoModify SahAgent Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winsock2\layered provider sample SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : Default Visible SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : ButtonText SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : HotIcon SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : Icon SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : CLSID SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} Value : BandCLSID SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind Value : webautosearch SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\sidefind Value : shoppingautosearch SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind Value : DisplayName SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sidefind Value : UninstallString SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : account_id SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathBHO SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathDLL SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathXML SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : PathEXE SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : InstallDate SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : SearchSite SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : update SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : ver SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\sidefind Value : IntervalBetweenShows VirtualBouncer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer VirtualBouncer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer Value : DisplayName VirtualBouncer Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\virtual bouncer Value : UninstallString YourSiteBar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar\historyfiles YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar\historyfiles Value : D:\Program\YOURSI~1\yoursitebar.xml YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar\historyfiles Value : D:\Program\YOURSI~1\imagemap_normal.bmp YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar\historyfiles Value : D:\Program\YOURSI~1\version.txt istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}" Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-688789844-1343024091-1004\software\microsoft\internet explorer\toolbar\webbrowser Value : {86227D9C-0EFE-4f8a-AA55-30386A3F5686} 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "partner_id" Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : partner_id DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : "Internet Optimizer" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Internet Optimizer istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : "gUpdate" Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : gUpdate istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : "IST Service" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : IST Service istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : "{86227D9C-0EFE-4f8a-AA55-30386A3F5686}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {86227D9C-0EFE-4f8a-AA55-30386A3F5686} VirtualBouncer Object Recognized! Type : RegValue Data : .redearthsystems.com Category : Malware Comment : "RURL" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\cryptography\services Value : RURL VirtualBouncer Object Recognized! Type : RegValue Data : 100 Category : Malware Comment : "DistID" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\cryptography\services Value : DistID VirtualBouncer Object Recognized! Type : RegValue Data : spywarelabs.com Category : Malware Comment : "CURL" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\cryptography\services Value : CURL VirtualBouncer Object Recognized! Type : RegValue Data : spywarelabs.com Category : Malware Comment : "DURL" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\cryptography\services Value : DURL Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 134 Objects found so far: 147 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Value : DisplayName Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Value : UninstallString Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar "http://www.ysbweb.com" Category : Malware Comment : (http://www.ysbweb.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Value : HelpLink 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "salm" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : salm 180Solutions Object Recognized! Type : File Data : salm.exe Category : Data Miner Comment : Object : d:\temp\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "uxwjal" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : uxwjal 180Solutions Object Recognized! Type : File Data : uxwjal.exe Category : Data Miner Comment : Object : d:\windows\ Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 157 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@0[2].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@j.2004cms.com/HTM/587/0 Expires : 2006-04-13 13:40:50 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@0[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@jinternetoptimizer.cjt1.net/HTM/587/0 Expires : 2006-04-13 13:40:42 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@www.shopathomeselect[2].txt Category : Data Miner Comment : Hits:11 Value : Cookie:radmin@www.shopathomeselect.com/ Expires : 2100-01-01 02:00:00 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@revenue[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@revenue.net/ Expires : 2022-06-10 07:05:42 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : radmin@atdmt[1].txt Category : Data Miner Comment : Hits:1 Value : Cookie:radmin@atdmt.com/ Expires : 2010-04-12 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 162 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 162 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DyFuCA Object Recognized! Type : File Data : nem220[1].dll Category : Malware Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\KT1VVS5O\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL DyFuCA Object Recognized! Type : File Data : sidefind13[1].dll Category : Malware Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\KT1VVS5O\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL 180Solutions Object Recognized! Type : File Data : ncase_new[1].exe Category : Data Miner Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\RKT4ONF4\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. DyFuCA Object Recognized! Type : File Data : sfbho13[1].dll Category : Malware Comment : Object : D:\Documents and Settings\radmin\Temporary Internet Files\Content.IE5\RKT4ONF4\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL 180Solutions Object Recognized! Type : File Data : sais.exe Category : Data Miner Comment : Object : D:\Program\180Solutions\ FileVersion : 5, 12, 0, 13 ProductVersion : 5, 12, 0, 13 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. DyFuCA Object Recognized! Type : File Data : sfbho.dll Category : Malware Comment : Object : D:\Program\SideFind\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : BrowserHelperObject Module FileDescription : BrowserHelperObject Module InternalName : BrowserHelperObject LegalCopyright : Copyright 2003 OriginalFilename : BrowserHelperObject.DLL DyFuCA Object Recognized! Type : File Data : sidefind.dll Category : Malware Comment : Object : D:\Program\SideFind\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : SideFind Module CompanyName : IST FileDescription : SideFind Module InternalName : SideFind LegalCopyright : Copyright 2004 OriginalFilename : SideFind.DLL MediaMotor Object Recognized! Type : File Data : A0025914.exe Category : Malware Comment : Object : D:\System Volume Information\_restore{2DA93368-2B58-43CF-9E0D-377A873AAC52}\RP42\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : df InternalName : 63mm OriginalFilename : 63mm.exe MediaMotor Object Recognized! Type : File Data : A0025915.exe Category : Malware Comment : Object : D:\System Volume Information\_restore{2DA93368-2B58-43CF-9E0D-377A873AAC52}\RP42\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : df InternalName : 63mm OriginalFilename : 63mm.exe 180Solutions Object Recognized! Type : File Data : salm.exe Category : Data Miner Comment : Object : D:\temp\FLEOK\ FileVersion : 5, 15, 0, 15 ProductVersion : 5, 15, 0, 15 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2004, 180solutions Inc. SahAgent Object Recognized! Type : File Data : a95kfrhe.exe Category : Data Miner Comment : Object : D:\WINDOWS\ FileVersion : 4, 0, 0, 4 ProductVersion : 4, 0, 0, 4 DyFuCA Object Recognized! Type : File Data : nem220.dll Category : Malware Comment : Object : D:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL WindUpdates Object Recognized! Type : File Data : ide21201.vxd Category : Malware Comment : Object : D:\WINDOWS\system32\ SahAgent Object Recognized! Type : File Data : qh4mkbv9.dll Category : Data Miner Comment : Object : D:\WINDOWS\system32\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 MediaMotor Object Recognized! Type : File Data : mmximbuddy.exe Category : Malware Comment : Object : D:\WINDOWS\Temp\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Project1 CompanyName : df InternalName : 63mm OriginalFilename : 63mm.exe Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 177 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\policies\ameopt DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout Value : Comment DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\kapabout Value : DComment DyFuCA Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\180Solutions DyFuCA Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\SideFind DyFuCA Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\ISTsvc 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : last_conn_h 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : last_conn_l 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : we 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : cdata 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : TimeOffset 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : action_url_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : action_url_last_chunk 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : action_url_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : key_file 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\salm Value : kw_last_chunk 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : did 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : duid 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : product_id 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : mt1 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : mt2 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : mt3 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : gma 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : gvi 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : gpi 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : boom 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\salm Value : boom_ver 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\salm 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\salm Value : DisplayName 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\salm Value : UninstallString 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\salm Value : DisplayIcon 180Solutions Object Recognized! Type : File Data : sais.log Category : Data Miner Comment : Object : D:\Program\180solutions\ istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : installTitle istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : serverpath istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : urlAfterInstall istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : TBRowMode istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : yoursitebar.xml istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : imagemap_normal.bmp istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : showcorrupted istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : updatever istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : refreshscope istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : allowupdate istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : LastCheckTime istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : version.txt istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\yoursitebar Value : UpdateBegin istbar Object Recognized! Type : RegData Data : Never Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : RegData Data : Never Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : BandRest Data : Never istbar Object Recognized! Type : File Data : istsvc.exe Category : Malware Comment : Object : D:\Program\istsvc\ SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{339d8aff-0b42-4260-ad82-78ce605a9543} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} SideFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} Value : SideFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8} SideFind Object Recognized! Type : File Data : sfexd001 Category : Malware Comment : Object : D:\Program\sidefind\ AdDestroyer Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Documents and Settings\radmin\Start-meny\Program\Autostart\AdDestroyer.lnk AdDestroyer Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\AdDestroyer AdDestroyer Object Recognized! Type : File Data : AdDestroyer.exe Category : Malware Comment : Object : D:\Program\addestroyer\ FileVersion : 0.00.0107 ProductVersion : 0.00.0107 ProductName : AdDestroyer CompanyName : Spyware Labs InternalName : AdDestroyer OriginalFilename : AdDestroyer.exe AdDestroyer Object Recognized! Type : File Data : AdDestroyer.WAV Category : Malware Comment : Object : D:\Program\addestroyer\ AdDestroyer Object Recognized! Type : File Data : PopOops.dll Category : Malware Comment : Object : D:\WINDOWS\System32\ FileVersion : 2, 1, 0, 3 ProductVersion : 2, 1, 0, 3 ProductName : PopOops CompanyName : Shahin Gasanov FileDescription : PopOops InternalName : PopOops LegalCopyright : © 2002-2003 Gasanov.net LegalTrademarks : Gasanov.net OriginalFilename : PopOops.dll Comments : Freeware AdDestroyer Object Recognized! Type : File Data : PopOops2.dll Category : Malware Comment : Object : D:\WINDOWS\System32\ FileVersion : 1.01.0001 ProductVersion : 1.01.0001 ProductName : PopOops2 CompanyName : Shahin Gasanov FileDescription : PopOops2 InternalName : PopOops2 LegalCopyright : © 2002-2003 Gasanov.net LegalTrademarks : Gasanov.net OriginalFilename : PopOops2.dll Comments : PopOops2 AdDestroyer Object Recognized! Type : File Data : SWLAD1.dll Category : Malware Comment : Object : D:\WINDOWS\System32\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : PopOops2 CompanyName : Globes InternalName : SWLAD1 OriginalFilename : SWLAD1.dll AdDestroyer Object Recognized! Type : File Data : SWLAD2.dll Category : Malware Comment : Object : D:\WINDOWS\System32\ VirtualBouncer Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Documents and Settings\radmin\Start-meny\Program\Virtual Bouncer VirtualBouncer Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\VBouncer VirtualBouncer Object Recognized! Type : File Data : Help.lnk Category : Malware Comment : Object : D:\Documents and Settings\radmin\Start-meny\Program\virtual bouncer\ VirtualBouncer Object Recognized! Type : File Data : Uninstall Virtual Bouncer.lnk Category : Malware Comment : Object : D:\Documents and Settings\radmin\Start-meny\Program\virtual bouncer\ VirtualBouncer Object Recognized! Type : File Data : Virtual Bouncer.lnk Category : Malware Comment : Object : D:\Documents and Settings\radmin\Start-meny\Program\virtual bouncer\ VirtualBouncer Object Recognized! Type : File Data : AdDestroyerInner.EXE Category : Malware Comment : Object : D:\Program\vbouncer\ VirtualBouncer Object Recognized! Type : File Data : BundleOuter.EXE Category : Malware Comment : Object : D:\Program\vbouncer\ VirtualBouncer Object Recognized! Type : File Data : chilkatZip.dll Category : Malware Comment : Object : D:\Program\vbouncer\ FileVersion : 10, 0, 0, 0 ProductVersion : 10, 0, 0, 0 ProductName : Chilkat Zip CompanyName : Chilkat Software, Inc. FileDescription : Chilkat Zip ActiveX Component InternalName : ChilkatZip LegalCopyright : Copyright 2000-2002, Chilkat Software, Inc. OriginalFilename : ChilkatZip.DLL Comments : http://www.chilkatsoft.com VirtualBouncer Object Recognized! Type : File Data : ProcManager.exe Category : Malware Comment : Object : D:\Program\vbouncer\ FileVersion : 0.00.0001 ProductVersion : 0.00.0001 ProductName : ProcManager InternalName : ProcManager OriginalFilename : ProcManager.exe VirtualBouncer Object Recognized! Type : File Data : SWSettings.xml Category : Malware Comment : Object : D:\Program\vbouncer\ VirtualBouncer Object Recognized! Type : File Data : USER.XML Category : Malware Comment : Object : D:\Program\vbouncer\ VirtualBouncer Object Recognized! Type : File Data : VBouncerInner.EXE Category : Malware Comment : Object : D:\Program\vbouncer\ VirtualBouncer Object Recognized! Type : File Data : VirtualBouncer.exe Category : Malware Comment : Object : D:\Program\vbouncer\ FileVersion : 0.00.0102 ProductVersion : 0.00.0102 ProductName : Virtual Bouncer CompanyName : Spyware Labs InternalName : VirtualBouncer OriginalFilename : VirtualBouncer.exe VirtualBouncer Object Recognized! Type : File Data : VirtualBouncerUninstaller.EXE Category : Malware Comment : Object : D:\Program\vbouncer\ YourSiteBar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ist YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ist Value : InstallDate YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ist Value : account_id YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ist Value : config YourSiteBar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ist Value : Recover YourSiteBar Object Recognized! Type : Folder Category : Malware Comment : Object : D:\Program\YourSiteBar YourSiteBar Object Recognized! Type : File Data : imagemap_normal.bmp Category : Malware Comment : Object : D:\Program\yoursitebar\ YourSiteBar Object Recognized! Type : File Data : version.txt Category : Malware Comment : Object : D:\Program\yoursitebar\ YourSiteBar Object Recognized! Type : File Data : yoursitebar.xml Category : Malware Comment : Object : D:\Program\yoursitebar\ YourSiteBar Object Recognized! Type : File Data : ysb.dll Category : Malware Comment : Object : D:\Program\yoursitebar\ FileVersion : 1, 2, 0, 4 ProductVersion : 1, 2, 0, 4 ProductName : YourSiteBar FileDescription : YourSiteBar InternalName : YourSiteBar LegalCopyright : Copyright 2004 OriginalFilename : ysb.dll MediaMotor Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mm MediaMotor Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mm Value : check AdDestroyer Object Recognized! Type : File Data : AdDestroyer.lnk Category : Malware Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\Program\AdDestroyer\AdDestroyer.lnk Object : D:\Documents and Settings\radmin\Start-meny\Program\AdDestroyer\ AdDestroyer Object Recognized! Type : File Data : AdDestroyer.lnk Category : Malware Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\Program\Autostart\AdDestroyer.lnk Object : D:\Documents and Settings\radmin\Start-meny\Program\Autostart\ VirtualBouncer Object Recognized! Type : File Data : Virtual Bouncer.lnk Category : Malware Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\Program\Virtual Bouncer\Virtual Bouncer.lnk Object : D:\Documents and Settings\radmin\Start-meny\Program\Virtual Bouncer\ VirtualBouncer Object Recognized! Type : File Data : Uninstall Virtual Bouncer.lnk Category : Malware Comment : Shortcut to bad file : D:\Documents and Settings\radmin\Start-meny\Program\Virtual Bouncer\Uninstall Virtual Bouncer.lnk Object : D:\Documents and Settings\radmin\Start-meny\Program\Virtual Bouncer\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 96 Objects found so far: 273 15:09:51 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:12:23.599 Objects scanned:75970 Objects identified:265 Objects ignored:0 New critical objects:265