Ad-Aware SE Build 1.06r1 Logfile Created on:05 April 2006 20:44:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R102 03.04.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):6 total references Adware.DollarRevenue(TAC index:3):3 total references Adware.GAIN.Dashbar(TAC index:7):8 total references Adware.Look2Me(TAC index:7):1 total references CmdServices(TAC index:4):30 total references GAIN(TAC index:7):1 total references iSearch Toolbar(TAC index:3):14 total references Possible Browser Hijack attempt(TAC index:3):5 total references SpySpotter(TAC index:3):21 total references Starware Toolbar(TAC index:5):16 total references SurfSideKickBHO(TAC index:7):9 total references Targetsaver(TAC index:8):8 total references Tracking Cookie(TAC index:3):14 total references WebHancer(TAC index:9):18 total references win32.Trojan.Dnschanger(TAC index:10):2 total references WinFixer(TAC index:10):51 total references VX2(TAC index:10):3 total references Zango(TAC index:6):54 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 05-04-2006 20:44:45 - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 152 ThreadCreationTime : 05-04-2006 18:20:49 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 168 ThreadCreationTime : 05-04-2006 18:20:54 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINNT\system32\ ProcessID : 188 ThreadCreationTime : 05-04-2006 18:20:55 BasePriority : High #:4 [services.exe] FilePath : C:\WINNT\system32\ ProcessID : 216 ThreadCreationTime : 05-04-2006 18:20:57 BasePriority : Normal FileVersion : 5.00.2195.7035 ProductVersion : 5.00.2195.7035 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINNT\system32\ ProcessID : 228 ThreadCreationTime : 05-04-2006 18:20:57 BasePriority : Normal FileVersion : 5.00.2195.7011 ProductVersion : 5.00.2195.7011 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : LSA Executable and Server DLL (Export Version) InternalName : lsasrv.dll and lsass.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : lsasrv.dll and lsass.exe #:6 [vmsrvc.exe] FilePath : C:\WINNT\VMADD\ ProcessID : 404 ThreadCreationTime : 05-04-2006 18:21:00 BasePriority : Normal FileVersion : 013.306 ProductVersion : 013.306 ProductName : Virtual Machine Additions CompanyName : Microsoft Corporation FileDescription : Virtual Machine Services InternalName : VMSrvc LegalCopyright : Copyright © 1999-2003 Microsoft Corporation OriginalFilename : VMSrvc.exe #:7 [nod32krn.exe] FilePath : C:\Program Files\Eset\ ProcessID : 448 ThreadCreationTime : 05-04-2006 18:21:00 BasePriority : Normal FileVersion : 2, 50, 45 ProductVersion : 2, 50, 45 ProductName : NOD32 Antivirus System CompanyName : Eset FileDescription : NOD32 Kernel Service InternalName : NOD32 Kernel LegalCopyright : Copyright (c) 1992-2005 Eset LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset OriginalFilename : nod32krn.exe #:8 [svchost.exe] FilePath : C:\WINNT\system32\ ProcessID : 464 ThreadCreationTime : 05-04-2006 18:21:01 BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:9 [vpcmap.exe] FilePath : C:\WINNT\system32\ ProcessID : 496 ThreadCreationTime : 05-04-2006 18:21:02 BasePriority : Normal FileVersion : 013.306 ProductVersion : 013.306 ProductName : Virtual Machine Additions CompanyName : Microsoft Corporation FileDescription : Virtual Machine Folder Sharing Service InternalName : VPCMap LegalCopyright : Copyright © 1999-2003 Microsoft Corporation OriginalFilename : VPCMap.exe #:10 [svchost.exe] FilePath : C:\WINNT\System32\ ProcessID : 560 ThreadCreationTime : 05-04-2006 18:21:04 BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : svchost.exe #:11 [winmgmt.exe] FilePath : C:\WINNT\System32\WBEM\ ProcessID : 580 ThreadCreationTime : 05-04-2006 18:21:06 BasePriority : Normal FileVersion : 1.50.1085.0100 ProductVersion : 1.50.1085.0100 ProductName : Windows Management Instrumentation CompanyName : Microsoft Corporation FileDescription : Windows Management Instrumentation InternalName : WINMGMT LegalCopyright : Copyright (C) Microsoft Corp. 1995-1999 #:12 [vmusrvc.exe] FilePath : C:\WINNT\VMADD\ ProcessID : 740 ThreadCreationTime : 05-04-2006 18:23:59 BasePriority : Normal FileVersion : 013.306 ProductVersion : 013.306 ProductName : Virtual Machine Additions CompanyName : Microsoft Corporation FileDescription : Virtual Machine User Services InternalName : VMUSrvc LegalCopyright : Copyright © 1999-2003 Microsoft Corporation OriginalFilename : VMUSrvc.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\WINNT\VMADD\VMUSrvc.exe"Process could not be terminated! #:13 [nod32kui.exe] FilePath : C:\Program Files\Eset\ ProcessID : 720 ThreadCreationTime : 05-04-2006 18:23:59 BasePriority : Normal FileVersion : 2, 50, 45 ProductVersion : 2, 50, 45 ProductName : NOD32 Antivirus System CompanyName : Eset FileDescription : NOD32 Control Center GUI InternalName : NOD32 Control Center GUI LegalCopyright : Copyright (c) 1992-2005 Eset LegalTrademarks : NOD, NOD32, AMON, ESET are registered trademarks of Eset OriginalFilename : nod32kui.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\Program Files\Eset\nod32kui.exe"Process could not be terminated! #:14 [privoxy.exe] FilePath : C:\Program Files\Privoxy\ ProcessID : 708 ThreadCreationTime : 05-04-2006 18:23:59 BasePriority : Normal FileVersion : 3.0.3 ProductVersion : 3.0.3 ProductName : Privoxy CompanyName : The Privoxy team - www.privoxy.org FileDescription : Privoxy InternalName : Privoxy LegalCopyright : Distributed under the GNU GPL OriginalFilename : privoxy.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\Program Files\Privoxy\privoxy.exe"Process could not be terminated! #:15 [myclea~2.exe] FilePath : C:\PROGRA~1\MYCLEA~1\ ProcessID : 1052 ThreadCreationTime : 05-04-2006 18:35:37 BasePriority : Normal FileVersion : 1.00.0024 ProductVersion : 1.00.0024 ProductName : mycleanerpc CompanyName : MyBetterPC InternalName : myCleanerPC OriginalFilename : myCleanerPC.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\PROGRA~1\MYCLEA~1\MYCLEA~2.EXE"Process could not be terminated! #:16 [zango.exe] FilePath : C:\Program Files\Zango\ ProcessID : 1088 ThreadCreationTime : 05-04-2006 18:43:00 BasePriority : Normal FileVersion : 7, 50, 103, 0 ProductVersion : 7, 50, 103, 0 ProductName : Zango CompanyName : 180solutions, Inc. FileDescription : Zango LegalCopyright : Copyright © 2005, 180solutions Inc. iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\Program Files\Zango\zango.exe"Process could not be terminated! #:17 [mousepad8.exe] FilePath : c:\windows\ ProcessID : 644 ThreadCreationTime : 05-04-2006 18:44:01 BasePriority : Normal FileVersion : 1.00.0066 ProductVersion : 1.00.0066 ProductName : Project1 CompanyName : ÄÂÃÌÀ InternalName : Project1 OriginalFilename : Project1.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "c:\windows\mousepad8.exe"Process could not be terminated! #:18 [netmon.exe] FilePath : C:\Program Files\Network Monitor\ ProcessID : 544 ThreadCreationTime : 05-04-2006 18:44:10 BasePriority : Normal win32.Trojan.Dnschanger Object Recognized! Type : Process Data : netmon.exe TAC Rating : 10 Category : Monitoring Tool Comment : Object : C:\Program Files\Network Monitor\ Warning! "C:\Program Files\Network Monitor\netmon.exe"Process could not be terminated! "C:\Program Files\Network Monitor\netmon.exe"Process terminated successfully #:19 [command.exe] FilePath : C:\WINNT\YUQ\ ProcessID : 888 ThreadCreationTime : 05-04-2006 18:44:11 BasePriority : Normal CmdServices Object Recognized! Type : Process Data : command.exe TAC Rating : 4 Category : Adware Comment : Object : C:\WINNT\YUQ\ "C:\WINNT\YUQ\command.exe"Process terminated successfully "C:\WINNT\YUQ\command.exe"Process terminated successfully #:20 [explorer.exe] FilePath : C:\WINNT\ ProcessID : 96 ThreadCreationTime : 05-04-2006 18:44:35 BasePriority : Normal FileVersion : 5.00.3700.6690 ProductVersion : 5.00.3700.6690 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : EXPLORER.EXE iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Adware.Look2Me Object Recognized! Type : Process Data : nntapi.dll TAC Rating : 7 Category : Adware Comment : iieshare.dll.dmp Object : C:\WINNT\system32\ Warning! Adware.Look2Me Object found in memory(C:\WINNT\system32\nntapi.dll) #:21 [rrzum.exe] FilePath : C:\PROGRA~1\COMMON~1\rrzu\ ProcessID : 1072 ThreadCreationTime : 05-04-2006 18:44:39 BasePriority : Normal FileVersion : 4, 0, 4, 0 ProductVersion : 4, 0, 4, 0 LegalCopyright : Copyright (C) 2005 Targetsaver Object Recognized! Type : Process Data : rrzum.exe TAC Rating : 8 Category : Malware Comment : Object : C:\PROGRA~1\COMMON~1\rrzu\ FileVersion : 4, 0, 4, 0 ProductVersion : 4, 0, 4, 0 LegalCopyright : Copyright (C) 2005 Warning! "C:\PROGRA~1\COMMON~1\rrzu\rrzum.exe"Process could not be terminated! "C:\PROGRA~1\COMMON~1\rrzu\rrzum.exe"Process terminated successfully #:22 [rrzua.exe] FilePath : C:\PROGRA~1\COMMON~1\rrzu\ ProcessID : 1228 ThreadCreationTime : 05-04-2006 18:44:41 BasePriority : Normal FileVersion : 4, 0, 4, 0 ProductVersion : 4, 0, 4, 0 LegalCopyright : Copyright (C) 2005 Targetsaver Object Recognized! Type : Process Data : rrzua.exe TAC Rating : 8 Category : Malware Comment : Object : C:\PROGRA~1\COMMON~1\rrzu\ FileVersion : 4, 0, 4, 0 ProductVersion : 4, 0, 4, 0 LegalCopyright : Copyright (C) 2005 Warning! "C:\PROGRA~1\COMMON~1\rrzu\rrzua.exe"Process could not be terminated! "C:\PROGRA~1\COMMON~1\rrzu\rrzua.exe"Process terminated successfully #:23 [rundll32.exe] FilePath : C:\WINNT\system32\ ProcessID : 1264 ThreadCreationTime : 05-04-2006 18:44:42 BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : RUNDLL.EXE iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 VX2 Object Recognized! Type : Process Data : nsmkcert.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINNT\system32\ Warning! "C:\WINNT\system32\rundll32.exe"Process could not be terminated! #:24 [ac2_0010.exe] FilePath : c:\ ProcessID : 1220 ThreadCreationTime : 05-04-2006 18:45:20 BasePriority : Normal iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "c:\ac2_0010.exe"Process could not be terminated! #:25 [rundll32.exe] FilePath : C:\WINNT\system32\ ProcessID : 1288 ThreadCreationTime : 05/04/2006 18:45:27 BasePriority : Normal FileVersion : 5.00.2134.1 ProductVersion : 5.00.2134.1 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : RUNDLL.EXE iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 #:26 [cmd.exe] FilePath : C:\WINNT\system32\ ProcessID : 1348 ThreadCreationTime : 05/04/2006 18:52:32 BasePriority : Normal FileVersion : 5.00.2195.6995 ProductVersion : 5.00.2195.6995 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows NT Command Processor InternalName : cmd LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : Cmd.Exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\WINNT\system32\CMD.EXE"Process could not be terminated! #:27 [aq3hel~1.exe] FilePath : C:\PROGRA~1\AQUATI~1\ ProcessID : 756 ThreadCreationTime : 05/04/2006 18:53:21 BasePriority : Normal FileVersion : 1.0.0.8 ProductVersion : 1.0.0.8 ProductName : DSDHelper CompanyName : GAIN Publishing, Inc. FileDescription : DistSoft Helper Application InternalName : DSDHelper.exe LegalCopyright : Copyright © 1999-2004 GAIN Publishing, Inc. OriginalFilename : DSDHelper.exe iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Warning! "C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE"Process could not be terminated! #:28 [uwinfx6.exe] FilePath : C:\Program Files\WinFixerFree\ ProcessID : 200 ThreadCreationTime : 05/04/2006 18:57:04 BasePriority : Normal FileVersion : 1.2.125.3 ProductVersion : 1.2.125.3 ProductName : WinFixer 2006 CompanyName : WinSoftware FileDescription : Main module of WinFixer 2006 InternalName : WinFixer LegalCopyright : (c) 2006 WinSoftware. All rights reserved. OriginalFilename : WFX6.exe WinFixer Object Recognized! Type : Process Data : UWinFX6.exe TAC Rating : 10 Category : Misc Comment : Object : C:\Program Files\WinFixerFree\ FileVersion : 1.2.125.3 ProductVersion : 1.2.125.3 ProductName : WinFixer 2006 CompanyName : WinSoftware FileDescription : Main module of WinFixer 2006 InternalName : WinFixer LegalCopyright : (c) 2006 WinSoftware. All rights reserved. OriginalFilename : WFX6.exe Warning! "C:\Program Files\WinFixerFree\UWinFX6.exe"Process could not be terminated! "C:\Program Files\WinFixerFree\UWinFX6.exe"Process terminated successfully #:29 [spyspotter.exe] FilePath : C:\Program Files\SpySpotter3\ ProcessID : 1872 ThreadCreationTime : 05/04/2006 19:14:45 BasePriority : Normal FileVersion : 3.02.0033 ProductVersion : 3.02.0033 ProductName : SpySpotter CompanyName : Oemtec LTD InternalName : SpySpotter LegalCopyright : Oemtec LTD LegalTrademarks : Oemtec LTD OriginalFilename : SpySpotter.exe SpySpotter Object Recognized! Type : Process Data : SpySpotter.exe TAC Rating : 3 Category : Misc Comment : Object : C:\Program Files\SpySpotter3\ FileVersion : 3.02.0033 ProductVersion : 3.02.0033 ProductName : SpySpotter CompanyName : Oemtec LTD InternalName : SpySpotter LegalCopyright : Oemtec LTD LegalTrademarks : Oemtec LTD OriginalFilename : SpySpotter.exe "C:\Program Files\SpySpotter3\SpySpotter.exe"Process terminated successfully "C:\Program Files\SpySpotter3\SpySpotter.exe"Process terminated successfully #:30 [spybotsd.exe] FilePath : C:\Program Files\Spybot S&D\ ProcessID : 1040 ThreadCreationTime : 05/04/2006 19:40:59 BasePriority : Normal FileVersion : 1.4.0.3 ProductVersion : 1, 4, 0, 3 ProductName : SpyBot-S&D CompanyName : Safer Networking Limited FileDescription : Spybot - Search & Destroy InternalName : SpybotSD LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : SpyBotSD.exe Comments : Software zum Entfernen von Spyware und ähnlichen Bedrohungen. iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 #:31 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1664 ThreadCreationTime : 05/04/2006 19:43:09 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved iSearch Toolbar Object Recognized! Type : Process Data : asappsrv.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINNT\YUQ\ FileVersion : 2.1.3.466 ProductVersion : 1.0.0.0 Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 22 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e} 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287} 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9} 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} Adware.DollarRevenue Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{6001cdf7-6f45-471b-a203-0225615e35a7} Adware.GAIN.Dashbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : uets Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMG Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI64 Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI128 SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8be41825-b286-40ec-b8bc-da5e23299d88} SpySpotter Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8be41825-b286-40ec-b8bc-da5e23299d88} Value : AppID SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8d45eee4-4377-4090-b4d0-75185b9785c8} SpySpotter Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{8d45eee4-4377-4090-b4d0-75185b9785c8} Value : AppID SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{5ec4d98f-ccf4-47b0-8c92-45b764a602a6} SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{2ea3f8d8-0e16-43c8-9267-8f3f52f0d500} Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5} Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617} Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ca356d79-679b-4b4c-8e49-5af97014f4c1} Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d49e9d35-254c-4c6a-9d17-95018d228ff5} SurfSideKickBHO Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{d6c0df1f-24cc-4f6c-8ff7-8f4bada824db} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{971824ce-8e08-486b-aed1-d83e561a0e73} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5dab7871-9a93-4356-8e53-8e9a6fd95177} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{1f68a002-c887-4acb-8f07-417b34778044} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ed1e20d6-c9d6-4e25-8112-0709ac6fa968} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d3ffa417-9865-4fcf-bff4-e4f97208cd2c} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{b94ac04c-d18d-4ece-9bc2-b0203867fb2c} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ae3a62da-7a05-48c8-90da-cc047b6d7e5d} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8078dab3-8805-4970-8462-659abf71aabc} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7f956720-5056-49dc-b28d-0fce80847de6} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{5f21a841-8195-49ef-a321-f8fb71c62608} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{430cb5cc-61a1-4aab-a6a6-a1d088cacd46} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ed1e20d6-c9d6-4e25-8112-0709ac6fa968} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d3ffa417-9865-4fcf-bff4-e4f97208cd2c} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{791e55e4-308c-4763-a490-04725f0d0f0d} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7033e19e-5d7e-47d7-88e6-a8ac5b400d02} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{3e350c41-790a-4c40-b8df-9ea8b5b7fafd} WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{16f3a101-acdc-424c-a614-b729bee1a0e8} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{56f1d444-11bf-4879-a12b-79cf0177f038} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6c092742-10fe-4db2-988d-fc71948de70c} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{8be3faba-7468-4851-b97c-0750af2b908e} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : zangohook.sabho Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : zangohook.sabho.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e43dfaa6-8c16-4519-b022-8792408505a4} SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\vb and vba program settings\spyspotter Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : last_conn_l Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : we Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : cdata Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : TimeOffset Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : geourl_current_version Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : geourl_last_full_version Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : actionurl_current_version Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : actionurl_last_full_version Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : recent_shown Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : key_int_high Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : key_int_low Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : ntdll.dll Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : keyword_current_version Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\zango Value : keyword_last_full_version GAIN Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\gator.com SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\spyspotter Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ca356d79-679b-4b4c-8e49-5af97014f4c1} SurfSideKickBHO Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\surf sidekick SurfSideKickBHO Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\surf sidekick Value : UninstallString WebHancer Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\webhancer agent WebHancer Object Recognized! Type : RegValue Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\webhancer agent Value : DisplayName WebHancer Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\webhancer Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\zango Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\zango Value : UninstallString Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\zango Value : DisplayIcon Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\zango Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\zango Value : umt Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\zango Value : duid Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\zango Value : partner_id Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\zango Value : product_id Starware Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Adware Comment : "{D49E9D35-254C-4C6A-9D17-95018D228FF5}" Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\microsoft\internet explorer\toolbar\webbrowser Value : {D49E9D35-254C-4C6A-9D17-95018D228FF5} WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : "Win_Fixer_Free" Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\software\microsoft\windows\currentversion\run Value : Win_Fixer_Free SpySpotter Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : "SpySpotter" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : SpySpotter WebHancer Object Recognized! Type : RegValue Data : TAC Rating : 9 Category : Data Miner Comment : "webHancer Agent" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : webHancer Agent Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 93 Objects found so far: 115 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" TAC Rating : 9 Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\MainSearch Page.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" TAC Rating : 9 Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\MainStart Page.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://www.findthewebsiteyouneed.com" TAC Rating : 9 Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "http://www.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\MainSearch Bar.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" TAC Rating : 9 Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://searchbar.findthewebsiteyouneed.com" Possible Browser Hijack attempt : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\MainDefault_Search_URL.findthewebsiteyouneed.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://searchbar.findthewebsiteyouneed.com" TAC Rating : 9 Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1060284298-1708537768-1465468403-500\Software\Microsoft\Internet Explorer\Main Value : Default_Search_URL Data : "http://searchbar.findthewebsiteyouneed.com" SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : ({8BE41825-B286-40ec-B8BC-DA5E23299D88}) Rootkey : HKEY_CLASSES_ROOT Object : SPReg.CDownloadProgressController SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : ({8BE41825-B286-40ec-B8BC-DA5E23299D88}) Rootkey : HKEY_CLASSES_ROOT Object : SPReg.CDownloadProgressController.1 SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : ({8D45EEE4-4377-4090-B4D0-75185B9785C8}) Rootkey : HKEY_CLASSES_ROOT Object : SPReg.RegistrationObj SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : ({8D45EEE4-4377-4090-B4D0-75185B9785C8}) Rootkey : HKEY_CLASSES_ROOT Object : SPReg.RegistrationObj.1 Targetsaver Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "rrzu" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : rrzu Targetsaver Object Recognized! Type : File Data : rrzum.exe TAC Rating : 8 Category : Malware Comment : Object : c:\progra~1\common~1\rrzu\ FileVersion : 4, 0, 4, 0 ProductVersion : 4, 0, 4, 0 LegalCopyright : Copyright (C) 2005 WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : "Win_Fixer_Free" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Win_Fixer_Free WinFixer Object Recognized! Type : File Data : uwinfx6.exe TAC Rating : 10 Category : Misc Comment : Object : c:\program files\winfixerfree\ FileVersion : 1.2.125.3 ProductVersion : 1.2.125.3 ProductName : WinFixer 2006 CompanyName : WinSoftware FileDescription : Main module of WinFixer 2006 InternalName : WinFixer LegalCopyright : (c) 2006 WinSoftware. All rights reserved. OriginalFilename : WFX6.exe Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 11 Objects found so far: 128 Starware Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {d49e9d35-254c-4c6a-9d17-95018d228ff5} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@tradedoubler[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@tradedoubler.com/ Expires : 31/03/2026 20:12:56 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@bluestreak[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@bluestreak.com/ Expires : 02/04/2016 15:16:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@project2.realtracker[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@project2.realtracker.com/ Expires : 01/01/2007 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@overture[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@overture.com/ Expires : 02/04/2016 20:04:36 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@findwhat[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@findwhat.com/ Expires : 01/01/2020 01:00:02 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@doubleclick.net/ Expires : 05/04/2006 20:32:14 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@phg.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:administrator@phg.hitbox.com/ Expires : 05/04/2007 20:19:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@www.intern-etadvertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@www.intern-etadvertising.com/ Expires : 19/04/2006 20:02:34 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@as-eu.falkag[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:14 Value : Cookie:administrator@as-eu.falkag.net/ Expires : 05/04/2007 19:55:54 LastSync : Hits:14 UseCount : 0 Hits : 14 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@advertising[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:administrator@advertising.com/ Expires : 04/04/2011 20:15:54 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@zedo[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:9 Value : Cookie:administrator@zedo.com/ Expires : 02/04/2016 19:56:04 LastSync : Hits:9 UseCount : 0 Hits : 9 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@www.findthewebsiteyouneed[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:administrator@www.findthewebsiteyouneed.com/ Expires : 04/06/2006 19:53:26 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:administrator@hitbox.com/ Expires : 05/04/2007 20:19:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : administrator@adserver.sharewareonline[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:administrator@adserver.sharewareonline.com/ Expires : 18/01/2038 01:00:00 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 14 Objects found so far: 143 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 143 CmdServices Object Recognized! Type : File Data : atmtd.dll TAC Rating : 4 Category : Adware Comment : Object : C:\WINNT\system32\ CmdServices Object Recognized! Type : File Data : atmtd.dll._ TAC Rating : 4 Category : Adware Comment : Object : C:\WINNT\system32\ VX2 Object Recognized! Type : File Data : mlvcrt40.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINNT\system32\ VX2 Object Recognized! Type : File Data : nsmkcert.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINNT\system32\ Targetsaver Object Recognized! Type : File Data : tsuninst.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINNT\system32\ Disk Scan Result for C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 148 CmdServices Object Recognized! Type : File Data : cmdinst.exe TAC Rating : 4 Category : Adware Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ FileVersion : 1.0.1 CompanyName : FileDescription : Command Desktop Setup LegalCopyright : Comments : This installation was built with Inno Setup: http://www.innosetup.com WinFixer Object Recognized! Type : File Data : setup.exe TAC Rating : 10 Category : Misc Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NI.UWFX6_0001_N69M1503\ FileVersion : 1,2,125,3 ProductVersion : 1,2,125,3 ProductName : WinFixer 2006 Setup Wizard CompanyName : WinSoftware Ltd. FileDescription : WinFixer 2006 Setup Wizard InternalName : Installer.exe LegalCopyright : Copyright (C) 2006 WinSoftware Ltd. All rights reserved. OriginalFilename : WinFixer2006FreeSetup.exe Targetsaver Object Recognized! Type : File Data : tsinstall_4_0_4_0_b4.exe TAC Rating : 8 Category : Malware Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ WinFixer Object Recognized! Type : File Data : WinFixer2006FreeSetup.exe TAC Rating : 10 Category : Misc Comment : Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ FileVersion : 1.2.125.3 CompanyName : FileDescription : WinFixer 2006 Setup LegalCopyright : Comments : This installation was built with Inno Setup: http://www.innosetup.com Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 152 Scanning Hosts file...... Hosts file location:"C:\WINNT\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 29 entries scanned. New critical objects:0 Objects found so far: 152 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» win32.Trojan.Dnschanger Object Recognized! Type : Folder TAC Rating : 10 Category : Data Miner Comment : win32.Trojan.Dnschanger Object : C:\Program Files\Network Monitor CmdServices Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : DisplayName CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : DisplayVersion CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : NoModify CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : NoRemove CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : NoRepair CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} Value : UninstallString CmdServices Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice Value : Start CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice Value : ErrorControl CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice Value : ImagePath CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice Value : DisplayName CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\cmdservice Value : ObjectName CmdServices Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice Value : Start CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice Value : ErrorControl CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice Value : ImagePath CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice Value : DisplayName CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\cmdservice Value : ObjectName CmdServices Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : DisplayName CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : DisplayVersion CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : NoModify CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : NoRemove CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : NoRepair CmdServices Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} Value : UninstallString Targetsaver Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\tsa Targetsaver Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\tsa Value : UninstallString WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : uwfx6pcheck.uwfx6pcheck.2 WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mmfxctr_l.cofixengin_e.1 WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : mmfxctr_l.cofixengin_e WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : fxcor_e.mmfixcor_e.1 WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : fxcor_e.mmfixcor_e WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : fwrape_r.ffenginwrape_r.1 WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : fwrape_r.ffenginwrape_r WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : ffxr_21.ffixr21 WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winfixer_free WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winfixer_free Value : ntdll.dll WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winfixer_free Value : Abbr WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winfixer_free Value : InstallPath WinFixer Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : Inno Setup: App Path WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : InstallLocation WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : Inno Setup: Icon Group WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : Inno Setup: User WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : DisplayName WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : UninstallString WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : QuietUninstallString WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : NoModify WinFixer Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\uwinfx6_is1 Value : NoRepair WinFixer Object Recognized! Type : Folder TAC Rating : 10 Category : Misc Comment : WinFixer Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NI.UWFX6_0001_N69M1503 WinFixer Object Recognized! Type : Folder TAC Rating : 10 Category : Misc Comment : WinFixer Object : C:\Program Files\WinFixerFree WinFixer Object Recognized! Type : Folder TAC Rating : 10 Category : Misc Comment : WinFixer Object : C:\Documents and Settings\All Users\Start Menu\Programs\WinFixerFree WinFixer Object Recognized! Type : File Data : Win Fixer 2006.lnk TAC Rating : 10 Category : Misc Comment : Object : C:\Documents and Settings\Administrator\Desktop\ SpySpotter Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\spyspotter SpySpotter Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\spyspotter Value : UninstallString SpySpotter Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\spyspotter Value : DisplayIcon SpySpotter Object Recognized! Type : Folder TAC Rating : 3 Category : Misc Comment : SpySpotter Object : C:\Program Files\SpySpotter3 SpySpotter Object Recognized! Type : File Data : SpySpotter.lnk TAC Rating : 3 Category : Misc Comment : Object : C:\Documents and Settings\Administrator\Desktop\ SpySpotter Object Recognized! Type : File Data : SpySpotter.lnk TAC Rating : 3 Category : Misc Comment : Object : C:\Documents and Settings\Administrator\Start Menu\ SpySpotter Object Recognized! Type : File Data : SpySpotter.lnk TAC Rating : 3 Category : Misc Comment : Object : C:\Documents and Settings\Administrator\Start Menu\Programs\ Adware.DollarRevenue Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Adware.DollarRevenue Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\drsmartload2 Adware.GAIN.Dashbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar Adware.GAIN.Dashbar Object Recognized! Type : Folder TAC Rating : 7 Category : Adware Comment : Adware.GAIN.Dashbar Object : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fsg_tmp Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\starware Starware Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\starware Starware Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\starware Value : UninstallString Starware Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\starware Value : DisplayIcon Starware Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Custom Search URL Starware Toolbar Object Recognized! Type : RegData Data : no TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no Starware Toolbar Object Recognized! Type : RegData Data : Starware TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {D49E9D35-254C-4c6a-9D17-95018D228FF5} Data : Starware Starware Toolbar Object Recognized! Type : Folder TAC Rating : 5 Category : Adware Comment : Starware Toolbar Object : C:\Documents and Settings\Administrator\Application Data\Starware Starware Toolbar Object Recognized! Type : Folder TAC Rating : 5 Category : Adware Comment : Starware Toolbar Object : C:\Program Files\Starware SurfSideKickBHO Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\surfsidekick3 SurfSideKickBHO Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\surfsidekick3 SurfSideKickBHO Object Recognized! Type : Folder TAC Rating : 7 Category : Data Miner Comment : SurfSideKickBHO Object : C:\Program Files\SurfSideKick 3 SurfSideKickBHO Object Recognized! Type : File Data : Ssk.exe TAC Rating : 7 Category : Data Miner Comment : Object : C:\Program Files\surfsidekick 3\ SurfSideKickBHO Object Recognized! Type : File Data : SskBho.dll TAC Rating : 7 Category : Data Miner Comment : Object : C:\Program Files\surfsidekick 3\ SurfSideKickBHO Object Recognized! Type : File Data : SskCore.dll TAC Rating : 7 Category : Data Miner Comment : Object : C:\Program Files\surfsidekick 3\ Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : lmgr180.wmdrmax Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.zangoclientax Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.zangoclientax.1 Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : zango Zango Object Recognized! Type : Folder TAC Rating : 6 Category : Data Miner Comment : Zango Object : C:\Program Files\Zango Zango Object Recognized! Type : Folder TAC Rating : 6 Category : Data Miner Comment : Zango Object : C:\Documents and Settings\All Users\Start Menu\Programs\Zango Zango Object Recognized! Type : File Data : zango.exe TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ FileVersion : 7, 50, 103, 0 ProductVersion : 7, 50, 103, 0 ProductName : Zango CompanyName : 180solutions, Inc. FileDescription : Zango LegalCopyright : Copyright © 2005, 180solutions Inc. Zango Object Recognized! Type : File Data : zangoau.dat TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ Zango Object Recognized! Type : File Data : zangohook.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ FileVersion : 8.3.7.0 ProductVersion : 8.3.7.0 ProductName : Zango CompanyName : 180solutions, Inc. FileDescription : Zango InternalName : ClientHook LegalCopyright : Copyright © 2005, 180solutions Inc. OriginalFilename : ClientHook.dll Zango Object Recognized! Type : File Data : zango_gdf.dat TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ Zango Object Recognized! Type : File Data : zango_hpk.dat TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ Zango Object Recognized! Type : File Data : zango_kyf.dat TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\zango\ Zango Object Recognized! Type : File Data : Uninstall Zango Instructions.lnk TAC Rating : 6 Category : Data Miner Comment : Object : C:\Documents and Settings\All Users\Start Menu\Programs\zango\ Zango Object Recognized! Type : File Data : Zango Customer Support.url TAC Rating : 6 Category : Data Miner Comment : Object : C:\Documents and Settings\All Users\Start Menu\Programs\zango\ Zango Object Recognized! Type : File Data : Zango.com.url TAC Rating : 6 Category : Data Miner Comment : Object : C:\Documents and Settings\All Users\Start Menu\Programs\zango\ Zango Object Recognized! Type : File Data : ClientAX.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINNT\downloaded program files\ FileVersion : 7.51.103.0 ProductVersion : 7.51.103.0 ProductName : Zango CompanyName : 180solutions, Inc. FileDescription : Zango InternalName : ClientAX.dll LegalCopyright : Copyright © 2005, 180solutions Inc. OriginalFilename : ClientAX.dll WebHancer Object Recognized! Type : Folder TAC Rating : 9 Category : Data Miner Comment : WebHancer Object : C:\Program Files\webHancer WebHancer Object Recognized! Type : Folder TAC Rating : 9 Category : Data Miner Comment : WebHancer Object : C:\Program Files\whInstall WebHancer Object Recognized! Type : File Data : license.txt TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ WebHancer Object Recognized! Type : File Data : readme.txt TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ WebHancer Object Recognized! Type : File Data : sporder.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 4.00 ProductVersion : 4.00 ProductName : Microsoft(R) Windows NT(TM) Operating System CompanyName : Microsoft Corporation FileDescription : WinSock2 reorder service providers InternalName : sporder.dll LegalCopyright : Copyright (C) Microsoft Corp. 1981-1996 OriginalFilename : sporder.dll WebHancer Object Recognized! Type : File Data : webhdll.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 3.8.1 ProductVersion : 3.8.1 ProductName : webHancer Customer Companion CompanyName : webHancer Corporation FileDescription : webHancer Winsock2 SPI InternalName : webhdll LegalCopyright : Copyright © 1999-2005 webHancer Corporation OriginalFilename : webhdll.dll WebHancer Object Recognized! Type : File Data : whagent.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 3.8.1 ProductVersion : 3.8.1 ProductName : webHancer Customer Companion CompanyName : webHancer Corporation FileDescription : webHancer Customer Companion InternalName : whAgent LegalCopyright : Copyright © 1999-2005 webHancer Corporation OriginalFilename : whAgent.exe WebHancer Object Recognized! Type : File Data : whagent.ini TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ WebHancer Object Recognized! Type : File Data : whiehlpr.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 3.8.1 ProductVersion : 3.8.1 ProductName : webHancer Customer Companion CompanyName : webHancer Corporation FileDescription : webHancer IE Helper Module InternalName : WhIeHelper LegalCopyright : Copyright © 1999-2005 webHancer Corporation OriginalFilename : whiehlpr.dll WebHancer Object Recognized! Type : File Data : whinstaller.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 3.8.1 ProductVersion : 3.8.1 ProductName : webHancer Customer Companion CompanyName : webHancer Corporation FileDescription : webHancer Installer InternalName : whInstaller LegalCopyright : Copyright © 1999-2005 webHancer Corporation OriginalFilename : whInstaller.exe WebHancer Object Recognized! Type : File Data : whsurvey.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\webhancer\programs\ FileVersion : 3.8.1 ProductVersion : 3.8.1 ProductName : webHancer Survey Companion CompanyName : webHancer Corporation FileDescription : webHancer Survey Companion InternalName : whSurvey LegalCopyright : Copyright © 1999-2005 webHancer Corporation OriginalFilename : whSurvey.exe WebHancer Object Recognized! Type : File Data : license.txt TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\whinstall\ WebHancer Object Recognized! Type : File Data : readme.txt TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\whinstall\ WebHancer Object Recognized! Type : File Data : whAgent.ini TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\whinstall\ WinFixer Object Recognized! Type : File Data : Win Fixer 2006.lnk TAC Rating : 10 Category : Misc Comment : Shortcut to bad file : C:\Documents and Settings\Administrator\Desktop\Win Fixer 2006.lnk Object : C:\Documents and Settings\Administrator\Desktop\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 112 Objects found so far: 264 20:49:36 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:04:51.424 Objects scanned:43022 Objects identified:248 Objects ignored:0 New critical objects:248