Spyware Scan Details
Start Date: 24.09.2006 14:05:34
End Date: 24.09.2006 15:20:16
Total Time: 1 hrs 14 mins 42 secs 

Detected spyware

SearchMiracle.EliteBar Browser Plug-in  more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\haroon\favoriten\finances & business\advertising.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\asset protection.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\bad credit.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\bankruptcy.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\business opportunity.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\business.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\cash advance.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\credit reports.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\credit.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\debt consolidation.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\debt relief.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\e commerce.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\home mortgages.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\human resources.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\insurance.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\loans.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\marketing.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\project management.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\refinance.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\small business.url
c:\dokumente und einstellungen\haroon\favoriten\finances & business\work at home.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\adventure travel.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air conditioning.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air purifiers.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air travel.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\blinds.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\celebrity cruises.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\cheap hotels.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\hawaii travel.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\home equity loans.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\home mortgages.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\international travel.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\las vegas hotels.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\lighting.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\mattress.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\moving.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\refinance.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\relocation.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel agents.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel insurance.url
c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\adipex.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\auto insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\business insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\dental insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\diet pills.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\hair loss.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\health insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\home insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\life insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\nutrition.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\penis enlargement.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\phentermine.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\prozac.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\quit smoking.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\term life insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\travel insurance.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\valtrex.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\viagra.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\weight loss.url
c:\dokumente und einstellungen\haroon\favoriten\health & insurance\xenical.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\baccarat.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\betting.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\bingo.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\blackjack.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\horse racing.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online betting.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online casinos.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online gaming.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\poker.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\roulette.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\slot machines.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\sport betting.url
c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\sportsbooks.url

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc} 
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\TypeLib {CA9FC31A-6F35-4493-B629-E64BD6170A17}
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc} IEliteBarImpl
HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17} 
HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0\0\win32 C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0 EliteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform iebar 


Twain Tech Adware (General)  more information...
Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads.
Status: Deleted

Infected files detected
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys


ABetterInternet.Transponder.Ceres Adware (General)  more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet.
Status: Deleted

Infected files detected
c:\windows\inf\ceres.inf

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} 
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 C:\WINDOWS\ceres.dll
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\ProgID Ceres.CeresObj.1
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib {92daf5c1-2135-4e0c-b7a0-259abfcd3904}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\VersionIndependentProgID Ceres.CeresObj
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} CeresObj Class
HKEY_CURRENT_USER\Software\Ceres 
HKEY_CURRENT_USER\Software\Ceres CSI4d3OfSDist 1|205|0|0|THNALL2C.EXE
HKEY_CURRENT_USER\Software\Ceres CSI4d3OfSInst {935A2AEB-6E67-4BD0-AFDD-2AA7843082EC}
HKEY_CURRENT_USER\Software\Ceres CSC4n3trMsgSDisp 0
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj 
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj\CLSID {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj\CurVer CeresDll.CeresDllObj.1
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj Ceres Functional Class
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1 
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1\CLSID {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1 CeresObj Class
HKEY_CLASSES_ROOT\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\Programmable 


ABetterInternet.Aurora Adware (General)  more information...
Details: ABetterInternet.Aurora is an adware program that spawns pop-ups on the desktop based on the user's browsing.
Status: Deleted

Infected files detected
c:\windows\issm0064.dat

Infected registry entries detected
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} 
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 C:\WINDOWS\ceres.dll
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\HELPDIR C:\WINDOWS\
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1 CeresDll 1.1 Type Library
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0 
HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 C:\WINDOWS\ceres.dll
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757} 
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\TypeLib {92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757} ICeresDllObj


Trustin.Bar Toolbar  more information...
Status: Deleted

Infected files detected
F:\toolz\security\Hijackthis\backup-20060917-195929-963.dll


iSearch.Toolbar Toolbar  more information...
Details: iSearch.Toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings.
Status: Deleted

Infected files detected
c:/windows/system32/version.txt

Infected registry entries detected
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items 
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar 
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_id {9279BFCF-743C-495a-913A-74BCB7A2A296}
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_version undefined
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ToolbarIsFailed 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar corruptedMsg One of the XML files is corrupted or invalid. Press OK to uninstall.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar uninstallMsg This will remove the iSearch Toolbar from your computer! Are you sure?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateMsg This will try to update the iSearch Toolbar from the server. Continue?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoUpdateMsg A New version of the iSearch Toolbar is available. Would you like to download and install the new version?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar versionError Can not find current version information.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar connectionError Can't establish a connection.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar lastVersionMsg You have the latest version of the iSearch Toolbar.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextMenuItemName iSearch The Web
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar closeAllWindowsForUpdate All running IE Windows will be closed before updating the iSearch Toolbar. Continue?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar PopStop iSearch Blocked A Pop-up
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar firstURL http://auto.isearch.com/welcome.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUpdate http://auto.isearch.com/update.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar serverpath http://auto.isearch.com/
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateUrl http://auto.isearch.com/isearch.cab
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUninstall http://auto.isearch.com/uninstall.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextSearch http://www.isearch.com/index.php?qry_str=%combo1&source=tbi
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar OpenNew 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar AutoComplete 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar KeepHistory 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchDragAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar DescriptiveText 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowHighlightButton 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowFindButtons 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar UpdateAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar EditWidthcombo1 2
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar 2
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoSearch http://auto.isearch.com/phrase.php?text=%s&tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar init 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar user_id 00010
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar blockPopups 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar Scope 1
HKEY_CURRENT_USER\Software\iSearch 
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_id {9279BFCF-743C-495a-913A-74BCB7A2A296}
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_version undefined
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ToolbarIsFailed 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar corruptedMsg One of the XML files is corrupted or invalid. Press OK to uninstall.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar uninstallMsg This will remove the iSearch Toolbar from your computer! Are you sure?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateMsg This will try to update the iSearch Toolbar from the server. Continue?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoUpdateMsg A New version of the iSearch Toolbar is available. Would you like to download and install the new version?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar versionError Can not find current version information.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar connectionError Can't establish a connection.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar lastVersionMsg You have the latest version of the iSearch Toolbar.
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextMenuItemName iSearch The Web
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar closeAllWindowsForUpdate All running IE Windows will be closed before updating the iSearch Toolbar. Continue?
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar PopStop iSearch Blocked A Pop-up
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar firstURL http://auto.isearch.com/welcome.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUpdate http://auto.isearch.com/update.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar serverpath http://auto.isearch.com/
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateUrl http://auto.isearch.com/isearch.cab
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUninstall http://auto.isearch.com/uninstall.php?tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextSearch http://www.isearch.com/index.php?qry_str=%combo1&source=tbi
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar OpenNew 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar AutoComplete 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar KeepHistory 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchDragAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar DescriptiveText 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowHighlightButton 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowFindButtons 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar UpdateAutomatically 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar EditWidthcombo1 2
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar 2
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoSearch http://auto.isearch.com/phrase.php?text=%s&tid=%toolbar_id&ref=%user_id
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar init 0
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar user_id 00010
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar blockPopups 1
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar Scope 1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt {1C78AB3F-A857-482E-80C0-3A1E5238A565} 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll {1C78AB3F-A857-482E-80C0-3A1E5238A565} 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\toolbar.dll 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\version.txt 
HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\Historycombo1 


CoolWebSearch.CameUp Hijacker  more information...
Details: CoolWebSearch.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak 


IST.ISTbar.ActiveX Adware (General)  more information...
Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll 


KeenValue.PerfectNav Hijacker  more information...
Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\perfectnav 
HKEY_LOCAL_MACHINE\software\perfectnav UID A131EA7C-9EBB-4C12-9221-27525CEBEE21


IST.ISTbar Hijacker  more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never


Altnet/Topsearch Browser Plug-in  more information...
Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ADM25.ADM25.1 
HKEY_CLASSES_ROOT\ADM25.ADM25.1\CLSID {1D3BCE37-7834-4579-8169-E67681420A98}
HKEY_CLASSES_ROOT\ADM25.ADM25.1 ADM25 Class
HKEY_CLASSES_ROOT\ADM4.ADM4.1 
HKEY_CLASSES_ROOT\ADM4.ADM4.1\CLSID {DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}
HKEY_CLASSES_ROOT\ADM4.ADM4.1 ADM4 Class
HKEY_CLASSES_ROOT\ADM25.ADM25 
HKEY_CLASSES_ROOT\ADM25.ADM25\CurVer ADM25.ADM25.1
HKEY_CLASSES_ROOT\ADM25.ADM25 ADM25 Class
HKEY_CLASSES_ROOT\ADM4.ADM4 
HKEY_CLASSES_ROOT\ADM4.ADM4\CurVer ADM4.ADM4.1
HKEY_CLASSES_ROOT\ADM4.ADM4 ADM4 Class


Altnet P2P Networking Low Risk Adware  more information...
Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking 


IST.XXXToolbar Toolbar  more information...
Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll 


Begin2Search Toolbar  more information...
Details: Begin2Search is a browser plug-in that installs as a toolbar in Internet Explorer and displays advertising on the desktop.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} 
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 C:\WINDOWS\System32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\ProgID trfdsk.amo.1
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\VersionIndependentProgID trfdsk.amo
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} amo Class
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} 
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 C:\WINDOWS\System32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\ProgID trfdsk.ohb.1
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\VersionIndependentProgID trfdsk.ohb
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} ohb Class
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} 
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 C:\WINDOWS\System32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\ProgID trfdsk.momo.1
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\VersionIndependentProgID trfdsk.momo
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} momo Class
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} 
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 C:\WINDOWS\System32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ProgID trfdsk.iiittt.1
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ToolboxBitmap32 C:\WINDOWS\System32\rtneg.dll, 102
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\VersionIndependentProgID trfdsk.iiittt
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} iiittt Class
HKEY_CLASSES_ROOT\trfdsk.amo 
HKEY_CLASSES_ROOT\trfdsk.amo\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo\CurVer trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.amo amo Class
HKEY_CLASSES_ROOT\trfdsk.ohb 
HKEY_CLASSES_ROOT\trfdsk.ohb\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb\CurVer trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.ohb ohb Class
HKEY_CLASSES_ROOT\trfdsk.momo.1 
HKEY_CLASSES_ROOT\trfdsk.momo.1\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo.1 momo Class
HKEY_CLASSES_ROOT\trfdsk.momo 
HKEY_CLASSES_ROOT\trfdsk.momo\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo\CurVer trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.momo momo Class
HKEY_CLASSES_ROOT\trfdsk.ohb.1 
HKEY_CLASSES_ROOT\trfdsk.ohb.1\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb.1 ohb Class
HKEY_CLASSES_ROOT\trfdsk.iiittt.1 
HKEY_CLASSES_ROOT\trfdsk.iiittt.1\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt.1 iiittt Class
HKEY_CLASSES_ROOT\trfdsk.iiittt 
HKEY_CLASSES_ROOT\trfdsk.iiittt\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt\CurVer trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt iiittt Class
HKEY_CLASSES_ROOT\trfdsk.amo.1 
HKEY_CLASSES_ROOT\trfdsk.amo.1\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo.1 amo Class


ABetterInternet Adware (General)  more information...
Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} 
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib {92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib Version 1.1
HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} ICeresDllObj
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1 
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\CLSID {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1 CeresObj Class
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\clsid 
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\clsid {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj 
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\CLSID {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\CurVer CeresDll.CeresDllObj.1
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj Ceres Functional Class
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\clsid 
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\clsid {00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\curver 
HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\curver CeresDll.CeresDllObj.1


TinyBar Hijacker  more information...
Details: TinyBar is an Internet Explorer toolbar that adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll 


SafeSurfing.RsyncMon Browser Plug-in  more information...
Details: SafeSurfing.RsyncMon is a SafeSurfing adware variant that installs as a Browser Helper Object (BHO) in Internet Explorer.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\RSyncMon 
HKEY_LOCAL_MACHINE\Software\RSyncMon\Run Version 2.01.0000
HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys Registered 0
HKEY_LOCAL_MACHINE\Software\RSyncMon DistId 19
HKEY_LOCAL_MACHINE\Software\RSyncMon CrpId 6
HKEY_LOCAL_MACHINE\Software\RSyncMon Uninstall 0
HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 
HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D}
HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 RsyncHlpr Class
HKEY_CLASSES_ROOT\Var3.RsyncHlpr 
HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D}
HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CurVer Var3.RsyncHlpr.1
HKEY_CLASSES_ROOT\Var3.RsyncHlpr RsyncHlpr Class
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} 
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 C:\WINDOWS\System32\rsyncmon.dll
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\ProgID Var3.RsyncHlpr.1
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\TypeLib {227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD}
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\VersionIndependentProgID Var3.RsyncHlpr
HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} RsyncHlpr Class


WhenU.Save Adware (General)  more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\ACM.ACMFactory 
HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1
HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} 
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class
HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} 
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} 
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} 
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} 
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095}
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} 
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM
HKEY_CLASSES_ROOT\AppID\ACM.DLL 
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


RealVNC Commercial Remote Control Tool  more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\ORL\VNCHooks 
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_GetUpdateRect 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Timer 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_KeyPress 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_LButtonUp 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_MButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_RButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Deferral 1


SearchNugget Toolbar  more information...
Details: SearchNugget is a Browser Helper Object (BHO) that creates a toolbar in Internet Explorer.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 
HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class
HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}


Automatic Screen Observer Surveillance (General)  more information...
Details: Automatic Screen Observer is an application which captures screenshots at specified intervals. These screenshots are stored on the computer and can be accessed at a later time. The application can be configured to start recording silently on start up.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO DisplayName ActionScript Obfuscator - Lite Edition (r15)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO UninstallString "F:\toolz\Flash Decompiler\FlashProtector\ASOLite\ASO\uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO NoRepair 1


SpamTool.Win32.Mailbot.az Trojan  more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 


Backdoor.Rustock Backdoor  more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lzx32 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lzx32 


Begin2Search.BigTrafficNet Browser Plug-in  more information...
Details: Begin2Search.BigTrafficNet is an adware program that displays advertisements. It works as a Browser
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} 
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} IInst
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} 
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} IinebDB
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} 
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} Ioma
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} 
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} IBHO
HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} 
HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\0\win32 C:\WINDOWS\System32\rtneg.dll
HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\HELPDIR C:\WINDOWS\System32\
HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0 windec32 1.0 Type Library