| |
| |||||||
Log-Analyse und Auswertung: ZBot / ZeuS Trojaner Telekombrief; VISA-card HackWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.09.2013, 15:35
| #1 |
 |  ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack Hallo Trojaner-Boardteam, als ich gestern aus dem Urlaub gekommen bin habe ich einen Brief von der Telekom mit dem Betreff: Erneute Sicherheitswarnung zu Ihrem Internet-Zugang im Postkasten gesehen. Der Brief ist vom 22. August, die vorherige Warnung habe ich jedoch leider entweder nicht erhalten oder nicht registriert. In dem Schreiben heißt es, dass Sicherheitsexperten der Telekom erkennen das sich ein Computer in unser Internet einwählt der mit dem Schadprogramm „ZeuS/ZBot“ (Online-Banking-Trojaner) infiziert wurde. Der Trojaner war wir feststellten auch schon vor ein paar Wochen tätig und hat mit der Visacard meiner Frau einen Einkauf getätigt. Da ich das Programm natürlich schnellst möglich entfernt haben möchte habe ich über alle am Netz angeschlossenen PCs mit dem im Telekomschreiben empfohlen „DE-Cleaner“ „Hitman Pro“ von https://www.botfrei.de/telekom prüfen lassen. Dieser hat bei meinem PC die Malware SecondStepInstaller.exe gefunden und auch AVIRA hat den Virus oder das unerwünschte Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden. Außerdem habe ich die 3 Programm aus der „Anleitung für Hilfesuchende bei Trojaner- und Virenbefall“ heruntergeladen und den PC scannen lassen. Bei dem letzten Programm GMER erhielt ich jedoch schon beim Downloadversuch die Fehlermeldung „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern.“ Leider ist es nicht möglich die Logfiles bei zu fügen da die Anzahl der Zeichen überschritten wird und beim Versuch 7-zip zu downloaden um die Dateien anzuhängen kommt die selbe Fehlermeldung wie beim Versuch GMER nämlich „C:\Users\Lollo\AppData\Local\Temp konnte nicht gespeichert werden, weil Sie die Inhalte dieses Ordners nicht ändern können. Ändern Sie die Ordnereigenschaften und versuchen Sie es erneut oder versuchen Sie, an einem anderen Ort zu speichern“ Deshalb der Anhang als rar Datei und hier immerhin die Logdatei mit dem Fund von HitmanPro. Code:
ATTFilter HitmanPro 3.7.7.205
www.hitmanpro.com
Computer name . . . . : LOLLO-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Lollo-PC\Lollo
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2013-09-08 10:41:43
Scan mode . . . . . . : Normal
Scan duration . . . . : 25m 47s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 2201
Traces . . . . . . . : 5898
Objects scanned . . . : 2.172.131
Files scanned . . . . : 104.712
Remnants scanned . . : 785.483 files / 1.281.936 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : FFFFFA80047D54B0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFFA80046B22C0 +0
Solution
DriverObject . . . : FFFFFA80047D54B0
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 0000000000000000 +0
IRP_MJ_SCSI . . . : FFFFF88000DC34D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Malware _____________________________________________________________________
C:\Users\Lollo\AppData\Local\Temp\SecondStepInstaller.exe -> Quarantined
Size . . . . . . . : 2.824.352 bytes
Age . . . . . . . : 117.7 days (2013-05-13 17:26:44)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 610387169AA53A5DEF2C07F2D6B692208AFD969125ECAC240780EED3CF1D9322
Product . . . . . : Search Protect
Publisher . . . . : Conduit
Description . . . : Search Protect by Conduit
Version . . . . . : 1.5.0.71
Copyright . . . . : 2012 (c) Conduit. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Toolbar.w
Fuzzy . . . . . . : 101.0
Malware remnants ____________________________________________________________
C:\Program Files (x86)\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\ (Adware.MyWebSearch) -> PendingDelete
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ (Adware.MyWebSearch) -> PendingDelete
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 139.264 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : 3A52298814E576AE90C5108651E9871DD351FBFD29BFB9B32820FD80CF5C8B7D
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : JPEG Conversion DLL
Version . . . . . : 1.0.1.0
Copyright . . . . : Copyright © 2003, 2004, 2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.096 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 3E5A4BA558F1DDD8AE007C4D7FC366159160D60090B0F818B7C6B7CBECBD5856
Product . . . . . : MyMailNotifier, Smotos, Webfetti, and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products Data Control
Version . . . . . : 1.0.0.8
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 278.610 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.5
SHA-256 . . . . . : C86A3E4E7531FFEFA5F8B858AF674FCF69460100E02209BD38462EE6A8C89621
Product . . . . . : History Swatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products History Swatter
Version . . . . . : 1.0.0.51
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.684 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.2
SHA-256 . . . . . : 954DED69F8B4F332857DB05583F4E07F830BBBC682DF33D2325D2891C4E08E49
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch IE Search Box Protector
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 159.815 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.2
SHA-256 . . . . . : DCE3A95C0409FF765477E4E3F52D864A999901D96937A899CD24CCF2D5A3C7D3
Product . . . . . : Cursor Mania, Fun Buddy Icons, My Fun Cards, My Mail Signature, My Mail Stamp, My Mail Stationery, Smiley Central, and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products HTML Menu
Version . . . . . : 1,1,2,2
Copyright . . . . : Copyright © 2003-2008 Fun Web Products, Inc.
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 77.906 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.1
SHA-256 . . . . . : 17EE69DD52249E727E8FFC8F02D8A14F5AB098B1A5846B290AF4615AEC969CAB
Product . . . . . : MyMailNotifier and Zwinky
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products" HTTP Control
Version . . . . . : 1.0.0.11
Copyright . . . . : Copyright © 2004-2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.856 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.3
SHA-256 . . . . . : AF0C2F522DFDC4F6564CB78F1E47E07629D6C3615B18B6726E1B547592EAFDB9
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central MSN and IE GDI Ext DLL
Version . . . . . : 1.0.1.1
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 127.057 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.9
SHA-256 . . . . . : F8B3D92EC5FA8120B37BCBB1A328F55C2315FFFFB71A1EAFA4EDF653D1059463
Product . . . . . : PopSwatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products PopSwatter
Version . . . . . : 1.0.1.14
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.6
SHA-256 . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers
Version . . . . . : 1.0.2.3
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.776 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.8
SHA-256 . . . . . : 520B406CF957D3EE63DB16C2792F5FE16E5794C866F51013D85E17746E8481C8
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch IE Search Box Protector
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 184.320 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 28387595FB003D10A5634D2AB2BBBC3B0877AC8D500545F6069A97B4200D8826
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central Rich Edit DLL
Version . . . . . : 1.0.3.6
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.576 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.1
SHA-256 . . . . . : 76ADC93B3153CCD4AB6F692D78013CB75842F741168A6DE5ADEE56C23748B7A3
Product . . . . . : Smiley Central
Publisher . . . . : FunWebProducts.com
Description . . . : Smiley Central MSN Rich Edit DLL
Version . . . . . : 1.0.0.9
Copyright . . . . : Copyright © 2003,2004,2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.100 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.2
SHA-256 . . . . . : AEFAAF88E18813C1A1D8714FD9A31FFD4C5CA228ED304B6C31A5FB0BADE2BE7D
Product . . . . . : History Swatter
Publisher . . . . : FunWebProducts.com
Description . . . : Fun Web Products History Swatter
Version . . . . . : 1.0.0.51
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 303.104 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 3582FA25976B8BE26D5A0C0151E0CDABFD206395021118B2C653B91463E383BF
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers Tools
Version . . . . . : 1.0.2.15
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 20.480 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.0
SHA-256 . . . . . : 2CF54C47DDBC69EBC4E199E11C15C202844645AA97AED823AD2AC2DF54DF92F3
Fuzzy . . . . . . : -2.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.680 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 0.8
SHA-256 . . . . . : ACD573CCB17ECCB7D58286420CAB53FC3F91E73530F5EFC3CB2D8F83CDF20A41
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 36.970 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.5
SHA-256 . . . . . : CB2747522E06CBB60FB700529EFA8EA10E1BF3BE9F6A6AA9F34978430E14DA94
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.1.1
Copyright . . . . : Copyright © 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.501 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.9
SHA-256 . . . . . : 8FA7BF9398E65B478943853816C1F4D3BD68F5FF72B4E38C718522E60D001B19
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : Run a MyWebSearch DLL as an App
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 86.078 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : CECF2B16A398141495764CE6CE4C507F37986E90D1F9705838962D879D446398
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Html Player
Version . . . . . : 1.0.3.17
Copyright . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.672 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.1
SHA-256 . . . . . : 08699111B161EB73BBDC3FB9DFF67B20047F439FEF42D9ACAF66CE058577E288
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Idle Monitor
Version . . . . . : 1.0.3.3
Copyright . . . . : Copyright © 2000 - 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.479 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 0.9
SHA-256 . . . . . : 9D0E4B820EE29D405ED7C450584C5B3C402F612B53EAC5B99F152D0CCC8A9192
Product . . . . . : My Web Search Community Tools
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Community Tools
Version . . . . . : 1.0.4.1
Copyright . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 16.500 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.9
SHA-256 . . . . . : 0FBB996ED580D44D9952FCD1960C8DDE4309EB69F10896D9EBF2A88C457F2999
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : Run a MyWebSearch DLL as an App
Version . . . . . : 1.0.0.1
Copyright . . . . : Copyright © 2007
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 155.738 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 5E95CFA59DFE2AF356C6235C0576B3EA0C5CD2330C9F8EDD0553CE6E804A30EF
Product . . . . . : My Web Search Community Tools
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Community Tools
Version . . . . . : 1.0.4.8
Copyright . . . . : Copyright © 2001-2009
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 73.813 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : A4C483022C051C74424C510737AA4D013A5E87156DA3264411B70E67048B2308
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Outlook Container
Version . . . . . : 1.0.1.2
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 57.447 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.0
SHA-256 . . . . . : 0773E1C3C2E30185C07AAC09FFF4D78A5E7DA72550119EC533392D4FFEA049C1
Product . . . . . : My Web Search Plugin
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin for 32-bit Windows
Version . . . . . : 1.1.0.6
Copyright . . . . : Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 131.152 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 88A55C0ADBB5F4E41FBC348D4A3B3BE327EE6E2237D18B356B7593A445BFBE17
Product . . . . . : My Mail Notifier, Smiley Central, and Zwinky
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Skin Tools
Version . . . . . : 1.0.3.14
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 2.9
SHA-256 . . . . . : 05D73EF285F5313C00165CE00FDB6E355B54EBF8D25EE1F0E288950D0D227582
Product . . . . . : My Web Search Skin Tools
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Skin Player
Version . . . . . : 1.0.3.13
Copyright . . . . : Copyright © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.685 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.0
SHA-256 . . . . . : 4DA75DD1538F42F78447E16478C5F1C54124270C705EDFDFED476A1D99E4FC87
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch SelectSearch Tool
Version . . . . . : 1.0.0.4
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.783 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 3.5
SHA-256 . . . . . : 0FE2C1DDDBAC117F2F78BAC05914AE77E8B6E7308B82AD13DAEE293D9940130A
Product . . . . . : My Web Search Bar for Internet Explorer and FireFox
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch SearchScope Monitor
Version . . . . . : 1.0.0.5
Copyright . . . . : Copyright © 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 775.696 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.1
SHA-256 . . . . . : 3F1600C3037163CC499E832C7532CFEBFE481DB7AE30B26304F22F78DB022389
Product . . . . . : My Web Search Bar for Internet Explorer, FireFox, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 2.3.70.1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 40.960 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.0
SHA-256 . . . . . : CB68434BA51FD83DE508EA0BC2D8896EFE168107DE268B33FB364C9DFADBDDCC
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar for Internet Explorer
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.849 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.7
SHA-256 . . . . . : 882B0F2C2C66E6E9F06BF7461CE0C3A17BBA0CAD0730D6ED110521D8411B33CF
Product . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Loader
Version . . . . . : 1,2,2,7
Copyright . . . . : Copyright © 2003-2007 MyWebSearch.com
Running processes : 6616
Fuzzy . . . . . . : -2.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 393.299 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 43B4E0B2C61EE245949F5B0559C41EBE9C64B6501546FC78A412DD1A408AC1FD
Product . . . . . : My Web Search Bar, Fun Buddy Icons, and Smiley Central
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Host Plugin
Version . . . . . : 1,4,1,1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> PendingDelete
Size . . . . . . . : 45.134 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.9
SHA-256 . . . . . : 40122E18BA119092CD5D1D58C9FCB925512D7DD7CDF2E3066B4822B6895299B0
Product . . . . . : My Web Search Bar for Internet Explorer, email clients, and messenger clients
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Loader
Version . . . . . : 1,2,4,0
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009 MyWebSearch.com
Fuzzy . . . . . . : -6.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 54.704 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 5.7
SHA-256 . . . . . : ACDB878B35F37835D44CA096D28DD22215E24A9729F14DC0F60593E3FDB0F5CD
Product . . . . . : MyWebSearch Search Assistant for Internet Explorer
Publisher . . . . : MyWebSearch.com
Description . . . : MyWebSearch Search Assistant
Version . . . . . : 1.2.0.1
Copyright . . . . : Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -13.0
Startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}
References
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 28.762 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.8
SHA-256 . . . . . : 8AFBD0A0705D4576EACC0017BD5367391FA16B011DB23DB839DD58C8127915F3
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar
Version . . . . . : 1.0.0.5
Copyright . . . . : Copyright © 2007, 2008
Service . . . . . : MyWebSearchService
Parent Name . . . : C:\Windows\system32\services.exe
Running processes : 4400
Fuzzy . . . . . . : -1.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService\
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 36.864 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 4.4
SHA-256 . . . . . : 9A61D4A30BA625F971524B30C367D9BEC9D449D2F8C2D2A0547887B837F538FE
Product . . . . . : My Web Search Bar
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Bar for Internet Explorer
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2010
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 24.683 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:26)
Entropy . . . . . : 1.7
SHA-256 . . . . . : 4207C7FBB27F1D3C6491B0CF7A52A9755672BEFDEBE410C9E899A51580DCD84C
Product . . . . . : My Web Search Plugin Stub
Publisher . . . . : MyWebSearch.com
Description . . . : My Web Search Plugin Stub for 32-bit Windows
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2005
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\MyWebSearch\bar\Avatar\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Message\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Overlay\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Settings\ (Adware.MyWebSearch) -> Deleted
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Deleted
C:\Windows\SysWOW64\f3PSSavr.scr (Adware.MyWebSearch) -> Deleted
Size . . . . . . . : 32.768 bytes
Age . . . . . . . : 1050.9 days (2010-10-23 13:22:27)
Entropy . . . . . : 3.6
SHA-256 . . . . . : 0FA040006582B5CE7EAE22BEEF2CB105BFBDBFFFB9696C08085505A1C0B84566
Product . . . . . : Popular Screensavers
Publisher . . . . : FunWebProducts.com
Description . . . : Popular Screensavers
Version . . . . . : 1.0.2.3
Copyright . . . . : Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010
Fuzzy . . . . . . : 2.0
HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.DataControl\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\FocusInteractive\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Fun Web Products\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\f3ScrCtr.dll\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Schemes\f3pss\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin\ (Adware.MyWebSearch) -> Deleted
HKLM\SOFTWARE\Wow6432Node\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
HKLM\SYSTEM\ControlSet001\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SYSTEM\ControlSet002\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\services\MyWebSearchService\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\FunWebProducts\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\InstalledBrowserExtensions\215 Apps\ (Adware.IWantThis) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> PendingDelete
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\MyWebSearch\ (Adware.MyWebSearch) -> Deleted
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Conduit\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit)
Size . . . . . . . : 638.560 bytes
Age . . . . . . . : 186.8 days (2013-03-05 14:18:44)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
Product . . . . . : Alert
Publisher . . . . : Conduit Ltd.
Description . . . : Alert
Version . . . . . : 1.1.4.1
Copyright . . . . : Copyright © Conduit Ltd. 2011.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (Babylon)
C:\ProgramData\Babylon\ (Babylon)
C:\ProgramData\Babylon\BabAll.dat (Babylon)
C:\ProgramData\Babylon\Content\icons\ (Babylon)
C:\ProgramData\Babylon\Content\icons\64696AU7MP_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\6PR5580MEE_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\6RHZSDV3KE_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\7BZ95AEQPT_glossary_icon2.ico (Babylon) -> Deleted
C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\8Y3ADBYMTJ_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\9MNN3FNCUA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\AVKMVPKAU6_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BEXGNJURCA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BJKS8ZN2QJ_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\CDWYSD0KQA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\D35ZVSJUGA_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\GXD7K8XNM6_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\HCZ7J3Q8UA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\KVG0R4N8AE_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\M534MSC3GP_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RHFWM3WFXJ_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\RYVU9J4Z0A_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UJAN48NM5P_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\UWXWZCZR2A_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\WHBVH86TJX_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\WZQV2X3J6E_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YC9EPB7CF2_glossary_icon2.ico (Babylon)
C:\ProgramData\Babylon\Content\icons\YPSR537K76_glossary_icon.ico (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\ (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Babylon.lnk (Babylon)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon\Uninstall.lnk (Babylon)
C:\Users\Lollo\AppData\Local\Babylon\ (Babylon)
C:\Users\Lollo\AppData\Local\Babylon\BabAll.bak (Babylon)
C:\Users\Lollo\AppData\Local\Conduit\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftAutoUpdaterHelper.exe (Conduit)
Size . . . . . . . : 1.814.560 bytes
Age . . . . . . . : 548.6 days (2012-03-08 21:10:48)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 047950EB6D6E98BB3FA44E5690172CECDEBAAD75B25D6EBFE9087DD150753194
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe (Conduit)
Size . . . . . . . : 65.832 bytes
Age . . . . . . . : 494.7 days (2012-05-01 18:09:19)
Entropy . . . . . : 6.4
SHA-256 . . . . . : E152F6B71F0EA5825E243910D2F12F7493CB358833AA3BE83C8502F1F17A9B30
Product . . . . . : ToolbarH Application
Description . . . : ToolbarH Application
Version . . . . . : 1.0.1.0
Copyright . . . . : Copyright (C) 2009
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -6.0
C:\Users\Lollo\AppData\Local\Conduit\CT3279453\ (Conduit)
C:\Users\Lollo\AppData\Local\Conduit\CT3279453\DVDvideoSoft_2.0AutoUpdateHelper.exe (Conduit)
Size . . . . . . . : 2.179.480 bytes
Age . . . . . . . : 163.8 days (2013-03-28 15:45:50)
Entropy . . . . . : 8.0
SHA-256 . . . . . : CC1E699BB0956B557C71D143321952CFCBF939AF891022B0B31D1703A2C7EDB0
Product . . . . . : Conduit Toolbar Automatic Update
Publisher . . . . : Conduit Ltd.
Description . . . : Conduit Toolbar Automatic Update
Version . . . . . : 6.13.3.501
Copyright . . . . : Conduit (C) 2013 All Rights Reserved
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Local\OpenCandy\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\ (Babylon)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\ (Babylon)
C:\Users\Lollo\AppData\LocalLow\BabylonToolbar\BabylonToolbar\Microsoft\Windows\IETldCache\index.dat (Babylon)
C:\Users\Lollo\AppData\LocalLow\Conduit\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000034.Settings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.currentList.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.localStations.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.nowPlaying.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.1000082.publisherStations.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.selectedEngineId.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.130029007934982115.search.settings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.appOptions.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsage.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.installUsageEarly.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-repository.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-service_1764623.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NOTIFICATION_ID.notifications-servicemap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.NotificationSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.pg_conf_global.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453.searchProtectorData.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.15.0.62.serviceLayer_services_userApps.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_10.16.1.521.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_location.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_login.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\CT3279453_RAW.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_added.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\serviceLayer_userApps_removed.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\toolbar_initializing_logger.txt.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallData.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\ChromeExtData\oolkekjjhnaeaahibbnfebmogackofpf\Repository\uninstallUrl.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=1004080&alertFeedId=999795.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alert_services_conduit_com_Alerts_AlertServices_asmx_GetHostedFeedRss_alertID=666138&alertFeedId=661999.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=1004080&fid=999795.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=10896&fid=10676.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=666138&fid=661999.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1004080_999795_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_10896_10676_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1764623_1755164_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_666138_661999_DE.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\ (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_6_2.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_3_7_1.xml (Conduit)
C:\Users\Lollo\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_5_3_2.xml (Conduit)
C:\Users\Lollo\AppData\Roaming\Babylon\ (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\except.txt (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\FLStat.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\log_file.txt (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\MyList.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\ocr_cache (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\ocr_data (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\ (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\convert.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\updates\rates.dat (Babylon)
C:\Users\Lollo\AppData\Roaming\Babylon\user.dmp (Babylon)
C:\Users\Lollo\AppData\Roaming\OpenCandy\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\2175.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0635E01FC4104B0C987E0D236AE83F97\LatestDLMgr.exe (Conduit)
Size . . . . . . . : 302.888 bytes
Age . . . . . . . : 137.7 days (2013-04-23 17:45:34)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
Product . . . . . : OpenCandy recommendation downloader
Publisher . . . . : OpenCandy
Description . . . : OpenCandy recommendation downloader p44
Version . . . . . : 3.2.5.247
Copyright . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C73A714C660416DB63E24F53823849C\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\2175.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\0C8213EBEE7A460CA1D495EF2762901F\LatestDLMgr.exe (Conduit)
Size . . . . . . . : 302.888 bytes
Age . . . . . . . : 180.6 days (2013-03-11 21:08:02)
Entropy . . . . . : 7.8
SHA-256 . . . . . : 228374847C58007EF4F2B6DBDA86020C2A90DCB8BD1504CF4687C908C302BB2F
Product . . . . . : OpenCandy recommendation downloader
Publisher . . . . : OpenCandy
Description . . . : OpenCandy recommendation downloader p44
Version . . . . . : 3.2.5.247
Copyright . . . . : Copyright (c) 2008 - 2011 OpenCandy, Inc.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\18A256152ECD472FBE6331C7D3D1B6B2\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\71907B81C0BA47C8A7C7D20B6FDD3686\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95E2182941844F26AF23938705EBD66B\setup.msi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\95FAF3BED9554528AC477A87913D7F2E\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B0DEC50518E643549D4C6995010783EA\avg_free_x64_de_2013_2899a6087_14.exe (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\B9ABE48D12EC4550A754AFC8E2CC5D23\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\3919.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\OCBrowserHelper_1.0.3.85.dll (Conduit)
Size . . . . . . . : 432.456 bytes
Age . . . . . . . : 330.0 days (2012-10-13 11:20:05)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\C3E73432D38C4AC285B027B3CC3E5A9A\setup_759.exe (Conduit)
Size . . . . . . . : 492.640 bytes
Age . . . . . . . : 330.0 days (2012-10-13 11:20:05)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
Product . . . . . : iNTERNET Turbo
Publisher . . . . : Clasys Ltd.
Description
Version . . . . . : 1.0.32.12
Copyright
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\3919.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\OCBrowserHelper_1.0.3.85.dll (Conduit)
Size . . . . . . . : 432.456 bytes
Age . . . . . . . : 332.5 days (2012-10-10 22:39:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 46646CA562D8B108A9CCD6968D19320EC1EBEE9433E1CB9D8CF01D284A647925
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 1.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\CDAC093687F546FFAE953EB5113BAE8B\setup_759.exe (Conduit)
Size . . . . . . . : 492.640 bytes
Age . . . . . . . : 332.5 days (2012-10-10 22:39:13)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 9F86E9FA97E670423C6CB23DCD6766CFCA0686BF2B851E30CB3D1127AA592AE1
Product . . . . . : iNTERNET Turbo
Publisher . . . . : Clasys Ltd.
Description
Version . . . . . : 1.0.32.12
Copyright
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 2.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\E75C01614EAF4B0D8FF55252F00DDDE5\PCSU_SL_3.1.2.exe (Conduit)
Size . . . . . . . : 2.682.336 bytes
Age . . . . . . . : 333.8 days (2012-10-09 15:01:52)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 82B37F33E6DDE5DFE04ED42D772750E05B8D86E78992749B10998655623C5960
Product . . . . . : PC Speed Up
Publisher . . . . : Speedchecker Limited
Description . . . :
Version . . . . . : 3.1.2
Copyright . . . . : Copyright © Speedchecker Limited 2009-2011
RSA Key Size . . . : 2048
Authenticode . . . : Self-signed
Fuzzy . . . . . . : 11.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller.msi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\LinkuryInstaller_p1v5.exe (Conduit)
Size . . . . . . . : 4.103.096 bytes
Age . . . . . . . : 678.5 days (2011-10-30 23:13:39)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5FFB7AEF86B3E265D618B70FA419EBA2061B3F8DC54A29FFD2E0426B7F8183CD
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\EDE8388735104B6EA65D6C89AEFA217C\OCBrowserHelper_1.0.2.72.dll (Conduit)
Size . . . . . . . : 834.888 bytes
Age . . . . . . . : 678.5 days (2011-10-30 23:13:44)
Entropy . . . . . : 6.7
SHA-256 . . . . . : D32B86222E410CEB067BC924FC81416E4A06C08B74A35BB0646C6BC38DCB2082
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\1396.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\EBB77268-338F-4C6A-8590-AD88FED26F4A (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\Gutscheinrausch_p11v1.exe (Conduit)
Size . . . . . . . : 476.736 bytes
Age . . . . . . . : 845.6 days (2011-05-16 19:44:41)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 745F0B58092247ABFD19091AED6EF558C304AB54A4D83806322DCE745AB880A6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OC_Gutscheinrausch_-_2.6.1.xpi (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_2454543630864686A5A7CEA17D8B1157\OCBrowserHelper_1.0.2.66.dll (Conduit)
Size . . . . . . . : 834.888 bytes
Age . . . . . . . : 845.6 days (2011-05-16 19:44:43)
Entropy . . . . . : 6.7
SHA-256 . . . . . : D6C9FAC9AA968813CCE6E6C1B88DF1FD8A2A1C7DD7953939E077B48B3A842553
Product . . . . . : OpenCandy Install Helper
Publisher . . . . : OpenCandy
Description . . . : OpenCandy Install Helper
Version . . . . . : 1.0.0.2
Copyright . . . . : (c) 2011 OpenCandy. All rights reserved.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\ (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\1273.ico (Conduit)
C:\Users\Lollo\AppData\Roaming\OpenCandy\OpenCandy_8E3D36A543DA4F63905F9D9A4C41E5D5\TuneUpInst-1.9.0-cmp132.exe (Conduit)
Size . . . . . . . : 27.218.976 bytes
Age . . . . . . . : 895.9 days (2011-03-27 14:09:51)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5A0E1A8A94143EA07CD6BBABB2E68523749E080E37E0BC005C7D643158474BC4
Product . . . . . : TuneUp Companion 1.9.0
Publisher . . . . : TuneUp Media, Inc.
Description . . . : TuneUp Companion 1.9.0
Version . . . . . : 1.0.37.0
Copyright . . . . : Copyright 2007-2010 by TuneUp Media, Inc.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -4.0
HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1\ (Babylon)
HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bdc\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bgl\ (Babylon)
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/bof\ (Babylon)
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\BabylonIEPI.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\BabylonToolbar\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Conduit\ (Conduit)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin\ (Babylon)
HKU\S-1-5-21-3059642530-3758366382-3311971186-1000\Software\Softonic\ (Softonic)
Cookies _____________________________________________________________________
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.soliddeal.de
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Lollo\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\1CTK36XA.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2DVK1ZUX.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\2RYT2Y0R.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4QO6V6M3.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\4T28YZL2.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\6SN6XMYO.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\8FFKY4K6.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\A0S4LI05.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\C4XGEHPS.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\GB6416GS.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\OJG6PH33.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\QFELVHRZ.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\RPOP8Q76.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VQU2OAU0.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\VSNZ0N05.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\W9BZYY9M.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WX5QLTDM.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZRHKXCB.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\WZYO78A7.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\XB0Y2BJ2.txt
C:\Users\Lollo\AppData\Roaming\Microsoft\Windows\Cookies\YKY8IVQB.txt
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.12mnkys.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.yieldmanager.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:ad.zanox.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:atdmt.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:c.atdmt.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:centaurpublications.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:de.sitestat.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:dennispublishing.112.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:doubleclick.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:hearstdigital.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:in.getclicky.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:invitemedia.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:newsquestdigitalmedia.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:opodo.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:partypoker.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:paypal.112.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:statcounter.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:stats.paypal.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:survey.g.doubleclick.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:tradedoubler.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:wissende.122.2o7.net
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.etracker.de
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:www.googleadservices.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:xiti.com
C:\Users\Lollo\AppData\Roaming\Mozilla\Firefox\Profiles\utn6w5tt.default\cookies.sqlite:yadro.ru
Ich bedanke mich jetzt schon einmal für die Unterstützung! Ich wäre wirklich sehr erleichtert wenn mir jemand bei dieser Sache helfen könnte da mich die Angelegenheit mit der Visacard schon etwas in Schwitzen bringt und ich deshalb das Programm so schnell wie möglich entfernt haben möchte. Liebe Grüße, Lorenz |
| Themen zu ZBot / ZeuS Trojaner Telekombrief; VISA-card Hack |
| 7-zip, appdatalow, avg, avira, browser, computer, cursor, email, explorer, fehlermeldung, google, helper, infiziert, internet explorer, kaspersky, malware, mozilla, nicht möglich, online banking, prüfen, rar datei, rundll, scan, sicherheitsexperten, smartbar, software, speedchecker, telekomwarnung, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, traces, trojaner, updates, user agent, version., virus, visacard, windows, zbot trojaner, zeus trojaner, ändern |
Baum-Darstellung