The Spyware Warrior Guide to

Anti-Spyware Testing:
Critical Detections

by Eric L. Howes

Oct. 2-4, 2004 /
Oct. 8-9, 2004 /
Oct. 13-15, 2004 
 

On this page... Anti-Spyware Test by Eric L. Howes

Note: see the Test Guide page for an explanation of these "critical detections." 

Overview

As explained on the "guide" page, a core group of "critical detections" was identified and used for each round of tests. These "critical detections" comprise a key subset of the larger collection of files and Registry keys/values installed on the test PC. 

What follows are tables summarizing the "critical detections" used for each round of tests. See the Key at the bottom of this page for an explanation of the symbols, colors, and abbreviations used in these tables.
 

"Critical" Detections (Round 1: Oct. 2-4)
Unique ID File / Registy entry
411 Ferret/ActiveSearch
411F-01 C:\program files\411Ferret\toolbar.dll
411F-02 HKEY_CLASSES_ROOT\BTB.IEToolbar
411F-03 HKEY_CLASSES_ROOT\BTB.IEToolbar.1
411F-04 HKEY_CLASSES_ROOT\CLSID\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
411F-05 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{12F02779-6D88-4958-8AD3-83C12D86ADC7}"
411F-06 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&411 Ferret Toolbar search
411F-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{12F02779-6D88-4958-8AD3-83C12D86ADC7}"
   
AdRoar
ADR-01 C:\winnt\AdRoar.dll
ADR-02 HKEY_CLASSES_ROOT\AdRoar.Band
ADR-03 HKEY_CLASSES_ROOT\AdRoar.Band.1
ADR-04 HKEY_CLASSES_ROOT\CLSID\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}
ADR-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}
ADR-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"
ADR-07 C:\winnt\ARUpdate.exe
ADR-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AdRoarUpdate"
   
Altnet/BDE
ALTN-01 C:\program files\Altnet\Download Manager\asmps.dll
ALTN-02 C:\program files\Altnet\Download Manager\adm4.dll
ALTN-03 C:\program files\Altnet\Download Manager\adm4005.exe
ALTN-04 C:\program files\Altnet\Download Manager\admdata.dll
ALTN-05 C:\program files\Altnet\Download Manager\admdloader.dll
ALTN-06 C:\program files\Altnet\Download Manager\admfdi.dll
ALTN-07 C:\program files\Altnet\Download Manager\admprog.dll
ALTN-08 C:\program files\Altnet\Download Manager\asm.exe
ALTN-09 C:\program files\Altnet\Download Manager\asmend.exe
ALTN-10 C:\program files\Altnet\Download Manager\adm25.dll
ALTN-11 C:\program files\Altnet\Points Manager\Points Manager.exe
ALTN-12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "AltnetPointsManager"
ALTN-13 C:\program files\Altnet\Points Manager\sysdetect.dll
   
BroadcastPC (BTV/BREG)
BTV-01 C:\program files\BTV\breg_inst.exe
BTV-02 C:\program files\BTV\btv.exe
BTV-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "BTV"
BTV-04 C:\program files\BTV\btvclean.exe
BTV-05 C:\program files\common files\java\breg.exe
BTV-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Breg"
   
Cydoor
CYDR-01 C:\winnt\system32\cd_clint.dll
   
Flashtrack/Flashenhancer (XCPY/XCLEAN/XML)
FLTR-01 C:\program files\common files\java\xclean.exe
FLTR-02 C:\program files\common files\java\Xcpy1.exe
FLTR-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Xcpy1"
FLTR-04 C:\program files\XML\xclean.exe
FLTR-05 C:\program files\XML\Xcpy1_inst.exe
FLTR-06 C:\program files\XML\XML.dll
FLTR-07 HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-479EA31DF969}
FLTR-08 HKEY_CLASSES_ROOT\UnawareObj.UnawareObj
FLTR-09 HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1
FLTR-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7CD20E91-1F31-41da-8379-479EA31DF969}
   
Gator/GAIN/Claria
GATR-01 C:\program files\common files\CMEII\CMEIIAPI.dll
GATR-02 C:\program files\common files\CMEII\CMESys.exe
GATR-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CMESys"
GATR-04 C:\program files\common files\CMEII\GAppMgr.dll
GATR-05 C:\program files\common files\CMEII\GController.dll
GATR-06 C:\program files\common files\CMEII\GDwldEng.dll
GATR-07 C:\program files\common files\CMEII\GIocl.dll
GATR-08 C:\program files\common files\CMEII\GIoclClient.dll
GATR-09 C:\program files\common files\CMEII\GMTProxy.dll
GATR-10 C:\program files\common files\CMEII\GObjs.dll
GATR-11 C:\program files\common files\CMEII\GStore.dll
GATR-12 C:\program files\common files\CMEII\GStoreServer.dll
GATR-13 C:\program files\common files\CMEII\Gtools.dll
GATR-14 C:\program files\common files\GMT\EGGCEngine.dll
GATR-15 C:\program files\common files\GMT\egIEEngine.dll
GATR-16 C:\program files\common files\GMT\EGIEProcess.dll
GATR-17 C:\program files\common files\GMT\EGNSEngine.dll
GATR-18 C:\program files\common files\GMT\GatorStubSetup.exe
GATR-19 C:\program files\common files\GMT\GatorRes.dll
GATR-20 C:\program files\common files\GMT\GMT.exe
GATR-21 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\GStartup.lnk
GATR-22 C:\winnt\FT1_01_0_279_GEPFAH.EXE
   
MyWay/MyBar
MYWY-01 C:\program files\MyWay\myBar\1.bin\MY2NS.EXE
MYWY-02 C:\program files\MyWay\myBar\1.bin\MYBAR.DLL
MYWY-03 HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
MYWY-04 HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
MYWY-05 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin
MYWY-06 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1
MYWY-07 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}"
MYWY-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}"
MYWY-09 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} "(Default)"
MYWY-10 C:\program files\MyWay\myBar\1.bin\NPMYWAY.DLL
   
SearchLocate/SideBar
SLOC-01 C:\program files\SearchLocate\sidebar.dll
SLOC-02 HKEY_CLASSES_ROOT\CLSID\{952EC978-4920-4F18-8237-91D69B54C580}
SLOC-03 HKEY_CLASSES_ROOT\MyToolBar.BandSidePanel
SLOC-04 HKEY_CLASSES_ROOT\MyToolBar.BandSidePanel.1
SLOC-05 HKEY_CLASSES_ROOT\MyToolBar.TBar
SLOC-06 HKEY_CLASSES_ROOT\MyToolBar.TBar.1
SLOC-07 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{952EC978-4920-4F18-8237-91D69B54C580}"
SLOC-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{952EC978-4920-4F18-8237-91D69B54C580}"
   
Topsearch
TOPS-01 C:\program files\grokster\topsearch.dll
   
TVMedia
TVM-01 C:\Documents and Settings\administrator\application data\tvmknwrd.dll
TVM-02 C:\Documents and Settings\administrator\application data\tvmcwrd.dll
TVM-03 C:\program files\TV Media\Tvm.exe
TVM-04 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TV Media"
TVM-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "TV Media"
TVM-06 C:\program files\TV Media\TvmBho.dll
TVM-07 HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}
TVM-08 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
TVM-09 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
TVM-10 C:\program files\TV Media\TvmCore.dll
   
VX2/ABetterInternet (BELT/BI)
VX2A-01 C:\winnt\Belt.exe
VX2A-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Belt"
VX2A-03 C:\winnt\bi.dll
VX2A-04 HKEY_CLASSES_ROOT\CLSID\{000006B1-19B5-414A-849F-2A3C64AE6939}
VX2A-05 HKEY_CLASSES_ROOT\BiDll.BiDllObj.1
VX2A-06 HKEY_CLASSES_ROOT\VX2.VX2Obj
VX2A-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
VX2A-08 C:\winnt\biprep.exe
VX2A-09 C:\winnt\downloaded program files\payload2.inf
VX2A-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{20000273-8230-4DD4-BE4F-6889D1E74167}
   
Web_CPR/TopMoxie
WCPR-01 C:\program files\Web_Cpr\disp2000.exe
WCPR-02 C:\program files\Web_Cpr\WebCpr0.exe
WCPR-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WebCpr0"
WCPR-04 C:\program files\Web_Cpr\WebCpr1.exe
   
WebRebates/TopRebates
WEBR-01 C:\program files\Web_Rebates\disp1150.exe
WEBR-02 C:\program files\Web_Rebates\WebRebates0.exe
WEBR-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WebRebates0"
WEBR-04 C:\program files\Web_Rebates\WebRebates1.exe
WEBR-05 C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
WEBR-06 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates
   
Browser Hijack
BHIJ-01 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Bar "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-02 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-03 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL "http://www.topfivesearch.com/search.asp"
BHIJ-04 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL "http://www.topfivesearch.com/search.asp"
BHIJ-05 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-06 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-07 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search,(Default) "websearch.drsnsrch.com/q.cgi?q="
BHIJ-08 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-09 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,CustomizeSearch "http://websearch.drsnsrch.com/sidesearch.cgi?id="
BHIJ-10 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,(Default) "websearch.drsnsrch.com/q.cgi?q="
   
Misc/Unknown
MISC-01 C:\winnt\smdat32m.sys
MISC-02 C:\winnt\smdat32a.sys
MISC-03 C:\winnt\SysRen.exe
MISC-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Sys Ren"
MISC-05 C:\winnt\wast2.exe
MISC-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Wast"
MISC-07 C:\winnt\system32\fwtukoog.exe
MISC-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ggvjttxfl"

Return to top...

"Critical" Detections (Round 2: Oct. 8-9)
Unique ID File / Registy entry
180Solutions/nCase
180S-01 C:\WINNT\salm.exe
180S-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "salm"
180S-03 C:\WINNT\salmbundle.exe
180S-04 C:\WINNT\salmhook.dll
180S-05 C:\WINNT\system32\180.dll
   
Bargain Buddy
BARG-01 C:\Program Files\Bargain Buddy\bin\apuc.dll
BARG-02 C:\Program Files\Bargain Buddy\bin\bargains.exe
BARG-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Bargains"
BARG-04 C:\Program Files\Bargain Buddy\bin\cb.exe
BARG-05 C:\WINNT\bargain3.exe
BARG-06 C:\WINNT\dwcg2.exe
   
Bundleware
BUND-01 C:\WINNT\Downloaded Program Files\BM2.dll
BUND-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
   
ClipGenie
CLIP-01 C:\WINNT\clipg.exe
   
Downloadware/Network Essentials
DOWN-01 C:\Program Files\DownloadWare\dw.exe
DOWN-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "DownloadWare"
DOWN-03 C:\Program Files\DownloadWare\Temp\rh.exe
   
FunWeb/SmileyCentral
FUNW-01 C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf"
FUNW-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
   
GAIN DashBar
GAIN-01 C:\Program Files\DashBar\DashBar21.dll
GAIN-02 HKEY_CLASSES_ROOT\CLSID\{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}
GAIN-03 HKEY_CLASSES_ROOT\DashBarToolbar.SearchScoutBandObj
GAIN-04 HKEY_CLASSES_ROOT\DashBarToolbar.SearchScoutBandObj.1
GAIN-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}"
GAIN-06 C:\Program Files\DashBar\DbAu.exe
   
IBIS Toolbar/Websearch
IBWS-01 C:\Program Files\Toolbar\common.dll
IBWS-02 C:\Program Files\Toolbar\IExploreSkins.exe
IBWS-03 C:\Program Files\Toolbar\PIB.exe
IBWS-04 C:\Program Files\Toolbar\TBPS.exe
IBWS-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "TBPS"
IBWS-06 C:\Program Files\Toolbar\toolbar.dll
IBWS-07 HKEY_CLASSES_ROOT\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C}
IBWS-08 HKEY_CLASSES_ROOT\PROTOCOLS\Handler\tpro
IBWS-09 HKEY_CLASSES_ROOT\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972}
IBWS-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972}
IBWS-11 HKEY_CLASSES_ROOT\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC}
IBWS-12 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{339BB23F-A864-48C0-A59F-29EA915965EC}"
IBWS-13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{339BB23F-A864-48C0-A59F-29EA915965EC}"
IBWS-14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
   
IBIS Toolbar/WinTools
IBWT-01 C:\Program Files\Common Files\WinTools\WSup.exe
IBWT-02 C:\Program Files\Common Files\WinTools\WToolsA.exe
IBWT-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WinTools"
IBWT-04 C:\Program Files\Common Files\WinTools\WToolsB.dll
IBWT-05 HKEY_CLASSES_ROOT\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183}
IBWT-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183}
IBWT-07 C:\Program Files\Common Files\WinTools\WToolsS.exe
   
IEPlugin/IMI Toolbar
IEPL-01 C:\WINNT\extract.exe
IEPL-02 C:\WINNT\rgrt.exe
IEPL-03 C:\WINNT\systb.dll
IEPL-04 HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
IEPL-05 HKEY_CLASSES_ROOT\IMIToolbar.imiTool
IEPL-06 HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1
IEPL-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3}
IEPL-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}"
IEPL-09 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
IEPL-10 C:\WINNT\wdskctl.exe
IEPL-11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "wdskctl"
IEPL-12 C:\WINNT\wupdt.exe
IEPL-13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win Server Updt"
IEPL-14 C:\WINNT\Downloaded Program Files\default.inf
IEPL-15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{556DDE35-E955-11D0-A707-000000521958}
   
Midaddle
MIDL-01 L:\TEMP\9.exe
MIDL-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "9.exe"
MIDL-03 L:\TEMP\9.dll
   
MyTotalSearchBar
MYTO-01 C:\Program Files\MyTotalSearch\bar\1.bin\F3CJPEG.dll
MYTO-02 C:\Program Files\MyTotalSearch\bar\1.bin\F3REPROX.dll
MYTO-03 C:\Program Files\MyTotalSearch\bar\1.bin\F3RESTUB.dll
MYTO-04 C:\Program Files\MyTotalSearch\bar\1.bin\F3SCRCTR.dll
MYTO-05 C:\Program Files\MyTotalSearch\bar\1.bin\F3WPHOOK.dll
MYTO-06 C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.dll
MYTO-07 HKEY_CLASSES_ROOT\CLSID\{094176F9-BF35-4bcb-B68A-108DFB8C3825}
MYTO-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{094176F9-BF35-4bcb-B68A-108DFB8C3825}"
MYTO-09 C:\Program Files\MyTotalSearch\bar\1.bin\MTSHTMMU.dll
MYTO-10 C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.exe
MYTO-11 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MyTotalSearch Email Plugin"
MYTO-12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MyTotalSearch Email Plugin"
MYTO-13 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyTotalSearch Email Plugin.lnk
MYTO-14 C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEPLG.dll
MYTO-15 C:\Program Files\MyTotalSearch\bar\1.bin\MTSOESTB.dll
MYTO-16 C:\Program Files\MyTotalSearch\bar\1.bin\MTSOUTCN.dll
MYTO-17 C:\Program Files\MyTotalSearch\bar\1.bin\MTSPOPST.dll
MYTO-18 C:\Program Files\MyTotalSearch\bar\1.bin\MTSSKIN.dll
MYTO-19 C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll
   
N-Lite
NLIT-01 L:\TEMP\svcmm32.exe
NLIT-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "USB controller"
   
PrecisionTime
PREC-01 C:\Program Files\PrecisionTime\PrecisionTime.exe
PREC-02 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PrecisionTime.lnk
   
Recommended HotFix/Network Essentials
RECH-01 C:\Program Files\Recommended Hotfix - 421701D\v15\RH.dll
RECH-02 C:\Program Files\Recommended Hotfix - 421701D\v15\RH.exe
   
SearchEXE
SEXE-01 C:\Program Files\se\v11\se.exe
SEXE-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Search-Exe"
SEXE-03 C:\Program Files\se\v11\se.dll
SEXE-04 HKEY_CLASSES_ROOT\CLSID\{00041A26-7033-432C-94C7-6371DE343822}
SEXE-05 HKEY_CLASSES_ROOT\WebCom.WebBho
SEXE-06 HKEY_CLASSES_ROOT\WebCom.WebBho.1
SEXE-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00041A26-7033-432C-94C7-6371DE343822}
   
Spyblocs/eBlocs
SPYB-01 C:\WINNT\system32\antispy.exe
SPYB-02 C:\Documents and Settings\Administrator\Desktop\Remove Spyware.url
   
TVMedia
TVM-01 C:\Documents and Settings\Administrator\Application Data\tvmcwrd.dll
TVM-02 C:\Documents and Settings\Administrator\Application Data\tvmknwrd.dll
TVM-03 C:\Documents and Settings\Administrator\Application Data\tvmuknwrd.dll
TVM-04 C:\Program Files\TV Media\Tvm.exe
TVM-05 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "TV Media"
TVM-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "TV Media"
TVM-07 C:\Program Files\TV Media\TvmBho.dll
TVM-08 HKEY_CLASSES_ROOT\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}
TVM-09 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
TVM-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks "{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}"
TVM-11 C:\Program Files\TV Media\TvmCore.dll
TVM-12 C:\WINNT\tvmm.exe
   
VX2/Favoriteman
VX2F-01 C:\WINNT\system32\mmview_101.dll
VX2F-02 C:\WINNT\Downloaded Program Files\bundle_101.inf"
VX2F-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
   
VX2/Look2Me
VX2L-01 C:\WINNT\system32\3dsdpi.dll
VX2L-02 C:\WINNT\system32\*.dll   (Note: randomly named copy of 3dsdpi.dll)
   
WildMedia
WILD-01 C:\Documents and Settings\Administrator\Local Settings\Temp\JkSv7l.dll
WILD-02 HKEY_CLASSES_ROOT\CLSID\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
WILD-03 HKEY_CLASSES_ROOT\SearchHelp
WILD-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
WILD-05 C:\WINNT\addit.exe
WILD-06 L:\TEMP\WildWinTracker.exe
WILD-07 L:\TEMP\clicks.dll
   
WhenU/SaveNow
WUSA-01 C:\Program Files\Save\Save.exe
WUSA-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSave"
WUSA-03 C:\winnt\downloaded program files\WUInst.inf
WUSA-04 C:\winnt\downloaded program files\WUInst.dll
WUSA-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18} "Installer"
   
WhenU/Search
WUSE-01 C:\Program Files\WhenUSearch\search.dll
WUSE-02 C:\Program Files\WhenUSearch\Search.exe
WUSE-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSearch"
WUSE-04 C:\Program Files\WhenUSearch\whse.exe
WUSE-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSearchWHSE"
   
WhenU/Weathercast
WUWE-01 C:\Program Files\WeatherCast\Weather.exe
WUWE-02 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "WeatherCast"
   
Browser Hijack
BHIJ-01 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Bar "http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn"
BHIJ-02 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-03 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-04 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,SearchAssistant "http://www.websearch.com/ie.aspx?tb_id=50038"
BHIJ-05 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,CustomizeSearch "res://C:\PROGRA~1\Toolbar\toolbar.dll/sa"
BHIJ-06 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar "http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn"
BHIJ-07 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-08 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search,SearchAssistant "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-09 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-10 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,CustomizeSearch "http://search.ieplugin.com/search.htm"
BHIJ-11 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL,(Default) "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
BHIJ-12 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL,(Default) "http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw="
   
HOSTS File Hijack
HOST-01 Hosts: 69.20.16.183 auto.search.msn.com
HOST-02 Hosts: 69.20.16.183 search.netscape.com
HOST-03 Hosts: 69.20.16.183 ieautosearch
   
Misc/Unknown
MISC-01 C:\WINNT\system\UpdInstall.exe
MISC-02 C:\WINNT\system32\sicon.dll
MISC-03 C:\WINNT\system32\svc.dll
MISC-04 C:\WINNT\system32\sysfile.dll

Return to top...

"Critical" Detections (Round 3: Oct. 13-15)
Unique ID File / Registy entry
180Solutions/nCase
180S-01 C:\winnt\180ax.exe
180S-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "180ax"
180S-03 C:\winnt\180axhook.dll
180S-04 C:\winnt\bohafwt.exe
180S-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bohafwt"
180S-06 C:\winnt\system32\180.dll
   
BlazeFind/WinSync/WindUpdates
BLAZ-01 C:\Program Files\Windows SyncroAd\CComm.dll
BLAZ-02 C:\Program Files\Windows SyncroAd\SyncroAd.exe
BLAZ-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows SyncroAd"
BLAZ-04 C:\Program Files\Windows SyncroAd\WinSync.exe
BLAZ-05 C:\winnt\downloaded program files\ActiveX.inf
BLAZ-06 C:\winnt\downloaded program files\SyncroAdX.dll
BLAZ-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6
   
ClickAlchemy
CLAL-01 C:\winnt\alchem.exe
CLAL-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "alchem"
   
Effective Brand Games Toolbar
EBGT-01 C:\Program Files\Games\tbGame.dll
EBGT-02 HKEY_CLASSES_ROOT\CLSID\{02FFC86E-283E-4FAA-95D6-ADDCA024F30A}
EBGT-03 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{02FFC86E-283E-4FAA-95D6-ADDCA024F30A}"
EBGT-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{02ffc86e-283e-4faa-95d6-addca024f30a}"
EBGT-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Games toolbar"
EBGT-06 C:\winnt\games.exe
   
eZula
EZUL-01 C:\Program Files\eZula\CHCON.dll
EZUL-02 C:\Program Files\eZula\eabh.dll
EZUL-03 C:\Program Files\eZula\mmod.exe
EZUL-04 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "eZmmod"
EZUL-05 C:\Program Files\eZula\seng.dll
EZUL-06 C:\winnt\eZinstall.exe
EZUL-07 C:\winnt\system32\ezStub.exe
   
FunWeb
FUNW-01 C:\winnt\downloaded program files\f3initialsetup1.0.0.8-2.inf
FUNW-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
   
MegaSearch Toolbar
MEGA-01 C:\winnt\downloaded program files\megasear.dll
MEGA-02 HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}
MEGA-03 HKEY_CLASSES_ROOT\megasear.MEGASEAR
MEGA-04 HKEY_CLASSES_ROOT\megasear.MEGASEARMenu Button
MEGA-05 HKEY_CLASSES_ROOT\megasear.MEGASEARToggle Button
MEGA-06 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}"
MEGA-07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}"
MEGA-08 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}
MEGA-09 C:\winnt\system32\MegasearchBarSetup.exe
MEGA-10 C:\winnt\system32\megaV2Wbr.dll
   
My Web Search Email Plugin
MWSE-01 C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
MWSE-02 C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
MWSE-03 C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
MWSE-04 C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
MWSE-05 C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
MWSE-06 C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
MWSE-07 C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
MWSE-08 C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
MWSE-09 C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
MWSE-10 C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
MWSE-11 HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
MWSE-12 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
MWSE-13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
MWSE-14 C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
MWSE-15 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MyWebSearch Email Plugin"
MWSE-16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MyWebSearch Email Plugin"
MWSE-17 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
MWSE-18 C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
MWSE-19 C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
   
MyWebSearch Search Assistant
MWSS-01 C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
MWSS-02 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search
   
My Daily Horoscope
MYDH-01 C:\Program Files\My Daily Horoscope\MyDailyHoroscope.exe
MYDH-02 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MyDailyHoroscope"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "MyDailyHoroscope"
   
N-Lite
NLIT-01 L:\TEMP\svcmm32.exe
NLIT-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "USB controller"
   
ShopAtHomeSelect
SAHS-01 C:\winnt\downloaded program files\setup.inf
SAHS-02 C:\winnt\downloaded program files\WEBInstaller.dll
SAHS-03 C:\winnt\system32\SahAgent.exe
SAHS-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SAHAgent"
SAHS-05 C:\winnt\system32\sahagent1019.exe
SAHS-06 C:\winnt\system32\SahHtml.exe
SAHS-07 C:\winnt\system32\lsp.dll
SAHS-08 [Winsock LSP Hijack]
   
Spyblocs/eBlocs
SPYB-01 C:\winnt\system32\antispy.exe
SPYB-02 C:\Documents and Settings\Administrator\Desktop\Remove Spyware.url
SPYB-03 C:\Documents and Settings\Administrator\Favorites\Delete Spyware and Stop Pops!\Delete Spyware, stop pops, fix your pc!.url
   
TopConverting
TOPC-01 C:\Program Files\TopConverting\pacman\pacman.exe
TOPC-02 C:\winnt\updatetc.exe
TOPC-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "tpcupdater"
TOPC-04 C:\winnt\downloaded program files\loader2.ocx
TOPC-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}
   
Twain-Tech
TWTE-01 C:\winnt\preInsTT.exe
TWTE-02 C:\winnt\twaintec.dll
TWTE-03 HKEY_CLASSES_ROOT\CLSID\{000020DD-C72E-4113-AF77-DD56626C6C42}
TWTE-04 HKEY_CLASSES_ROOT\twaintecDll.twaintecDllObj.1
TWTE-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
TWTE-06 C:\winnt\system32\polall1m.exe
   
VX2/ABetterInternet
VX2A-01 C:\winnt\downloaded program files\lotto.inf
VX2A-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30000273-8230-4DD4-BE4F-6889D1E74167}
VX2A-03 C:\winnt\system32\arcg_exe
   
VX2/Favoriteman
VX2F-01 C:\winnt\downloaded program files\ATPartners.inf
VX2F-02 HKEY_CLASSES_ROOT\F1.Organizer
VX2F-03 HKEY_CLASSES_ROOT\F1.Organizer.1
VX2F-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000EF1-0786-4633-87C6-1AA7A44296DA}
VX2F-05 C:\winnt\downloaded program files\bundle_101.inf
VX2F-06 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
VX2F-07 C:\winnt\system32\ATPartners.dll
VX2F-08 HKEY_CLASSES_ROOT\CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA}
VX2F-09 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}
VX2F-10 C:\winnt\system32\im64.dll
VX2F-11 C:\winnt\system32\mmview_101.dll
VX2F-12 HKEY_CLASSES_ROOT\CLSID\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
VX2F-13 HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan
VX2F-14 HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan.1
VX2F-15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
   
VX2/Look2Me
VX2L-01 C:\winnt\system32\adctres.dll (Note: copy of avsetupc.dll)
VX2L-02 C:\winnt\system32\avsetupc.dll
   
WebRebates/TopMoxie
WEBR-01 C:\Program Files\Web_Rebates\disp1150.exe
WEBR-02 C:\Program Files\Web_Rebates\WebRebates0.exe
WEBR-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WebRebates0"
WEBR-04 C:\Program Files\Web_Rebates\WebRebates1.exe
WEBR-05 C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
WEBR-06 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates
WEBR-07 C:\winnt\system32\WebRebates_Auto_InstallSilent.exe
   
WinAd
WINA-01 C:\winnt\system32\ide21201.vxd
   
WhenU/ClockSync
WUCS-01 C:\Program Files\ClockSync\Sync.exe
WUCS-02 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ClockSync"
   
WhenU/SaveNow
WUSA-01 C:\Program Files\Save\Save.exe
WUSA-02 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSave"
WUSA-03 C:\winnt\downloaded program files\WUInst.dll
WUSA-04 C:\winnt\downloaded program files\WUInst.inf
WUSA-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2F2B9D0-96B9-4B25-B90C-636ECB207D18}
   
WhenU/Search
WUSE-01 C:\Program Files\WhenUSearch\search.dll
WUSE-02 C:\Program Files\WhenUSearch\Search.exe
WUSE-03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSearch"
WUSE-04 C:\Program Files\WhenUSearch\whse.exe
WUSE-05 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WhenUSearchWHSE"
   
HOSTS File Hijack
HOST-01 Hosts: 69.20.16.183 auto.search.msn.com
HOST-02 Hosts: 69.20.16.183 search.netscape.com
HOST-03 Hosts: 69.20.16.183 ieautosearch
   
Misc/Unknown
MISC-01 C:\winnt\VT00.exe
MISC-02 C:\winnt\system32\bdlds.dll
MISC-03 C:\winnt\system32\fwtukoog.exe
MISC-04 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "bjejccjptkz"
MISC-05 C:\winnt\system32\scopenr.dll
MISC-06 C:\winnt\system32\sicon.dll
MISC-07 C:\winnt\system32\svc.dll
MISC-08 C:\winnt\system32\sysfile.dll

Return to top...

Key:
 
Symbol Means...
BLUE File
RED Executable file in memory
GREEN Registry key/value
BLACK HOSTS file entry
FUCHSIA Winsock LSP hijack

 Note: for detailed information on each detection, see the "critical" detections section above for each group of tests.
  

Return to top...

These pages are generously hosted by

Forums: http://spywarewarrior.com/index.php

Blog: http://www.netrn.net/spywareblog/

Copyright 2004 Eric L. Howes