Shopnav

November 5, 2006 on 3:53 pm | In Malware analysis | No Comments

Originally posted Jan 12 2005, 09:12 PM

Found at CastleCops

O2 – BHO: Band Class – {0007522A-2297-43C1-8EB1-C90B0FF20DA5} – C:\WINDOWS\enhtb.dll

No scanner I could get a hold off recognized this file.
It made these changes to my HijackThis log

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0

R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0

R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=

O2 – BHO: Band Class – {0007522A-2297-43C1-8EB1-C90B0FF20DA5} – M:\Manege\oneclicksrch\enhtb.dll

O3 – Toolbar: (no name) – {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} – (no file)

Total Uninstall log:

FILES
===============
(FOLDER) C:\WINDOWS
(+)(FILE) enhtb.dll = 14:35 20-10-04 290816 bytes
(+)(FILE) kwv2.dat = 17:01 12-01-05 5460 bytes
(+)(FILE) lu.dat = 17:01 12-01-05 53 bytes
(+)(FILE) redir.txt = 17:01 12-01-05 0 bytes

Registry
==============
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
(+)(REG VALUE) (Standaard) = ‘BottomFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame\CLSID
(+)(REG VALUE) (Standaard) = ‘{1FF215BC-3906-4915-B5C5-E5D363CF0439}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame\CurVer
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.BottomFrame.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
(+)(REG VALUE) (Standaard) = ‘BottomFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1\CLSID
(+)(REG VALUE) (Standaard) = ‘{1FF215BC-3906-4915-B5C5-E5D363CF0439}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
(+)(REG VALUE) (Standaard) = ‘LeftFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame\CLSID
(+)(REG VALUE) (Standaard) = ‘{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame\CurVer
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.LeftFrame.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
(+)(REG VALUE) (Standaard) = ‘LeftFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1\CLSID
(+)(REG VALUE) (Standaard) = ‘{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
(+)(REG VALUE) (Standaard) = ‘PopupBrowser Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser\CLSID
(+)(REG VALUE) (Standaard) = ‘{0007CC61-BEE5-4DE7-B0F0-34B47B621972}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser\CurVer
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupBrowser.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
(+)(REG VALUE) (Standaard) = ‘PopupBrowser Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1\CLSID
(+)(REG VALUE) (Standaard) = ‘{0007CC61-BEE5-4DE7-B0F0-34B47B621972}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
(+)(REG VALUE) (Standaard) = ‘PopupWindow Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow\CLSID
(+)(REG VALUE) (Standaard) = ‘{59B92425-FCA5-4576-AE8D-288A819DC29E}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow\CurVer
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupWindow.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
(+)(REG VALUE) (Standaard) = ‘PopupWindow Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1\CLSID
(+)(REG VALUE) (Standaard) = ‘{59B92425-FCA5-4576-AE8D-288A819DC29E}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Remove
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Wbho.Band
(+)(REG VALUE) (Standaard) = ‘Band Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Wbho.Band\CLSID
(+)(REG VALUE) (Standaard) = ‘{0007522A-2297-43C1-8EB1-C90B0FF20DA5}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Wbho.Band\CurVer
(+)(REG VALUE) (Standaard) = ‘Wbho.Band.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Wbho.Band.1
(+)(REG VALUE) (Standaard) = ‘Band Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Wbho.Band.1\CLSID
(+)(REG VALUE) (Standaard) = ‘{0007522A-2297-43C1-8EB1-C90B0FF20DA5}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}
(+)(REG VALUE) (Standaard) = ‘Band Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\InprocServer32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REG VALUE) ThreadingModel = ‘Apartment’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\ProgID
(+)(REG VALUE) (Standaard) = ‘Wbho.Band.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\Programmable
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454c-B2F4-FF964DE43E4C}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\VersionIndependentProgID
(+)(REG VALUE) (Standaard) = ‘Wbho.Band’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}
(+)(REG VALUE) (Standaard) = ‘PopupBrowser Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}\InprocServer32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REG VALUE) ThreadingModel = ‘Apartment’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}\ProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupBrowser.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}\Programmable
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{0007CC61-BEE5-4DE7-B0F0-34B47B621972}\VersionIndependentProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupBrowser’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}
(+)(REG VALUE) (Standaard) = ‘LeftFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\Implemented Categories
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\InprocServer32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REG VALUE) ThreadingModel = ‘Apartment’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\ProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.LeftFrame.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\Programmable
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{000D2CC0-2F6F-4FCF-A839-0921BCC7AA04}\VersionIndependentProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.LeftFrame’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}
(+)(REG VALUE) (Standaard) = ‘BottomFrame Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\Implemented Categories
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\InprocServer32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REG VALUE) ThreadingModel = ‘Apartment’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\ProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.BottomFrame.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\Programmable
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{1FF215BC-3906-4915-B5C5-E5D363CF0439}\VersionIndependentProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.BottomFrame’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}
(+)(REG VALUE) (Standaard) = ‘PopupWindow Class’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}\InprocServer32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REG VALUE) ThreadingModel = ‘Apartment’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}\ProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupWindow.1’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}\Programmable
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\CLSID\{59B92425-FCA5-4576-AE8D-288A819DC29E}\VersionIndependentProgID
(+)(REG VALUE) (Standaard) = ‘IMIToolbar.PopupWindow’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{16148DA8-9325-47C9-9BE2-B7D4075C4DF7}
(+)(REG VALUE) (Standaard) = ‘IBottom’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{16148DA8-9325-47C9-9BE2-B7D4075C4DF7}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{16148DA8-9325-47C9-9BE2-B7D4075C4DF7}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{16148DA8-9325-47C9-9BE2-B7D4075C4DF7}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{467A7046-2972-4CD3-A8B8-39F2887F78C1}
(+)(REG VALUE) (Standaard) = ‘IBottomFrame’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{467A7046-2972-4CD3-A8B8-39F2887F78C1}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{467A7046-2972-4CD3-A8B8-39F2887F78C1}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{467A7046-2972-4CD3-A8B8-39F2887F78C1}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{870FC053-EAD2-43D0-931A-17C5FB077C70}
(+)(REG VALUE) (Standaard) = ‘ILeftFrame’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{870FC053-EAD2-43D0-931A-17C5FB077C70}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{870FC053-EAD2-43D0-931A-17C5FB077C70}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{870FC053-EAD2-43D0-931A-17C5FB077C70}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{B303BE97-4932-44FD-8C8F-CE529890B421}
(+)(REG VALUE) (Standaard) = ‘IBand’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{B303BE97-4932-44FD-8C8F-CE529890B421}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{B303BE97-4932-44FD-8C8F-CE529890B421}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{B303BE97-4932-44FD-8C8F-CE529890B421}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{D1E2293C-3F18-4A2C-82C9-EBBD0BB098A6}
(+)(REG VALUE) (Standaard) = ‘IPopupWindow’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{D1E2293C-3F18-4A2C-82C9-EBBD0BB098A6}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{D1E2293C-3F18-4A2C-82C9-EBBD0BB098A6}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{D1E2293C-3F18-4A2C-82C9-EBBD0BB098A6}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{DF005296-164C-4819-B316-07F1F38F2760}
(+)(REG VALUE) (Standaard) = ‘IPopupBrowser’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{DF005296-164C-4819-B316-07F1F38F2760}\ProxyStubClsid
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{DF005296-164C-4819-B316-07F1F38F2760}\ProxyStubClsid32
(+)(REG VALUE) (Standaard) = ‘{00020424-0000-0000-C000-000000000046}’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\Interface\{DF005296-164C-4819-B316-07F1F38F2760}\TypeLib
(+)(REG VALUE) (Standaard) = ‘{074A9743-0517-454C-B2F4-FF964DE43E4C}’
(+)(REG VALUE) Version = ‘1.0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}\1.0
(+)(REG VALUE) (Standaard) = ‘wbho 1.0 Type Library’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}\1.0\0
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}\1.0\0\win32
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\enhtb.dll’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}\1.0\FLAGS
(+)(REG VALUE) (Standaard) = ‘0’
(+)(REGISTRY KEY) HKEY_CLASSES_ROOT\TypeLib\{074A9743-0517-454C-B2F4-FF964DE43E4C}\1.0\HELPDIR
(+)(REG VALUE) (Standaard) = ‘M:\Manege\oneclicksrch\’
(+)(REGISTRY KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
(+)(REG VALUE) CustomizeSearch = ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(+)(REG VALUE) SearchAssistant = ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(REGISTRY KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
(+)(REG VALUE) Search Bar = ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(*)(REG VALUE) Search Page
‘http://www.google.com’ ==> ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(REGISTRY KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
(*)(REG VALUE) iexplore.exe
1 ==> 0
(REGISTRY KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
(+)(REG VALUE) {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} = (lege data)
(+)(REGISTRY KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0007522A-2297-43C1-8EB1-C90B0FF20DA5}
(+)(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\enhsrch
(+)(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\enhsrch\Config
(+)(REG VALUE) InstallDay = ‘3.836467E+004′
(+)(REG VALUE) KeywordMatch = 1
(+)(REG VALUE) LogUrl = 0
(+)(REG VALUE) SystemDate = ’01/12/05’
(+)(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\enhsrch\MyFileSystem2
(+)(REG VALUE) SystemID = 134858107
(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\Microsoft\Internet Explorer\Main
(+)(REG VALUE) Search Bar = ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(+)(REG VALUE) Use Search Asst = ‘no’
(*)(REG VALUE) Search Page
‘http://www.google.com’ ==> ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\Microsoft\Internet Explorer\SearchUrl
(+)(REG VALUE) (Standaard) = ‘websearch.shopnav.com/q.cgi?q=’
(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\Microsoft\Search Assistant
(+)(REG VALUE) DefaultSearchURL = ‘http://websearch.drsnsrch.com/q.cgi?q=’
(REGISTRY KEY) HKEY_USERS\S-1-5-21-1947229034-1613120521-1437238077-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache
(+)(REG VALUE) M:\Manege\oneclicksrch\enhtb.exe = ‘Emissary’
(+)(REGISTRY KEY) HKEY_CURRENT_USER\Software\enhsrch
(+)(REGISTRY KEY) HKEY_CURRENT_USER\Software\enhsrch\Config
(+)(REG VALUE) InstallDay = ‘3.836467E+004′
(+)(REG VALUE) KeywordMatch = 1
(+)(REG VALUE) LogUrl = 0
(+)(REG VALUE) SystemDate = ’01/12/05’
(+)(REGISTRY KEY) HKEY_CURRENT_USER\Software\enhsrch\MyFileSystem2
(+)(REG VALUE) SystemID = 134858107
(REGISTRY KEY) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
(+)(REG VALUE) Search Bar = ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(+)(REG VALUE) Use Search Asst = ‘no’
(*)(REG VALUE) Search Page
‘http://www.google.com’ ==> ‘http://websearch.drsnsrch.com/sidesearch.cgi?uid=&id=0’
(REGISTRY KEY) HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
(+)(REG VALUE) (Standaard) = ‘websearch.shopnav.com/q.cgi?q=’
(REGISTRY KEY) HKEY_CURRENT_USER\Software\Microsoft\Search Assistant
(+)(REG VALUE) DefaultSearchURL = ‘http://websearch.drsnsrch.com/q.cgi?q=’



No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^