Remove AdTool.MyWebSearch.ae Spyware Removal Information

Search in :

CookiesSpywaresFilesMd5Registry

Spywarelib SearchGoogle Search

AdTool.MyWebSearch.ae

Description:

An AdTool is a program that facilitates the delivery of unwanted advertisements on to the user’s PC. The ads can include pop-ups, pop-unders, banners, or links etc. The AdTool also tracks down the browsing habits of the user. It may launch at system startup and modify the browser settings such as the home page, search page and the error page. It can also result in the browser as well as the system slow down.

Category:

AdTool

FREE Spyware Scan

Threat Level:

Spyware_ThreatLevel

		Known malware file should be deleted.



		Suspicious file, deletion recommended.



		Also created by legitimate programs.

Files

Registry

	File Name	File MD5
	%homepath%\desktop\registry cleaner.lnk	db68db364f914921f6d66813c1fa5086
	%homepath%\my documents\desktop.ini	869cba0364c55b0c6524419a8b86df88
	%homepath%\my documents\my pictures\desktop.ini	f958dc73dc27ae8589bc1b1dfbd18e4a
	%programfiles%\registry cleaner trial\~glh0007.tmp	443e13846997c537e8f5ed61130ab705
	%programfiles%\registry cleaner trial\~glh0008.tmp	697f989f612b75e059e0ca4b01b27936
	%programfiles%\registry cleaner trial\~glh0009.tmp	b913cfe476f93e11b7bc5d5115b33680
	%programfiles%\registry cleaner trial\~glh000a.tmp	4132886ba9273cdf7d53464ca1120c41
	%programfiles%\registry cleaner trial\~glh000c.tmp	e1d12da2c612e53849e53c8aec1fad5a
	%programfiles%\registry cleaner trial\~glh000e.tmp	f38ffacb3b348c4ca648fcbfc2543240
	%programfiles%\registry cleaner trial\~glh000f.tmp	243b39d8b0d032382b978b015c32371e
	%programfiles%\registry cleaner trial\~glh0011.tmp	f07a8626ed507cd4fffa0d82ff3ed49e
	%programfiles%\registry cleaner trial\rcuninstall.exe	f38ffacb3b348c4ca648fcbfc2543240
	%programfiles%\registry cleaner trial\registry cleaner.chm	f07a8626ed507cd4fffa0d82ff3ed49e
	%programfiles%\registry cleaner trial\soref.dll	b913cfe476f93e11b7bc5d5115b33680
	%programfiles%\registry cleaner trial\uninstregclean.exe	697f989f612b75e059e0ca4b01b27936
	%programfiles%\registry cleaner trial\unwise.exe	443e13846997c537e8f5ed61130ab705
	%programfiles%\softwareonline\~glh0006.tmp	ad33ea09b22a376be3ec32ae660e3c4e
	%programfiles%\softwareonline\soproc.exe	ad33ea09b22a376be3ec32ae660e3c4e
	18f2????9bd6f59cfbaa0cf2986b82f1.exe	18f28f709bd6f59cfbaa0cf2986b82f1
	%systemdrive%\progra~1\regist~1\~glh000b.tmp
	%systemdrive%\progra~1\regist~1\~glh000d.tmp
	%systemdrive%\progra~1\regist~1\~glh0010.tmp
	%systemdrive%\progra~1\regist~1\affcreatordll.dll	243b39d8b0d032382b978b015c32371e
	%systemdrive%\progra~1\regist~1\install.log	195c40e776157b6c7d961b41ef9c4b8b
	%systemdrive%\progra~1\regist~1\regclean.dll	e1d12da2c612e53849e53c8aec1fad5a
	%systemdrive%\progra~1\regist~1\regclean.exe	4132886ba9273cdf7d53464ca1120c41
	%systemdrive%\progra~1\regist~1\regclean.ini
	%systemdrive%\progra~1\regist~1\temp.000	243b39d8b0d032382b978b015c32371e
	%temp%\~glh0000.tmp	b9b41e50d612e00bf3a49a6405b89d74
	%temp%\~glh0001.tmp	ed0d32d1320717c5dd2a2f69e862a481
	%temp%\~glh0002.tmp	99a2bfc57dcadefe3c24b465f5d73a9c
	%temp%\~glh0003.tmp	77dc23bf2111be505caa104e859518e6
	%temp%\~glh0004.tmp	9a5ac708e180524bf6debdb2aba8b423
	%temp%\~glh0005.tmp	cdf128afeb34234110ce25042e5f95a1
	%temp%\glb1.tmp	0a8ad7de0afc794c795bb2eee08802aa
	%temp%\glf11.tmp
	%temp%\glf14.tmp
	%temp%\glf16.tmp
	%temp%\glf18.tmp
	%temp%\glf1a.tmp
	%temp%\glf1c.tmp
	%temp%\glgf.tmp	195c40e776157b6c7d961b41ef9c4b8b
	%temp%\glj7.tmp	6f608d264503796bebd7cd66b687be92
	%temp%\glka.tmp	3df61e5730883b2d338addd7acbe4bc4
	%temp%\sos41.tmp	d41d8cd98f00b204e9800998ecf8427e
	%userprofile%\application data\desktop.ini	88cf0ff92a4a9fa7bd9b7513b2e9e22b
	%userprofile%\application data\registry cleaner\regclean.ini
	%userprofile%\start menu\desktop.ini	87f8888e1d77d9cef69e901a97d40d73
	%userprofile%\start menu\programs\desktop.ini	e694dc03fb0f8b5b3f3a38ccefec8b3c
	%userprofile%\start menu\programs\regclean\registry cleaner help.lnk	7e4828d7c48f4976d4b3af6c1e9b4741
	%userprofile%\start menu\programs\regclean\registry cleaner. lnk	e2563fb66d433df4f5b30fdf67a63519
	%userprofile%\start menu\programs\regclean\uninstall registr y cleaner.lnk	00e4e63a52ac569f336a56a074473bf0
	%userprofile%\start menu\programs\startup\desktop.ini	d6a6856702e3f0953e7246a9b4a9fe35

Note: Md5Hash is shown for some files instead of file name as they are created with random name on user's pc.

Registry Key	Value Name	Value Data
HKEY_CLASSES_ROOT\CLSID\{49FF1FD4-A32F-6EA1-FB36-EDD7AE45A9F2}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	registry cleaner	%SYSTEMDRIVE%\progra~1\regist~1\regclean .exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run	soproc_sorefregsoalertwxlitennaj	rundll32 shell32.dll,shellexec_rundll %S YSTEMDRIVE%\progra~1\softwa~1\soproc .exe -pack sorefregsoalertwxlitennaj
HKEY_CURRENT_USER\Software\Registry Cleaner\Registry Cleaner\1.0\Setti ngs
HKEY_CURRENT_USER\Software\Registry Cleaner\Registry Cleaner\1.0\Setti ngs	id	03222008
HKEY_CURRENT_USER\Software\Registry Cleaner\Registry Cleaner\1.0\Setti ngs	prevah	[reg_dword, value: 00030130]
HKEY_CURRENT_USER\Software\Registry Cleaner\Registry Cleaner\1.0\Setti ngs	prevfh	[reg_dword, value: 0002014a]
HKEY_CURRENT_USER\Software\Registry Cleaner\Registry Cleaner\1.0\Setti ngs	trialpath	%SYSTEMDRIVE%\progra~1\regist~1\regclean .exe
HKEY_CURRENT_USER\Software\SoftwareOnline.com	machineid	[reg_binary, size: 8 bytes]
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265	processor	sostreamer
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	cmdline	-setup
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	file	%TEMP%\sos41.tmp
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	job	soalert
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	longslowpace	y
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	package	sorefregsoalertwxlitennaj
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soalertdnld\soalert__88265\Params	url	http://adserver.sharewareonline.com/bund le/soalert.exe
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\regclean__86953	processor	soreporter
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\regclean__86953	state	[reg_dword, value: 00000001]
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\regclean__86953\Params		<smachineid>69-35-11-31-6c-63-3b-0 0</smachineid> <sbundlename >sorefregsoalertwxlitennaj</sb undlename> <sappname>regcle an</sappname> <saction>u seraccept</saction> <iyear& gt;2008</iyear> <imonth> 3</imonth> <iday>21</ iday> <ihour>19</ihour&g t; <iminute>45</iminute>
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\soalert__88140	processor	soreporter
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\soalert__88140	state	[reg_dword, value: 00000001]
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\soalert__88140\Params		<smachineid>69-35-11-31-6c-63-3b-0 0</smachineid> <sbundlename >sorefregsoalertwxlitennaj</sb undlename> <sappname>soaler t</sappname> <saction>us eraccept</saction> <iyear&g t;2008</iyear> <imonth>3 </imonth> <iday>21</i day> <ihour>19</ihour> ; <iminute>45</iminute>
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\weatherbug__88734	processor	soreporter
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\weatherbug__88734	state	[reg_dword, value: 00000001]
HKEY_CURRENT_USER\Software\SoftwareOnline.com\SOProc\SoRefRegSoAlertWx LiteNnAj\soreporter\weatherbug__88734\Params		<smachineid>69-35-11-31-6c-63-3b-0 0</smachineid> <sbundlename >sorefregsoalertwxlitennaj</sb undlename> <sappname>weathe rbug</sappname> <saction> ;usercancel</saction> <iyea r>2008</iyear> <imonth&g t;3</imonth> <iday>21< ;/iday> <ihour>19</ihour > <iminute>45</iminut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49FF1FD4-A32F-6EA1-FB36-EDD 7AE45A9F2}		custom composition segment from data ser vices to xds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49FF1FD4-A32F-6EA1-FB36-EDD 7AE45A9F2}\InprocServer32		%windir%\system32\msvidctl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49FF1FD4-A32F-6EA1-FB36-EDD 7AE45A9F2}\InprocServer32	threadingmodel	apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49FF1FD4-A32F-6EA1-FB36-EDD 7AE45A9F2}\TypeLib		{b0edf154-910a-11d2-b632-00c04f79498e}
HKEY_LOCAL_MACHINE\Software\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses	{05fc536b82d671bf0}	[reg_binary, size: 124 bytes]
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses	{i5fc536b82d671bf0}	[reg_binary, size: 4 bytes]
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses	{k7c0db872a3f777c0}	[reg_binary, size: 260 bytes]
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses	{r7c0db872a3f777c0}	[reg_binary, size: 4 bytes]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Para meters	trappolltimemillisecs	[reg_dword, value: 00003a98]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall \Registry Cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \Registry Cleaner	displayname	registry cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \Registry Cleaner	uninstallstring	%programfiles%\registry cleaner trial\un instregclean.exe
HKEY_LOCAL_MACHINE\Software\Registry Cleaner\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Cleaner\Uninstall	installlog	%SYSTEMDRIVE%\progra~1\regist~1\install. log
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Cleaner\Uninstall	rcuninstallpath	%SYSTEMDRIVE%\progra~1\regist~1\rcuninst all.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Cleaner\Uninstall	soproc	%programfiles%\softwareonline\soproc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Cleaner\Uninstall	unwisepath	%SYSTEMDRIVE%\progra~1\regist~1\unwise.e xe