1. /
  2. Security Response/
  3. CyberSitter

CyberSitter

Updated:
November 15, 2007 11:02:29 AM
Type:
Parental Control
Name:
CyberSitter
Version:
10
Publisher:
Solid Oak Software
Risk Impact:
Low
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
When the program is executed, it creates the following files:
  • %UserProfile%\Local Settings\Temp\mia2F.tmp
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\instance.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\mia.dll
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\setup2k.dat
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\setup2k.exe
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\setup2k.msi
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\setup2k.par
  • %SystemDrive%\Documents and Settings\All Users\Application Data\{279D011A-4D3D-434E-B2C0-DA58256F33D2}\setup2k.res
  • %Windir%\Installer\e50db6.msi
  • %System%\adwfil.dll
  • %System%\auctfil.dll
  • %System%\bnrfil.dll
  • %System%\bsnlst.dll
  • %System%\chtfil.dll
  • %System%\csnews.dll
  • %System%\cultfil.dll
  • %System%\entfil.dll
  • %System%\finfil.dll
  • %System%\fmfil.dll
  • %System%\fshrfil.dll
  • %System%\gblfil.dll
  • %System%\gdwfil.dll
  • %System%\gnfil.dll
  • %System%\hatfil.dll
  • %System%\iawfil.dll
  • %System%\igefil.dll
  • %System%\imgfil.dll
  • %System%\jbfil.dll
  • %System%\lastupdate.dll
  • %System%\lgwfil.dll
  • %System%\logs\20071114.log
  • %System%\logs\CComDbgLog.txt
  • %System%\logs\CComErrDbgLog.txt
  • %System%\logs\CComPrtcdLog.txt
  • %System%\logs\CYBWDDbgLog.txt
  • %System%\logs\net\20071114.log
  • %System%\logs\WVCSCRLog.txt
  • %System%\lspcs.dll
  • %System%\macfil.dll
  • %System%\movfil.dll
  • %System%\mp3fil.dll
  • %System%\MSLSPC.exe
  • %System%\nfil.dll
  • %System%\nvgamfil.dll
  • %System%\perfil.dll
  • %System%\picsfil.dll
  • %System%\pkmon.dll
  • %System%\popfil.dll
  • %System%\psyfil.dll
  • %System%\pxyfil.dll
  • %System%\SNet.dll
  • %System%\snetbonly.dll
  • %System%\snetfil.dll
  • %System%\spmfil.dll
  • %System%\sporfil.dll
  • %System%\srchfrgn.dll
  • %System%\srchin.dll
  • %System%\srchout.dll
  • %System%\swfil.dll
  • %System%\tafil.dll
  • %System%\tapfil.dll
  • %System%\vgamfil.dll
  • %System%\viofil.dll
  • %System%\wfileu.drv
  • %System%\wrestfil.dll
  • %System%\wzfil.dll
  • %Windir%\CComSvc.exe
  • %Windir%\csfilts.cab
  • %Windir%\CSV10.chm
  • %Windir%\Cyb10.exe
  • %Windir%\cybread.htm
  • %Windir%\cylsplog.txt
  • %Windir%\liccyval.dat
  • %Windir%\NISDocs\1.jpg
  • %Windir%\NISDocs\2.jpg
  • %Windir%\NISDocs\3.jpg
  • %Windir%\NISDocs\4.jpg
  • %Windir%\NISDocs\5.jpg
  • %Windir%\NISDocs\cyb150.gif
  • %Windir%\NISDocs\MainBanner.png
  • %Windir%\NISDocs\NISHelp.htm
  • %Windir%\NISDocs\_vti_cnf\1.jpg
  • %Windir%\NISDocs\_vti_cnf\2.jpg
  • %Windir%\NISDocs\_vti_cnf\3.jpg
  • %Windir%\NISDocs\_vti_cnf\4.jpg
  • %Windir%\NISDocs\_vti_cnf\5.jpg
  • %Windir%\NISDocs\_vti_cnf\MainBanner.png
  • %Windir%\WVCSCR.exe
  • %Windir%\WVCSDG.exe
  • %Windir%\WVCSUH.exe
  • %Windir%\WVCSWD.exe


It also creates the following clean files:
  • %System%\sporder.dll
  • %Windir%\libeay32.dll
  • %Windir%\ssleay32.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\7zAes.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\Aes.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\Branch.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\Copy.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\LZMA.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Codecs\Swap.dll
  • %UserProfile%\Local Settings\Application Data\Seven Zip\Formats\7z.dll


Next, it creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6AA39F78260CCA0479F0ED3E2658849D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3F09E8D2EB74C174CBBD18AF2D33B13C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\3F09E8D2EB74C174CBBD18AF2D33B13C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0081F079CE04CE047BB32ED042AC0A47
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03613FCF69743AD4BBCA50D236A1B0C5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04478C9A087C2EC4D909A4B7C2940933
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0725D80BCE2551A40935D5C1315D4AAF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09D58C9DBA4CE934D8E55ADDDAD346CD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D9547672AF16F04E92F0C17B5F11AB9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15542F6B99AA8334A9F2867FF4E08FBF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1689A55E897077744A58B859578555A9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\171B043DFEC666143803E62E5B4C3B26
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\174FEE1C64463C94EAD1832B1027A06F
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A28A041708482F4CB02BEB7D000AE98
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A57AB357DEC86648949F7830BB68127
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A8E7B43583160040892EB78197B4A7B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D313BFB98B0B704394517F1FB25396B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D814839973389C42BD13E07E5D2C419
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EB52F54927D44E41977B66CAD37CC07
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FFF723FCEE5895499B9F898B4D1F588
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\223DD84708FF8FF419F6640AA5EBD90E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2680FB05A1659AD4D9DAC797D458943B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28141A677C4C34A4FA35AE6EB1174AEA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\282842C38543CB84896730B2642AAA29
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\283377AABAFD2824FAC5E27A10889192
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C64BC2BBC12EE459DFB6A60D582A23
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A9E63972AB093B4BBADBEF7F88E9812
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E2D0415B130A3A40935B67F21A4EF48
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40DE1330F2BD6494BAB4349D42EB972D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410F6055390A0044A846B66C1AF30B1B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F67C5DF04B74C469189AEE599DE6B5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45DD0B5FE1C450349AA6CA234BFD489A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47B407FA229AC03449F5C175A58C1C1D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\495F1AEBFD93A5F43B0C8FA4B39A753A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B9109366E2CF9B4CBCC2CFFA7615C9C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F0404B3C9BABF54EBDF949AEC540F1B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F31A4F919C898043944C8FD9EEA0A62
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FCF0F2D238FE05429C8C25DF972BE9E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5589EFBB69EE9B84992FCB647AD221C2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57F122546F2532B428F01FCD17303F06
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A6502A2A19E040488D5948FAC973259
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DC065DA4288B8F499256523C1E37614
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\604B89DEA8B63E84C94103D4599E09BE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60EA7B75AC6473A469701F0613D46D1C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68C31B137714E6E4082CC1DC02B61CCD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F45F97AB66DD1A479D0D65CF97D01BC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F80DA3C5E0F794429C6756758D8816E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FA2A9900C7A5B04A854D48B6DBF3D3E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72736656B8D7ACA408726315B7F144D0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\736A1C7BBAD69604B8FA743321B6AA24
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\737C5F0B97B2CDF4780BE00F53D78B8B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\744796C1EF456DB4EA55C595CC3FAAB5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F9E797FDDA2838498A9D9EA34ACD55B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\811E566C86FA4654CA6D3C23456603C9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\813091057B0A1CB4B97BE24945FC9A95
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81A7A22E9D1DAAC4EACBB29397A18DB4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\821C09473033B4042A677AFCA5E4305E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8456083B6E7D44047900B3DEB5655818
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\857AB943D434DC44AAD87564C03FAAC6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86DA100BD59846C4CA4F8AD354125A07
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8757B7373A61FC94680DFACBB100EA3E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88591B1D5FC187E41B9F54AA953ACED6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88D722F53298A944AB32D45037791529
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88E7FC2B56A9E0A4089483BB77ECA8AD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D10C7D55FC91CC44B6C7977C522F491
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EC7161379A7F8546959D8EE46F7A216
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90FB0312151946E41B602CC96B73DC31
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\92C033CC3ABE81048A81D9DE20F797EE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\948107602AE82534383E6A538D16E3FD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97DDB45BC01688942B10554716D8C9A9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9812F23060882A04683BFEE836B5E585
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99FD3C6172EBCFA4897F15B53CE5A4DB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9B6F8E3079D5C5A4A8A1CF6C8A59DB1A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9EA5AE20FA564324098A41324B8E24B0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0F6EBC0771C3A84898E221BC04DE435
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A132E085BBE6DD84D8F4D3E0D395A94A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A183043091D0BE946B7E7653C2017552
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A31CDBC4A466417439E5C0D59E0B5FF6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A500E26EC3083544790F11E1F679592B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A70D6F49CABFE0F49890A79CE0FB93D5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81021FEC765C494180CBCD21791B9E9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A91C3F29B2E099B4A802F3BCAE020CCF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF94E9771E677E64993723430EBA01AF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B12AFBFEAABAAD64FAB426189ABC3475
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B3E26A0A363B63A4C9255DDBC960AB36
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B40068B4C02EBD7478024FC7A68DF688
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B40630B935CFA644889491CE07920BDD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B514AF09ECC37A14A9AE42853A89B42D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B69134597CF169D4CB410C94A00A707F
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B97A4EF2A6D5E0B40BFD69BC45A561C1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9ECD8DE417214040826130289AAE597
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB6A602F034A8214C8DC1575D81C8FCF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD9ADD48E0B66614BAA0BA984F01F626
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BE79141655E9F9D458A7CCDCB22D6E34
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF7524327867F33469C8A26D57C76259
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF921A68FF19CDF418EDB946062F5D0C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C047E8A44A8C82948B04E4DC036EF469
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0B08CE3716FABC42967F83036EDC9A7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C31E587A3D955F345BFDE573F5A70608
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3253FB7D3C86CB45A3DB7A0D0ED4883
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3E1FD0D5CA2C654CA1B781FC80207F9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C514220A025C1124C9A76B1AACC1CE4B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C85C4862EE5DAB14088F15D02C041C8B
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CDE1BC4072B1EDD4EB12674B5E45C5BB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFBFD146E562FE04FAB9B68445053276
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6C7EA6ECF0B24F4DB5FCAC56C5FA4B8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D7F3BA66D5FDE19429C46032CFCDE4FA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8AB4E8D4E3E05944BC5AC9B9247BE71
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9237B594FE0DE04DA38A32FCB2AB4D5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB26DA243D0C88F46852B321ACDA19D8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DBC314177A6710F4EBD0CBAAAC58D30C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DBD1CCD68EECCD74393BB27AA3B0E67C
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD64F04C9ECA6ED47907792A949EC2DA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEC0A0CF2C725EF44930020732AF8201
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF8D85AAC98C84E4F93BAC74FC0279DA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4A3D467CF9FBE042B30B7D108E559FD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E63111EDB103B75448038927F72A98C0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E853E9EDB4CF7294BA40BF16CFB9A41E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAB9F09672C90704599514E6E38D2B3A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB7224C0D55C0044EA3D55EC57C7F463
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC6C7D9835BE97E4D9A45E8C8EAB5B3D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE66F50B0DE45BE45B7CE4AA988C0A67
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E3C5434E77B1648924AE207F57B92A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F55FEA90E74ABFB47B1064981FC09B20
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7533BA8798E31D479EDC464AEFDBCB5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F76DAC0D8A99D064587D18679D0AAD5E
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F829437B91ED7E84A9F44A57CDBB9465
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE27C0736C6A73D499A7D37D24B26502
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF9D0ECBBC78FAA40BD61D555E1BD1A8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFAEB7703627E1D4093BBB4082894029
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6AA39F78260CCA0479F0ED3E2658849D
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87F93AA6-C062-40AC-970F-DEE3628548D9}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\net
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Net98
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\NetSet
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCOMSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WVCSWDSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CCOMSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WVCSWDSVC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6AA39F78260CCA0479F0ED3E2658849D


It may also create the following registry subkeys that are associated to a legitimate Windows service:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WS2IFSL


The program creates the following clean registry subkeys:
  • HKEY_CURRENT_USER\Software\MimarSinan
  • HKEY_LOCAL_MACHINE\SOFTWARE\MimarSinan


It creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"C2K" = "C:\WINDOWS\Cyb10.exe"

Next, it creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\WINDOWS\NISDocs\" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\"C:\WINDOWS\NISDocs\_vti_cnf\" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\"CSVT:1AB40005Z20000000000RKTQ40QINF" = ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\MSLSPC.exe" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\lspcs.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\adwfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\auctfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\bnrfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\bsnlst.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\chtfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\csnews.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\cultfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\entfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\finfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\fmfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\fshrfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\gblfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\gdwfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\gnfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\hatfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\iawfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\igefil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\imgfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\jbfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\lastupdate.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\lgwfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\macfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\movfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\mp3fil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\nfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\nvgamfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\perfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\picsfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\pkmon.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\popfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\psyfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\pxyfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\SNet.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\snetbonly.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\snetfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\spmfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\sporfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\srchfrgn.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\srchin.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\srchout.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\swfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\tafil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\tapfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\vgamfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\viofil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\wrestfil.dll" = "1"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\wzfil.dll" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"EnableHttp1_1" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoControlPanel" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network\"NoNetSetup" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "0"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp\"Disabled" = "0"
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\"NoBrowserOptions" = "0"
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\"DisableCMD" = "0"


It also creates the following clean registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"C:\WINDOWS\system32\sporder.dll" = "1"
  • HKEY_CURRENT_USER\Software\MimarSinan\InstallAware\Seven Zip\"Path" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip\"


The program monitors system activity on the computer.





It allows a user to perform the following actions on the computer:
  • Filter and block internet usage
  • Filter and block specific network traffic
  • Filter and block specific blackilsted content
  • Log user activity
  • Log Web sites visited
  • Log violations to filtering rules
  • Create chat logs
  • Allow remote access and configuration
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver