Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\KeywordService.exe] 'Start' = '00000002'
- '%PROGRAM_FILES%\Adobe\Support\KeywordService.exe'
- '%WINDIR%\Temp\Application.exe'
- '<SYSTEM32>\msiexec.exe' -Embedding C11CBBC04D0374F31253BAA885A746C3
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' /i "%WINDIR%\temp\setup.msi" /qn
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\welcome.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\outofdisk.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\fileinuse.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\outofrbdisk.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\folder.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\maintype.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\server.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\varstyle.css
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\exit.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\fatalerror.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\next.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\prepare.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyready.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\diskcost.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress\progressbar.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\rmfiles.html
- %PROGRAM_FILES%\Adobe\Support\KeywordService.exe
- %PROGRAM_FILES%\Adobe\Support\KeywordService.pdb
- %PROGRAM_FILES%\Adobe\Support\GoogleSearchDotnet.pdb
- %PROGRAM_FILES%\Adobe\Support\GoogleSearchDotnet.xml
- %PROGRAM_FILES%\Adobe\Support\list.dll
- %WINDIR%\Installer\MSI8.tmp
- %PROGRAM_FILES%\Adobe\Support\KeywordService.vshost.exe
- %PROGRAM_FILES%\Adobe\Support\Newtonsoft.Json.dll
- C:\Config.Msi\2abf8.rbs
- %PROGRAM_FILES%\Adobe\Support\Autoupdate.exe
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyrepair.html
- %WINDIR%\Installer\MSI5.tmp
- %PROGRAM_FILES%\Adobe\Support\CSCommonLib.dll
- %PROGRAM_FILES%\Adobe\Support\GoogleSearchDotnet.dll
- %PROGRAM_FILES%\Adobe\Support\Autoupdate.pdb
- %PROGRAM_FILES%\Adobe\Support\Autoupdate.vshost.exe
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\userexit.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\common.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\jquery-1.3.2.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-add-remove.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\check.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\pngfix\DD_belatedPNG_0.0.8a.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\resume.html
- %WINDIR%\Installer\2abf5.msi
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Temp\setup.msi
- %WINDIR%\Temp\Application.exe
- %WINDIR%\Installer\MSI4.tmp
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\back.png
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI3.tmp
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\client_server.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\maintwelcome.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyremove.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\button-large-bg.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\client.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\style.css
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\print.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress\progressbar.css
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\retry.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-remove.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\cancel.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-repair.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\customize.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-custom.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\setuptype.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\exit.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\prepare.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\next.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\rmfiles.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress\progressbar.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\fatalerror.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\style.css
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\maintwelcome.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\client_server.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\client.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\print.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyready.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\maintype.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\folder.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\varstyle.css
- %WINDIR%\Installer\2abf5.msi
- %WINDIR%\Installer\MSI8.tmp
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyrepair.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\outofrbdisk.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\fileinuse.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\diskcost.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\server.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\outofdisk.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\welcome.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\jquery-1.3.2.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\back.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\pngfix\DD_belatedPNG_0.0.8a.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\common.js
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\userexit.html
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- C:\Config.Msi\2abf8.rbs
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\resume.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-repair.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\setuptype.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-custom.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\button-large-bg.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\verifyremove.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\customize.html
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-remove.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\check.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\box-add-remove.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\retry.png
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\progress\progressbar.css
- %TEMP%\{C9AED754-BED9-4F5C-9E74-587D3E7B97CC}\Spring.742DA8B7\cancel.png
- 'to###opgia.net':80
- 'wp#d':80
- wp#d/wpad.dat
- to###opgia.net/WebServiceGoogleSearch.asmx
- DNS ASK to###opgia.net
- DNS ASK wp#d
- DNS ASK google.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'