windowsmedia-kb324290.exe - Dangerous
windowsmedia-kb324290.exe
Manual removal instructions:
Antivirus Report of windowsmedia-kb324290.exe:
windowsmedia-kb324290.exe
We suggest you to remove WindowsMedia-KB324290.exe from your computer as soon as possible.
WindowsMedia-KB324290.exe is Trojan/Backdoor.
Kill the process WindowsMedia-KB324290.exe and remove WindowsMedia-KB324290.exe from Windows startup.
File: WindowsMedia-KB324290.exe
Classification:
Antivirus Version Last Update Result
AVG 8.5.0.339 2009.06.23 Win32/Heur
BitDefender 7.2 2009.06.24 -
Comodo 1404 2009.06.24 -
DrWeb 5.0.0.12182 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 -
Kaspersky 7.0.0.125 2009.06.24 -
Microsoft 1.4803 2009.06.24 BrowserModifier:Win32/Kerlofost
NOD32 4183 2009.06.24 -
Symantec 1.4.4.12 2009.06.24 -
Additional information
File size: 287438 bytes
MD5 : 3b45ff095aa474f24ba031d8d838ed50
SHA1 : 1ff2ea4803d84da168e84dde1e701d251c4ec4e5
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:47
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance\InitPropertyBag
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
----------------------------------
Values added:43
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL\AppID: "{D96FA298-1BB6-47FC-AD21-72781B744DC3}"
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}\: "rs_adw"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\: "C:\WINDOWS\system32\j2se.dll"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID\: "rs_adw.Helper_bho"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID\: "rs_adw.Helper_Bar"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\: "IHelper_bho"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\: "IHelper_Bar"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR\: "C:\WINDOWS\system32"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\: "rs_adw 1.0 Type Library"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\: "Helper_bho Class"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs_Bar Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\NoExplorer: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\system32\2rs23617.dll
C:\WINDOWS\system32\j2se.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:92
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: {304EAD7E-2910-4CE6-83F1-554B04D44A0F}
Author: Unknown
Related File: C:\WINDOWS\system32\j2se.dll
Type: Browser Helper Objects
Item Name: {71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
Author: Reklosoft.ru
Related File: C:\WINDOWS\system32\2rs23617.dll
Type: Browser Helper Objects
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
windowsmedia-kb324290.exe | Malware |
windowsmedia-kb324290.exe | Dangerous |
windowsmedia-kb324290.exe | High Risk |
WindowsMedia-KB324290.exe is Trojan/Backdoor.
Kill the process WindowsMedia-KB324290.exe and remove WindowsMedia-KB324290.exe from Windows startup.
File: WindowsMedia-KB324290.exe
Classification:
Antivirus Version Last Update Result
AVG 8.5.0.339 2009.06.23 Win32/Heur
BitDefender 7.2 2009.06.24 -
Comodo 1404 2009.06.24 -
DrWeb 5.0.0.12182 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 -
Kaspersky 7.0.0.125 2009.06.24 -
Microsoft 1.4803 2009.06.24 BrowserModifier:Win32/Kerlofost
NOD32 4183 2009.06.24 -
Symantec 1.4.4.12 2009.06.24 -
Additional information
File size: 287438 bytes
MD5 : 3b45ff095aa474f24ba031d8d838ed50
SHA1 : 1ff2ea4803d84da168e84dde1e701d251c4ec4e5
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys added:47
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Instance\InitPropertyBag
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\Programmable
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
----------------------------------
Values added:43
----------------------------------
HKLM\SOFTWARE\Classes\AppID\rs_adw.DLL\AppID: "{D96FA298-1BB6-47FC-AD21-72781B744DC3}"
HKLM\SOFTWARE\Classes\AppID\{D96FA298-1BB6-47FC-AD21-72781B744DC3}\: "rs_adw"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\: "C:\WINDOWS\system32\j2se.dll"
HKLM\SOFTWARE\Classes\CLSID\{304EAD7E-2910-4CE6-83F1-554B04D44A0F}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\VersionIndependentProgID\: "rs_adw.Helper_bho"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\ProgID\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\VersionIndependentProgID\: "rs_adw.Helper_Bar"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\ProgID\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\InprocServer32\ThreadingModel: "Apartment"
HKLM\SOFTWARE\Classes\CLSID\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{E743CF05-181C-4D72-B4EE-95435ED4B86B}\: "IHelper_bho"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\: "{2552632F-867D-4052-B836-7F83A5302534}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\TypeLib\Version: "1.0"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid32\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\ProxyStubClsid\: "{00020424-0000-0000-C000-000000000046}"
HKLM\SOFTWARE\Classes\Interface\{F1287389-B2FE-4315-8484-540B2033646D}\: "IHelper_Bar"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\0\win32\: "C:\WINDOWS\system32\2rs23617.dll"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\HELPDIR\: "C:\WINDOWS\system32"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\FLAGS\: "0"
HKLM\SOFTWARE\Classes\TypeLib\{2552632F-867D-4052-B836-7F83A5302534}\1.0\: "rs_adw 1.0 Type Library"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CurVer\: "rs_adw.Helper_Bar.1"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\reklosoft_adw.Helper_Bar\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\CLSID\: "{FFFFE708-B832-42F1-BAFF-247753B5E452}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_Bar.1\: "Helper_Bar Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CurVer\: "rs_adw.Helper_bho.1"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho\: "Helper_bho Class"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\CLSID\: "{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}"
HKLM\SOFTWARE\Classes\rs_adw.Helper_bho.1\: "Helper_bho Class"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FFFFE708-B832-42F1-BAFF-247753B5E452}\: "rs_Bar Class"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\: "Helper_bho"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}\NoExplorer: 0x00000001
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:2
----------------------------------
C:\WINDOWS\system32\2rs23617.dll
C:\WINDOWS\system32\j2se.dll
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:0
----------------------------------
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:92
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Item Name: {304EAD7E-2910-4CE6-83F1-554B04D44A0F}
Author: Unknown
Related File: C:\WINDOWS\system32\j2se.dll
Type: Browser Helper Objects
Item Name: {71E59D37-D7FC-4ED6-BC1D-D13BE02FE6C5}
Author: Reklosoft.ru
Related File: C:\WINDOWS\system32\2rs23617.dll
Type: Browser Helper Objects
Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.