Microsoft AntiSpyware Version: 1.0.615 This version expires on: 12/31/2005 Spyware Definition Version: 5745 (8/12/2005 5:23:35 PM) Spyware Scan Details Start Date: 8/12/2005 5:23:51 PM End Date: 8/12/2005 5:29:03 PM Total Time: 5 mins 12 secs Detected Threats ShopAtHome Spyware more information... Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Documents and Settings\Administrator\Local Settings\Temp\umqltg4cl_.exe c:\windows\nurp9do2.exe c:\windows\system32\ompfudvr.dll Infected folders detected c:\windows\system32\sahimages Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample Xrenoder Browser Plug-in more information... Details: Xrenoder is a Trojan that resets your browsers home page and search settings redirecting it to affiliate sites. Xrenoder also displays adult content pop-up advertisements. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\istsvc HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 0 HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 4 HKEY_LOCAL_MACHINE\software\istsvc update_count 0 HKEY_LOCAL_MACHINE\software\istsvc update_version 1023 HKEY_LOCAL_MACHINE\software\istsvc config_count 1 HKEY_LOCAL_MACHINE\software\istsvc account_id 1000290 HKEY_LOCAL_MACHINE\software\istsvc app_date HKEY_LOCAL_MACHINE\software\istsvc popup_interval 10800 HKEY_LOCAL_MACHINE\software\istsvc popup_last HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc version 1023 HKEY_LOCAL_MACHINE\software\istsvc update_last HKEY_LOCAL_MACHINE\software\istsvc config_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc config_last HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\software\istsvc update_url http://www.ysbweb.com/ist/scripts/istsvc_update.php HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\software\istsvc ui E02E9363-DB6C-4778-A777-482855A5AB75 HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\software\istsvc popup_count 0 WindUpdates Browser Plug-in more information... Details: WindUpdates downloads additional adware and displays pop-up advertising. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\system32\ide21201.vxd eXact.BullseyeNetwork Adware more information... Details: Bullseye displays pop-up advertisements. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program Files\BullsEye Network\bin\adv.exe C:\Program Files\BullsEye Network\bin\adx.exe c:\program files\bullseye network\ad.dat c:\program files\bullseye network\ub.dat c:\program files\bullseye network\uninstall.exe c:\program files\bullseye network\bin\bargains.exe Infected folders detected c:\program files\bullseye network c:\program files\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network CoolWebSearch Browser Modifier more information... Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program Files\Internet Optimizer\optimize.exe c:\windows\nem220.dll c:\documents and settings\administrator\local settings\temp\optimize.exe Infected folders detected c:\program files\internet optimizer Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer "C:\Program Files\Internet Optimizer\optimize.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29728651,2011282304 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-25009881459864017cc1ec7a HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1123884969 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1123884969 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1331,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29728651,2011282304 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-25009881459864017cc1ec7a HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1123884969 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1123884969 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 1331,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj IST.ISTbar Browser Modifier more information... Details: ISTbar is an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\program files\istsvc\istsvc.exe Infected folders detected c:\program files\istsvc Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc NoModify 1 HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-08-12 22:15:43 HKEY_CURRENT_USER\software\ist account_id 1000290 HKEY_CURRENT_USER\software\ist config ysb_l2b HKEY_CURRENT_USER\software\ist Recover !ZpHcdd+d X5(aƕ^) \ *P HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc UninstallString C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove MoneyTree Dialer more information... Details: MoneyTree is an ActiveX installer control that downloads premium-rate dialers, primarily for adult content sites. On system startup MoneyTree attempts to connect to an adult content site. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll Transponder.ABetterInternet Adware more information... Details: ABetterInternet displays advertisements based on the Web sites you visit. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected folders detected c:\documents and settings\administrator\Local Settings\Temp\DrTemp Infected registry keys/values detected HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 UninstallString C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\abiuninst.htm HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 HelpLink http://www.mypctuneup.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\abi-1 Contact admin@mypctuneup.com IST.XXXToolbar Toolbar more information... Details: XXXToolbar is an adult content adware search toolbar for Internet Explorer. XXXToolbar displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\ISTsvc\istsvc.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\sidefind\sfbho.dll c:\program files\sidefind\sidefind.dll c:\documents and settings\administrator\local settings\temp\sidefind.exe c:\program files\sidefind\sfexd001 c:\program files\sidefind\update\sidefind.exe Infected folders detected c:\program files\sidefind c:\program files\sidefind\update Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind InstallDate 2005-08-12 22:16:13 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind SearchSite http://www.sidefind.com/results.php?target=_external& HKEY_LOCAL_MACHINE\SOFTWARE\SideFind update 1124144173 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind ver 1.3 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind IntervalBetweenShows 240 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 C:\Program Files\SideFind\sfbho.dll HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} BAHelper Class HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind HKEY_CLASSES_ROOT\SideFind.Finder HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} BarSize HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 C:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 ThreadingModel Both HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID BrowserHelperObject.BAHelper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} BAHelper Class HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1 SideFind HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Default Visible Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} ButtonText SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HotIcon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Icon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} CLSID {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} BandCLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind webautosearch true HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind shoppingautosearch true HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind DisplayName SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind UninstallString "C:\Program Files\Sidefind\update\sidefind.exe" /remove HKEY_LOCAL_MACHINE\SOFTWARE\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\SideFind account_id 106 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathBHO C:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathDLL C:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathXML C:\Program Files\SideFind\sfexd001 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathEXE C:\Program Files\Sidefind\update\sidefind.exe eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerID 512 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil NewPartnerName MARKETING27 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerName MARKETING27 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil BuildNumber 8040 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil FirstHitUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UninstallUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UniqueKeyUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UtilFolder C:\WINDOWS\system32 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil InstallOccurUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil AlreadyInstalledUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil ETServer www.xctrk.com MediaMotor Trojan Downloader more information... Details: MediaMotor downloads spyware and adware programs for distribution. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\WINDOWS\mm63.ocx Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor DisplayName Media-motor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor UninstallString C:\WINDOWS\unstall.exe eXact.Downloader Trojan Downloader more information... Details: eXact Downloader is a Trojan used by eXact Bargain Buddy and Cash Back to download and install additional components. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\msbe.dll C:\WINDOWS\system32\exul.exe C:\WINDOWS\system32\exul1.exe c:\windows\system32\javexulm.vxd c:\windows\system32\mqexdlm.srg C:\Documents and Settings\Administrator\Local Settings\Temp\bb.exe C:\WINDOWS\system32\exclean.exe C:\WINDOWS\exdl.exe C:\WINDOWS\system32\exdl.exe C:\WINDOWS\system32\exdl0.exe C:\WINDOWS\system32\exdl1.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_CLASSES_ROOT\ADP.UrlCatcher HKEY_CLASSES_ROOT\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher ADP UrlCatcher Class HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\yoursitebar\ysb.dll c:\program files\yoursitebar\imagemap_normal.bmp c:\program files\yoursitebar\version.txt c:\program files\yoursitebar\yoursitebar.xml Infected folders detected c:\program files\yoursitebar Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\InprocServer32 C:\Program Files\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\ProgID Ysb.YsbObj.1 HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\VersionIndependentProgID Ysb.YsbObj HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "C:\Program Files\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\Software\YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\yoursitebar.xml 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\imagemap_normal.bmp 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\version.txt 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://www.ysbweb.com/ysb/xml/1000290/ HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar yoursitebar.xml -1743961026 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_normal.bmp -1294052106 HKEY_LOCAL_MACHINE\Software\YourSiteBar showcorrupted 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar updatever HKEY_LOCAL_MACHINE\Software\YourSiteBar refreshscope 1440 HKEY_LOCAL_MACHINE\Software\YourSiteBar allowupdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar LastCheckTime 1123884947 HKEY_LOCAL_MACHINE\Software\YourSiteBar version.txt -186917087 HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0 HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 Popuppers Trojan Downloader more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net * 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com * 2 WindUpdates.AdStatus Service Adware more information... Details: WindUpdates is responsible for downloading adware. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\AdStatus Service\AdStatServ.exe c:\program files\adstatus service\adstatcomm.dll c:\program files\adstatus service\adstatkeep.exe c:\program files\adstatus service\info.txt Infected folders detected c:\program files\adstatus service Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdStatus Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdStatus Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdStatus Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdStatus Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdStatus Service Network1.Popups Adware more information... Details: Network1.Popups is installed by trojan downloaders and displays popup advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\WINDOWS\seeve.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve Unclassified.Spyware.57 Spyware more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\rnxghs.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EqJRk28e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EqJRk28e Transponder.ABetterInternet.DrPMon Adware more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\drpmon.dll ShopAtHome.Downloader.B Trojan Downloader more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\s7h43de0.exe ShopAtHome.Downloader.A Trojan Downloader more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\dcajt038.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dcajt038 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dcajt038 AdDestroyer Adware more information... Details: AdDestroyer is promoted as a spyware remover. However, it sets itself to run when you start the computer and remains memory-resident. When it runs, the software periodically attempts to contact a server to download updates and instructions. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\AdDestroyer\AdDestroyer.exe c:\program files\addestroyer\adxml43.dll C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AdDestroyer.lnk c:\program files\vbouncer\addestroyerinner.exe" C:\WINDOWS\system32\PopOops.dll C:\WINDOWS\system32\PopOops2.dll C:\WINDOWS\system32\SWLAD1.dll C:\WINDOWS\system32\SWLAD2.dll c:\documents and settings\administrator\start menu\programs\addestroyer\addestroyer.lnk c:\program files\addestroyer\addestroyer.wav Infected folders detected c:\documents and settings\administrator\start menu\programs\addestroyer c:\program files\addestroyer Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} HKEY_CLASSES_ROOT\SWLAD1.SWLAD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SWLAD1.SWLAD HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC} HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 C:\WINDOWS\system32\PopOops2.dll HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC}\ProgID PopOops2.PopOops HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib {D0C29A75-7146-4737-98EE-BC4D7CF44AF9} HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC}\VERSION 7.0 HKEY_CLASSES_ROOT\clsid\{417386C3-8D4A-4611-9B91-E57E89D603AC} PopOops2.PopOops HKEY_CLASSES_ROOT\PopOops2.PopOops HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B} HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 C:\WINDOWS\system32\SWLAD1.dll HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID SWLAD1.SWLAD HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib {E0D3B292-A0B0-4640-975C-2F882E039F52} HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION 5.0 HKEY_CLASSES_ROOT\clsid\{D52433A9-A44C-43AB-A013-24B3C756DD2B} SWLAD1.SWLAD HKEY_CLASSES_ROOT\PopOops2.PopOops HKEY_CLASSES_ROOT\PopOops2.PopOops\Clsid {417386C3-8D4A-4611-9B91-E57E89D603AC} HKEY_CLASSES_ROOT\PopOops2.PopOops PopOops2.PopOops HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopOops2.PopOops HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings DistID 2706040823 HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer\Settings InDate 2005-08-12 17:16:24 HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer\Settings DistID 2706040823 HKEY_CURRENT_USER\software\vb and vba program settings\addestroyer\Settings InDate 2005-08-12 17:16:24 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\addestroyer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\addestroyer DisplayName AdDestroyer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\addestroyer UninstallString C:\Program Files\AdDestroyer\UNWISE.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B} HKEY_CLASSES_ROOT\SWLAD1.SWLAD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SWLAD1.SWLAD HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} HKEY_CLASSES_ROOT\PopOops2.PopOops HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PopOops2.PopOops eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\BullsEye Network\bin\bargains.exe c:\windows\system32\msbe.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir C:\Program Files\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains ServerName service6.bargain-buddy.net HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8040 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 10000 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\software\bargains PartnerID 512 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1123884955 HKEY_LOCAL_MACHINE\software\bargains PartnerName MARKETING27 HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1123884963:000021119 HKEY_LOCAL_MACHINE\software\bargains UniqueKey 15966497:13548:8040:1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 5 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 2 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 3 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 4 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 10 HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 8 HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1123884980 HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1123830656 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1123884996 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString C:\Program Files\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon C:\Program Files\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\system32\msbe.dll Mirar Toolbar more information... Details: Mirar is adware that monitors your Web browsing activity. It sends information to its home server and displays targeted advertising. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\windmy.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\InprocServer32 C:\WINDOWS\system32\WinDmy.dll HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ProgID NN_Bar_Dummy.NN_BarDummy.1 HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\TypeLib {F8310E7D-4C4D-46A4-A068-B5BB99411CC7} HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\VersionIndependentProgID NN_Bar_Dummy.NN_BarDummy HKEY_CLASSES_ROOT\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} NN_BarDummy Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} Related Page HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\InprocServer32 C:\WINDOWS\system32\WinDmy.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ProgID NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\TypeLib {F8310E7D-4C4D-46A4-A068-B5BB99411CC7} HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\VersionIndependentProgID NN_Bar_Dummy.NN_BarDummy HKEY_LOCAL_MACHINE\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} NN_BarDummy Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 C:\WINDOWS\system32\WinNB57.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties Version 57 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties BuildName 876029 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties Show3X 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties ShowType 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties PopupCount 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties BlockEnable 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties Ticket 02071010635443 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib {566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} Related Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1\CLSID {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1 NN_BarDummy Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CLSID {8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CurVer NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy NN_BarDummy Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ToolbarInstall HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} HKEY_CLASSES_ROOT\NN_Bar_Dummy.NN_BarDummy.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1 180Solutions.SearchAssistant Adware more information... Details: 180search Assistant displays pop-up advertismenets. Status: Ignored Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected files detected C:\Program Files\180searchassistant\sac.exe c:\windows\lsf.exe c:\documents and settings\all users\start menu\programs\180search assistant\180search assistant.com.url c:\documents and settings\all users\start menu\programs\180search assistant\uninstall 180search assistant instructions.lnk c:\program files\180searchassistant\sacau.dat c:\program files\180searchassistant\sachook.dll c:\program files\180searchassistant\sac_gdf.dat c:\program files\180searchassistant\sac_kyf.dat Infected folders detected c:\documents and settings\all users\start menu\programs\180search assistant c:\program files\180searchassistant Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lsf HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\sac HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\sac DisplayName 180search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lsf HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\sac UninstallString c:\program files\180searchassistant\sac.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\sac DisplayIcon c:\program files\180searchassistant\sac.exe,2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_CLASSES_ROOT\ncmyb.SABHO.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ncmyb.SABHO.1 180Solutions.Zango.SearchAssistant Adware more information... Details: Zango Search Assistant shows pop-up advertisements. Status: Ignored Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected files detected C:\Documents and Settings\Administrator\Local Settings\Temp\180sainstallernusac.exe C:\WINDOWS\Downloaded Program Files\ClientAX.inf Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation CODEBASE http://www.180searchassistant.com/180saax.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\ClientAX.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InstalledVersion 6,9,95,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 eXact.SearchBar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Ignored Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\system32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class Virtual Bouncer Adware more information... Details: Virtual Bouncer claims to be a spyware remover, and it actually detects a few. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected c:\Program Files\VBouncer\virtualbouncer.exe c:\program files\vbouncer\swsettings.xml c:\program files\vbouncer\user.xml c:\program files\vbouncer\vbouncerinner.exe c:\program files\vbouncer\vbxml23.dll c:\program files\vbouncer\virtualbounceruninstaller.exe c:\program files\vbouncer\instr\21.xml c:\documents and settings\administrator\start menu\programs\virtual bouncer\virtual bouncer.lnk C:\WINDOWS\system32\SWRT01.dll c:\documents and settings\administrator\start menu\programs\virtual bouncer\help.lnk c:\documents and settings\administrator\start menu\programs\virtual bouncer\uninstall virtual bouncer.lnk c:\program files\vbouncer\addestroyerinner.exe c:\program files\vbouncer\bundleouter.exe c:\program files\vbouncer\chilkatzip.dll c:\program files\vbouncer\procmanager.exe Infected folders detected c:\documents and settings\administrator\start menu\programs\virtual bouncer c:\program files\vbouncer c:\program files\vbouncer\instr Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VBouncer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18BBDF4D-611D-41CE-A7E7-B2DD23C250D1} HKEY_CLASSES_ROOT\ChilkatZip.ChilkatZipEntry2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChilkatZip.ChilkatZipEntry2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8551311D-F3BF-4718-AD66-96E302500735} HKEY_CLASSES_ROOT\ChilkatZip.ChilkatZipEntry.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChilkatZip.ChilkatZipEntry.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE23505D-68FB-4C49-AE4B-D4F1CF86A2C4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} HKEY_CLASSES_ROOT\ChilkatZip.ChilkatZip2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChilkatZip.ChilkatZip2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VBouncer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB92433D-1902-4789-BAFC-B46B0DCDEBB7} HKEY_CLASSES_ROOT\ChilkatZip.ChilkatZip.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChilkatZip.ChilkatZip.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC352548-52B5-41AC-B8C1-8CB561ECF7AD} HKEY_CLASSES_ROOT\ChilkatZip.ChilkatEnum.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChilkatZip.ChilkatEnum.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VBouncer HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings DistID 2706040823 HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer\Settings InDate 2005-08-12 17:16:24 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings DistID 2706040823 HKEY_CURRENT_USER\software\vb and vba program settings\vbouncer\Settings InDate 2005-08-12 17:16:24 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VBouncer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virtual bouncer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virtual bouncer DisplayName Virtual Bouncer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virtual bouncer UninstallString C:\PROGRA~1\VBouncer\VirtualBouncerUninstaller.EXE HKEY_CLASSES_ROOT\SWRT01.RT HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SWRT01.RT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run VBouncer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8940E505-72C6-44DE-BE85-1D746780EFBF} HKEY_CLASSES_ROOT\SWRT01.RT HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SWRT01.RT DelFin.Media Viewer Adware more information... Details: DelFin Media Viewer, also called PromulGate, is an adware-based media player. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected C:\WINDOWS\mm15201518.Stub.exe Detected Spyware Cookies No spyware cookies were found during this scan.