Spyware Scan Details Start Date: 2005-06-10 15:19:18 End Date: 2005-06-10 15:34:01 Total Time: 14 mins 43 secs Detected Threats ShopAtHome Spyware more information... Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\documents and settings\radmin\temporary internet files\content.ie5\8aaom05t\shop1005[1].exe d:\windows\shop1004.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample Tibs.BrowserPlugin Dialer more information... Details: Tib Browser profiles your browsing and shopping habits online and displays popup advertising in Internet Explorer. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\125399.exe d:\documents and settings\radmin\temporary internet files\content.ie5\4e3uggjf\125399[1].exe d:\program\websiteviewer\125399.exe d:\program\websiteviewer\125399.ban d:\program\websiteviewer\125399.dd d:\program\websiteviewer\125399.dlr d:\program\websiteviewer\125399.ico d:\program\websiteviewer\lse.txt Infected folders detected d:\program\websiteviewer Infected registry keys/values detected HKEY_CURRENT_USER\software\websiteviewer HKEY_CURRENT_USER\software\websiteviewer\Settings lc 29 HKEY_CURRENT_USER\software\websiteviewer\Settings lang HKEY_CURRENT_USER\software\websiteviewer\Settings country 46 HKEY_CURRENT_USER\software\websiteviewer\Settings lang2 SE HKEY_CURRENT_USER\software\websiteviewer\Settings rc2 S5ZOfp MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\windows\downloaded program files\mediaticketsinstaller.inf d:\windows\downloaded program files\mediaticketsinstaller.ocx d:\windows\system32\wcpsvit.exe Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\ProgID MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\ToolboxBitmap32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX, 1 HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\TypeLib {5530D356-0063-41B9-B20D-E9D799E8D907} HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF} MediaTicketsInstaller Control HKEY_CLASSES_ROOT\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 HKEY_CLASSES_ROOT\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1\CLSID {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_CLASSES_ROOT\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 MediaTicketsInstaller Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InprocServer32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\ProgID MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\ToolboxBitmap32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\TypeLib {5530D356-0063-41B9-B20D-E9D799E8D907} HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} MediaTicketsInstaller Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1\CLSID {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 MediaTicketsInstaller Control HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files D:\WINDOWS\System32\mfc42.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files D:\WINDOWS\System32\msvcrt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files D:\WINDOWS\System32\olepro32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\DownloadInformation CODEBASE http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4699 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\DownloadInformation INF D:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InstalledVersion 1,0,0,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InstalledVersion LastModified Tue, 31 May 2005 14:44:28 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Installer MSICD HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Control HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InprocServer32 D:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\MiscStatus 0 eXact.BullseyeNetwork Adware more information... Details: Bullseye displays pop-up advertisements. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\program\bullseye network\bin\adv.exe d:\program\bullseye network\bin\adx.exe d:\program\bullseye network\bin\bargains.exe Infected folders detected d:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network Backdoor.agent Backdoor more information... Details: Backdoor.agent installs adware and spyware; it is usually installed with other applications. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\windows\system32\winnet.dll Trojan.Delf Trojan Downloader more information... Details: Trojan.Delf is a Trojan downloader that is installed with/or downloads additional adware programs that display pop-up advertising, or changes browser settings. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ControlPanel Trojan.Downloader.HF Trojan more information... Details: Trojan.Downloader.HF is a downloader Trojan. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\documents and settings\radmin\skrivbord\2.dat d:\documents and settings\radmin\skrivbord\4.dat d:\documents and settings\radmin\temporary internet files\content.ie5\8aaom05t\all[1].exe d:\documents and settings\radmin\temporary internet files\content.ie5\8aaom05t\on-line[1].exe d:\windows\system32\all64.exe Trojan.Downloader.intfsdffdsronsad Trojan Downloader more information... Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\documents and settings\radmin\skrivbord\7.dat d:\documents and settings\radmin\temporary internet files\content.ie5\9ot00s5e\toolbar[1].exe d:\windows\system32\z16.exe Trojan.BHO.NameShifter.K Browser Plug-in more information... Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\windows\system32\drvi\naumakpjhv.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0033407d-292d-f288-5cdd-4299601d53d8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09118861-e4ee-1b28-9499-24e3e09c7036} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e008a64-cdef-1c24-9396-26eae89f773c} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e008a64-cdef-1c24-9396-26eae89f773c} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b664c82-00b4-c39c-b188-9c99b0b23f36} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7099e289-29ff-f2b8-b177-fa2dc8ccaf14} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70ccd493-29df-af3c-3f66-3ea230b4ba5a} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a62286aa-292c-4190-e9ff-a07c20309414} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09118861-e4ee-1b28-9499-24e3e09c7036} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e008a64-cdef-1c24-9396-26eae89f773c} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e008a64-cdef-1c24-9396-26eae89f773c} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b664c82-00b4-c39c-b188-9c99b0b23f36} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7099e289-29ff-f2b8-b177-fa2dc8ccaf14} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70ccd493-29df-af3c-3f66-3ea230b4ba5a} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a62286aa-292c-4190-e9ff-a07c20309414} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0033407d-292d-f288-5cdd-4299601d53d8} CoolWebSearch Browser Modifier more information... Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Removed Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected d:\program files\internet optimizer\optimize.exe d:\windows\nem220.dll d:\documents and settings\radmin\temporary internet files\content.ie5\4e3uggjf\optimize[1].exe d:\documents and settings\radmin\temporary internet files\content.ie5\8aaom05t\nem220[1].dll d:\windows\optimize.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon D:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "D:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 D:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR D:\WINDOWS\ HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName D:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName D:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29715890,2111426560 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-0b0edb712981e55a251a5d62 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1118404165 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1118404165 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 109,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName D:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29715890,2111426560 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-0b0edb712981e55a251a5d62 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1118404165 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1118404165 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 109,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer MoneyTree Dialer more information... Details: MoneyTree is an ActiveX installer control that downloads premium-rate dialers, primarily for adult content sites. On system startup MoneyTree attempts to connect to an adult content site. Status: Quarantined Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 D:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 D:\WINDOWS\nem220.dll Topconverting.Crazywinnings Adware more information... Details: Topconverting Crazywinnings installs via online games through ActiveX drive-by-download. Status: Quarantined High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 D:\WINDOWS\DOWNLO~1\website.ocx, 1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 D:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 D:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 D:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 D:\WINDOWS\DOWNLO~1\website.ocx, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN TPUSN_once 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Contains\Files D:\WINDOWS\Downloaded Program Files\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\DownloadInformation CODEBASE http://static.topconverting.com/activex/website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion 1,0,0,22 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion LastModified Mon, 02 May 2005 12:41:21 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Installer MSICD HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 D:\WINDOWS\DOWNLO~1\website.ocx HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerID 441 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil NewPartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil BuildNumber 8039 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil FirstHitUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UninstallUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UniqueKeyUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UtilFolder D:\WINDOWS\System32 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil InstallOccurUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil AlreadyInstalledUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil ETServer www.xctrk.com eXact.Downloader Trojan Downloader more information... Details: eXact Downloader is a Trojan used by eXact Bargain Buddy and Cash Back to download and install additional components. Status: Removed High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected D:\WINDOWS\System32\msxct.exe d:\windows\system32\exdl0.exe d:\windows\system32\exdl1.exe d:\windows\system32\exul.exe d:\windows\system32\exul1.exe d:\windows\system32\javexulm.vxd d:\windows\system32\mqexdlm.srg d:\windows\system32\msbe.dll d:\documents and settings\radmin\temporary internet files\content.ie5\hr6b9wsi\installer_siac[1].exe d:\windows\exdl.exe d:\windows\installer_siac.exe d:\windows\system32\exclean.exe d:\windows\system32\exdl.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_CLASSES_ROOT\ADP.UrlCatcher HKEY_CLASSES_ROOT\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 Topconverting.SPEYLOD Adware more information... Details: Topconverting.SPEYLOD downloads and installs various spyware and adware such as 180 Solutions, SurfSideKick and SAHSelect and installs itself as a BHO. Status: Quarantined High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected d:\WINDOWS\Downloaded Program Files\website.ocx d:\documents and settings\radmin\temporary internet files\content.ie5\9ot00s5e\website[1].ocx Spyware.BHO.drexinit Browser Plug-in more information... Status: Quarantined High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E} HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E}\Control CN 1 HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E}\Control RI 0 HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E}\Control CS 1118407500 HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E}\InprocServer32 D:\WINDOWS\drexinit.dll HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A0269420-A638-4509-889C-8FC3CC85DA7E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0269420-A638-4509-889C-8FC3CC85DA7E} Trojan.Startup.NameShifter.I Trojan more information... Status: Quarantined High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected d:\windows\system32\0pfq9qor.exe d:\windows\ss7g9i4q.exe d:\windows\system32\i62esej5.dll d:\windows\system32\j97qaflk.exe d:\windows\temp\umqltg4cl_.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0pfq9qor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0pfq9qor eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Quarantined High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected D:\Program\BullsEye Network\bin\bargains.exe d:\windows\system32\msbe.dll d:\program\bullseye network\ad.dat d:\program\bullseye network\ub.dat d:\program\bullseye network\uninstall.exe d:\program\bullseye network\bin\adv.exe d:\program\bullseye network\bin\adx.exe Infected folders detected d:\program\bullseye network d:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 D:\WINDOWS\System32\msbe.dll HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir D:\Program\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\software\bargains ServerName adpopper.outblaze.com HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8039 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 5000 HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1118404243 HKEY_LOCAL_MACHINE\software\bargains PartnerID 441 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1118404252 HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1118404261:000014780 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\software\bargains PartnerName SIAC HKEY_LOCAL_MACHINE\software\bargains UniqueKey 75010680:17912:8039:1 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 1 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 2 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 50 HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 10 HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1118387968 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1118404508 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString D:\Program\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.3.9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon D:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network ClickSpring.PuritySCAN Adware more information... Details: ClickSpringPuritySCAN offers free adult content searches, but instead delivers pop-up advertisements and installs spyware. Status: Quarantined Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\ClickSpring HKEY_LOCAL_MACHINE\software\ClickSpring UUID 00000209000ac6530000125b HKEY_LOCAL_MACHINE\software\ClickSpring PID ;2 UCmore Potentially Unwanted Software more information... Status: Quarantined Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected d:\program\thesearchaccelerator\ucmtsaie.dll d:\documents and settings\radmin\temporary internet files\content.ie5\9ot00s5e\ucmoreiex[1].exe d:\program\thesearchaccelerator\iucmore.dll d:\windows\ucmoreiex.exe d:\program\thesearchaccelerator\install.log d:\program\thesearchaccelerator\logo.ico d:\program\thesearchaccelerator\toolbar.cfg d:\program\thesearchaccelerator\unwise.exe Infected folders detected d:\program\thesearchaccelerator Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} UCmore XP - The Search Accelerator HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 D:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} UCmore XP - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 AutoArrange TRUE HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 ClearCache TRUE HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator status 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ComId {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator NumberOfIconsLimit 200 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Path D:\Program\THESEA~1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorUserID 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Version HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Write us link mailto:info@ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator RSSPath D:\Program\THESEA~1\rss HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Server users.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Server2 users2.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorServer sponsor2.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ImportFavorite 1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator LastAutoOpenPane 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorId 2528 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator UserID 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator FirstLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ShowRelevancyTooltip 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ResultsInNewWin 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayName UCmore - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator UninstallString D:\Program\THESEA~1\UNWISE.EXE D:\Program\THESEA~1\INSTALL.LOG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayVersion UCmore XP - The Search Accelerator 4.5.1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator HelpLink http://www.ucmore.com/help.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Publisher Effective-i ,Inc. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator URLInfoAbout http://www.ucmore.com/help.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Contact UCmore Support department. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Comments Uninstalling? Please tell us why at http://www.ucmore.com/clientuninstall.html HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayIcon D:\Program\THESEA~1\logo.ico,-0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 D:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 ThreadingModel Apartment BrowserVillage Toolbar Adware more information... Status: Quarantined Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1\CLSID {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 Loader2 Control SurfSideKick Settings Modifier more information... Details: SurfSideKick downloads and displays advertisements Status: Quarantined Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\Software\SurfSideKick3 HKEY_LOCAL_MACHINE\Software\SurfSideKick3\Internet Explorer PInfo WeirdOnTheWeb Adware more information... Status: Quarantined Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected d:\program\weirdontheweb\terms.txt d:\program\weirdontheweb\weirdontheweb.exe Infected folders detected d:\program\weirdontheweb Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val1 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val2 3600000 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val3 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val4 10000 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG activity 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG last 1118407860 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG freeze 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\UPDATE Module 1118404155 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\UPDATE Config 1118404164 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb Provider topc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb InstallTime 1118404155 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb GUID 292DA5E279E743C3AF2F6BB04E911251 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb DisplayName WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb UninstallString "D:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" /Uninstall HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG domain v{r{rsry;p|z HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG tracker u}G<<npx;nnqrr;{r<npx;ptvL}|Jh]_\cj3}|tJ[S>3vrvqJB==?3t|}J HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG updates u}G<<;rvq|{urro;{r<{|vsvr<}qnr< eXact.SearchBar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Removed Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 D:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class 180search Assistant Adware more information... Details: 180search Assistant displays pop-up advertismenets. Status: Quarantined Moderate threat - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Infected files detected d:\documents and settings\radmin\temporary internet files\content.ie5\9ot00s5e\stubinstaller5975[1].exe Detected Spyware Cookies No spyware cookies were found during this scan.