Spyware Scan Details Start Date: 2005-06-13 10:10:34 End Date: 2005-06-13 10:15:58 Total Time: 5 mins 24 secs Detected spyware ShopAtHome Spyware more information... Details: ShopAtHome installs itself in the Winsock layer of your computer and redirects visits to merchant sites in order to take the affiliate fees from them automatically without your knowledge. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected C:\WINDOWS\shop1004.exe C:\WINDOWS\Downloaded Program Files\m67m.ocx Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SAHBundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent EulaStatus Displayed4002b HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent InstallLocation downloads.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent InstPath arcadecash/ HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleKey arcadecash1005.sah HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundlePackage setup4021.cab HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsServer www.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsPath agent3/ HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent iniName setup4021.ini HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PackageLocation downloads.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PackageName agent/realtimeSetup.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SAHBundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsXML agent3/agentprefs3.sah HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CookieUserAgent iexplorer HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BrowserType Bundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleProgress 4 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountKey 1 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent UniqueBundleKey owner=arcadecash1005 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent UniqueBundleID refer=290516305 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent GUID GUID={3FCE4807-D31E-4AA2-B23B-C4D0E1751603} HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountStart 1 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountCab 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SAHBundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent LSPInstallNeed yes HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent ReadyToInstall complete HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleInstall complete HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent AgentVersion 4.0.3.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SAHBundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent KeyExistNai Y HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent DllName C:\DOCUME~1\Roger\LOKALA~1\Temp\VM0VSEDV.dll HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent HtmlName C:\DOCUME~1\Roger\LOKALA~1\Temp\91VTDKES.html HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent EulaDate 2005-06-13 09:54:46 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent EulaStatus Displayed4002b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SAHBundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent InstallLocation downloads.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent InstPath arcadecash/ HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleKey arcadecash1005.sah HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundlePackage setup4021.cab HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsServer www.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsPath agent3/ HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent iniName setup4021.ini HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PackageLocation downloads.shopathomeselect.com HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PackageName agent/realtimeSetup.cab HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent PrefsXML agent3/agentprefs3.sah HKEY_LOCAL_MACHINE\software\vgroup HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CookieUserAgent iexplorer HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BrowserType Bundle HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleProgress 4 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountKey 1 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent UniqueBundleKey owner=arcadecash1005 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent UniqueBundleID refer=290516305 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent GUID GUID={3FCE4807-D31E-4AA2-B23B-C4D0E1751603} HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountStart 1 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent CountCab 1 HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent LSPInstallNeed yes HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent KeyExistNai Y HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent ReadyToInstall complete HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent BundleInstall complete HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent AgentVersion 4.0.3.1 HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent DllName C:\DOCUME~1\Roger\LOKALA~1\Temp\VM0VSEDV.dll HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent HtmlName C:\DOCUME~1\Roger\LOKALA~1\Temp\91VTDKES.html HKEY_LOCAL_MACHINE\software\vgroup\SAHAgent EulaDate 2005-06-13 09:54:46 eXact.BullseyeNetwork Adware more information... Details: eXact.BullseyeNetwork displays popup ads. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\program\bullseye network\ad.dat c:\program\bullseye network\bin\adv.exe c:\program\bullseye network\bin\adx.exe c:\program\bullseye network\ub.dat c:\program\bullseye network\uninstall.exe c:\program\bullseye network\bin\bargains.exe Infected folders detected c:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network CoolWebSearch.StartPage Browser Hijacker more information... Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\gx9fzj83m9.exe AproposMedia Browser Hijacker more information... Details: A component of PeopleOnPage, sometimes found on machines without the commonly visible portion of the application. Spawns popup ads, and hijacks browser settings. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer32 C:\WINDOWS\isrvs\sysupd.dll HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} IE Update Class DirectRevenue.ABetterInternet.Aurora Adware more information... Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CURRENT_USER\software\aurora HKEY_CURRENT_USER\software\aurora AUI3d5OfSDist 114|1|0|0|THIN-114-1-X-X.EXE HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mfiltis Excl HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon Driver DrPMon.dll HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon driver CoolWebSearch Browser Hijacker more information... Details: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\nem220.dll C:\WINDOWS\optimize.exe Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_CLASSES_ROOT\dyfuca_bh.bhobj HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.4 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29716461,745100544 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-53c01b1a5bbf89e43980669 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1118923825 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1118923825 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 956,2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.4 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29716461,745100544 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-53c01b1a5bbf89e43980669 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1118923825 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1118923825 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 956,2 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\classes\dyfuca_bh.bhobj HKEY_LOCAL_MACHINE\software\classes\dyfuca_bh.bhobj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\classes\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\classes\dyfuca_bh.bhobj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer "C:\Program Files\Internet Optimizer\optimize.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout IST.ISTbar Browser Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a users consent using an Internet Explorer toolbar. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.4 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29716461,745100544 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-53c01b1a5bbf89e43980669 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1118923825 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1118923825 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 956,2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\WINDOWS\ HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData MoneyTree Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class CoolWebSearch.MsxMidi Browser Hijacker more information... Details: CoolWebSearch MsxMidi is a CoolWebSearch variant that is loaded on startup. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\msxmidi.exe Roings Search Browser Hijacker more information... Details: Adds an ad supported search bar to Internet Explorer by reading the results you enter into standard search engines such as Google. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{E0CE16CB-741C-4B24-8D04-A817856E07F4} HKEY_CLASSES_ROOT\clsid\{E0CE16CB-741C-4B24-8D04-A817856E07F4}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKEY_CLASSES_ROOT\clsid\{E0CE16CB-741C-4B24-8D04-A817856E07F4}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Topconverting Crazywinnings Adware more information... Details: Topconverting installs via online games through ActiveX drive by download. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx, 1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN TPUSN_once 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Contains\Files C:\WINDOWS\Downloaded Program Files\mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Contains\Files C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\DownloadInformation CODEBASE http://static.topconverting.com/activex/mp3.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion 1,0,0,22 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion LastModified Mon, 02 May 2005 12:41:55 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Installer MSICD HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\mp3.ocx HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 SearchMiracle.EliteBar Browser Plug-in more information... Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\windows\downloaded program files\v3.dll Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD} {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} _DPlot HKEY_CLASSES_ROOT\plot.plotctrl.1\clsid HKEY_CLASSES_ROOT\plot.plotctrl.1\clsid {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\Control HKEY_CLASSES_ROOT\plot.plotctrl.1 HKEY_CLASSES_ROOT\plot.plotctrl.1\CLSID {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\plot.plotctrl.1 {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429} HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\FLAGS 2 HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0 ActiveX Control module HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\Control HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 C:\WINDOWS\DOWNLO~1\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 C:\WINDOWS\DOWNLO~1\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\ProgID PLOT.PlotCtrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\v3.dll, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD} {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} _DPlot HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1 HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1\CLSID {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1 {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429} HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\FLAGS 2 HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0 ActiveX Control module HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar AccountNumber finefind HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar axparam &cc=1 HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar popupblocker of HKEY_LOCAL_MACHINE\Software\Elitum HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar AccountNumber finefind HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar axparam &cc=1 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus 0 HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar popupblocker of HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\DownloadInformation CODEBASE http://searchmiracle.com/cab/v3cab.cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\DownloadInformation OSD C:\WINDOWS\Downloaded Program Files\OSD149F.OSD HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\InstalledVersion 1,0,0,1 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\InstalledVersion LastModified Wed, 02 Mar 2005 23:18:46 GMT HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab v3cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab SystemComponent 0 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab Installer MSICD HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\ProgID PLOT.PlotCtrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\DownloadInformation CODEBASE http://searchmiracle.com/cab/v3cab.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\DownloadInformation OSD C:\WINDOWS\Downloaded Program Files\OSD149F.OSD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\InstalledVersion 1,0,0,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\InstalledVersion LastModified Wed, 02 Mar 2005 23:18:46 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab Installer MSICD HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll .Owner v3cab HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll v3cab HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\v3.dll, 1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\v3.dll HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} eXact.NaviSearch Adware more information... Details: Displays popup ads and hijacks Internet Explorers 404 search error page. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\TypeLib {4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} IUrlCatcher HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0\win32 C:\WINDOWS\System32\msbe.dll HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\HELPDIR C:\WINDOWS\System32\ HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 ADP 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\TypeLib {4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} IXYZ HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\TypeLib {4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} IUrlCatcher HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0\win32 C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\HELPDIR C:\WINDOWS\System32\ HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0 ADP 1.0 Type Library HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\TypeLib {4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} IXYZ HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} MediaMotor Trojan Downloader more information... Details: Service that bundles and downloads spyware and adware programs for distribution. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\WINDOWS\Downloaded Program Files\m67m.inf Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Contains\Files C:\WINDOWS\System32\objsafe.tlb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Contains\Files C:\WINDOWS\Downloaded Program Files\m67m.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\DownloadInformation CODEBASE http://cabs.media-motor.net/cabs/joysaver.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\m67m.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\InstalledVersion 6,3,0,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\InstalledVersion LastModified Tue, 07 Jun 2005 01:43:15 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} Installer MSICD eXact.Downloader Trojan Downloader more information... Details: Trojan used by eXact Bargain Buddy and Cash Back to download and install addtional components. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\windows\system32\exdl1.exe c:\windows\exdl.exe c:\windows\installer_siac.exe C:\WINDOWS\system32\exdl.exe C:\WINDOWS\system32\exdl0.exe C:\WINDOWS\system32\msbe.dll SULoads.popuppers Trojan Downloader more information... Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net * 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com * 2 DirectRevenue.ABetterInternet.Transponder.Ceres Adware more information... Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\WINDOWS\seeve.exe C:\WINDOWS\unstall.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run seeve HKEY_CURRENT_USER\Software\Ceres HKEY_CURRENT_USER\Software\Ceres CSI4d3OfSDist 129|2|0|0|IDL.EXE iSearch.DesktopSearch Spyware more information... Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\windows\system32\drpmon.dll c:\windows\nail.exe c:\windows\svcproc.exe c:\windows\isrvs\desktop.exe C:\Documents and Settings\Roger\Lokala instllningar\Temp\B1\build3.exe c:\windows\isrvs\ffisearch.exe c:\windows\isrvs\sysupd.dll c:\windows\delprot.ini c:\windows\deskbar.ini c:\windows\isrvs\edmond.exe c:\windows\isrvs\icons\spywareavenger.ico c:\windows\isrvs\icons\virushunter.ico c:\windows\isrvs\isearch.xpi c:\windows\isrvs\mfiltis.dll c:\windows\isrvs\msdbhk.dll Infected folders detected c:\windows\inst\ c:\windows\isrvs\ c:\windows\isrvs\icons c:\windows\isrvs\icons\ Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\software\classes\mfiltis excl HKEY_LOCAL_MACHINE\software\classes\mfiltis date HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html CLSID {950238FB-C706-4791-8674-4D429F85897E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Contact admin@mypctuneup.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 DisplayName The ABI Network- A Division of Direct Revenue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 HelpLink http://www.mypctuneup.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Publisher ABI Network-A Division of Direct Revenue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 URLInfoAbout http://www.abetterinternet.com HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver DrPMon.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Class LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 ConfigFlags 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 DeviceDesc delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Legacy 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Service delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000\Control *NewlyCreated* 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ffis HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000\Control ActiveService delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot DisplayName delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot ImagePath \SystemRoot\system32\drivers\delprot.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot Start 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot Type 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum 0 Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ErrorControl 1 HKEY_CLASSES_ROOT\mfiltis date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ImagePath C:\WINDOWS\svcproc.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc ObjectName LocalSystem HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Start 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SvcProc Type 16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} IE Update Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ffis HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security Security HKEY_CLASSES_ROOT\mfiltis excl HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum 0 Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ImagePath \SystemRoot\system32\drivers\delprot.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot DisplayName delprot HKEY_CLASSES_ROOT\clsid\{950238FB-C706-4791-8674-4D429F85897E} HKEY_CLASSES_ROOT\clsid\{950238FB-C706-4791-8674-4D429F85897E}\InprocServer32 C:\WINDOWS\isrvs\mfiltis.dll HKEY_CLASSES_ROOT\clsid\{950238FB-C706-4791-8674-4D429F85897E} MimeFilter HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer32 ThreadingModel Apartment eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\program\bullseye network\bin\bargains.exe c:\program\bullseye network\ad.dat c:\program\bullseye network\ub.dat c:\program\bullseye network\uninstall.exe c:\program\bullseye network\bin\adv.exe c:\program\bullseye network\bin\adx.exe c:\windows\system32\exul.exe c:\windows\system32\exclean.exe c:\windows\system32\exdl.exe c:\windows\system32\exdl0.exe c:\windows\system32\exul1.exe c:\windows\system32\javexulm.vxd c:\windows\system32\mqexdlm.srg c:\windows\system32\msbe.dll Infected folders detected c:\program\bullseye network c:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir C:\Program\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\software\bargains ServerName adpopper.outblaze.com HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8039 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 5000 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\software\bargains PartnerID 441 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1118649336 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains PartnerName SIAC HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1118649342 HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1118649350:000028706 HKEY_LOCAL_MACHINE\software\bargains UniqueKey 80901339:24647:8039:1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 1 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 2 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 50 HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 10 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1118906368 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1118649448 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\exactutil HKEY_LOCAL_MACHINE\software\exactutil BuildNumber 8039 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\software\exactutil FirstHitUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\software\exactutil UninstallUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\software\exactutil UniqueKeyUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\software\exactutil UtilFolder C:\WINDOWS\System32 HKEY_LOCAL_MACHINE\software\exactutil InstallOccurUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\software\exactutil AlreadyInstalledUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\software\exactutil ETServer www.xctrk.com HKEY_LOCAL_MACHINE\software\exactutil PartnerID 441 HKEY_LOCAL_MACHINE\software\exactutil NewPartnerName SIAC HKEY_LOCAL_MACHINE\software\exactutil PartnerName SIAC HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\exactutil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString C:\Program\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.3.9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon C:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class CWS.AboutBlank Browser Hijacker more information... Details: This is a CoolWebSearch hijacker. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\protocols\filter\text/html HKEY_CLASSES_ROOT\protocols\filter\text/html HTML Parser HKEY_CLASSES_ROOT\protocols\filter\text/html CLSID {950238FB-C706-4791-8674-4D429F85897E} HKEY_LOCAL_MACHINE\software\classes\protocols\filter\text/html clsid UCMoreSearchAccelerator Spyware more information... Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\Program\TheSearchAccelerator\IUCmore.dll 180search Assistant Adware more information... Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers. Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected c:\program\180searchassistant\sachook.dll c:\program\180searchassistant\sac.exe c:\windows\downloaded program files\clientax.dll C:\WINDOWS\stubinstaller5975.exe c:\program\180searchassistant\sacau.dat c:\program\180searchassistant\sac_gdf.dat c:\program\180searchassistant\sac_kyf.dat C:\WINDOWS\Downloaded Program Files\ClientAX.inf Infected folders detected c:\program\180searchassistant\ Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1 HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1 ClientInstaller Class HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller\CurVer ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9} HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9} IClientInstaller2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation CODEBASE http://www.180searchassistant.com/180saax.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\ClientAX.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InstalledVersion 6,9,95,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} SystemComponent 0 HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9} IClientInstaller2 BrowserVillage Toolbar Adware more information... Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1\CLSID {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 Loader2 Control Internet Optimizer Browser Hijacker more information... Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com. Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_CURRENT_USER\software\policies\avenue media HKEY_LOCAL_MACHINE\software\policies\avenue media weird on the web Adware more information... Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected c:\documents and settings\roger\favoriter\weirdontheweb.url c:\program\weirdontheweb\weirdontheweb.exe c:\program\weirdontheweb\terms.txt Infected folders detected c:\program\weirdontheweb Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG domain v{r{rsry;p|z HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG tracker u}G<<npx;nnqrr;{r<npx;ptvL}|Jh]_\cj3}|tJ[S>3vrvqJB==?3t|}J HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG updates u}G<<;rvq|{urro;{r<{|vsvr<}qnr< HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val1 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val2 3600000 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val3 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val4 10000 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG activity 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG last 1118649369 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG freeze 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\UPDATE Module 1118649333 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\UPDATE Config 1118649334 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb Provider topc HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb InstallTime 1118649333 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb GUID 5932DA08801F4126A31EC94E4C101F39 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG domain v{r{rsry;p|z HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG tracker u}G<<npx;nnqrr;{r<npx;ptvL}|Jh]_\cj3}|tJ[S>3vrvqJB==?3t|}J HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG updates u}G<<;rvq|{urro;{r<{|vsvr<}qnr< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val1 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val2 3600000 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val3 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val4 10000 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG activity 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG last 1118649369 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG freeze 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG activity 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG domain HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG freeze 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeirdOnTheWeb DisplayName WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val1 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\CONFIG val3 0 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\UPDATE HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\UPDATE Module 1118649333 HKEY_LOCAL_MACHINE\SOFTWARE\WeirdOnTheWeb\UPDATE Config 1118649334 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeirdOnTheWeb DisplayName WeirdOnTheWeb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeirdOnTheWeb UninstallString "C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" /Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Revisions HKEY_LOCAL_MACHINE\SOFTWARE\Revisions\Revisions Update0 1,0,1,1 eXact.SearchBar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class EZCyberSearch Adware more information... Details: EZCyberSearch is an IE toolbar that displays pop ads as well as hijacks Internet Explorer's search features. Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected c:\web.exe iSearch.Toolbar Toolbar more information... Details: ISearch toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings. Status: Ignored Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Infected files detected c:\windows\system32\drivers\delprot.sys c:\windows\isrvs\icons\spywareavenger.ico c:\windows\isrvs\icons\virushunter.ico c:\windows\isrvs\desktop.exe c:\windows\isrvs\ffisearch.exe c:\windows\isrvs\sysupd.dll C:\WINDOWS\delprot.ini C:\WINDOWS\isrvs\edmond.exe C:\WINDOWS\isrvs\mfiltis.dll C:\WINDOWS\isrvs\msdbhk.dll c:\windows\isrvs\isearch.xpi Infected folders detected c:\windows\isrvs c:\windows\isrvs\icons Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Service delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Legacy 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 ConfigFlags 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 Class LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000 DeviceDesc delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Security Security HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum 0 Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ffis HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot Type 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot Start 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot ImagePath \SystemRoot\system32\drivers\delprot.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\delprot DisplayName delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control *NewlyCreated* 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control ActiveService delprot HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control *NewlyCreated* 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control ActiveService delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Service delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Legacy 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 ConfigFlags 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Class LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 DeviceDesc delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ffis HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control *NewlyCreated* 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000\Control ActiveService delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Service delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Legacy 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 ConfigFlags 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 Class LegacyDriver HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 ClassGUID {8ECC055D-047F-11D1-A537-0000F8753ED1} HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 DeviceDesc delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Desktop Search HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum 0 Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum 0 Root\LEGACY_DELPROT\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum Count 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum NextInstance 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ffis HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Type 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Start 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ErrorControl 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ImagePath \SystemRoot\system32\drivers\delprot.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot DisplayName delprot HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Desktop Search C:\WINDOWS\isrvs\desktop.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ffis C:\WINDOWS\isrvs\ffisearch.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000\Control *NewlyCreated* 0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DELPROT\0000\Control ActiveService delprot Zango Search Assistant Adware more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Ignored Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Infected files detected c:\windows\downloaded program files\clientax.inf Infected registry keys/values detected HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} AppID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4}\Programmable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}\1.0\0\win32 c:\program\180searchassistant\sachook.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}\1.0\HELPDIR c:\program\180searchassistant\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}\1.0 ncmyb 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation CODEBASE http://www.180searchassistant.com/180saax.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\ClientAX.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InstalledVersion 6,9,95,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} SABHO HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 BrowserAd Browser Plug-in more information... Status: Ignored Moderate spyware - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Infected registry keys/values detected HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0} HKEY_CLASSES_ROOT\typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}\1.0\HELPDIR C:\Program\DNS\ HKEY_CLASSES_ROOT\typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}\1.0 shorty 1.0 Type Library HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}\TypeLib {223A26D8-9F91-42F6-8ED3-094B637DE020} HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{31ca5c07-7f5f-4502-8c77-99a91558add0} IGopher HKEY_CLASSES_ROOT\typelib\{223a26d8-9f91-42f6-8ed3-094b637de020} HKEY_CLASSES_ROOT\typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}\1.0\0\win32 C:\Program\DNS\Catcher.dll HKEY_CLASSES_ROOT\typelib\{223a26d8-9f91-42f6-8ed3-094b637de020}\1.0\FLAGS 0 SpySheriff Misc more information... Details: Fake Spyware removal program Status: Ignored Low spyware - Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed. Infected files detected C:\Program Files\SpySheriff\IESecurity.dll C:\Program Files\SpySheriff\ProcMon.dll C:\Program Files\SpySheriff\SpySheriff.exe C:\Program Files\SpySheriff\Uninstall.exe Infected registry keys/values detected HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpySheriff HKEY_CURRENT_USER\Software\SpySheriff\IE Security BlockIframeTags 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security BlockJavascripts 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security BlockLocations 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security BlockPopupWindows 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security BlockTags 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security ProtectHomepage 0 HKEY_CURRENT_USER\Software\SpySheriff\IE Security\BlockedLocations HKEY_CURRENT_USER\Software\SpySheriff\Process Security HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies\Allowed C:\Program Files\SpySheriff\SpySheriff.exe 1 HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies Active Policy 0 HKEY_CURRENT_USER\Software\SNO HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies Process Security 0 HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies Active Policy 0 HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies Process Security 0 HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies\Allowed C:\Program Files\SpySheriff\SpySheriff.exe 1 HKEY_CURRENT_USER\Software\SpySheriff\Process Security\Policies\Restricted HKEY_CURRENT_USER\Software\SpySheriff\Scan DeleteFoundThreats 0 HKEY_CURRENT_USER\Software\SpySheriff\System Security ProtectActiveDesktop 0 HKEY_CURRENT_USER\Software\SpySheriff\System Security ProtectAutorun 0 HKEY_CURRENT_USER\Software\SpySheriff\System Security ProtectHosts 0 HKEY_CURRENT_USER\Software\SpySheriff\Updates HKEY_CURRENT_USER\Software\SpySheriff PlaySounds 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff DisplayIcon C:\Program Files\SpySheriff\SpySheriff.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff DisplayName SpySheriff HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff URLInfoAbout http://www.spysheriff.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff HelpLink http://www.spysheriff.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySheriff UninstallString C:\Program Files\SpySheriff\Uninstall.exe HKEY_CURRENT_USER\Software\SpySheriff ScanOnStartup 1 HKEY_CURRENT_USER\Software\SpySheriff ScheduledScan 0 HKEY_CURRENT_USER\Software\SpySheriff ScheduledScanHour 0 HKEY_CURRENT_USER\Software\SpySheriff ScheduledScanMin 0 HKEY_CURRENT_USER\Software\SpySheriff SecurityLevel 2 HKEY_CURRENT_USER\Software\SpySheriff Uninstall C:\Program Files\SpySheriff Detected Spyware Cookies TribalFusion.com QuestionMarket.com Revenue.net Com.com Mediaplex.com ShopAtHomeSelect.com Adserver.com ATDMT.com Centrport.net CGI-Bin DoubleClick FastClick.com