Spyware Scan Details Start Date: 2005-06-13 10:21:11 End Date: 2005-06-13 10:28:16 Total Time: 7 mins 5 secs Detected Threats ShopAtHome Spyware more information... Details: ShopAtHome installs an agent in the Winsock layer of your computer. This redirects your Web browser to merchant sites affiliated with ShopAtHome rather than the Web sites you type in or click. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\WINDOWS\shop1004.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\software\winsock2\layered provider sample MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page eXact.BullseyeNetwork Adware more information... Details: Bullseye displays pop-up advertisements. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program\BullsEye Network\bin\adv.exe C:\Program\BullsEye Network\bin\adx.exe c:\program\bullseye network\bin\bargains.exe Infected folders detected c:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network Krepper Trojan Downloader more information... Details: Krepper is a Trojan virus that modifies Web browsing activity, displays advertising, and downloads additional threats Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xp_system Trojan.Delf Trojan Downloader more information... Details: Trojan.Delf is a Trojan downloader that is installed with/or downloads additional adware programs that display pop-up advertising, or changes browser settings. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ControlPanel CoolWebSearch.SearchX Spyware more information... Details: CoolWebSearch.SearchX installs a toolbar and redirects the Internet Explorer search page to a specific Web site. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xp_system Transponder.ABetterInternet.Aurora Spyware more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\WINDOWS\svcproc.exe Transponder.ABetterInternet.DrPMon Spyware more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\WINDOWS\system32\DrPMon.dll Trojan.Downloader.intfsdffdsronsad Trojan Downloader more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\system32\z16.exe Trojan.BHO.NameShifter.K Browser Plug-in more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\program\upd\lnkdfvtlwi.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70444a14-cde1-623c-f5f0-f22d28b4bdd2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70444a14-cde1-623c-f5f0-f22d28b4bdd2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77554811-e4e0-6530-f2ff-f02420b7bad8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dff3832-295d-82a4-8b0f-a4a2083aa614} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{baaadea0-e440-1288-24bb-a4e360b2af64} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21150cd-2941-00d4-de0f-6ecf90002400} CoolWebSearch Browser Modifier more information... Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\InprocServer32 C:\WINDOWS\inet20057\3.00.05.dll HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\ProgID Replace.HBO.1 HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\Programmable HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\TypeLib {516A36EA-AFE2-4965-A492-B198B7F7B018} HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3}\VersionIndependentProgID Replace.HBO HKEY_CLASSES_ROOT\clsid\{5321E378-FFAD-4999-8C62-03CA8155F0B3} HBO Class HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe c:\windows\nem220.dll C:\WINDOWS\optimize.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29716460,1383507840 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-3a2e2b2077c4561e7eaec4bc HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1118741061 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1118741061 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 382,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29716460,1383507840 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-3a2e2b2077c4561e7eaec4bc HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1118741061 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1118741061 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 382,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class MoneyTree Dialer more information... Details: MoneyTree is an ActiveX installer control that downloads premium-rate dialers, primarily for adult content sites. On system startup MoneyTree attempts to connect to an adult content site. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll Topconverting.Crazywinnings Adware more information... Details: Topconverting Crazywinnings installs via online games through ActiveX drive-by-download. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\website.ocx, 1 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 C:\WINDOWS\DOWNLO~1\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ProgID LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\website.ocx, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\TypeLib {487E7682-B976-41FB-A944-E8B83689A454} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Loader2 Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN HKEY_CLASSES_ROOT\clsid\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN TPUSN_once 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Contains\Files C:\WINDOWS\Downloaded Program Files\website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\DownloadInformation CODEBASE http://static.topconverting.com/activex/website.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion 1,0,0,22 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InstalledVersion LastModified Mon, 02 May 2005 12:41:21 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Installer MSICD HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\Control HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 C:\WINDOWS\DOWNLO~1\website.ocx HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{79849612-A98F-45B8-95E9-4D13C7B6B35C}\MiscStatus 0 eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerID 441 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil NewPartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil BuildNumber 8039 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil FirstHitUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UninstallUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UniqueKeyUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UtilFolder C:\WINDOWS\System32 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil InstallOccurUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil AlreadyInstalledUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil ETServer www.xctrk.com eXact.Downloader Trojan Downloader more information... Details: eXact Downloader is a Trojan used by eXact Bargain Buddy and Cash Back to download and install additional components. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\WINDOWS\System32\msxct.exe C:\WINDOWS\system32\exul.exe C:\WINDOWS\system32\exul1.exe C:\WINDOWS\installer_SIAC.exe c:\windows\system32\msbe.dll c:\windows\system32\javexulm.vxd c:\windows\system32\mqexdlm.srg C:\WINDOWS\system32\exclean.exe C:\WINDOWS\exdl.exe C:\WINDOWS\system32\exdl.exe C:\WINDOWS\system32\exdl0.exe C:\WINDOWS\system32\exdl1.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run msxct HKEY_CLASSES_ROOT\ADP.UrlCatcher HKEY_CLASSES_ROOT\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 Topconverting.SPEYLOD Adware more information... Details: Topconverting.SPEYLOD downloads and installs various spyware and adware such as 180 Solutions, SurfSideKick and SAHSelect and installs itself as a BHO. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\WINDOWS\Downloaded Program Files\website.ocx Trojan.Startup.NameShifter.I Trojan more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\s2hcq4m0.exe C:\Documents and Settings\Roger\Lokala instllningar\Temp\umqltg4cl_.exe c:\windows\v0bf5gvg.exe c:\windows\system32\l5fhmk2h.exe c:\windows\system32\mq5f0g9f.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run s2hcq4m0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run s2hcq4m0 eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program\BullsEye Network\bin\bargains.exe c:\windows\system32\msbe.dll c:\program\bullseye network\ad.dat c:\program\bullseye network\ub.dat c:\program\bullseye network\uninstall.exe c:\program\bullseye network\bin\adv.exe c:\program\bullseye network\bin\adx.exe Infected folders detected c:\program\bullseye network c:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir C:\Program\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\software\bargains ServerName adpopper.outblaze.com HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8039 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 5000 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\software\bargains PartnerID 441 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1118648965 HKEY_LOCAL_MACHINE\software\bargains PartnerName SIAC HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1118648973:000027475 HKEY_LOCAL_MACHINE\software\bargains UniqueKey 79028121:21127:8039:1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 1 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 1 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 2 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 50 HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 10 HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1118733568 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1118649044 HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1118649398 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString C:\Program\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.3.9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon C:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} UCmore Potentially Unwanted Software more information... Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected files detected c:\program\thesearchaccelerator\ucmtsaie.dll C:\Program\TheSearchAccelerator\IUCmore.dll C:\WINDOWS\ucmoreiex.exe c:\program\thesearchaccelerator\install.log c:\program\thesearchaccelerator\logo.ico c:\program\thesearchaccelerator\toolbar.cfg c:\program\thesearchaccelerator\unwise.exe Infected folders detected c:\program\thesearchaccelerator Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 C:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} UCmore XP - The Search Accelerator HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 C:\Program\TheSearchAccelerator\UCMTSAIE.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} UCmore XP - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 AutoArrange TRUE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 ClearCache TRUE HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator status 1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ComId {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator NumberOfIconsLimit 200 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Path C:\Program\THESEA~1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorUserID 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Version HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Write us link mailto:info@ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator RSSPath C:\Program\THESEA~1\rss HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Server users.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator Server2 users2.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorServer sponsor2.ucmore.com HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ImportFavorite 1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator LastAutoOpenPane 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator SponsorId 2528 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator UserID UN20050613094919140 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator FirstLogin 1 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ShowRelevancyTooltip 0 HKEY_LOCAL_MACHINE\SOFTWARE\Effective-i\TheSearchAccelerator ResultsInNewWin 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47f0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayName UCmore - The Search Accelerator HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator UninstallString C:\Program\THESEA~1\UNWISE.EXE C:\Program\THESEA~1\INSTALL.LOG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayVersion UCmore XP - The Search Accelerator 4.5.1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator HelpLink http://www.ucmore.com/help.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Publisher Effective-i ,Inc. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator URLInfoAbout http://www.ucmore.com/help.htm HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Contact UCmore Support department. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator Comments Uninstalling? Please tell us why at http://www.ucmore.com/clientuninstall.html HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator DisplayIcon C:\Program\THESEA~1\logo.ico,-0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {44BE0690-5429-47F0-85BB-3FFD8020233E} HKEY_CLASSES_ROOT\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} BrowserVillage Toolbar Adware more information... Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1\CLSID {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 Loader2 Control SurfSideKick Settings Modifier more information... Details: SurfSideKick downloads and displays advertisements Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\Software\SurfSideKick3 HKEY_LOCAL_MACHINE\Software\SurfSideKick3\Internet Explorer PInfo WeirdOnTheWeb Adware more information... Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected files detected c:\program\weirdontheweb\terms.txt c:\program\weirdontheweb\weirdontheweb.exe Infected folders detected c:\program\weirdontheweb Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val1 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val2 3600000 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val3 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG val4 10000 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG activity 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG last 1118649007 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG freeze 0 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\UPDATE Module 1118648988 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\UPDATE Config 1118648988 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb Provider topc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb InstallTime 1118648988 HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb GUID FEBABC273791445E828BA3061DE8CE09 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb DisplayName WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\WeirdOnTheWeb UninstallString "C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe" /Uninstall HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG domain v{r{rsry;p|z HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG tracker u}G<<npx;nnqrr;{r<npx;ptvL}|Jh]_\cj3}|tJ[S>3vrvqJB==?3t|}J HKEY_LOCAL_MACHINE\Software\WeirdOnTheWeb\CONFIG updates u}G<<;rvq|{urro;{r<{|vsvr<}qnr< eXact.SearchBar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class 180search Assistant Adware more information... Details: 180search Assistant displays pop-up advertismenets. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected registry keys/values detected HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} Zango Search Assistant Adware more information... Details: Zango Search Assistant shows pop-up advertisements. Status: Ignored Moderate threat - Moderate-risk items have some potential for harm, but may be part of a wanted service. Users may decide to ignore such programs after review. Infected files detected c:\program\180searchassistant\sac.exe C:\WINDOWS\Downloaded Program Files\ClientAX.inf Infected folders detected c:\program\180searchassistant Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sac HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation CODEBASE http://www.180searchassistant.com/180saax.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\ClientAX.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InstalledVersion 6,9,110,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} Detected Spyware Cookies No spyware cookies were found during this scan.