Microsoft AntiSpyware Version: 1.0.615 This version expires on: 12/31/2005 Spyware Definition Version: 5745 (8/17/2005 4:30:58 AM) Spyware Scan Details Start Date: 8/17/2005 4:41:15 AM End Date: 8/17/2005 4:49:11 AM Total Time: 7 mins 56 secs Detected Threats SurfAccuracy Adware more information... Details: SurfAccuracy is adware that monitors keywords typed in search engines and sends this information to a remote server as well as displays popup ads. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program Files\SurfAccuracy\SAcc.exe c:\program files\surfaccuracy\sacc.cfg c:\program files\surfaccuracy\saccu.exe Infected folders detected c:\program files\surfaccuracy Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc accid 104 HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1002924 HKEY_LOCAL_MACHINE\Software\SAcc Version 1102 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1124315215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SurfAccuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString C:\Program Files\SurfAccuracy\SAccU.exe Trojan.intell32 Trojan more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\WINDOWS\system32\intell32.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run intell32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run intell32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run intell32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run intell32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run intell32.exe Trojan.Downloader.Agent.DM Trojan Downloader more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\WINDOWS\system32\srvprc.exe c:\windows\system32/srvprc.exe c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\bot[1].exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run srvprc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run srvprc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run srvprc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run srvprc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run srvprc AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program Files\Internet Optimizer\optimize.exe c:\documents and settings\joshua\local settings\temp\optimize.exe c:\windows\nem220.dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\nem220[1].dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\optimize[1].exe Infected folders detected c:\program files\internet optimizer Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29729551,948955904 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-0c0afde27cdadb1cd6a88d9 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1124271405 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1124271405 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 972,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29729551,948955904 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-0c0afde27cdadb1cd6a88d9 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1124271405 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1124271405 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 972,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 IST.ISTbar Browser Modifier more information... Details: ISTbar is an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program Files\ISTsvc\istsvc.exe c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\is5abjqh\istsvc[1].exe Infected folders detected c:\program files\istsvc Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_CURRENT_USER\software\ist config ysb_m3 HKEY_CURRENT_USER\software\ist Recover !ZpHc#.K\ۂ2X5QlƏL)>H#\ aY4Rw7+^. HKEY_LOCAL_MACHINE\software\istsvc HKEY_LOCAL_MACHINE\software\istsvc version 1023 HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\software\istsvc update_url http://www.ysbweb.com/ist/scripts/istsvc_update.php HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\software\istsvc ui EE76E90F-B9ED-4f50-AC5B-59FD9B741819 HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\software\istsvc popup_count 0 HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 0 HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 4 HKEY_LOCAL_MACHINE\software\istsvc update_count 0 HKEY_LOCAL_MACHINE\software\istsvc update_version 1023 HKEY_LOCAL_MACHINE\software\istsvc config_count 1 HKEY_LOCAL_MACHINE\software\istsvc account_id 1002924 HKEY_LOCAL_MACHINE\software\istsvc app_date HKEY_LOCAL_MACHINE\software\istsvc popup_interval 10800 HKEY_LOCAL_MACHINE\software\istsvc popup_last HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc update_last HKEY_LOCAL_MACHINE\software\istsvc config_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc config_last HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc UninstallString C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-08-17 09:36:42 HKEY_CURRENT_USER\software\ist account_id 1002924 MoneyTree Dialer more information... Details: MoneyTree is an ActiveX installer control that downloads premium-rate dialers, primarily for adult content sites. On system startup MoneyTree attempts to connect to an adult content site. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll 180Solutions.SearchAssistant Adware more information... Details: 180Solutions.SearchAssistant displays pop-up advertisments based on your browsing activity. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\180searchassistant\sais.exe C:\WINDOWS\Downloaded Program Files\ClientAX.inf c:\windows\ydwjkdez.exe c:\windows\downloaded program files\clientax.dll c:\documents and settings\joshua\local settings\temp\180sainstallersilsais1.exe c:\documents and settings\joshua\local settings\temp\dela.tmp c:\documents and settings\joshua\local settings\temp\resb.tmp c:\documents and settings\all users\start menu\programs\180search assistant\180search assistant.com.url c:\documents and settings\all users\start menu\programs\180search assistant\uninstall 180search assistant instructions.lnk c:\program files\180searchassistant\fleok\saishook.dll.tmp Infected folders detected c:\documents and settings\all users\start menu\programs\180search assistant c:\program files\180searchassistant c:\program files\180searchassistant\fleok Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ydwjkdez HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ydwjkdez HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_CLASSES_ROOT\clsid\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_CURRENT_USER\Software\sais HKEY_CURRENT_USER\Software\sais last_conn_h 29729551 HKEY_CURRENT_USER\Software\sais last_conn_l 950660080 HKEY_CURRENT_USER\Software\sais we 5 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CURRENT_USER\Software\sais HKEY_CURRENT_USER\Software\sais TimeOffset -25206 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation CODEBASE http://www.180searchassistant.com/180saax.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\ClientAX.inf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287}\InstalledVersion 6,9,95,0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42CE-9D49-3807F78F0287} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run sais HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ClientAX.ClientInstaller.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais DisplayName Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais UninstallString c:\program files\180searchassistant\sais.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais DisplayIcon c:\program files\180searchassistant\sais.exe,2 HKEY_LOCAL_MACHINE\SOFTWARE\sais HKEY_LOCAL_MACHINE\SOFTWARE\sais did 6911 HKEY_LOCAL_MACHINE\SOFTWARE\sais duid 8A1C2C89A6942CB68E6E46EB10C5993C39FB2E84B6E6C8640D319630F4E37316 HKEY_LOCAL_MACHINE\SOFTWARE\sais partner_id 437099412 HKEY_LOCAL_MACHINE\SOFTWARE\sais product_id 6911 HKEY_LOCAL_MACHINE\SOFTWARE\sais umt 018A1C2C89A6942CB68E6E46EB10C5993C39FB2E84B6E6C8640D319630F4E37316 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_LOCAL_MACHINE\SOFTWARE\sais gma 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais gvi 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais gpi 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais boom HKEY_LOCAL_MACHINE\SOFTWARE\sais boom_ver 1 IST.XXXToolbar Toolbar more information... Details: XXXToolbar is an adult content adware search toolbar for Internet Explorer. XXXToolbar displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\istsvc\istsvc.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IST Service IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\documents and settings\joshua\local settings\temp\sidefind.exe c:\program files\sidefind\sfbho.dll c:\program files\sidefind\sidefind.dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\is5abjqh\sfbho13[1].dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\sidefind13[1].dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\sidefind[1].exe c:\program files\sidefind\update\sidefind.exe c:\program files\sidefind\sfexd001 Infected folders detected c:\program files\sidefind c:\program files\sidefind\update Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind InstallDate 2005-08-17 09:37:09 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind SearchSite http://www.sidefind.com/results.php?target=_external& HKEY_LOCAL_MACHINE\SOFTWARE\SideFind update 1124530629 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind ver 1.3 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind IntervalBetweenShows 240 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 C:\Program Files\SideFind\sfbho.dll HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} BAHelper Class HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind HKEY_CLASSES_ROOT\SideFind.Finder HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} BarSize HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 C:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 ThreadingModel Both HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID BrowserHelperObject.BAHelper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} BAHelper Class HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1 HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder.1 SideFind HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Default Visible Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} ButtonText SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HotIcon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Icon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} CLSID {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} BandCLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind webautosearch true HKEY_LOCAL_MACHINE\Software\Microsoft\SideFind shoppingautosearch true HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind DisplayName SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind UninstallString "C:\Program Files\Sidefind\update\sidefind.exe" /remove HKEY_LOCAL_MACHINE\SOFTWARE\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\SideFind account_id 106 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathBHO C:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathDLL C:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathXML C:\Program Files\SideFind\sfexd001 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathEXE C:\Program Files\Sidefind\update\sidefind.exe eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerID 512 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil NewPartnerName MARKETING27 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerName MARKETING27 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil BuildNumber 8040 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil FirstHitUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UninstallUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UniqueKeyUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UtilFolder C:\WINDOWS\system32 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil InstallOccurUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil AlreadyInstalledUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil ETServer www.xctrk.com eXact.BullseyeNetwork Adware more information... Details: eXact.BullseyeNetwork displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\bullseye network\uninstall.exe c:\program files\bullseye network\bin\adv.exe c:\program files\bullseye network\bin\adx.exe c:\program files\bullseye network\ad.dat c:\program files\bullseye network\ub.dat c:\program files\bullseye network\bin\bargains.exe Infected folders detected c:\program files\bullseye network c:\program files\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network eXact.Downloader Trojan Downloader more information... Details: eXact Downloader is a Trojan used by eXact Bargain Buddy and Cash Back to download and install additional components. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\javexulm.vxd c:\windows\system32\exul.exe c:\windows\system32\exul1.exe c:\windows\system32\mqexdlm.srg c:\windows\system32\msbe.dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\sid6n5gz\bb[1].exe c:\windows\exdl.exe c:\windows\system32\exclean.exe c:\windows\system32\exdl.exe c:\windows\system32\exdl0.exe c:\windows\system32\exdl1.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_CLASSES_ROOT\ADP.UrlCatcher HKEY_CLASSES_ROOT\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher ADP UrlCatcher Class HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\yoursitebar\ysb.dll c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\ysb[1].dll c:\program files\yoursitebar\imagemap_normal.bmp c:\program files\yoursitebar\version.txt c:\program files\yoursitebar\yoursitebar.xml Infected folders detected c:\program files\yoursitebar Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\InprocServer32 C:\Program Files\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\ProgID Ysb.YsbObj.1 HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}\VersionIndependentProgID Ysb.YsbObj HKEY_CLASSES_ROOT\clsid\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "C:\Program Files\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\Software\YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\yoursitebar.xml 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\imagemap_normal.bmp 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\Program Files\YourSiteBar\version.txt 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://www.ysbweb.com/ysb/xml/1002924/ HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar yoursitebar.xml 1291923165 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_normal.bmp 37724413 HKEY_LOCAL_MACHINE\Software\YourSiteBar showcorrupted 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar updatever HKEY_LOCAL_MACHINE\Software\YourSiteBar refreshscope 1440 HKEY_LOCAL_MACHINE\Software\YourSiteBar allowupdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar LastCheckTime 1124271408 HKEY_LOCAL_MACHINE\Software\YourSiteBar version.txt -186917087 HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0 HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 Unclassified.Spyware.57 Spyware more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\uhqsg.exe c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\wj35btb1\istrecover[1].exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCmW HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCmW HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCmW CWS.Conyc Spyware more information... Details: CWS.Conyc is a Browser Helper Object (BHO) that contacts a Web site when Internet Explorer is started. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} HKEY_CLASSES_ROOT\Serch_hook.transURL.1 transURL Class HKEY_CLASSES_ROOT\Serch_hook.transURL HKEY_CLASSES_ROOT\Serch_hook.transURL\CLSID {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} HKEY_CLASSES_ROOT\Serch_hook.transURL\CurVer Serch_hook.transURL.1 HKEY_CLASSES_ROOT\Serch_hook.transURL transURL Class HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}\InprocServer32 C:\WINDOWS\System32\SEARCH~1.DLL HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}\ProgID Serch_hook.transURL.1 HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}\TypeLib {C7EDAB21-D7F9-11D8-BA48-C79B0C409D70} HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}\VersionIndependentProgID Serch_hook.transURL HKEY_CLASSES_ROOT\clsid\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} transURL Class HKEY_CLASSES_ROOT\Serch_hook.transURL.1 HKEY_CLASSES_ROOT\Serch_hook.transURL.1\CLSID {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\BullsEye Network\bin\bargains.exe c:\windows\system32\msbe.dll c:\windows\prefetch\bargains.exe-22a28734.pf Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\system32\msbe.dll HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir C:\Program Files\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://service2.bargain-buddy.net/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\software\bargains ServerName service6.bargain-buddy.net HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8040 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 10000 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\software\bargains PartnerID 512 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1124271414 HKEY_LOCAL_MACHINE\software\bargains PartnerName MARKETING27 HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1124271419:000005170 HKEY_LOCAL_MACHINE\software\bargains UniqueKey 18269309:17316:8040:1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 5 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 2 HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 3 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 4 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 10 HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 8 HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1124271436 HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1124262656 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1124271447 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString C:\Program Files\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon C:\Program Files\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\program files\power scan\powerscan.exe c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\is5abjqh\power_remove[1].exe c:\documents and settings\joshua\local settings\temporary internet files\content.ie5\sid6n5gz\powerscan[1].exe c:\program files\power scan\uninstall.exe c:\documents and settings\joshua\start menu\programs\power scan\power scan.lnk Infected folders detected c:\documents and settings\joshua\start menu\programs\power scan c:\program files\power scan Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan DisplayName Power Scan HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan UninstallString C:\Program Files\Power Scan\uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_CURRENT_USER\software\powerscan HKEY_CURRENT_USER\software\powerscan account_id 1002924 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Power Scan eXact.SearchBar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Ignored Elevated threat - Elevated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\system32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class Detected Spyware Cookies No spyware cookies were found during this scan.