Spyware Scan Details Start Date: 2005-06-13 10:12:55 End Date: 2005-06-13 10:23:20 Total Time: 10 mins 25 secs Detected spyware MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_CLASSES_ROOT\clsid\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page SBSoft Browser Hijacker more information... Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\documents and settings\roger\application data\sbsoft\barlinks.ini c:\documents and settings\roger\application data\sbsoft\hot.ico c:\documents and settings\roger\application data\sbsoft\kliksrch.ico c:\documents and settings\roger\application data\sbsoft\mortgages.ico c:\documents and settings\roger\application data\sbsoft\pharmaci.ico c:\documents and settings\roger\application data\sbsoft\pharmacy.ico c:\documents and settings\roger\application data\sbsoft\poker.ico c:\documents and settings\roger\application data\sbsoft\privacy1.ico c:\documents and settings\roger\application data\sbsoft\realest.ico c:\documents and settings\roger\application data\sbsoft\search.ico c:\documents and settings\roger\application data\sbsoft\sport.ico c:\documents and settings\roger\application data\sbsoft\desk.ini c:\documents and settings\roger\application data\sbsoft\spyware.ico c:\documents and settings\roger\application data\sbsoft\switch.ico c:\documents and settings\roger\application data\sbsoft\travel1.ico c:\documents and settings\roger\application data\sbsoft\links.ini c:\documents and settings\roger\application data\sbsoft\toolbar.ini c:\documents and settings\roger\application data\sbsoft\dating.ico c:\documents and settings\roger\application data\sbsoft\dating1.ico c:\documents and settings\roger\application data\sbsoft\finance.ico c:\documents and settings\roger\application data\sbsoft\gambling.ico c:\documents and settings\roger\application data\sbsoft\home.ico Infected folders detected c:\documents and settings\roger\application data\sbsoft Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft DisplayName SB Soft HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SBSoft UninstallString RunDll32 "C:\WINDOWS\system32\webdlg32.dll",Uninstall CoolWebSearch.StartPage Browser Hijacker more information... Details: CoolWebSearch StartPage hijacks Internet Explorers start page not allowing the user to change this URL. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO.1\CLSID {30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO.1 StartBHO Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO\CLSID {30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO\CurVer ToolBand.StartBHO.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.StartBHO StartBHO Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1\CLSID {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj.1 Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer ToolBand.ToolBandObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.ToolBandObj Search Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks {30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 C:\WINDOWS\system32\webdlg32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID ToolBand.ToolBandObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib {5297E905-1DFB-4A9C-9871-A4F95FD58945} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID ToolBand.ToolBandObj Spyware.SearchAssistant Spyware more information... Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\system32\dsmanager.dll CoolWebSearch Browser Hijacker more information... Details: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators. Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494} Windows Resources HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\InprocServer32 C:\WINDOWS\DOWNLO~1\ipreg32.dll HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\ProgID DownCom.CDownCom.1 HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\TypeLib {4A31E565-08CB-4272-8817-7BF729B6A96F} HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}\VersionIndependentProgID DownCom.CDownCom HKEY_CLASSES_ROOT\clsid\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} CDownCom Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494} CoolWebSearch.CameUp Browser Hijacker more information... Status: Ignored Severe spyware - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected c:\windows\downloaded program files\ipreg32.dll c:\windows\webdlg32.dll c:\windows\winsx.cab c:\windows\winsx.dll C:\WINDOWS\system32\webdlg32.dll Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959}\ProgID ToolBand.StartBHO.1 HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959}\TypeLib {5297E905-1DFB-4A9C-9871-A4F95FD58945} HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959}\VersionIndependentProgID ToolBand.StartBHO HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959} StartBHO Class HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175} HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}\InprocServer32 C:\WINDOWS\winsx.dll HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}\ProgID Popup.Pop.1 HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}\TypeLib {1293FED0-03D0-4426-B0CF-9D3C5141BA8C} HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 C:\WINDOWS\system32\webdlg32.dll HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175}\VersionIndependentProgID Popup.Pop HKEY_CLASSES_ROOT\clsid\{A9AEE0DD-89E1-40EE-8749-A18650CC2175} Pop Class HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959} HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}\InprocServer32 C:\WINDOWS\system32\webdlg32.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}\ProgID ToolBand.StartBHO.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}\TypeLib {5297E905-1DFB-4A9C-9871-A4F95FD58945} HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}\VersionIndependentProgID ToolBand.StartBHO HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959} StartBHO Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9AEE0DD-89E1-40EE-8749-A18650CC2175} HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID ToolBand.ToolBandObj.1 HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib {5297E905-1DFB-4A9C-9871-A4F95FD58945} HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID ToolBand.ToolBandObj HKEY_CLASSES_ROOT\clsid\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Search Bar HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959} HKEY_CLASSES_ROOT\clsid\{30192F8D-0958-44E6-B54D-331FD39AC959}\InprocServer32 C:\WINDOWS\system32\webdlg32.dll SearchMiracle.EliteBar Browser Plug-in more information... Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar. Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected c:\windows\downloaded program files\conflict.1\v3.dll c:\windows\downloaded program files\v3.dll Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar popupblocker of HKEY_LOCAL_MACHINE\Software\Elitum HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar AccountNumber vlad HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar axparam &cc=1 HKEY_LOCAL_MACHINE\Software\Elitum\EliteToolBar popupblocker of HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\DownloadInformation CODEBASE http://searchmiracle.com/cab/6.cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\DownloadInformation OSD C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OSDEB.OSD HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD} {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\InstalledVersion 1,0,0,1 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab\InstalledVersion LastModified Wed, 02 Mar 2005 23:18:24 GMT HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab v3cab HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab SystemComponent 0 HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\v3cab Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\Contains\Files C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\DownloadInformation CODEBASE http://searchmiracle.com/cab/6.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\DownloadInformation OSD C:\WINDOWS\Downloaded Program Files\CONFLICT.1\OSDEB.OSD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\InstalledVersion 1,0,0,1 HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab\InstalledVersion LastModified Wed, 02 Mar 2005 23:18:24 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\v3cab Installer MSICD HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll .Owner v3cab HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll v3cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run checkrun HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\v3.dll HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} _DPlot HKEY_CLASSES_ROOT\plot.plotctrl.1\clsid HKEY_CLASSES_ROOT\plot.plotctrl.1\clsid {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\Control HKEY_CLASSES_ROOT\plot.plotctrl.1 HKEY_CLASSES_ROOT\plot.plotctrl.1\CLSID {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\plot.plotctrl.1 {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429} HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\FLAGS 2 HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files HKEY_CLASSES_ROOT\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0 ActiveX Control module HKEY_CURRENT_USER\software\lq HKEY_CURRENT_USER\software\lq TM 10 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\v3.dll HKEY_CURRENT_USER\software\lq U 0 HKEY_CURRENT_USER\software\lq AD 4 HKEY_CURRENT_USER\software\lq AC 1610 HKEY_CURRENT_USER\software\lq I {EE4D52D2-848A-4468-8E86-F1C481B927A1} HKEY_CURRENT_USER\software\lq AM 6 HKEY_CURRENT_USER\software\lq AT 86400 HKEY_CURRENT_USER\software\lq TR 86400 HKEY_CURRENT_USER\software\lq country Sweden HKEY_CURRENT_USER\software\lq city Ektorp HKEY_CURRENT_USER\software\lq state 26 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 ThreadingModel Apartment HKEY_CURRENT_USER\software\lq RX 1 HKEY_CURRENT_USER\software\lq RX2.8 1 HKEY_CURRENT_USER\software\lq RX2.9 1 HKEY_CURRENT_USER\software\lq RX3.0 1 HKEY_CURRENT_USER\software\lq RX3.1 1 HKEY_CURRENT_USER\software\lq RX3.2 1 HKEY_CURRENT_USER\software\lq RX3.3 1 HKEY_CURRENT_USER\software\lq FU3.4 1 HKEY_CURRENT_USER\software\lq FU3.5 1 HKEY_CURRENT_USER\software\lq FU3.6 1 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus\1 131473 HKEY_CURRENT_USER\software\lq LU3.7 1 HKEY_CURRENT_USER\Software\LQ TM 10 HKEY_CURRENT_USER\Software\LQ U 0 HKEY_CURRENT_USER\Software\LQ AD 4 HKEY_CURRENT_USER\Software\LQ AC 1630 HKEY_CURRENT_USER\Software\LQ I {EE4D52D2-848A-4468-8E86-F1C481B927A1} HKEY_CURRENT_USER\Software\LQ AM 6 HKEY_CURRENT_USER\Software\LQ AT 86400 HKEY_CURRENT_USER\Software\LQ TR 86400 HKEY_CURRENT_USER\Software\LQ country Sweden HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus 0 HKEY_CURRENT_USER\Software\LQ city Ektorp HKEY_CURRENT_USER\Software\LQ RX 1 HKEY_CURRENT_USER\Software\LQ RX2.8 1 HKEY_CURRENT_USER\Software\LQ RX2.9 1 HKEY_CURRENT_USER\Software\LQ RX3.0 1 HKEY_CURRENT_USER\Software\LQ RX3.1 1 HKEY_CURRENT_USER\Software\LQ RX3.2 1 HKEY_CURRENT_USER\Software\LQ RX3.3 1 HKEY_CURRENT_USER\Software\LQ FU3.4 1 HKEY_CURRENT_USER\Software\LQ FU3.5 1 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\ProgID PLOT.PlotCtrl.1 HKEY_CURRENT_USER\Software\LQ FU3.6 1 HKEY_CURRENT_USER\Software\LQ LU3.7 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\Control HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\v3.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus\1 131473 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\MiscStatus 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\ProgID PLOT.PlotCtrl.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\v3.dll, 1 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\v3.dll, 1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}\Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD} {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{a74cd7de-ea6f-11d4-abf3-000102378429} _DPlot HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1 HKEY_CLASSES_ROOT\clsid\{02C20140-76F8-4763-83D5-B660107BABCD}\TypeLib {A74CD7DD-EA6F-11D4-ABF3-000102378429} HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1\CLSID {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\plot.plotctrl.1 {02C20140-76F8-4763-83D5-B660107BABCD} HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429} HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\v3.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\FLAGS 2 HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files HKEY_LOCAL_MACHINE\software\classes\typelib\{a74cd7dd-ea6f-11d4-abf3-000102378429}\1.0 ActiveX Control module HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar AccountNumber vlad HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar axparam &cc=1 CoolWebSearch.WinRes Spyware more information... Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} HKEY_CLASSES_ROOT\WinRes.WindowsResources.1 Windows Resources HKEY_CLASSES_ROOT\WinRes.WindowsResources HKEY_CLASSES_ROOT\WinRes.WindowsResources\CLSID {2D38A51A-23C9-48a1-A33C-48675AA2B494} HKEY_CLASSES_ROOT\WinRes.WindowsResources\CurVer WinRes.WindowsResources.1 HKEY_CLASSES_ROOT\WinRes.WindowsResources Windows Resources HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 C:\WINDOWS\winres.dll HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\ProgID WinRes.WindowsResources.1 HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\TypeLib {344EE577-2027-4714-82FF-0D7538488547} HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494}\VersionIndependentProgID WinRes.WindowsResources HKEY_CLASSES_ROOT\clsid\{2D38A51A-23C9-48a1-A33C-48675AA2B494} WindowsResources HKEY_CLASSES_ROOT\WinRes.WindowsResources.1 HKEY_CLASSES_ROOT\WinRes.WindowsResources.1\CLSID {2D38A51A-23C9-48a1-A33C-48675AA2B494} MDS Search Booster Spyware more information... Status: Ignored High spyware - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\Documents and Settings\Roger\Lokala inställningar\Temp\x.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MDS Search Booster HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MDS Search Booster UninstallString C:\DOCUME~1\Roger\LOKALA~1\Temp\x.exe /uninstall HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\MDS Search Booster DisplayName MDS Search Booster 180search Assistant Adware more information... Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers. Status: Ignored Elevated spyware - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_CURRENT_USER\Software\SerG\SearchBar HKEY_CURRENT_USER\Software\SerG\SearchBar ID1 1871 HKEY_CURRENT_USER\Software\SerG\SearchBar ID2 60037513 HKEY_CURRENT_USER\Software\SerG\SearchBar ID4 0 HKEY_CURRENT_USER\Software\SerG\SearchBar NumRuns 13 HKEY_CURRENT_USER\Software\SerG\SearchBar Next 0 HKEY_CURRENT_USER\Software\SerG\SearchBar CLSID {33399B37-E94D-409A-BF0D-50C35C59C722} HKEY_CURRENT_USER\Software\SerG\SearchBar PanelNumber 1 Detected Spyware Cookies TribalFusion.com QuestionMarket.com Revenue.net Com.com Mediaplex.com Adserver.com casalemedia.com ATDMT.com CGI-Bin DoubleClick FastClick.com