Items not removed by Microsoft AntiSpyware.

D

davidpatchen

After Running Microsoft AntiSpyware and Removing all
found spyware. I ran the following
applications to find out how effective the Microsoft
AntiSpyware application was. The
Following specifies the Application used and The Items
either missed by AntiSpyware's
removal process or not detected by AntiSpyware at all.
Some items are redundant between
other spyware programs run.

Referances *ND=Not Detected by AntiSpyware at all.
*D=Detected by AntiSpyware and Removed
but items were still found.
HKCR=HKEY_CLASSES_ROOT
HKLM=HKEY_LOCAL_MACHINE
HKCU=HKEY_CURRENT_USER
HKU=HKEY_USERS
SYS=C:\Windows\System32\
TIF=Temp Internet Files Directory
FAV=Favorites Directory
R=RegKey Entry
F=File Name
c=Cookie File


AntiVirus Gold V2.0 (Demo available at
www.antivirusgold.com) detected 36 items not removed
by AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------

AZESearch - *D, 19 registry entries, 1 XML file, & 1 DLL
file
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\Interface\EF77D50B-5767-4E0E-A3A4-098670025F1D
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\Classes\AddressBar.Loader
R=HKLM\SOFTWARE\Classes\AddressBar.Loader.1
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKLM\SOFTWARE\Classes\Interface\636FF82A-830A-42EA-938B-
6DC78B2AC30C
R=HKLM\SOFTWARE\Classes\Interface\A55C3BA7-DB1E-4652-867E-
055CEAFE8018
R=HKLM\SOFTWARE\Classes\Interface\EF77D50B-5767-4E0E-A3A4-
098670025F1D
R=HKLM\SOFTWARE\Classes\TypeLib\42FC3840-020C-4E93-A34C-
4DF1A6330FBB
R=HKLM\SOFTWARE\Classes\TypeLib\DEA43CE3-D57B-45F6-A4D1-
110E652CED11
R=HKLM\SOFTWARE\\LoaderCo
F=SYSazebar.xml
F=SYSiasada.dll

YourSiteBar - *D, 2 registry entries.
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

CoolWebSearch-MW Search, 1 registry entry.
R=HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Battler.Batch - *ND, 1 registry entry
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
System

Hosts.hijacker - *D, 1 file.
F=Location www.teen-biz.com

ADTMT.com - *ND, 1 cookie.
C=david patchen@atdmt[1].txt

ClickBank - *ND, 1 cookie .
C=david patchen@clickbank[2].txt

goClick - *ND, 1 cookie.
C=david (e-mail address removed)[1].txt

Overture.com - *ND, 2 cookies.
C=david patchen@overture[1].txt
C=david (e-mail address removed)[1].txt

SexTracker.com - *ND, 3 cookies.
C=david (e-mail address removed)[1].txt
C=david (e-mail address removed)[1].txt
C=david patchen@sextracker[2].txt

SpyLog.com - *ND, 1 cookie.
C=david patchen@spylog[2].txt

XXXToolBar.com - *ND, 1 cookie not removed.
C=david patchen@xxxtoolbar[2].txt


Spyware Killa (Freeware available at
www.SpywareKilla.com) detected 9 items not removed by
AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------

Hotbar - *ND, 1 registry entry.
R=HKLM\System\currentcontrolset\control\deviceCLASSES\
fd0af4-b41d-11d2-9c95-00c004f7971e0

sextracker - *ND, 1 cookies.
C=sextracker.

VX2 - *ND, 1 cookie.
C=itc.

WildTangent - *ND, 1 cookie.
C=Wildtangent.

Aureate - *ND, 1 TLB file.
NOTE: This should have not been detected as it is the
type library for activemovie.
F=amcompat.tlb

DownloadWare - *ND, 1 DLL file.
NOTE: This should have not been detected as it is part of
Microsoft Train Simulator.
F=dw.exe

FlashTrack - *ND, 1 DLL file.
NOTE: This This should have not been detected as it is
part of 3D Studio Max.
F=flt.dll


PCTools Spyware Doctor (Demo avialable at
www.pctools.com) detected xx items not removed by
AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------
AZESearch Toolbar - *D, 16 Registry Entries, 1 BMP File,
& 1 DLL file.
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\Interface\38252777-2500-456E-8B3D-A55850306DA2
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\LoaderCo
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292
R=HKLM\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\A19EF336-01D4-48E6-926A-FE7E1C747AED
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\A19EF336-01D4-48E6-926A-FE7E1C747AED
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\f65b197f-8260-4d52-909a-f70118e646eb
f=TIF\azesearch[1].bmp
f=TIF\azentretien[1].dll

1800search assistant - *D, 6 Registry Entries, 1
Directory File.
R=HKCR\CLSID\0AC49246-419B-4EE0-8917-8818DAAD6A4E
R=HKLM\SOFTWARE\Classes\CLSID\0AC49246-419B-4EE0-8917-
8818DAAD6A4E
R=HKCR\Interface\2B0ECEAC-F597-4858-A542-D966B49055B9
R=HKCR\Interface\DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD
R=HKCR\Interface\F1F1E775-1B21-454D-8D38-&C16519969E5
R=HKCR\TypeLib\5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA
F=All Users\Start Menu\Programs\180Search Assistant

Internet Optimizer-Avenue Media - *ND, 7 Registry
Entries, 2 files.
R=HKLM\software\policies\avenue media\
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\policies\avenue media
R=HKLM\SOFTWARE\Microsoft\INternet Explorer\Main\BandRest
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet Explorer\Main\BandRest
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
AMeOpt
R=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
AMeOpt
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\00000010-6F7D-93E3-4A4827C2E4C8
F=TIF\optimize[1].exe
F=TIF\nem220[1].dll

istbar - *D, 1 Registry Entry, 1 Cookie, 1 EXE File
R=HKCR\TypeLib\D0288A41-9855-4A9B-8316-BABE243648DA
C=david patchen@ysbweb[1].txt
F=TIF\istrecover[1].exe

dapsol dialer - *ND, 1 registry entry.
R=HKCU\Software\Microsoft\Internet Explorer\Main\conc


Exact advertising Bargain buddy - *D as Cashback, 4
Registry Entries, 2 EXE Files.
R=HKCR\Interface\8EEE58D5-130E-4CBD-9C83-35A0564E5678
R=HKCR\Interface\C6906A23-4717-4E1F-B6FD-F06EBED15678
R=HKCR\TypeLib\4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\F4E04583-354E-4076-BE7D-ED6A80FD66DA
F=TIF\bb[1].exe
F=TIF\package_marketing27[1].exe

Jraun - *ND, 4 Registy Entries.
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\86227D9C-0EFE-4F8A-AA55-
30386A3F5686
R=HKLM\SOFTWARE\Microsoft\INternet
Explorer\Toolbar\86227D9C-0EFE-4F8A-AA55-30386A3F5686
R=HKLM\SOFTWARE\Microsoft\INternet
Explorer\WebBrowser\86227D9C-0EFE-4F8A-AA55-30386A3F5686
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\86227D9C-0EFE-4F8A-AA55-30386A3F5686

Maxifiles clickpix toolbar - *ND, 2 registry entries.
R=HKCR\Interface\0d5cc8ae-0bb0-49c3-ba33-ba4508ea43cc

powerscan - *D, 1 registry entry, 2 files.
R=HKLM\software\microsoft\windows\currentversion\uninstall
\powerscan\
F=TIF\power_remove[1].exe
F=TIF\powerscan[1].exe

bho_sidefind - *D, 3 registry entries, 1 DLL files.
R=HKCR\interface\339d8aff-0b42-3260-ad82-78ce605a9543
R=HKCR\interface\a36a5936-cfd9-4b41-86bd-319a1931887f
R=HKCR\typelib\58634367-d62b-4c2c-86be-5aac45cdb671
F=TIF\sidefind13[1].dll

yoursitebar - *D, 8 registry entries.
R=HKCR\interface\03b800f9-2536-4441-8cda-2a3e6d15b4f8
R=HKCR\interface\dfbcc1eb-b149-487e-80c1-cc1562021542
R=HKCR\typelib\4ee12b71-aa5e-45ec-8666-2db3ad3fdf44
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\42F2C9BA-614F-47C0-B3E3-ECFD34EED658

XXXToolBar.com - *ND, 1 cookie not removed.
C=david patchen@xxxtoolbar[2].txt

SPecific 911 Hijack go2net.com - *ND, 1 cookie.
C=davidpatchen@go2net[1].txt

Common Components Unrelated
R=HKCU\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\10E42047-DEB9-4535-A118-
B3F6EC39B807
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\10E42047-DEB9-4535-A118-B3F6EC39B807

MediaPass - *ND, 1 Registry Entry.
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6

Lop.COm - *ND, 1 URL File
F=FAV\adult\fetish.url

HotSearchBar *ND, 31 INK Files.
F=FAV\Fun & Games\Betting.Ink
F=FAV\Fun & Games\Casino Palace.Ink
F=FAV\Fun & Games\Casino.Ink
F=FAV\Fun & Games\Games.Ink
F=FAV\Fun & Games\Horoscope.Ink
F=FAV\Going Places\Air Tickets.Ink
F=FAV\Going Places\Car Rentals.Ink
F=FAV\Going Places\Hotel Deals.Ink
F=FAV\Going Places\Luggage.Ink
F=FAV\Going Places\Travel.Ink
F=FAV\Living\Dating.Ink
F=FAV\Living\Find a Degree.Ink
F=FAV\Living\Find a JOb.Ink
F=FAV\Living\Home.Ink
F=FAV\Living\Insurance.Ink
F=FAV\Shop\Auctions.Ink
F=FAV\Shop\Books.Ink
F=FAV\Shop\Computers.Ink
F=FAV\Shop\Discount.Ink
F=FAV\Shop\Flowers.Ink
F=FAV\Shop\Golf.Ink
F=FAV\Shop\Jewelry.Ink
F=FAV\Shop\Movies.Ink
F=FAV\Shop\Music.Ink
F=FAV\Shop\Online Store.Ink
F=FAV\Shop\Perfume.Ink
F=FAV\Shop\Sleepwear.Ink
F=FAV\Technology\Adware Remover.Ink
F=FAV\Technology\Anti-Virus.Ink
F=FAV\Technology\PC Cleaner.Ink
F=FAV\Technology\Tech & gadgets.Ink

sahAgent - *ND, 1 EXE File
NOTE: Incorrectly Identified, this is part of Kodak
Picture Easy.
F=PEZTwain.EXE


WebRoot Spy Sweeper (Demo available at
www.spysweeper.cOM) detected xx items not removed
by AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------
AZESearch - *D, 19 registry entries, 1 XML file, 2 DLL
files, 1 BMP file, 1 CAB file.
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\Interface\EF77D50B-5767-4E0E-A3A4-098670025F1D
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\Classes\AddressBar.Loader
R=HKLM\SOFTWARE\Classes\AddressBar.Loader.1
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKLM\SOFTWARE\Classes\Interface\636FF82A-830A-42EA-938B-
6DC78B2AC30C
R=HKLM\SOFTWARE\Classes\Interface\A55C3BA7-DB1E-4652-867E-
055CEAFE8018
R=HKLM\SOFTWARE\Classes\Interface\EF77D50B-5767-4E0E-A3A4-
098670025F1D
R=HKLM\SOFTWARE\Classes\TypeLib\42FC3840-020C-4E93-A34C-
4DF1A6330FBB
R=HKLM\SOFTWARE\Classes\TypeLib\DEA43CE3-D57B-45F6-A4D1-
110E652CED11
R=HKLM\SOFTWARE\LoaderCo
F=SYSazebar.xml
F=SYSiasada.dll
F=TIF\azesearch[1].bmp
F=TIF\azentretien[1].dll
F=TIF\azesearch[1].cab

Bargain buddy - *D as cashback part of Bargain buddy, 6
registry entries, 2 EXE Files.
R=HKCR\Interface\8eee58d5-130e-4cbd-9c83-35a0564e5678
R=HKCR\Interface\c6906a23-4717-4e1f-b6fd-f063bed5678
R=HKLM\SOFTWARE\Classes\Interface\8eee58d5-130e-4cbd-9c83-
35a0564e5678
R=HKLM\SOFTWARE\Classes\Interface\c6906a23-4717-4e1f-b6fd-
f063bed5678
R=HKLM\SOFTWARE\Classes\typelib\4eb7bbe8-2e15-424b-9ddb-
2cdb9516b2c3
R=HKCR\typelib\4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3
F=TIF\bb[1].exe
F=TIF\package_marketing27[1].exe

blazefind_adstat - *ND, 2 registry entries, & 1 DLL file.
R=HKCR\adstatservx.installer\
R=HKLM\software\classes\adstatservx.installer\
F=c:\windows\downloaded program files\adstatservx.dll

bonzi buddy - *ND, 4 registry entries.
R=HKCR\Interface\4bb35a55-a91a-11cf-ba7c-00a0d1001a5a
R=HKCR\Interface\244d13bb-afdb-11ce-85d1-00aa00695286
R=HKCR\Interface\f2a97fa2-714d-11cf-ba24-00a0d1001a5a
RekKey = HKLM\software\classes\interface\4bb35a55-a91a-
11cf-ba7c-00a0d1001a5a

clickpix toolbar - *ND, 2 registry entries.
R=HKCR\Interface\0d5cc8ae-0bb0-49c3-ba33-ba4508ea43cc
R=HKLM\software\classes\interface\0d5cc8ae-0bb0-49c3-ba33-
ba4508ea43cc

dapsol dialer - *ND, 1 registry entry.
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet Explorer\Main\conc

internetoptimiser - *ND, 3 registry entries, 1 EXE file.
R=HKLM\software\microsoft\windows\currentversion\policies\
ameopt
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\policies\avenue media
R=HKLM\software\policies\avenue media\
F=TIF\optimize[1].exe

navisearch - *ND, 6 Registry entries.
R=HKCR\Interface\8eee58d5-130e-4cdb-9c83-35a0564e5678
R=HKCR\Interface\c6906a23-4717-4e1f-b6fd-f06ebed15678
RekKey = HKLM\software\classes\interface\8eee58d5-130e-
4cdb-9c83-35a0564e5678
RekKey = HKLM\software\classes\interface\c6906a23-4717-
4e1f-b6fd-f06ebed15678
RekKey = HKLM\software\classes\typelib\4eb7bbe8-2e15-424b-
9ddb-2cdb9516b2c3
R=HKCR\typelib\4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3

1800search assistant - *D, 4 Registry entries, 1 folder,
1 file.
R=HKCR\clsid\0ac49246-419b-4ee0-8917-8818daad6a4e
R=HKCR\ncmyb.sabho\
R=HKLM\software\classes\clsid\0ac49246-419b-4ee0-8917-
8818daad6a4e
R=HKLM\software\classes\ncmyb.sabho\
Folder = all users\start menu\programs\180search assistant
F=c:\program files\microsoft
antispyware\quarantine\a9988bff-e119-48c1-b905-ad0c26
\4c599ceb-a203-4755-b324-005bac

powerscan - *D, 1 registry entry, 2 files.
R=HKLM\software\microsoft\windows\currentversion\uninstall
\powerscan\
F=TIF\power_remove[1].exe
F=TIF\powerscan[1].exe

searchit toolbar - *ND, 3 registry entries.
R=HKLM\software\classes\toolband.toolhelper.1\
R=HKLM\software\classes\toolband.toolhelper\
R=HKCR\toolband.toolhelper\

bho_sidefind - *D, 9 registry entries, 1 EXE file, & 2
DLL files.
R=HKCR\interface\339d8aff-0b42-3260-ad82-78ce605a9543
R=HKCR\interface\a36a5936-cfd9-4b41-86bd-319a1931887f
R=HKLM\software\classes\interface\339d8aff-0b42-3260-ad82-
78ce605a9543
R=HKLM\software\classes\interface\a36a5936-cfd9-4b41-86bd-
319a1931887f
R=HKLM\software\classes\typelib\58634367-d62b-4c2c-86be-
5aac45cdb671
R=HKLM\software\classes\typelib\d0288a41-9855-4a9b-8316-
babe243648da
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\10E42047-DEB9-4535-A118-
B3F6EC39B807
R=HKCR\typelib\58634367-d62b-4c2c-86be-5aac45cdb671
R=HKCR\typelib\d0288a41-9855-4a9b-8316-babe243648da
F=TIF\sidefind[1].exe
F=TIF\sidefind13[1].dll
F=TIF\sfbho[1].dll

winad - *ND, 1 registry entry.
R=HKLM\SOFTWARE\adstatus service\

yoursitebar - *D, 8 registry entries, 1 DLL file.
R=HKCR\interface\03b800f9-2536-4441-8cda-2a3e6d15b4f8
R=HKCR\interface\dfbcc1eb-b149-487e-80c1-cc1562021542
R=HKLM\software\classes\interface\03b800f9-2536-4441-8cda-
2a3e6d15b4f8
R=HKLM\software\classes\interface\dfbcc1eb-b149-487e-80c1-
cc1562021542
R=HKLM\software\classes\typelib\4ee12b71-aa5e-45ec-8666-
2db3ad3fdf44
R=HKLM\software\microsoft\internet
explorer\toolbar\86227D9C-0EFE-4f8a-AA55-30386A3F5686
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\toolbar\webbrowser\86227D9C-0EFE-4F8A-AA55-
30386A3F5686
R=HKCR\typelib\4ee12b71-aa5e-45ec-8666-2db3ad3fdf44
F=TIF\ysb[1].dll

zango - *D, 4 registry entries.
R=HKLM\SOFTWARE\Classes\TypeLib\5b6689b5-c2d4-4dc7-bfd1-
24ac17e5fcda
R=HKLM\SOFTWARE\Classes\TypeLib\68bf4626-d66b-4383-a6af-
62e57e9b6cd4
R=HKCR\typelib\5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda
R=HKCR\typelib\68bf4626-d66b-4383-a6af-62e57e9b6cd4

sandboxer - *ND, 2 cookies.
C=davidpatchen@0[1].txt
C=davidpatchen@0[2].txt

2o7.net - *ND, 2 cookies.
[email protected][1].txt
C=davidpatchen@2o7[1].txt

6425137 - *ND, 1 Cookie.
C=davidpatchen@6425137[2].txt

66.246.209 - *ND, 1 cookie.
[email protected][2].txt

80503492 - *ND, 1 cookie.
C=davidpatchen@80503492[1].txt

yieldmanager - *ND, 1 cookie.
[email protected][1].txt

advertising - *ND, 1 cookie.
C=davidpatchen@advertising[1].txt

apmebf - *ND, 1 cookie.
C=davidpatchen@apmebf[1].txt

ask - *ND, 1 cookie.
C=davidpatchen@ask[1].txt

atlas dmt - *ND, 1 cookie.
C=davidpatchen@atdmt[1].txt

adwola - *ND, 1 cookie.
C=davidpatchen@atwola[1].txt

azjmp - *ND, 1 cookie.
C=davidpatchen@azjmp[1].txt

enhance - *ND, 1 cookie.
[email protected][2].txt

goclick - *ND, 1 cookie.
[email protected][1].txt

clickbank - *ND, 1 cookie.
C=davidpatchen@clickbank[2].txt

com.com - *ND, 1 cookie.
C=davidpatchen@com[2].txt

sextracker - *ND, 3 cookies.
[email protected][1].txt
[email protected][1].txt
C=davidpatchen@sextracker[2].txt

ru4 - *ND, 1 cookie.
[email protected][2].txt

go2net.com - *ND, 1 cookie.
C=davidpatchen@go2net[1].txt

metareward.com - *ND, 1 cookie.
C=davidpatchen@metareward[2].txt

aptimus - *ND, 1 cookie.
[email protected][1].txt

nuker - *ND, 1 cookie.
C=davidpatchen@nuker[2].txt

overture - *ND, 2 cookies.
C=davidpatchen@overture[1].txt
C=davidpatchen@perf_overture[1].txt

rightmedia - *ND, 1 cookie.
C=davidpatchen@rightmedia[2].txt

server.iad.liveperson - *ND, 1 cookie.
[email protected][2].txt

serving-sys - *ND, 1 cookie.
C=davidpatchen@serving-sys[1].txt

spylog - *ND, 1 cookie.
C=davidpatchen@spylog[2].txt

stopzila - *ND, 1 cookie.
[email protected][2].txt

xxxtoolbar - *ND, 1 cookie.
C=davidpatchen@xxxtoolbar[2].txt

uadro - *ND, 1 cookie.
C=davidpatchen@yadro[1].txt

ysbweb - *ND, 1 cookie.
C=davidpatchen@yadro[1].txt

hookdump - *ND, 1 EXE File.
F=SYShookdump.exe

istbar - *D, 2 EXE files.
F=TIF\istecover[1].exe
F=TIF\istsvc[1].exe

java byteveriry - *ND, 1 JAR file.
F=TIF\classload[1].jar

moneytree - *D, 1 DLL file.
F=TIF\nem220[1].dll

amquiro toolbar - *ND, 1 BMP file.
F=c:\program files\torrent search ie toolbar\nav.bmp

sexfiles fialers - *ND, 1 INK file.
F=FAV\living\dating.Ink
 
S

Steve Wechsler [MVP]

david,

Thanks for the detailed report. For your information, MWAS does not
detect cookies. Spyware Killa is on the list of rogue antispyware
programs here : http://www.spywarewarrior.com/rogue_anti-spyware.htm

" aggressive advertising ; false positives work as goad to purchase;
same app as Adware Hitman, Consumer Identity, Protect Your Identity,
SpyBan, SpywareAssassin, Spyware C.O.P., The Adware Hunter, &
TheSpywareKiller "

If one checks the spywarekilla site there is NO Privacy Policy listed.

AntiVirus Gold V2.0 is another well known rogue program :
http://www.google.com/search?hl=en&lr=&biw=1136&q=AntiVirus+Gold+&btnG=Search

Which version of MWAS are you using and :
1) Are the definition files up to date ?
2) Did you do a Full system scan in normal Windows mode ?
3) After doing the above did you boot to Safe Mode and do another Full
system scan ?

The registry entries for PC Tools Spyware Doctor indicate that the
malware files were located in the Temporary Internet Files cache of IE.
By setting IE to dump it's cache when it's closed via Internet Options,
Advanced tab, scroll down to the Security heading, and check the box for
" Empty Temporary Internet Files folder when browser is closed ", one
can delete these files from the system before they can do harm.

Using MWAS in conjunction with AdAware and/or Spybot should remove most
malware that's floating around these days. Unfortunately, the ones it
can not remove usually require special tools and applications that most
Users of computers have a hard time using.

And that's where the antispyware forums come in :

http://forum.aumha.org/viewforum.php?f=30&sid=31f93c5355925cfc2192b5c49d352100
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html
http://spywarewarrior.com/viewforum.php?f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Once again, thanks for the detailed report.

Steve Wechsler (akaMowGreen)
MS-MVP 2004-2005
===============
*-343-* FDNY
Never Forgotten
===============


After Running Microsoft AntiSpyware and Removing all
found spyware. I ran the following
applications to find out how effective the Microsoft
AntiSpyware application was. The
Following specifies the Application used and The Items
either missed by AntiSpyware's
removal process or not detected by AntiSpyware at all.
Some items are redundant between
other spyware programs run.

Referances *ND=Not Detected by AntiSpyware at all.
*D=Detected by AntiSpyware and Removed
but items were still found.
HKCR=HKEY_CLASSES_ROOT
HKLM=HKEY_LOCAL_MACHINE
HKCU=HKEY_CURRENT_USER
HKU=HKEY_USERS
SYS=C:\Windows\System32\
TIF=Temp Internet Files Directory
FAV=Favorites Directory
R=RegKey Entry
F=File Name
c=Cookie File


AntiVirus Gold V2.0 (Demo available at
www.antivirusgold.com) detected 36 items not removed
by AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------

AZESearch - *D, 19 registry entries, 1 XML file, & 1 DLL
file
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\Interface\EF77D50B-5767-4E0E-A3A4-098670025F1D
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\Classes\AddressBar.Loader
R=HKLM\SOFTWARE\Classes\AddressBar.Loader.1
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKLM\SOFTWARE\Classes\Interface\636FF82A-830A-42EA-938B-
6DC78B2AC30C
R=HKLM\SOFTWARE\Classes\Interface\A55C3BA7-DB1E-4652-867E-
055CEAFE8018
R=HKLM\SOFTWARE\Classes\Interface\EF77D50B-5767-4E0E-A3A4-
098670025F1D
R=HKLM\SOFTWARE\Classes\TypeLib\42FC3840-020C-4E93-A34C-
4DF1A6330FBB
R=HKLM\SOFTWARE\Classes\TypeLib\DEA43CE3-D57B-45F6-A4D1-
110E652CED11
R=HKLM\SOFTWARE\\LoaderCo
F=SYSazebar.xml
F=SYSiasada.dll

YourSiteBar - *D, 2 registry entries.
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

CoolWebSearch-MW Search, 1 registry entry.
R=HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Battler.Batch - *ND, 1 registry entry
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
System

Hosts.hijacker - *D, 1 file.
F=Location www.teen-biz.com

ADTMT.com - *ND, 1 cookie.
C=david patchen@atdmt[1].txt

ClickBank - *ND, 1 cookie .
C=david patchen@clickbank[2].txt

goClick - *ND, 1 cookie.
C=david (e-mail address removed)[1].txt

Overture.com - *ND, 2 cookies.
C=david patchen@overture[1].txt
C=david (e-mail address removed)[1].txt

SexTracker.com - *ND, 3 cookies.
C=david (e-mail address removed)[1].txt
C=david (e-mail address removed)[1].txt
C=david patchen@sextracker[2].txt

SpyLog.com - *ND, 1 cookie.
C=david patchen@spylog[2].txt

XXXToolBar.com - *ND, 1 cookie not removed.
C=david patchen@xxxtoolbar[2].txt


Spyware Killa (Freeware available at
www.SpywareKilla.com) detected 9 items not removed by
AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------

Hotbar - *ND, 1 registry entry.
R=HKLM\System\currentcontrolset\control\deviceCLASSES\
fd0af4-b41d-11d2-9c95-00c004f7971e0

sextracker - *ND, 1 cookies.
C=sextracker.

VX2 - *ND, 1 cookie.
C=itc.

WildTangent - *ND, 1 cookie.
C=Wildtangent.

Aureate - *ND, 1 TLB file.
NOTE: This should have not been detected as it is the
type library for activemovie.
F=amcompat.tlb

DownloadWare - *ND, 1 DLL file.
NOTE: This should have not been detected as it is part of
Microsoft Train Simulator.
F=dw.exe

FlashTrack - *ND, 1 DLL file.
NOTE: This This should have not been detected as it is
part of 3D Studio Max.
F=flt.dll


PCTools Spyware Doctor (Demo avialable at
www.pctools.com) detected xx items not removed by
AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------
AZESearch Toolbar - *D, 16 Registry Entries, 1 BMP File,
& 1 DLL file.
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\Interface\38252777-2500-456E-8B3D-A55850306DA2
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\LoaderCo
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\0D2DEF3A-F4F1-42EC-AC4F-132E7BA6E292
R=HKLM\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\A19EF336-01D4-48E6-926A-FE7E1C747AED
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\A19EF336-01D4-48E6-926A-FE7E1C747AED
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\f65b197f-8260-4d52-909a-f70118e646eb
f=TIF\azesearch[1].bmp
f=TIF\azentretien[1].dll

1800search assistant - *D, 6 Registry Entries, 1
Directory File.
R=HKCR\CLSID\0AC49246-419B-4EE0-8917-8818DAAD6A4E
R=HKLM\SOFTWARE\Classes\CLSID\0AC49246-419B-4EE0-8917-
8818DAAD6A4E
R=HKCR\Interface\2B0ECEAC-F597-4858-A542-D966B49055B9
R=HKCR\Interface\DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD
R=HKCR\Interface\F1F1E775-1B21-454D-8D38-&C16519969E5
R=HKCR\TypeLib\5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA
F=All Users\Start Menu\Programs\180Search Assistant

Internet Optimizer-Avenue Media - *ND, 7 Registry
Entries, 2 files.
R=HKLM\software\policies\avenue media\
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\policies\avenue media
R=HKLM\SOFTWARE\Microsoft\INternet Explorer\Main\BandRest
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet Explorer\Main\BandRest
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
AMeOpt
R=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
AMeOpt
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\00000010-6F7D-93E3-4A4827C2E4C8
F=TIF\optimize[1].exe
F=TIF\nem220[1].dll

istbar - *D, 1 Registry Entry, 1 Cookie, 1 EXE File
R=HKCR\TypeLib\D0288A41-9855-4A9B-8316-BABE243648DA
C=david patchen@ysbweb[1].txt
F=TIF\istrecover[1].exe

dapsol dialer - *ND, 1 registry entry.
R=HKCU\Software\Microsoft\Internet Explorer\Main\conc


Exact advertising Bargain buddy - *D as Cashback, 4
Registry Entries, 2 EXE Files.
R=HKCR\Interface\8EEE58D5-130E-4CBD-9C83-35A0564E5678
R=HKCR\Interface\C6906A23-4717-4E1F-B6FD-F06EBED15678
R=HKCR\TypeLib\4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\F4E04583-354E-4076-BE7D-ED6A80FD66DA
F=TIF\bb[1].exe
F=TIF\package_marketing27[1].exe

Jraun - *ND, 4 Registy Entries.
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\86227D9C-0EFE-4F8A-AA55-
30386A3F5686
R=HKLM\SOFTWARE\Microsoft\INternet
Explorer\Toolbar\86227D9C-0EFE-4F8A-AA55-30386A3F5686
R=HKLM\SOFTWARE\Microsoft\INternet
Explorer\WebBrowser\86227D9C-0EFE-4F8A-AA55-30386A3F5686
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\86227D9C-0EFE-4F8A-AA55-30386A3F5686

Maxifiles clickpix toolbar - *ND, 2 registry entries.
R=HKCR\Interface\0d5cc8ae-0bb0-49c3-ba33-ba4508ea43cc

powerscan - *D, 1 registry entry, 2 files.
R=HKLM\software\microsoft\windows\currentversion\uninstall
\powerscan\
F=TIF\power_remove[1].exe
F=TIF\powerscan[1].exe

bho_sidefind - *D, 3 registry entries, 1 DLL files.
R=HKCR\interface\339d8aff-0b42-3260-ad82-78ce605a9543
R=HKCR\interface\a36a5936-cfd9-4b41-86bd-319a1931887f
R=HKCR\typelib\58634367-d62b-4c2c-86be-5aac45cdb671
F=TIF\sidefind13[1].dll

yoursitebar - *D, 8 registry entries.
R=HKCR\interface\03b800f9-2536-4441-8cda-2a3e6d15b4f8
R=HKCR\interface\dfbcc1eb-b149-487e-80c1-cc1562021542
R=HKCR\typelib\4ee12b71-aa5e-45ec-8666-2db3ad3fdf44
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\42F2C9BA-614F-47C0-B3E3-ECFD34EED658

XXXToolBar.com - *ND, 1 cookie not removed.
C=david patchen@xxxtoolbar[2].txt

SPecific 911 Hijack go2net.com - *ND, 1 cookie.
C=davidpatchen@go2net[1].txt

Common Components Unrelated
R=HKCU\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\10E42047-DEB9-4535-A118-
B3F6EC39B807
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\10E42047-DEB9-4535-A118-B3F6EC39B807

MediaPass - *ND, 1 Registry Entry.
R=HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6

Lop.COm - *ND, 1 URL File
F=FAV\adult\fetish.url

HotSearchBar *ND, 31 INK Files.
F=FAV\Fun & Games\Betting.Ink
F=FAV\Fun & Games\Casino Palace.Ink
F=FAV\Fun & Games\Casino.Ink
F=FAV\Fun & Games\Games.Ink
F=FAV\Fun & Games\Horoscope.Ink
F=FAV\Going Places\Air Tickets.Ink
F=FAV\Going Places\Car Rentals.Ink
F=FAV\Going Places\Hotel Deals.Ink
F=FAV\Going Places\Luggage.Ink
F=FAV\Going Places\Travel.Ink
F=FAV\Living\Dating.Ink
F=FAV\Living\Find a Degree.Ink
F=FAV\Living\Find a JOb.Ink
F=FAV\Living\Home.Ink
F=FAV\Living\Insurance.Ink
F=FAV\Shop\Auctions.Ink
F=FAV\Shop\Books.Ink
F=FAV\Shop\Computers.Ink
F=FAV\Shop\Discount.Ink
F=FAV\Shop\Flowers.Ink
F=FAV\Shop\Golf.Ink
F=FAV\Shop\Jewelry.Ink
F=FAV\Shop\Movies.Ink
F=FAV\Shop\Music.Ink
F=FAV\Shop\Online Store.Ink
F=FAV\Shop\Perfume.Ink
F=FAV\Shop\Sleepwear.Ink
F=FAV\Technology\Adware Remover.Ink
F=FAV\Technology\Anti-Virus.Ink
F=FAV\Technology\PC Cleaner.Ink
F=FAV\Technology\Tech & gadgets.Ink

sahAgent - *ND, 1 EXE File
NOTE: Incorrectly Identified, this is part of Kodak
Picture Easy.
F=PEZTwain.EXE


WebRoot Spy Sweeper (Demo available at
www.spysweeper.cOM) detected xx items not removed
by AntiSpyware as Follows.
----------------------------------------------------------
---------------------------------
AZESearch - *D, 19 registry entries, 1 XML file, 2 DLL
files, 1 BMP file, 1 CAB file.
R=HKCR\AddressBar.Loader
R=HKCR\AddressBar.Loader.1
R=HKCR\CLSID\f65b197f-8260-4d52-909a-f70118e646eb
R=HKCR\Interface\636FF82A-830A-42EA-938B-6DC78B2AC30C
R=HKCR\Interface\A55C3BA7-DB1E-4652-867E-055CEAFE8018
R=HKCR\Interface\EF77D50B-5767-4E0E-A3A4-098670025F1D
R=HKCR\TypeLib\42FC3840-020C-4E93-A34C-4DF1A6330FBB
R=HKCR\TypeLib\DEA43CE3-D57B-45F6-A4D1-110E652CED11
R=HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
R=HKLM\SOFTWARE\AZESearchCo
R=HKLM\SOFTWARE\Classes\AddressBar.Loader
R=HKLM\SOFTWARE\Classes\AddressBar.Loader.1
R=HKLM\SOFTWARE\Classes\CLSID\f65b197f-8260-4d52-909a-
f70118e646eb
R=HKLM\SOFTWARE\Classes\Interface\636FF82A-830A-42EA-938B-
6DC78B2AC30C
R=HKLM\SOFTWARE\Classes\Interface\A55C3BA7-DB1E-4652-867E-
055CEAFE8018
R=HKLM\SOFTWARE\Classes\Interface\EF77D50B-5767-4E0E-A3A4-
098670025F1D
R=HKLM\SOFTWARE\Classes\TypeLib\42FC3840-020C-4E93-A34C-
4DF1A6330FBB
R=HKLM\SOFTWARE\Classes\TypeLib\DEA43CE3-D57B-45F6-A4D1-
110E652CED11
R=HKLM\SOFTWARE\LoaderCo
F=SYSazebar.xml
F=SYSiasada.dll
F=TIF\azesearch[1].bmp
F=TIF\azentretien[1].dll
F=TIF\azesearch[1].cab

Bargain buddy - *D as cashback part of Bargain buddy, 6
registry entries, 2 EXE Files.
R=HKCR\Interface\8eee58d5-130e-4cbd-9c83-35a0564e5678
R=HKCR\Interface\c6906a23-4717-4e1f-b6fd-f063bed5678
R=HKLM\SOFTWARE\Classes\Interface\8eee58d5-130e-4cbd-9c83-
35a0564e5678
R=HKLM\SOFTWARE\Classes\Interface\c6906a23-4717-4e1f-b6fd-
f063bed5678
R=HKLM\SOFTWARE\Classes\typelib\4eb7bbe8-2e15-424b-9ddb-
2cdb9516b2c3
R=HKCR\typelib\4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3
F=TIF\bb[1].exe
F=TIF\package_marketing27[1].exe

blazefind_adstat - *ND, 2 registry entries, & 1 DLL file.
R=HKCR\adstatservx.installer\
R=HKLM\software\classes\adstatservx.installer\
F=c:\windows\downloaded program files\adstatservx.dll

bonzi buddy - *ND, 4 registry entries.
R=HKCR\Interface\4bb35a55-a91a-11cf-ba7c-00a0d1001a5a
R=HKCR\Interface\244d13bb-afdb-11ce-85d1-00aa00695286
R=HKCR\Interface\f2a97fa2-714d-11cf-ba24-00a0d1001a5a
RekKey = HKLM\software\classes\interface\4bb35a55-a91a-
11cf-ba7c-00a0d1001a5a

clickpix toolbar - *ND, 2 registry entries.
R=HKCR\Interface\0d5cc8ae-0bb0-49c3-ba33-ba4508ea43cc
R=HKLM\software\classes\interface\0d5cc8ae-0bb0-49c3-ba33-
ba4508ea43cc

dapsol dialer - *ND, 1 registry entry.
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet Explorer\Main\conc

internetoptimiser - *ND, 3 registry entries, 1 EXE file.
R=HKLM\software\microsoft\windows\currentversion\policies\
ameopt
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\policies\avenue media
R=HKLM\software\policies\avenue media\
F=TIF\optimize[1].exe

navisearch - *ND, 6 Registry entries.
R=HKCR\Interface\8eee58d5-130e-4cdb-9c83-35a0564e5678
R=HKCR\Interface\c6906a23-4717-4e1f-b6fd-f06ebed15678
RekKey = HKLM\software\classes\interface\8eee58d5-130e-
4cdb-9c83-35a0564e5678
RekKey = HKLM\software\classes\interface\c6906a23-4717-
4e1f-b6fd-f06ebed15678
RekKey = HKLM\software\classes\typelib\4eb7bbe8-2e15-424b-
9ddb-2cdb9516b2c3
R=HKCR\typelib\4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3

1800search assistant - *D, 4 Registry entries, 1 folder,
1 file.
R=HKCR\clsid\0ac49246-419b-4ee0-8917-8818daad6a4e
R=HKCR\ncmyb.sabho\
R=HKLM\software\classes\clsid\0ac49246-419b-4ee0-8917-
8818daad6a4e
R=HKLM\software\classes\ncmyb.sabho\
Folder = all users\start menu\programs\180search assistant
F=c:\program files\microsoft
antispyware\quarantine\a9988bff-e119-48c1-b905-ad0c26
\4c599ceb-a203-4755-b324-005bac

powerscan - *D, 1 registry entry, 2 files.
R=HKLM\software\microsoft\windows\currentversion\uninstall
\powerscan\
F=TIF\power_remove[1].exe
F=TIF\powerscan[1].exe

searchit toolbar - *ND, 3 registry entries.
R=HKLM\software\classes\toolband.toolhelper.1\
R=HKLM\software\classes\toolband.toolhelper\
R=HKCR\toolband.toolhelper\

bho_sidefind - *D, 9 registry entries, 1 EXE file, & 2
DLL files.
R=HKCR\interface\339d8aff-0b42-3260-ad82-78ce605a9543
R=HKCR\interface\a36a5936-cfd9-4b41-86bd-319a1931887f
R=HKLM\software\classes\interface\339d8aff-0b42-3260-ad82-
78ce605a9543
R=HKLM\software\classes\interface\a36a5936-cfd9-4b41-86bd-
319a1931887f
R=HKLM\software\classes\typelib\58634367-d62b-4c2c-86be-
5aac45cdb671
R=HKLM\software\classes\typelib\d0288a41-9855-4a9b-8316-
babe243648da
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\10E42047-DEB9-4535-A118-
B3F6EC39B807
R=HKCR\typelib\58634367-d62b-4c2c-86be-5aac45cdb671
R=HKCR\typelib\d0288a41-9855-4a9b-8316-babe243648da
F=TIF\sidefind[1].exe
F=TIF\sidefind13[1].dll
F=TIF\sfbho[1].dll

winad - *ND, 1 registry entry.
R=HKLM\SOFTWARE\adstatus service\

yoursitebar - *D, 8 registry entries, 1 DLL file.
R=HKCR\interface\03b800f9-2536-4441-8cda-2a3e6d15b4f8
R=HKCR\interface\dfbcc1eb-b149-487e-80c1-cc1562021542
R=HKLM\software\classes\interface\03b800f9-2536-4441-8cda-
2a3e6d15b4f8
R=HKLM\software\classes\interface\dfbcc1eb-b149-487e-80c1-
cc1562021542
R=HKLM\software\classes\typelib\4ee12b71-aa5e-45ec-8666-
2db3ad3fdf44
R=HKLM\software\microsoft\internet
explorer\toolbar\86227D9C-0EFE-4f8a-AA55-30386A3F5686
R=HKU\S-1-5-21-527237240-113007714-1957994488-1003
\Software\Microsoft\Internet
Explorer\toolbar\webbrowser\86227D9C-0EFE-4F8A-AA55-
30386A3F5686
R=HKCR\typelib\4ee12b71-aa5e-45ec-8666-2db3ad3fdf44
F=TIF\ysb[1].dll

zango - *D, 4 registry entries.
R=HKLM\SOFTWARE\Classes\TypeLib\5b6689b5-c2d4-4dc7-bfd1-
24ac17e5fcda
R=HKLM\SOFTWARE\Classes\TypeLib\68bf4626-d66b-4383-a6af-
62e57e9b6cd4
R=HKCR\typelib\5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda
R=HKCR\typelib\68bf4626-d66b-4383-a6af-62e57e9b6cd4

sandboxer - *ND, 2 cookies.
C=davidpatchen@0[1].txt
C=davidpatchen@0[2].txt

2o7.net - *ND, 2 cookies.
[email protected][1].txt
C=davidpatchen@2o7[1].txt

6425137 - *ND, 1 Cookie.
C=davidpatchen@6425137[2].txt

66.246.209 - *ND, 1 cookie.
[email protected][2].txt

80503492 - *ND, 1 cookie.
C=davidpatchen@80503492[1].txt

yieldmanager - *ND, 1 cookie.
[email protected][1].txt

advertising - *ND, 1 cookie.
C=davidpatchen@advertising[1].txt

apmebf - *ND, 1 cookie.
C=davidpatchen@apmebf[1].txt

ask - *ND, 1 cookie.
C=davidpatchen@ask[1].txt

atlas dmt - *ND, 1 cookie.
C=davidpatchen@atdmt[1].txt

adwola - *ND, 1 cookie.
C=davidpatchen@atwola[1].txt

azjmp - *ND, 1 cookie.
C=davidpatchen@azjmp[1].txt

enhance - *ND, 1 cookie.
[email protected][2].txt

goclick - *ND, 1 cookie.
[email protected][1].txt

clickbank - *ND, 1 cookie.
C=davidpatchen@clickbank[2].txt

com.com - *ND, 1 cookie.
C=davidpatchen@com[2].txt

sextracker - *ND, 3 cookies.
[email protected][1].txt
[email protected][1].txt
C=davidpatchen@sextracker[2].txt

ru4 - *ND, 1 cookie.
[email protected][2].txt

go2net.com - *ND, 1 cookie.
C=davidpatchen@go2net[1].txt

metareward.com - *ND, 1 cookie.
C=davidpatchen@metareward[2].txt

aptimus - *ND, 1 cookie.
[email protected][1].txt

nuker - *ND, 1 cookie.
C=davidpatchen@nuker[2].txt

overture - *ND, 2 cookies.
C=davidpatchen@overture[1].txt
C=davidpatchen@perf_overture[1].txt

rightmedia - *ND, 1 cookie.
C=davidpatchen@rightmedia[2].txt

server.iad.liveperson - *ND, 1 cookie.
[email protected][2].txt

serving-sys - *ND, 1 cookie.
C=davidpatchen@serving-sys[1].txt

spylog - *ND, 1 cookie.
C=davidpatchen@spylog[2].txt

stopzila - *ND, 1 cookie.
[email protected][2].txt

xxxtoolbar - *ND, 1 cookie.
C=davidpatchen@xxxtoolbar[2].txt

uadro - *ND, 1 cookie.
C=davidpatchen@yadro[1].txt

ysbweb - *ND, 1 cookie.
C=davidpatchen@yadro[1].txt

hookdump - *ND, 1 EXE File.
F=SYShookdump.exe

istbar - *D, 2 EXE files.
F=TIF\istecover[1].exe
F=TIF\istsvc[1].exe

java byteveriry - *ND, 1 JAR file.
F=TIF\classload[1].jar

moneytree - *D, 1 DLL file.
F=TIF\nem220[1].dll

amquiro toolbar - *ND, 1 BMP file.
F=c:\program files\torrent search ie toolbar\nav.bmp

sexfiles fialers - *ND, 1 INK file.
F=FAV\living\dating.Ink
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

A list of what Spyware Doctor found that MS did not 1
Spywarte Found even after Microsoft AntiSpyware Said it was Clean 1
Windows XP SP2 spreads among 2 HD 6
program startup mechanisms - apologies for previosu empty post 1
Continued spyware problems 5
Windows XP Dell PC: c:\WINDOWS\system32\wavojami.dll not valid Windows image 2
Howzit!!! :) 2
Windows XP Windows XP Malware, Please Help. 2

Top