Spyware Scan Details Start Date: 07.07.2006 22:07:09 End Date: 08.07.2006 00:33:34 Total Time: 2 hrs 26 mins 25 secs Detected spyware Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted IST.SideFind Browser Plug-in more information... Details: SideFind is a browser helper object (BHO) that add a side bar to Internet Explorer and displays alternate search results in the side bar. Status: Deleted Infected files detected c:\programme\sidefind\sfbho.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 C:\Programme\SideFind\sfbho.dll HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\ProgID BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\VersionIndependentProgID BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\clsid\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} BAHelper Class HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind HKEY_CLASSES_ROOT\SideFind.Finder HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Default Visible Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} ButtonText SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HotIcon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Icon C:\PROGRA~1\SideFind\sidefind.dll,201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} CLSID {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} BandCLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 0 lottery HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 1 web hosting HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 2 bingo HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 3 online casino HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 4 sports betting HKEY_LOCAL_MACHINE\SOFTWARE\SideFind account_id 106 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathBHO C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathDLL C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathXML C:\Programme\SideFind\sfexd001 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathEXE C:\Programme\Sidefind\update\sidefind.exe HKEY_LOCAL_MACHINE\SOFTWARE\SideFind InstallDate 2005-03-22 00:26:29 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind SearchSite http://www.sidefind.com/results.php?target=_external& HKEY_LOCAL_MACHINE\SOFTWARE\SideFind update 1112534956 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind ver 1.3 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind IntervalBetweenShows 240 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind show 0 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind NextShow 1112469650 HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind DisplayName SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind UninstallString "C:\Programme\Sidefind\update\sidefind.exe" /remove HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} BarSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SideFind SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SideFind Changed 0 WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected files detected c:\programme\save\save.exe c:\programme\save\saveupdate.exe c:\programme\save\acm.dll c:\programme\save\saveuninst.exe c:\programme\save\save.db c:\programme\save\save.htm c:\programme\save\extra.exe c:\programme\save\ffext.mod c:\programme\save\store.db C:\Programme\BearShare\RunMSC.dll Infected registry entries detected HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WhenUSave HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\wusn.1 HKEY_CLASSES_ROOT\wusn.1 WUSN_Id HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\EEPE Partner EEPE1205010001 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\EEPE InstallTime 20060416224357 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\EEPE PartnerDesc BearShare HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\EEPE PartnerFile C:\Programme\BearShare\BearShare.exe HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV Partner WUSV0623 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV PartnerDesc WhenU SaveNow HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV PartnerParam dt=WhenU SaveNow;q=;i=1 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave\Partners\WUSV InstallTime 20060416224037 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_script_update 1002700854 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave InstallDir C:\Programme\Save HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave pats_url http://akapp.whenu.com/OffersDataGZ HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave pat_chunks_url http://akapp.whenu.com/DataChunksGZ HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave script_url http://akweb.whenu.com/offscript2.html HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave update_url http://akdwl.whenu.com/saveupdate.exe HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave ver_url http://www.whenu.com/versions.html HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave Version 4.06 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave timedDBUpdate_rs Y HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave SystemParam_rs dt=WhenU Save;q=;i=1 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave extra_url http://www.whenudownloads.com/extra.exe HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave extraver_url http://www.whenudownloads.com/extraver.html HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave ziptomsa_url http://akapp.whenu.com/ziptomsa HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave InstallTime 20060211143055 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave LastPartner HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave zip HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave acm_rs 1.04 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave TotalPartner 2 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave Partner WUSV0623 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerB WUSV HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerDesc WhenU SaveNow HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave TotalPopup 142;19205023;1;19027679;45363;2;2;15;205;205;18733 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave HeartbeatTime 1152274329125 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave HeartbeatCount 122 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave FullDBTime 18994563 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandskin_url http://offers.whenu.com/skin/ HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_rs 24 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave brandstrip_url http://offers.whenu.com/save_brand3.html HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave bstat_rs Y HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave himp_url http://offers.whenu.com/himp/himp.db HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave iptomsa_url http://app.whenu.com/Location HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave maxPopups_rs 2 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave redir3p_url http://offers.whenu.com/skin/redirect3p.html HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninstalltag_rs O HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_stamp_rs 20060707165919 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_server_update 20060707165919 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave MSA CAT HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_ver_update 20060409200227 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave PartnerParam dt=WhenU SaveNow;q=;i=1 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave db_local_update 20060707121227 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave UpdateTime 20060707141234 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave fword_rs Y HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave extraupdate_rs 20060629144518 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave uninst_rs 4.008 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave IPToMsaTime_rs 20060705193932 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave dbc_chunks_rs 8 HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave UrlChangeCount 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow Publisher WhenU.com, Inc. HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow DisplayIcon C:\Programme\Save\Save.exe,1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow DisplayName WhenU SaveNow HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow DisplayVersion 4.06 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow HelpLink http://www.whenu.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow Publisher WhenU.com, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow UninstallString "C:\Programme\Save\SaveUninst.exe" /rWUSV /kSaveNow /d"WhenU SaveNow" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow UrlInfoAbout http://www.whenu.com HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class HKEY_CURRENT_USER\Software\WhenU HKEY_CURRENT_USER\Software\WhenU\Weather InstallDir C:\Programme\WeatherCast HKEY_CURRENT_USER\Software\WhenU\Weather Version 1.52 HKEY_CURRENT_USER\Software\WhenU\Weather about_url http://spweb.whenu.com/about_weather.html HKEY_CURRENT_USER\Software\WhenU\Weather checkver_url http://spapp.whenu.com/WeatherDB HKEY_CURRENT_USER\Software\WhenU\Weather update_url http://akdwl.whenu.com/weatherupdate.exe HKEY_CURRENT_USER\Software\WhenU\Weather exitsurvey_url http://web.whenu.com/uninstall_weather.html HKEY_CURRENT_USER\Software\WhenU\Weather nagSequence 5;5|;2;3;4 HKEY_CURRENT_USER\Software\WhenU\Weather nag1_url http://app.whenu.com/WthrPrefs?mode=nt&nid=1 HKEY_CURRENT_USER\Software\WhenU\Weather nag2_url http://app.whenu.com/WthrPrefs?mode=nt&nid=2 HKEY_CURRENT_USER\Software\WhenU\Weather nag3_url http://app.whenu.com/WthrPrefs?mode=nt&nid=3 HKEY_CURRENT_USER\Software\WhenU\Weather nag4_url http://app.whenu.com/WthrPrefs?mode=nt&nid=4 HKEY_CURRENT_USER\Software\WhenU\Weather nag5_url http://app.whenu.com/WthrPrefs?mode=nt&nid=5 HKEY_CURRENT_USER\Software\WhenU\Weather nag6_url http://app.whenu.com/WthrPrefs?mode=nt&nid=6 HKEY_CURRENT_USER\Software\WhenU\Weather Partner EEPE0404 HKEY_CURRENT_USER\Software\WhenU\Weather LastPartner EEPE0404 HKEY_CURRENT_USER\Software\WhenU\Weather InstallTime 20050128150943 HKEY_CURRENT_USER\Software\WhenU\Weather userFontStyle 0 HKEY_CURRENT_USER\Software\WhenU\Weather timeHeartbeat 20050227191231 HKEY_CURRENT_USER\Software\WhenU\Weather feed_url http://spweather.whenu.com/summary/AU/XX/0025.html HKEY_CURRENT_USER\Software\WhenU\Weather main_url http://spweather.whenu.com/wthrforecast.html?AU/XX/0025 HKEY_CURRENT_USER\Software\WhenU\Weather prefs_url http://app.whenu.com/WthrPrefs?country=Austria&city=Vienna&station=AUXX0025 HKEY_CURRENT_USER\Software\WhenU\Weather city Vienna HKEY_CURRENT_USER\Software\WhenU\Weather country AT HKEY_CURRENT_USER\Software\WhenU\Weather scrollCount 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run WhenUSave HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WhenUSave HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSaveMsg Changed 0 My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected files detected c:\programme\myway\mybar\1.bin\mybar.dll c:\programme\myway\mybar\1.bin\my2ns.exe c:\programme\myway\mybar\1.bin\mywaypluginproxy.class c:\programme\myway\mybar\1.bin\npmyway.dll c:\programme\myway\mybar\1.bin\partner.bmp c:\programme\myway\mybar\1.bin\partner.dat c:\programme\myway\mybar\1.bin\partner2.dat c:\programme\myway\mybar\1.bin\partner3.dat c:\programme\myway\mybar\1.bin\partner4.dat c:\programme\myway\mybar\1.bin\partner5.dat c:\programme\myway\mybar\1.bin\partner6.dat c:\programme\myway\mybar\cache\023a503e c:\programme\myway\mybar\cache\023a5465 c:\programme\myway\mybar\cache\023a559d.bin c:\programme\myway\mybar\cache\023a5714.bin c:\programme\myway\mybar\cache\023a587b.bin c:\programme\myway\mybar\cache\files.ini c:\programme\myway\mybar\history\search c:\programme\myway\mybar\settings\prevcfg.htm Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} myBar BHO HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2 HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\ HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner name Altnet Points Manager HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 2 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid KG HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar strings |SuchLeiste|abgerufen...|Offline-Browsing aktivieren|Schaltflchen immer in Farbe|SuchLeiste Version|Suche|Meine Suche|Bearbeiten|Schaltflchen fr Meine Suche werden abgerufen|Meine SuchLeiste - jetzt noch HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 16 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 7E346B8C-63D1-4645-A55E-7568247B6AE9 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 180.21205 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 39 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL http://kg.barcfg.myway.com/speedbar/mySpeedbarCfg2.jsp?s=al2&p=KG HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2004072218 HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} My &Search Bar HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup.1 myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CLSID {0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup\CurVer MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeStartup myBarNetscapeStartup Class HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin.1 My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CLSID {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin\CurVer MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\MyWayToolBar.SettingsPlugin My Way Settings Plugin HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown.1 myBarNetscapeShutdown Class HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CLSID {0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown\CurVer MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\MyWayToolBar.NetscapeShutdown myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall DisplayName My Search Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall HelpLink http://help.mysearch.com/searchbar.html HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall Publisher My Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UninstallString rundll32 C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll,O HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall UrlInfoAbout http://www.mysearch.com/jsp/softwareterms.jsp HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown MyWayToolBar.NetscapeShutdown.1 MyWayToolBar.NetscapeShutdown.1 HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup MyWayToolBar.NetscapeStartup.1 MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{0494D0DA-F8E0-41AD-92A3-14154ECE70AC} IMyWaySettings HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC} _IMyWaySettingsEvents BearShare P2P Program more information... Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\programme\bearshare\bearshare.dat c:\programme\bearshare\bearshare.exe c:\programme\bearshare\bsidle.dll c:\programme\bearshare\freepeers.ini c:\programme\bearshare\history.txt c:\programme\bearshare\install.log c:\programme\bearshare\runmsc.dll c:\programme\bearshare\unwise.exe c:\programme\bearshare\unwise.ini c:\programme\bearshare\webstats.bat c:\programme\bearshare\webstats.exe c:\programme\bearshare\webstats.ini c:\programme\bearshare\db\config.bin c:\programme\bearshare\db\connect.txt c:\programme\bearshare\db\gwebcache.dat c:\programme\bearshare\db\hostiles-chat.txt c:\programme\bearshare\db\hostiles.txt c:\programme\bearshare\db\library.2.db c:\programme\bearshare\db\library.2.db.lastgoodload.bak c:\programme\bearshare\db\library.dat c:\programme\bearshare\db\library.db c:\programme\bearshare\db\library.db.lastgoodload.bak c:\programme\bearshare\db\searches.ini c:\programme\bearshare\installer\bsinstallde.exe c:\programme\bearshare\logs\hosts-state.txt c:\programme\bearshare\logs\memory.txt c:\programme\bearshare\logs\ordinal.txt c:\programme\bearshare\logs\streams.txt c:\programme\bearshare\sounds\notify.wav c:\programme\bearshare\temp\0763f8.tmp c:\programme\bearshare\temp\tmp05_mattafix_-_everyone_around_you.dat c:\programme\bearshare\temp\tmp05_mattafix_-_everyone_around_you.dat.bak c:\programme\bearshare\temp\tmp05_mattafix_-_everyone_around_you.mp3 c:\programme\bearshare\temp\tmp05_mattafix_-_everyone_around_you.tiger c:\programme\bearshare\temp\tmpcapleton - high grade (what what riddim).dat c:\programme\bearshare\temp\tmpcapleton - high grade (what what riddim).dat.bak c:\programme\bearshare\temp\tmpcapleton - high grade (what what riddim).mp3 c:\programme\bearshare\temp\tmpcapleton - high grade (what what riddim).tiger c:\programme\bearshare\temp\tmpcapleton - in her heart (chrome riddim).dat c:\programme\bearshare\temp\tmpcapleton - in her heart (chrome riddim).dat.bak c:\programme\bearshare\temp\tmpcapleton - in her heart (chrome riddim).mp3 c:\programme\bearshare\temp\tmpcapleton - jah jah city.dat c:\programme\bearshare\temp\tmpcapleton - jah jah city.dat.bak c:\programme\bearshare\temp\tmpcapleton - jah jah city.mp3 c:\programme\bearshare\temp\tmpcapleton - jah jah city.tiger c:\programme\bearshare\temp\tmpdeus - the real sugar.dat c:\programme\bearshare\temp\tmpdeus - the real sugar.dat.bak c:\programme\bearshare\temp\tmpdeus - the real sugar.mp3 c:\programme\bearshare\temp\tmpgreen day - good riddance.dat c:\programme\bearshare\temp\tmpgreen day - good riddance.mp3 c:\programme\bearshare\temp\tmpgroove guerilla - on my mind (krauts remix).dat c:\programme\bearshare\temp\tmpgroove guerilla - on my mind (krauts remix).dat.bak c:\programme\bearshare\temp\tmpgroove guerilla - on my mind (krauts remix).mp3 c:\programme\bearshare\temp\tmpmediengruppe telekommander - steht auf.dat c:\programme\bearshare\temp\tmpmediengruppe telekommander - steht auf.dat.bak c:\programme\bearshare\temp\tmpmediengruppe telekommander - steht auf.mp3 c:\programme\bearshare\temp\tmpohrbooten - an alle ladies (1).dat c:\programme\bearshare\temp\tmpohrbooten - an alle ladies (1).dat.bak c:\programme\bearshare\temp\tmpohrbooten - an alle ladies (1).mp3 c:\programme\bearshare\temp\tmpohrbooten - autobahn.dat c:\programme\bearshare\temp\tmpohrbooten - autobahn.dat.bak c:\programme\bearshare\temp\tmpohrbooten - autobahn.mp3 c:\programme\bearshare\temp\tmpohrbooten - ich glaube.dat c:\programme\bearshare\temp\tmpohrbooten - ich glaube.dat.bak c:\programme\bearshare\temp\tmpohrbooten - ich glaube.mp3 c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 08 - junge dame.dat c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 08 - junge dame.dat.bak c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 08 - junge dame.mp3 c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 09 - und tschss!.dat c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 09 - und tschss!.dat.bak c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 09 - und tschss!.mp3 c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 11 - taub.dat c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 11 - taub.dat.bak c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 11 - taub.mp3 c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 13 - politix.dat c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 13 - politix.dat.bak c:\programme\bearshare\temp\tmpohrbooten - spieltrieb - 13 - politix.mp3 c:\programme\bearshare\temp\tmpplacebo - meds - 06 post blue.dat c:\programme\bearshare\temp\tmpplacebo - meds - 06 post blue.dat.bak c:\programme\bearshare\temp\tmpplacebo - meds - 06 post blue.mp3 c:\programme\bearshare\temp\tmpplacebo - meds - 08. blind.dat c:\programme\bearshare\temp\tmpplacebo - meds - 08. blind.dat.bak c:\programme\bearshare\temp\tmpplacebo - meds - 08. blind.mp3 c:\programme\bearshare\temp\tmpplacebo - meds - 08. blind.tiger c:\programme\bearshare\temp\tmpqueens of the stone age - the lost art of keeping a secret.dat c:\programme\bearshare\temp\tmpqueens of the stone age - the lost art of keeping a secret.dat.bak c:\programme\bearshare\temp\tmpqueens of the stone age - the lost art of keeping a secret.mp3 c:\programme\bearshare\temp\tmpthe frames - disappointed.dat c:\programme\bearshare\temp\tmpthe frames - disappointed.dat.bak c:\programme\bearshare\temp\tmpthe frames - disappointed.mp3 c:\programme\bearshare\temp\tmpthe frames - stars are underground.dat c:\programme\bearshare\temp\tmpthe frames - stars are underground.dat.bak c:\programme\bearshare\temp\tmpthe frames - stars are underground.mp3 c:\programme\bearshare\temp\tmpthe frames - all things must pass.dat c:\programme\bearshare\temp\tmpthe frames - all things must pass.dat.bak c:\programme\bearshare\temp\tmpthe frames - burn the maps - 05 - trying.dat c:\programme\bearshare\temp\tmpthe frames - burn the maps - 05 - trying.dat.bak c:\programme\bearshare\temp\tmpthe frames - burn the maps - 05 - trying.mp3 c:\programme\bearshare\temp\tmpthe frames - star star.dat c:\programme\bearshare\temp\tmpthe frames - star star.dat.bak c:\programme\bearshare\temp\tmpthe frames - star star.mp3 c:\programme\bearshare\temp\tmpthe pixies - i bleed.dat c:\programme\bearshare\temp\tmpthe pixies - i bleed.dat.bak c:\programme\bearshare\temp\tmpthe pixies - i bleed.mp3 c:\programme\bearshare\temp\tmpthe pixies - i bleed.tiger c:\programme\bearshare\temp\tmpthe pixies - wave of mutilation.dat c:\programme\bearshare\temp\tmpthe pixies - wave of mutilation.dat.bak c:\programme\bearshare\temp\tmpthe pixies - wave of mutilation.mp3 c:\programme\bearshare\temp\tmpthe sounds - dance with me.dat c:\programme\bearshare\temp\tmpthe sounds - dance with me.dat.bak c:\programme\bearshare\temp\tmpthe sounds - dance with me.mp3 c:\programme\bearshare\temp\tmpthe sounds - fire.dat c:\programme\bearshare\temp\tmpthe sounds - fire.dat.bak c:\programme\bearshare\temp\tmpthe sounds - fire.mp3 c:\programme\bearshare\temp\tmpthe sounds - fire.tiger c:\programme\bearshare\temp\tmpthe sounds - hit me.dat c:\programme\bearshare\temp\tmpthe sounds - hit me.dat.bak c:\programme\bearshare\temp\tmpthe sounds - hit me.mp3 c:\programme\bearshare\temp\tmpthe sounds - queen of apology.dat c:\programme\bearshare\temp\tmpthe sounds - queen of apology.dat.bak c:\programme\bearshare\temp\tmpthe sounds - queen of apology.mp3 c:\programme\bearshare\temp\tmpthe sounds - queen of apology.tiger c:\programme\bearshare\temp\tmpthe sounds - rock n roll.dat c:\programme\bearshare\temp\tmpthe sounds - rock n roll.dat.bak c:\programme\bearshare\temp\tmpthe sounds - rock n roll.mp3 c:\programme\bearshare\temp\tmpthe sounds - seven days a week.dat c:\programme\bearshare\temp\tmpthe sounds - seven days a week.dat.bak c:\programme\bearshare\temp\tmpthe sounds - seven days a week.mp3 c:\programme\bearshare\temp\tmpturntablerockers - no melody.dat c:\programme\bearshare\temp\tmpturntablerockers - no melody.dat.bak c:\programme\bearshare\temp\tmpturntablerockers - no melody.mp3 c:\programme\bearshare\temp\tmpvirginia jetzt! - von guten eltern.dat c:\programme\bearshare\temp\tmpvirginia jetzt! - von guten eltern.dat.bak c:\programme\bearshare\temp\tmpvirginia jetzt! - von guten eltern.mp3 c:\programme\bearshare\temp\tmpvirginia jetzt! - von guten eltern.tiger c:\programme\bearshare\temp\tmpvirginia jetzt! - wahre liebe.dat c:\programme\bearshare\temp\tmpvirginia jetzt! - wahre liebe.dat.bak c:\programme\bearshare\temp\tmpvirginia jetzt! - wahre liebe.mp3 c:\dokumente und einstellungen\all users\startmen\programme\bearshare.lnk Infected registry entries detected HKEY_CLASSES_ROOT\gnufile HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1" HKEY_CLASSES_ROOT\gnufile gnutella HKEY_CLASSES_ROOT\gnufile BrowserFlags 8 HKEY_CLASSES_ROOT\gnufile EditFlags 65536 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_LOCAL_MACHINE\software\bearshare HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.1.8DE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc. HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128 HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_USERS\.default\appevents\schemes\apps\bearshare HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 mapisrvr.exe HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} MAPILogonRemote HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hTBJOaq HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} umGUmBmsyuyUx AX@zYIRzrSotnxHb HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} aomnNQPwdft i@WCkaETU~LTWk_ao HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qwfr ]bhghvab^rSItwxbQ[gMt@nT`mOIi HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} mpexxvexLu RHo]Vvfaad]yJg[pcM}]GK^_ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jzXkxanRykxq mcWWALaXIJbTX~@RTurk HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} VXTteepaS iqLIAsPka`{^VNhYQpBvNENRIicQ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} JirDUh NXXu^vbXT~U^SQCbU^GMcAg|FlB\Cy HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iwfozuqtz tHMge|PcyjSWouYQ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wgoKedv []EsToyvDrHURvUrNPzr|zX\inQKh~ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} wtIPLitJPVux }hZwkeAXEe`shBW HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uGvecom BiAu|pegky_qTaKCJAYX\_~} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rCZVbsaZtzdxn xCGNZpR`Rzl`wb|Z_`a[H{ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pvHHknwWg }Ql[LZwwpwBx^VGrAlWJWi~NP]t HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qmvyapCojezn W|rcaffgL{Im HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,1,8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0 IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a users consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-03-22 00:26:03 HKEY_CURRENT_USER\software\ist account_id 1001693 HKEY_CURRENT_USER\software\ist config ysb_l3 HKEY_CURRENT_USER\software\ist Recover !ZpHc.Y['LJLQ&رTU\K`#äpU-kcq67 ;L<-,UX.|#즈X HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127671282701718750 790|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127672185044687500 790|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127673078513125000 790|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127685201952848109 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127686787028906250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127688337501250000 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127689212049687500 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127691243833171189 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127692113889375000 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127692998160156250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127697265751718750 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127698155793281250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127699042816875000 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127699926321093750 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127701553455156250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127703301994531250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127704184775156250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127705052345781250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127705937681406250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127706821886406250 951|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc version 1023 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_url http://www.ysbweb.com/ist/scripts/istsvc_update.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_count 102 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_count 0 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_limit 2 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_count 1 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_version 1023 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_count 197 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc account_id 1001693 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_date HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_interval 14400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_interval 86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_interval 432000 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc ui 596002F5-D139-49e7-9C88-4EB0549BA8EE HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc UninstallString C:\PROGRAMME\ISTSVC\ISTSVC.EXE /remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} NoExplorer 1 HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f} HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f}\TypeLib {67907B3C-A6EF-4A01-99AD-3FCD5F526429} HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f}\TypeLib Version 1.1 HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f} IInstaller HKEY_CLASSES_ROOT\istx.installer HKEY_CLASSES_ROOT\istx.installer\CLSID {7C559105-9ECF-42b8-B3F7-832E75EDD959} HKEY_CLASSES_ROOT\istx.installer Installer Class HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32 C:\WINDOWS\Downloaded Program Files\istactivex.dll HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\HELPDIR C:\WINDOWS\Downloaded Program Files HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1 IST 1.1 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never KeenValue PerfectNav Hijacker more information... Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page. Status: Deleted Infected files detected c:\programme\common files\updmgr\data1.dat c:\programme\common files\updmgr\data2.dat Infected registry entries detected HKEY_CLASSES_ROOT\bho.perfectnavbho.1 HKEY_CLASSES_ROOT\bho.perfectnavbho.1\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7} HKEY_CLASSES_ROOT\bho.perfectnavbho.1 PerfectNavBHO Class HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\TypeLib {DE289BFA-737B-4ABB-A4EC-F8753551B875} HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} IPerfectNavBHO HKEY_CLASSES_ROOT\BHO.PerfectNavBHO HKEY_CLASSES_ROOT\BHO.PerfectNavBHO\CLSID {00D6A7E7-4A97-456f-848A-3B75BF7554D7} HKEY_CLASSES_ROOT\BHO.PerfectNavBHO\CurVer BHO.PerfectNavBHO.1 HKEY_CLASSES_ROOT\BHO.PerfectNavBHO PerfectNavBHO Class HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\software\perfectnav HKEY_LOCAL_MACHINE\software\perfectnav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\software\perfectnav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\software\perfectnav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\software\perfectnav UID A2390FB3-A695-483A-BFD2-A67364E04815 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/07/23 00:12 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr Install_Dir C:\Programme\Common files\updmgr HKEY_LOCAL_MACHINE\SOFTWARE\updmgr EXEName updmgr.exe HKEY_LOCAL_MACHINE\SOFTWARE\updmgr VersionNumber 1.5.5 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr cid EFF2C40F-332D-4379-ACE7-D1D9911EAB0F HKEY_LOCAL_MACHINE\SOFTWARE\updmgr installDate 2004/07/23 00:12 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr puid ebb29529-cb44-4c01-a9eb-52b9ae0b93bd HKEY_LOCAL_MACHINE\SOFTWARE\updmgr LastUpdateAttempt 1126374570 HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\0\win32 C:\Programme\PerfectNav\BHO\PerfectNav150c.dll HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0\HELPDIR C:\Programme\PerfectNav\BHO\ HKEY_CLASSES_ROOT\typelib\{de289bfa-737b-4abb-a4ec-f8753551b875}\1.0 BHO 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\InprocServer32 C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\ProgID BHO.PerfectNavBHO.1 HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\TypeLib {DE289BFA-737B-4ABB-A4EC-F8753551B875} HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\VersionIndependentProgID BHO.PerfectNavBHO HKEY_CLASSES_ROOT\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} PerfectNavBHO Class HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} installDate 2004/07/23 00:12 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} VersionNumber 1.0.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\updmgr\{7EE60CF1-2DFF-41B5-91C9-9C1C518053FC} TrackGuid 5805619B-F424-4EC6-AC25-21B1C6469003 HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\HomePage DefaultIEHomePage http://www.perfectnav.com/ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 404 http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=404&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS DNSNotFound http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&arg=DNS&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS URLTranslation http://www.perfectnav.com/index.cfm?action=lookup&pc=pnkz&Keywords= HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO\RedirectURLS 4 ivwt;12wjvhjjpgis0yiskvmhp1gpo2pqeBysn@ HKEY_LOCAL_MACHINE\SOFTWARE\PerfectNav\BHO INSTALLGUID 5805619B-F424-4EC6-AC25-21B1C6469003 180solutions.SearchAssistant Adware (General) more information... Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising. Status: Deleted Infected files detected c:\programme\180solutions\sais.log c:\programme\180solutions\saisau.dat c:\programme\180solutions\saishook.dll c:\programme\180solutions\sais_gdf.dat c:\programme\180solutions\sais_kyf.dat Infected registry entries detected HKEY_CURRENT_USER\Software\sais HKEY_CURRENT_USER\Software\sais last_conn_h 29699701 HKEY_CURRENT_USER\Software\sais last_conn_l -991978395 HKEY_CURRENT_USER\Software\sais we 5 HKEY_CURRENT_USER\Software\sais cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC7 HKEY_CURRENT_USER\Software\sais TimeOffset -25198 HKEY_CURRENT_USER\Software\sais action_url_version 50 HKEY_CURRENT_USER\Software\sais action_url_last_chunk 0 HKEY_CURRENT_USER\Software\sais action_url_last_full_version 50 HKEY_CURRENT_USER\Software\sais key_file 459 HKEY_CURRENT_USER\Software\sais kw_last_chunk 1 HKEY_CURRENT_USER\Software\sais geourl_last_full_version 12 HKEY_CURRENT_USER\Software\sais geourl_current_version 12 HKEY_CURRENT_USER\Software\sais actionurl_last_full_version 307 HKEY_CURRENT_USER\Software\sais actionurl_current_version 307 HKEY_CURRENT_USER\Software\sais keyword_last_full_version 621 HKEY_CURRENT_USER\Software\sais keyword_current_version 626 HKEY_CURRENT_USER\Software\sais recent_shown HKEY_CURRENT_USER\Software\sais key_int_high 29733950 HKEY_CURRENT_USER\Software\sais key_int_low 973944550 HKEY_CURRENT_USER\Software\sais int_high 29723742 HKEY_CURRENT_USER\Software\sais int_low -580021428 HKEY_CURRENT_USER\Software\sais Retry ?adurl=http://partner.ah-ha.com/Clickthroughs/redirect.aspx%3Fcid%3D137449&sid%3D180solutions&lid%3D2030&errorurl=&adid=365681&eid=6&mt=01CF59F4CE31AF3329F5BF7702D788E6380B0B3297F738FFBEC3138C6F89259AFB&cver=5.15&ba HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais DisplayName Search Assistant HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais UninstallString c:\programme\180solutions\sais.exe /uninst_simple_init=y HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais DisplayIcon c:\programme\180solutions\sais.exe,0 HKEY_LOCAL_MACHINE\SOFTWARE\sais HKEY_LOCAL_MACHINE\SOFTWARE\sais mt1 01A8FF7891C8A39A4688B7B2B367D32FCF6D43BF318901944B39CDB0F5AF0074CF HKEY_LOCAL_MACHINE\SOFTWARE\sais mt2 01E9F34791CEFD447670585FEDBDD4E9ADF4A6F491 HKEY_LOCAL_MACHINE\SOFTWARE\sais mt3 01D66CBAC1391B7026926733C2624D229609223D2A HKEY_LOCAL_MACHINE\SOFTWARE\sais gma 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais gvi 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais gpi 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais boom HKEY_LOCAL_MACHINE\SOFTWARE\sais boom_ver 1 HKEY_LOCAL_MACHINE\SOFTWARE\sais did 5040 HKEY_LOCAL_MACHINE\SOFTWARE\sais duid CF59F4CE31AF3329F5BF7702D788E6380B0B3297F738FFBEC3138C6F89259AFB HKEY_LOCAL_MACHINE\SOFTWARE\sais partner_id 376225801 HKEY_LOCAL_MACHINE\SOFTWARE\sais product_id 5040 HKEY_LOCAL_MACHINE\SOFTWARE\sais umt 01CF59F4CE31AF3329F5BF7702D788E6380B0B3297F738FFBEC3138C6F89259AFB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sais Changed 0 Bullguard Potentially Unwanted Program more information... Details: Bullguard is a software suite that includes antivirus, firewall, spam filter and online backup. Status: Deleted Infected files detected c:\windows\temp\bullguard\bulldownload.exe Claria.GAIN.CommonElements Adware (General) more information... Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time. Status: Deleted Infected files detected c:\windows\gatorpatch.log c:\windows\gatorpdpsetup.log c:\windows\gatoruninstaller_cme.log c:\windows\gatoruninstaller_cme_u.log Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} uets HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GEF 1744 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMG AC906DF1-F1ED-4D43-BE54-0CF8C0A1A6EF HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} GMI 425716971 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} LastInstall 1099855231 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} PAK HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SSeq 2621 HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} SEvt 17894 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 253 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 253 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 253-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 253-bytes 0 HKEY_LOCAL_MACHINE\software\gator.com HKEY_LOCAL_MACHINE\software\gator.com\CMEII AppHist Kazaa372Uninstalled112645330100011BIC_Kazaa217YI41d45d59< HKEY_LOCAL_MACHINE\software\gator.com\CMEII numInst 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs StartTime 253 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs OldestTime 253 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 253-200 1 HKEY_LOCAL_MACHINE\software\gator.com\Gator\dyn\GCH\_gs 253-bytes 0 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs StartTime 253 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs OldestTime 253 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 253-200 1 HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs 253-bytes 0 My Search Bar Potentially Unwanted Program more information... Details: My Search Bar and the variants "My Way Speedbar" and "My Way Search Assistant", are browser helper objects that allows you to search on multiple search engines. Status: Deleted Infected files detected c:\programme\myway\mybar\1.bin\mybar.dll Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a users browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys TargetSaver Trojan Downloader more information... Details: TargetSaver is a process run at Windows startup, which opens pop-ups. Status: Deleted Infected files detected c:\windows\system32\tsuninst.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA DisplayName TSA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA UninstallString C:\WINDOWS\system32\tsuninst.exe /u HKEY_LOCAL_MACHINE\SOFTWARE\TSA HKEY_LOCAL_MACHINE\SOFTWARE\TSA\update TSVersion 4.0.3.8 HKEY_LOCAL_MACHINE\SOFTWARE\TSA NewInstall 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer NoRemove 1 Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Tamara\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\U1LHK2MG\p2psetup[1].exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking SlowInfoCache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking Changed 0 Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Tamara\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\UXSRY9M1\asmfiles[1].cab C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\pmexe.cab C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\pminstall.cab C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\Setup.exe Infected registry entries detected HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE HKEY_CLASSES_ROOT\AppID\Altnet Signing Module.EXE AppID {8B0FEF15-54DC-49F5-8377-8172DE975F75} HKEY_CLASSES_ROOT\TopSearch.TSLink.1 HKEY_CLASSES_ROOT\TopSearch.TSLink.1\CLSID {B7156514-A76C-4545-9D5B-A4E1D02C7AEC} HKEY_CLASSES_ROOT\TopSearch.TSLink.1 TSLink Class HKEY_CLASSES_ROOT\ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25.1\CLSID {1D3BCE37-7834-4579-8169-E67681420A98} HKEY_CLASSES_ROOT\ADM25.ADM25.1 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4.1\CLSID {DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2} HKEY_CLASSES_ROOT\ADM4.ADM4.1 ADM4 Class HKEY_CLASSES_ROOT\ADM25.ADM25 HKEY_CLASSES_ROOT\ADM25.ADM25\CurVer ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4 HKEY_CLASSES_ROOT\ADM4.ADM4\CurVer ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4 ADM4 Class HKEY_CLASSES_ROOT\TopSearch.TSLink HKEY_CLASSES_ROOT\TopSearch.TSLink\CLSID {B7156514-A76C-4545-9D5B-A4E1D02C7AEC} HKEY_CLASSES_ROOT\TopSearch.TSLink\CurVer TopSearch.TSLink.1 HKEY_CLASSES_ROOT\TopSearch.TSLink TSLink Class Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Deleted Infected files detected C:\Programme\180Solutions\saishook.dll 180solutions.NCase Adware (General) more information... Details: NCase is an adware application that looks for known URLs and keywords in URLs, and opens pop-up advertisements targeted at such sites. nCase also opens non-targeted pop-up adverts at arbitrary times when using Internet Explorer. Status: Deleted Infected files detected C:\Programme\180Solutions\sais_gdf.dat InternetOffers Adware (General) more information... Details: InternetOffers is an adware application that spawns pop-ups on the desktop. displays popup advertisements with no attribution and installs without consent. Status: Deleted Infected files detected C:\Programme\Common Files\wwrf\wwrfd\vocabulary Infected registry entries detected HKEY_CURRENT_USER\Software\tsl2 HKEY_CURRENT_USER\Software\tsl2 Tsl2HWND 1377134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA DisplayName TSA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA UninstallString C:\WINDOWS\system32\tsuninst.exe /u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer NoRemove 1 HKEY_LOCAL_MACHINE\SOFTWARE\TSA HKEY_LOCAL_MACHINE\SOFTWARE\TSA\update TSVersion 4.0.3.8 HKEY_LOCAL_MACHINE\SOFTWARE\TSA NewInstall 0 Travelling Salesman Adware (General) more information... Details: Travelling Salesman monitors browsing habits and distributes the data back to the spyware web servers for analysis. Travelling Salesman also displays popup advertisements. Status: Deleted Infected files detected C:\Programme\Common Files\wwrf\wwrfd\wwrfc.dll Altnet Download Manager Low Risk Adware more information... Details: Altnet Download Manager accompanies Altnet P2P Networking and performs the job of downloading content from Altnet's P2P network. Status: Deleted Infected files detected C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\dmfiles.cab C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\DMinfo3.cab C:\RECYCLER\S-1-5-21-1409082233-117609710-725345543-1006\Dc2482\dminstall7.cab Infected registry entries detected HKEY_CLASSES_ROOT\AppID\adm.EXE HKEY_CLASSES_ROOT\AppID\adm.EXE AppID {99A8E2B2-3405-4C0D-9110-131C14CAAF62} MoneyTree Porn Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 C:\WINDOWS\wsem303.dll HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\ProgID DyFuCA_BH.SinkObj.1 HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\VersionIndependentProgID DyFuCA_BH.SinkObj HKEY_CLASSES_ROOT\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} SinkObj Class HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 C:\WINDOWS\wsem303.dll HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} NoExplorer 1 AvenueMedia.InternetOptimizer Browser Plug-in more information... Details: Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 C:\WINDOWS\wsem303.dll HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} BHObj Class HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 TimeStamp 20040628000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI76 4166405604 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RILast 4166925746 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI75 4166578413 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI73 4166751240 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI74 4166925746 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 TimeStamp 20040628000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf3 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI76 4166405604 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RILast 4166925746 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI75 4166578413 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI73 4166751240 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert RI74 4166925746 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\anything\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\anything\cf1 TimeStamp 00000000000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\anything\cf1 Version 0.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\wsem303.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI19961 4174280586 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18669 4166488115 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18680 4169257447 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4169257831 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18641 4169431293 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18686 4166980182 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18635 4167188197 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18633 4167272902 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18719 4171723600 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18709 4175469697 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510396 4180884337 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510391 4180884936 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510431 4172876170 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510397 4175901408 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510401 4176667706 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510433 4175643532 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2483 4174280586 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4176140313 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510423 4175901725 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510392 4175903220 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510424 4176170309 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4180947675 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4180947675 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4180947675 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510395 4176168750 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510425 4176168750 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510416 4176169174 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.4 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29734182,181998128 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-6b20563e509187886b6f0885 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1111451176 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1126177163 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 487,9 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf3 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf3 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf3 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf3 TimeStamp 20040628000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf3 Version 3.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert RI76 4166405604 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert RILast 4166925746 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert RI75 4166578413 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert RI73 4166751240 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert RI74 4166925746 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\anything\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\anything\cf1 TimeStamp 00000000000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\anything\cf1 Version 0.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 TimeStamp 20050625165812 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\wsem303.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI19961 4174280586 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18669 4166488115 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18680 4169257447 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18679 4169257831 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18641 4169431293 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18686 4166980182 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18635 4167188197 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18633 4167272902 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18719 4171723600 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18709 4175469697 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510396 4180884337 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510391 4180884936 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510431 4172876170 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510397 4175901408 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510401 4176667706 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510433 4175643532 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2483 4174280586 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510410 4176140313 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510423 4175901725 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510392 4175903220 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510424 4176170309 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2527 4180947675 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2526 4180947675 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2525 4180947675 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510395 4176168750 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510425 4176168750 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510416 4176169174 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi24 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.4 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29734182,181998128 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-6b20563e509187886b6f0885 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1111451176 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1126177163 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 487,9 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update DisplayName WSEM Update HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u 1 HKEY_CURRENT_USER\software\policies\avenue media HKEY_CURRENT_USER\software\avenue media HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\0\win32 C:\WINDOWS\wsem303.dll HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Active Alert Changed 0 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297} HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 SinkObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert DisplayIcon C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert DisplayName Active Alert HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert UninstallString "C:\Program Files\Internet Optimizer\actalert.exe" /u HKEY_LOCAL_MACHINE\software\policies\avenue media HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} NoExplorer 1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt StarDialer Porn Dialer more information... Details: An ActiveX installer control for premium-rate phone diallers, usually German. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf} HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\Control HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\InprocServer32 C:\WINDOWS\DOWNLO~1\STARIN~1.OCX HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\MiscStatus\1 131217 HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\ProgID ACTIVEXDOWNLOAD.ActiveXDownloadCtrl.1 HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\ToolboxBitmap32 C:\WINDOWS\DOWNLO~1\STARIN~1.OCX, 1 HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\TypeLib {A30B0BEB-A992-4E4B-AF6E-EB9019C3E540} HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf} StarInstall Control KaZaA P2P Program more information... Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Kazaa HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\Software\Kazaa\DontShow CloseToSystray 1 HKEY_CURRENT_USER\Software\Kazaa\DontShow CancelDownload 0 HKEY_CURRENT_USER\Software\Kazaa\DontShow DisableAdult 0 HKEY_CURRENT_USER\Software\Kazaa\DontShow SetDefaultHandler 0 HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 0 151 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 1 108 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 2 80 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 3 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 4 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 5 70 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 6 72 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 7 82 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 8 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 9 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 10 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 11 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 12 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 13 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\AudioWidth 14 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 0 182 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 1 91 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 2 91 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 3 91 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 4 127 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 5 91 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 6 156 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 7 112 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Download Width 8 328 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 0 151 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 1 108 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 2 80 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 3 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 4 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 5 70 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 6 72 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 7 82 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 8 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 9 64 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 10 60 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 11 76 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\EverythingWidth 12 180 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Media 1 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Kapsules 0 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\MyKazaaStates My Playlists 1 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol1 75 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol2 50 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings SACol3 125 HKEY_CURRENT_USER\Software\Kazaa\Kazaa\Settings WindowPos 0,3,-32000,-32000,-1,-1,44,58,1004,777 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 1 HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableSharing 0 HKEY_CURRENT_USER\Software\Kazaa\LocalContent SearchAgents C:\Programme\Kazaa\My Search Agents HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BBDbLoc C:\Programme\Kazaa\Db\bb.db HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc C:\Programme\Kazaa\broadband.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband NullImageLoc2 C:\Programme\Kazaa\broadband2.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband BroadNagCount2 27 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Broadband LastBBShown 1103664886 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 DAPStart 1108749195 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 PrCode 5304 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 ExpsNum 59 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 OrigFileTerm swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 StartDate 1108012212 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 EndDate 1109221752 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 DAPUrl clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 Url clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 BannUrl http://jcontent.bns1.net/bns/new/F_343500.swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 Type 12 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 RndStr 52147516 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_3435 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 SeqnNum 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 DeftExpsLen 30 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 DAPStart 1108749180 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 PrCode 4813 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 ExpsNum 50 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 OrigFileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 StartDate 1106629800 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 EndDate 1136092140 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 Url Nothing HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_2723 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 DAPStart 1105049973 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 PrCode 2300 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ExpsNum 250 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 OrigFileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 StartDate 1094620233 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 EndDate 1136092173 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 Url Nothing HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ExpsMSecCnt 285393 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_3086 ActvMSecCnt 253393 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 SeqnNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 DeftExpsLen 1200 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 CacheSize 300000 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 Passive 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 DAPStart 1108749192 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 PrCode 5304 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ExpsNum 52 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 OrigFileTerm swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 StartDate 1108012212 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 EndDate 1109221752 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 DAPUrl clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 Url clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 BannUrl http://jcontent.bns1.net/bns/new/F_343500.swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 Type 12 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 RndStr 86442221 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ExpsMSecCnt 24390 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_3435 ActvMSecCnt 15281 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 SeqnNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 DAPStart 1106920528 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 PrCode 4601 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ExpsNum 8 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ExpsCnt 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ExpsLast 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 FileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 OrigFileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 StartDate 1105420228 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 EndDate 1136092168 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 DAPUrl http://ad.doubleclick.net/clk;10942410;8740736;d?http://www.leadshop.net/informationen.htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 Url http://ad.doubleclick.net/clk;10942410;8740736;d?http://www.leadshop.net/informationen.htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 BannUrl http://www.bns1.net/bns/new/B_235100.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 Type 12 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 RndStr 63598737 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 RefExpsCnt 6 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_2351 ExpsMSecCnt 483 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 SeqnNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 MinCycle 3 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 SeqnNum 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 SeqnNum 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 DeftExpsLen 30 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 ShowCycle 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 DAPStart 1108749196 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 PrCode 5304 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 ExpsNum 59 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 OrigFileTerm swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 StartDate 1108012212 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 EndDate 1109221752 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 DAPUrl clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 Url clickTag=http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 BannUrl http://jcontent.bns1.net/bns/new/F_343500.swf HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 Type 12 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 CycleInter 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 RndStr 16051496 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_3435 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 SeqnNum 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 DeftExpsLen 30 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 SeqnNum 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PXPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PYPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PWidth 200 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PHight 300 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PUnder 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PTitle New offer for you! HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 DAPStart 1108749180 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 PrCode 3716 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 ExpsNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 OrigFileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 StartDate 1101445800 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 EndDate 1109653740 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 Url http://www.meetic.at/index.php?mtcmk=112944 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 BannUrl http://jcontent.bns1.net/bns/new/F_148700.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 Type 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1487 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PXPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PYPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PWidth 200 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PHight 300 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PUnder 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PTitle New offer for you! HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 DAPStart 1108749180 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 PrCode 3717 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 ExpsNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 OrigFileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 StartDate 1101445800 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 EndDate 1109653740 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 Url http://www.meetic.at/index.php?mtcmk=112944 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 BannUrl http://www.bns1.net/bns/new/F_148800.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 Type 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_1488 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 SeqnNum 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PXPos 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PYPos 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PWidth 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PHight 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PUnder 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PTitle HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 DAPStart 1108749187 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 PrCode 5377 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 ExpsNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 OrigFileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 StartDate 1108357800 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 EndDate 1136092140 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 Url Nothing HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 BannUrl http://jcontent.bns1.net/bns/new/B_351500.htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 Type 17 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 RndStr 84231860 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_3515 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 SeqnNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 MinCycle 18443207 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PXPos 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PYPos 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PWidth 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PHight 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PUnder 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PTitle HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 DAPStart 1108749180 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 PrCode 4653 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ExpsNum 84 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 OrigFileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 StartDate 1105506600 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 EndDate 1108962540 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 Url Nothing HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 BannUrl http://jcontent.bns1.net/bns/new/B_255000.htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 Type 17 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_2550 ExpsMSecCnt 875 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PXPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PYPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PWidth 200 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PHight 300 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PUnder 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PTitle New offer for you! HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 DAPStart 1108749188 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 PrCode 5333 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 ExpsNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 OrigFileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 StartDate 1108271400 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 EndDate 1109221740 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 Url http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 ConfStr ??? HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 BannUrl http://jcontent.bns1.net/bns/new/F_344800.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 Type 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 RndStr 84040970 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3448 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PXPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PYPos -1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PWidth 300 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PHight 200 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PUnder 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PTitle New offer for you! HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 DAPStart 1108749188 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 StartHour 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 EndHour 1439 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PopupDefs 2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 ShowBann 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 PrCode 5335 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 ExpsNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 ExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 ExpsLast 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 BannNum 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 BannCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 FileTerm htm HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 OrigFileTerm gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 StartDate 1108271400 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 EndDate 1109221740 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 Url http://www.flirtstar.at HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 ConfStr ??C HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 BannUrl Bcdadwr.CySolutionAd.com/bns/new/F_345000.gif HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 Type 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 CycleInter 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 RndStr 92390146 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 RefClickCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_3450 RefExpsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 SeqnList HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 SeqnNum 4 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 MinCycle 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 Visible 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 MinInter 10 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 Popup 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 Passive 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 DeftExpsLen 60 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 OLCacheSize 5400 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 DFCacheSize 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 CacheSize 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 LastPopup 18479152 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue BnsCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue BnsPtr 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status IdleState 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 UserCode 200101 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 LoctNum 5 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 LNextCMSConn 1108777991 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 DaysCnt 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 LastDate 1108749165 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 PopMaxSes 8 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 PopMaxDay 8 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 LastCMSConn HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 LLastCMSConn 1108749192 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 DistCode 442 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 CCC2 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 CCC1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 ConnFrqn 20 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 HisAryNum 10 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 HisAry HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 CmsConnTimes 0 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 PopDonSes 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor\Adwr_329 PopDonDay 1 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor Vers 3216 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor VersBuild 3216_11 HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor Desc2 ????????sL@?? HKEY_CURRENT_USER\Software\Kazaa\Promotions\Cydoor ConnType 2 HKEY_CURRENT_USER\Software\Kazaa\Search 0 Tr~ HKEY_CURRENT_USER\Software\Kazaa\Search 1 Tr~f HKEY_CURRENT_USER\Software\Kazaa\Search 2 Wn]~j HKEY_CURRENT_USER\Software\Kazaa\Search 3 T{il_D HKEY_CURRENT_USER\Software\Kazaa\Search 4 ~k~ j^ oSgxONfC{x&_ HKEY_CURRENT_USER\Software\Kazaa\Search 5 pw,kKD HKEY_CURRENT_USER\Software\Kazaa\Search 6 mj HKEY_CURRENT_USER\Software\Kazaa\Search 7 c{~ HKEY_CURRENT_USER\Software\Kazaa\Search 8 c{i g HKEY_CURRENT_USER\Software\Kazaa\Search 9 cp,"_D HKEY_CURRENT_USER\Software\Kazaa\Search 10 usx HKEY_CURRENT_USER\Software\Kazaa\Search 11 Jp, HKEY_CURRENT_USER\Software\Kazaa\Search 12 Jp,m HKEY_CURRENT_USER\Software\Kazaa\Search 13 NGih]uSX HKEY_CURRENT_USER\Software\Kazaa\Search 14 Dl k\D HKEY_CURRENT_USER\Software\Kazaa\Search 15 Eqi HKEY_CURRENT_USER\Software\Kazaa\Search 16 Eqi HKEY_CURRENT_USER\Software\Kazaa\Search 17 T}xt^ HKEY_CURRENT_USER\Software\Kazaa\Search 18 E{i HKEY_CURRENT_USER\Software\Kazaa\Search 19 I>` m_@ HKEY_CURRENT_USER\Software\Kazaa\Search 20 tlb˴]wH@ HKEY_CURRENT_USER\Software\Kazaa\Search 21 E ,fQ̽ HKEY_CURRENT_USER\Software\Kazaa\Search 22 ple]j^M HKEY_CURRENT_USER\Software\Kazaa\Search 23 njmm HKEY_CURRENT_USER\Software\Kazaa\Search 24 h>h > HKEY_CURRENT_USER\Software\Kazaa\Search 25 Bv HKEY_CURRENT_USER\Software\Kazaa\Search 26 plmqFٯr HKEY_CURRENT_USER\Software\Kazaa\Search 27 C> "PDë HKEY_CURRENT_USER\Software\Kazaa\Search 28 s{epH HKEY_CURRENT_USER\Software\Kazaa\Search 29 tsc]vTMy HKEY_CURRENT_USER\Software\Kazaa\Search 30 koh HKEY_CURRENT_USER\Software\Kazaa\Search 31 Wj,gI HKEY_CURRENT_USER\Software\Kazaa\Search 32 Tv,"_N{^q= HKEY_CURRENT_USER\Software\Kazaa\Search 33 Jm HKEY_CURRENT_USER\Software\Kazaa\Search 34 Wj,gI HKEY_CURRENT_USER\Software\Kazaa\Search 35 Wjdq^S HKEY_CURRENT_USER\Software\Kazaa\Search 36 Tv)ipO HKEY_CURRENT_USER\Software\Kazaa\Search 37 sl~rKD HKEY_CURRENT_USER\Software\Kazaa\Search 38 pd HKEY_CURRENT_USER\Software\Kazaa\Search 39 mr HKEY_CURRENT_USER\Software\Kazaa\Search 40 c{`v^O*rU"<[N|_7` HKEY_CURRENT_USER\Software\Kazaa\Search 41 W n HKEY_CURRENT_USER\Software\Kazaa\Search 42 s{c HKEY_CURRENT_USER\Software\Kazaa\Search 43 s{i HKEY_CURRENT_USER\Software\Kazaa\Search 44 f]kl HKEY_CURRENT_USER\Software\Kazaa\Search 45 B w HKEY_CURRENT_USER\Software\Kazaa\Search 46 JzmgH HKEY_CURRENT_USER\Software\Kazaa\Search 47 on,gOI HKEY_CURRENT_USER\Software\Kazaa\Search 48 sl` HKEY_CURRENT_USER\Software\Kazaa\Search 49 Tv)d q]Dn HKEY_CURRENT_USER\Software\Kazaa\Settings + HKEY_CURRENT_USER\Software\Kazaa\Settings Date HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0 HKEY_CURRENT_USER\Software\Kazaa\Settings AutoUpdateSkype 0 HKEY_CURRENT_USER\Software\Kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer + HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 1 HKEY_CURRENT_USER\Software\Kazaa\Transfer UploadBandwidth 24 HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentDownloads 20 HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentUploads 1 HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1108749168 HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 C:\Programme\Kazaa\My Shared Folder HKEY_CURRENT_USER\Software\Kazaa Tmp 0 HKEY_CURRENT_USER\Software\Kazaa LastSearchHash HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}\TreatAs {0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76} HKEY_LOCAL_MACHINE\software\sharman networks ltd HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} UninstallString RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installati HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayName Kazaa 3.0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogFile C:\Programme\InstallShield Installation Information\{38C76428-6C9C-4CC6-B747-3AB6A4770225}\setup.ilg HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} ProductGuid {38C76428-6C9C-4CC6-B747-3AB6A4770225} HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} InstallLocation C:\Programme\Kazaa HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} DisplayVersion 3.0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} Version 50331648 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MajorVersion 3 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} MinorVersion 0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\{38C76428-6C9C-4CC6-B747-3AB6A4770225} LogMode 1 WhenU.WeatherCast Low Risk Adware more information... Details: WeatherCast is an ad supported desktop weather program that that puts an icon in the system tray displaying the local temperature. It also offers current weather data and forecasts. Weathercast is often bundled with the Save advertising program and/or th Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\WhenU\Weather HKEY_CURRENT_USER\Software\WhenU\Weather InstallDir C:\Programme\WeatherCast HKEY_CURRENT_USER\Software\WhenU\Weather Version 1.52 HKEY_CURRENT_USER\Software\WhenU\Weather about_url http://spweb.whenu.com/about_weather.html HKEY_CURRENT_USER\Software\WhenU\Weather checkver_url http://spapp.whenu.com/WeatherDB HKEY_CURRENT_USER\Software\WhenU\Weather update_url http://akdwl.whenu.com/weatherupdate.exe HKEY_CURRENT_USER\Software\WhenU\Weather exitsurvey_url http://web.whenu.com/uninstall_weather.html HKEY_CURRENT_USER\Software\WhenU\Weather nagSequence 5;5|;2;3;4 HKEY_CURRENT_USER\Software\WhenU\Weather nag1_url http://app.whenu.com/WthrPrefs?mode=nt&nid=1 HKEY_CURRENT_USER\Software\WhenU\Weather nag2_url http://app.whenu.com/WthrPrefs?mode=nt&nid=2 HKEY_CURRENT_USER\Software\WhenU\Weather nag3_url http://app.whenu.com/WthrPrefs?mode=nt&nid=3 HKEY_CURRENT_USER\Software\WhenU\Weather nag4_url http://app.whenu.com/WthrPrefs?mode=nt&nid=4 HKEY_CURRENT_USER\Software\WhenU\Weather nag5_url http://app.whenu.com/WthrPrefs?mode=nt&nid=5 HKEY_CURRENT_USER\Software\WhenU\Weather nag6_url http://app.whenu.com/WthrPrefs?mode=nt&nid=6 HKEY_CURRENT_USER\Software\WhenU\Weather Partner EEPE0404 HKEY_CURRENT_USER\Software\WhenU\Weather LastPartner EEPE0404 HKEY_CURRENT_USER\Software\WhenU\Weather InstallTime 20050128150943 HKEY_CURRENT_USER\Software\WhenU\Weather userFontStyle 0 HKEY_CURRENT_USER\Software\WhenU\Weather timeHeartbeat 20050227191231 HKEY_CURRENT_USER\Software\WhenU\Weather feed_url http://spweather.whenu.com/summary/AU/XX/0025.html HKEY_CURRENT_USER\Software\WhenU\Weather main_url http://spweather.whenu.com/wthrforecast.html?AU/XX/0025 HKEY_CURRENT_USER\Software\WhenU\Weather prefs_url http://app.whenu.com/WthrPrefs?country=Austria&city=Vienna&station=AUXX0025 HKEY_CURRENT_USER\Software\WhenU\Weather city Vienna HKEY_CURRENT_USER\Software\WhenU\Weather country AT HKEY_CURRENT_USER\Software\WhenU\Weather scrollCount 1 DownloadWare Adware (General) more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Deleted Infected files detected C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL Infected registry entries detected HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} IMyWaySettings HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} _IMyWaySettingsEvents Cydoor Adware (General) more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\cydoor HKEY_LOCAL_MACHINE\software\cydoor AdwrCnt 0 HKEY_CURRENT_USER\software\cydoor HKEY_CURRENT_USER\software\cydoor Desc2 ????????sL@?? HKEY_CURRENT_USER\software\cydoor ConnType 2 IST.PowerScan Adware (General) more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Power Scan HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-03-22 00:26:03 HKEY_CURRENT_USER\software\ist account_id 1001693 HKEY_CURRENT_USER\software\ist config ysb_l3 HKEY_CURRENT_USER\software\ist Recover !ZpHc.Y['LJLQ&رTU\K`#äpU-kcq67 ;L<-,UX.|#즈X HKEY_CURRENT_USER\SOFTWARE\PowerScan HKEY_CURRENT_USER\SOFTWARE\PowerScan account_id 1001693 HKEY_LOCAL_MACHINE\Software\PowerScan HKEY_LOCAL_MACHINE\Software\PowerScan LoadNum 1 IST.ISTbar.ActiveX Adware (General) more information... Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a users consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959} HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 C:\WINDOWS\Downloaded Program Files\istactivex.dll HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959}\ProgID ISTx.Installer HKEY_CLASSES_ROOT\clsid\{7C559105-9ECF-42b8-B3F7-832E75EDD959} Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\Contains\Files C:\WINDOWS\Downloaded Program Files\istactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\DownloadInformation CODEBASE http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InstalledVersion 1,0,0,3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}\InstalledVersion LastModified Mon, 14 Mar 2005 20:22:10 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959} Installer MSICD HKEY_CLASSES_ROOT\ISTx.Installer HKEY_CLASSES_ROOT\ISTx.Installer\CLSID {7C559105-9ECF-42b8-B3F7-832E75EDD959} HKEY_CLASSES_ROOT\ISTx.Installer Installer Class KeenValue Browser Plug-in more information... Details: Adware and browser plug-in Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875} HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\0\win32 C:\Programme\PerfectNav\BHO\PerfectNav150c.dll HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0\HELPDIR C:\Programme\PerfectNav\BHO\ HKEY_CLASSES_ROOT\TypeLib\{DE289BFA-737B-4ABB-A4EC-F8753551B875}\1.0 BHO 1.0 Type Library IST.XXXToolbar Toolbar more information... Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected files detected C:\Programme\SideFind\sfbho.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST InstallDate 2005-03-22 00:26:03 HKEY_CURRENT_USER\Software\IST account_id 1001693 HKEY_CURRENT_USER\Software\IST config ysb_l3 HKEY_CURRENT_USER\Software\IST Recover !ZpHc.Y['LJLQ&رTU\K`#äpU-kcq67 ;L<-,UX.|#즈X HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library YourSiteBar Toolbar more information... Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\PROGRA~1\YOURSI~1\yoursitebar.xml 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\PROGRA~1\YOURSI~1\imagemap_normal.bmp 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles C:\PROGRA~1\YOURSI~1\version.txt 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar barTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://www.ysbweb.com/ysb/xml/1001693/ HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar yoursitebar.xml 1611665215 HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_normal.bmp 444572183 HKEY_LOCAL_MACHINE\Software\YourSiteBar showcorrupted 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar updatever HKEY_LOCAL_MACHINE\Software\YourSiteBar refreshscope 1440 HKEY_LOCAL_MACHINE\Software\YourSiteBar allowupdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar LastCheckTime 1111451174 HKEY_LOCAL_MACHINE\Software\YourSiteBar version.txt 1842515611 HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "C:\Programme\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ysbactivex.dll HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 C:\Programme\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR C:\Programme\YourSiteBar\ HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar HKEY_CLASSES_ROOT\Ysbactivex.installer HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\YSBactivex.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar SlowInfoCache HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\YourSiteBar Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files C:\WINDOWS\Downloaded Program Files\ysbactivex.dll HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} IBHObj HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} NoExplorer 1 The PC Detective Commercial Key Logger more information... Details: The PC Detective is a utility that monitors all activity including Web sites visited, applications run, keystrokes, chat conversations, instant messages, and regular screen captures all in complete stealth, so users will not be aware of its presence. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer NoRemove 1 TinyBar Hijacker more information... Details: TinyBar is an Internet Explorer toolbar that adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll Warez P2P P2P Program more information... Details: Warez P2P is a file sharing program that allows the user to participate in online file sharing networks. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 C:\Programme\CatchTheSpermUnlimited\CatchTheSpermUnlimited.exe HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID CatchTheSpermUnlimited.DocHostUIHandler HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Implements DocHostUIHandler Pinch Alpha 1.8 Trojan more information... Details: Pinch Alpha 1.8 is a trojan Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 C:\Programme\CatchTheSpermUnlimited\CatchTheSpermUnlimited.exe HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID CatchTheSpermUnlimited.DocHostUIHandler HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Implements DocHostUIHandler WhenU.WhenUSearch Low Risk Adware more information... Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\WUSN.1 HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id SearchNugget Toolbar more information... Details: SearchNugget is a Browser Helper Object (BHO) that creates a toolbar in Internet Explorer. Status: Deleted Infected files detected c:\programme\save\acm.dll Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} TurkSpy Backdoor more information... Details: TurkSpy is a Backdoor Trojan that when run, provides an attacker with the capability of remotely controlling a machine. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32 C:\Programme\CatchTheSpermUnlimited\CatchTheSpermUnlimited.exe HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID CatchTheSpermUnlimited.DocHostUIHandler HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF} Implements DocHostUIHandler Need2FindBar Potentially Unwanted Program more information... Details: Need2FindBar is a browser helper object (BHO) toolbar that has a search function. Status: Deleted Infected files detected c:\programme\myway\mybar\1.bin\mybar.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL DollarRevenue Adware (General) more information... Details: DollarRevenue is an adware program that spawns pop-up advertising on the desktop and downloads other adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\Contains\Files C:\WINDOWS\Downloaded Program Files\ysbactivex.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\DownloadInformation CODEBASE http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion 1,0,0,3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\InstalledVersion LastModified Mon, 14 Mar 2005 19:25:58 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} Installer MSICD Trojan.WinlogonHook.Delf.A Trojan more information... Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 159248792 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 779 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PID 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 123 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore Count 21 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F4C3D09-B3B9-4F88-AA82-31332FEE1C08}\iexplore Time HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08} Spyex Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@0[1].txt c:\dokumente und einstellungen\tamara\cookies\tamara@0[3].txt a.websponsors Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@a.websponsors[1].txt ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@ad.yieldmanager[2].txt AdKnowledge.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@adknowledge[2].txt PointRoll.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@ads.pointroll[1].txt Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@advertising[1].txt PriceBandit Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@apmebf[2].txt as-us.falkag Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@as-us.falkag[2].txt ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@atdmt[2].txt ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@a[1].txt Claria.DashBar Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@belnk[2].txt BFast.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@bfast[1].txt Bluestreak.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@bluestreak[1].txt Bravenet.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@bravenet[1].txt BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@bs.serving-sys[1].txt c:\dokumente und einstellungen\tamara\cookies\tamara@serving-sys[2].txt BurstNet.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@burstnet[2].txt casalemedia.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@casalemedia[2].txt Centrport.net Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@centrport[2].txt CGI-Bin Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@cgi-bin[2].txt c:\dokumente und einstellungen\tamara\cookies\tamara@cgi-bin[3].txt DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@doubleclick[2].txt Ru4.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@edge.ru4[2].txt FastClick.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@fastclick[2].txt c:\dokumente und einstellungen\tamara\cookies\tamara@media.fastclick[2].txt FortuneCity.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@fortunecity[2].txt c:\dokumente und einstellungen\tamara\cookies\tamara@fortunecity[3].txt GeoCities Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@geocities[1].txt Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@hitbox[2].txt IndexTools.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@indextools[1].txt maxserving Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@maxserving[2].txt Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@mediaplex[1].txt Overture.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@overture[2].txt PacificPoker Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@pacificpoker[1].txt RealMedia.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@realmedia[2].txt Revenue.net Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@revenue[2].txt SageAnalyst Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@sageanalyst[1].txt Stat.Onestat Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@stat.onestat[2].txt statcounter.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@statcounter[2].txt Targetnet.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@targetnet[1].txt tickle Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@tickle[1].txt Radar Spy 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@tradedoubler[1].txt Trafficmp.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@trafficmp[1].txt TribalFusion.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@tribalfusion[2].txt Tripod Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@tripod[1].txt ValueClick.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@valueclick[1].txt c:\dokumente und einstellungen\tamara\cookies\tamara@valueclick[2].txt Weborama Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@weborama[1].txt ClickedyClick.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@www.clickedyclick[2].txt Ajan 1.0 Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@xiti[1].txt Adserver.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@z1.adserver[1].txt Zedo Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tamara\cookies\tamara@zedo[2].txt