J
James
Spyware Doctor Activity Report
Generated on 1/24/2005 2:29:36 PM
Spyware Doctor Homepage PCTools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 1/24/2005 2:29:54 PM
scan stop: 1/24/2005 2:35:38 PM
scanned items: 88416
found items: 42
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts
scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
Browser Defaults, Favorites and ZoneMap Scanner, Browser
Scanner, Disk Scanner
Infection Name Location Risk
HotBar multiple Medium
2020search.com HKCU\Software\Dynamic Toolbar Medium
Dyfuca/Internet Optimizer HKU\S-1-5-21-790525478-
1606980848-854245398-1003\Software\Microsoft\Internet
Explorer\Main##BandRest High
Dyfuca/Internet Optimizer HKLM\Software\Microsoft\Internet
Explorer\Main##BandRest High
HotBar HKCR\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd}
Medium
HotBar HKCR\HbCoreSrv.LfgAx Medium
HotBar HKCR\HbCoreSrv.LfgAx.1 Medium
HotBar HKCR\HbHostIE.Bho Medium
HotBar HKCR\HbHostIE.Bho.1 Medium
HotBar HKLM\software\classes\contact.contacts Medium
HotBar HKLM\software\classes\contact.contacts.1 Medium
HotBar HKLM\SOFTWARE\ShopperReports Medium
IEPlugin HKLM\SOFTWARE\Microsoft\Internet
Explorer\SearchUrl Medium
SearchRelevancy HKLM\SOFTWARE\SearchRelevancy High
SlimFTP
HKLM\software\microsoft\windows\currentversion\run##version
Medium
Slotchbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
C:/WINDOWS/Downloaded Program
Files/CONFLICT.1/ISTactivex.dll High
Super-gals.com HKCR\Interface\{AA4939C3-DECA-4A48-A454-
97CD587C0EF5} High
Super-gals.com HKCR\Interface\{EEE4A2E5-9F56-432F-A6ED-
F6F625B551E0} High
TafBar HKCU\Software\Dynamic Toolbar Elevated
WildTangent HKCR\clsid\{205FF73B-CA67-11D5-99DD-
444553540000} Medium
XXXToolbar HKCU\Software\Policies\Avenue Media Elevated
XXXToolbar HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-
3FCD5F526429} Elevated
XXXToolbar HKLM\SOFTWARE\Policies\Avenue Media Elevated
Zango Search Assistant HKCR\TypeLib\{67907B3C-A6EF-4A01-
99AD-3FCD5F526429} Elevated
Zango Search Assistant HKCU\Software\Policies\Avenue Media
Elevated
Zango Search Assistant HKLM\SOFTWARE\Policies\Avenue Media
Elevated
Tracking Cookie(s) laptop1@overture[1].txt Medium
Tracking Cookie(s) laptop1@fastclick[2].txt Medium
Tracking Cookie(s) laptop1@yadro[2].txt Medium
Tracking Cookie(s) laptop1@39539642[1].txt Medium
Tracking Cookie(s) (e-mail address removed)[1].txt Medium
Tracking Cookie(s) laptop1@atdmt[2].txt Medium
Tracking Cookie(s) laptop1@80503492[1].txt Medium
Tracking Cookie(s) laptop1@go2net[1].txt Medium
Tracking Cookie(s) laptop1@bluestreak[2].txt Medium
WildTangent {205FF73B-CA67-11D5-99DD-444553540000} Medium
Slotchbar C:\WINDOWS\Downloaded Program Files\CONFLICT.1
\ISTactivex.dll High
Slotchbar C:\WINDOWS\Downloaded Program Files\CONFLICT.1
\istactivex.inf High
Andlotsmore.com dialler C:\WINDOWS\Downloaded Program
Files\Install.inf Elevated
SahAgent C:\WINDOWS\Downloaded Program Files\sporder_.dll
Elevated
IEPlugin C:\WINDOWS\system32\instsrv.exe Medium
Slotchbar C:\Documents and Settings\Laptop1\Local
Settings\Temp\iinstall.exe High
Other Sections:
Copyright (C) 2003-2004 PCTools Pty Ltd Legal Notice
Generated on 1/24/2005 2:29:36 PM
Spyware Doctor Homepage PCTools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 1/24/2005 2:29:54 PM
scan stop: 1/24/2005 2:35:38 PM
scanned items: 88416
found items: 42
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts
scanner, LSP Scanner, Registry Scanner, Cookie Scanner,
Browser Defaults, Favorites and ZoneMap Scanner, Browser
Scanner, Disk Scanner
Infection Name Location Risk
HotBar multiple Medium
2020search.com HKCU\Software\Dynamic Toolbar Medium
Dyfuca/Internet Optimizer HKU\S-1-5-21-790525478-
1606980848-854245398-1003\Software\Microsoft\Internet
Explorer\Main##BandRest High
Dyfuca/Internet Optimizer HKLM\Software\Microsoft\Internet
Explorer\Main##BandRest High
HotBar HKCR\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd}
Medium
HotBar HKCR\HbCoreSrv.LfgAx Medium
HotBar HKCR\HbCoreSrv.LfgAx.1 Medium
HotBar HKCR\HbHostIE.Bho Medium
HotBar HKCR\HbHostIE.Bho.1 Medium
HotBar HKLM\software\classes\contact.contacts Medium
HotBar HKLM\software\classes\contact.contacts.1 Medium
HotBar HKLM\SOFTWARE\ShopperReports Medium
IEPlugin HKLM\SOFTWARE\Microsoft\Internet
Explorer\SearchUrl Medium
SearchRelevancy HKLM\SOFTWARE\SearchRelevancy High
SlimFTP
HKLM\software\microsoft\windows\currentversion\run##version
Medium
Slotchbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\
C:/WINDOWS/Downloaded Program
Files/CONFLICT.1/ISTactivex.dll High
Super-gals.com HKCR\Interface\{AA4939C3-DECA-4A48-A454-
97CD587C0EF5} High
Super-gals.com HKCR\Interface\{EEE4A2E5-9F56-432F-A6ED-
F6F625B551E0} High
TafBar HKCU\Software\Dynamic Toolbar Elevated
WildTangent HKCR\clsid\{205FF73B-CA67-11D5-99DD-
444553540000} Medium
XXXToolbar HKCU\Software\Policies\Avenue Media Elevated
XXXToolbar HKCR\TypeLib\{67907B3C-A6EF-4A01-99AD-
3FCD5F526429} Elevated
XXXToolbar HKLM\SOFTWARE\Policies\Avenue Media Elevated
Zango Search Assistant HKCR\TypeLib\{67907B3C-A6EF-4A01-
99AD-3FCD5F526429} Elevated
Zango Search Assistant HKCU\Software\Policies\Avenue Media
Elevated
Zango Search Assistant HKLM\SOFTWARE\Policies\Avenue Media
Elevated
Tracking Cookie(s) laptop1@overture[1].txt Medium
Tracking Cookie(s) laptop1@fastclick[2].txt Medium
Tracking Cookie(s) laptop1@yadro[2].txt Medium
Tracking Cookie(s) laptop1@39539642[1].txt Medium
Tracking Cookie(s) (e-mail address removed)[1].txt Medium
Tracking Cookie(s) laptop1@atdmt[2].txt Medium
Tracking Cookie(s) laptop1@80503492[1].txt Medium
Tracking Cookie(s) laptop1@go2net[1].txt Medium
Tracking Cookie(s) laptop1@bluestreak[2].txt Medium
WildTangent {205FF73B-CA67-11D5-99DD-444553540000} Medium
Slotchbar C:\WINDOWS\Downloaded Program Files\CONFLICT.1
\ISTactivex.dll High
Slotchbar C:\WINDOWS\Downloaded Program Files\CONFLICT.1
\istactivex.inf High
Andlotsmore.com dialler C:\WINDOWS\Downloaded Program
Files\Install.inf Elevated
SahAgent C:\WINDOWS\Downloaded Program Files\sporder_.dll
Elevated
IEPlugin C:\WINDOWS\system32\instsrv.exe Medium
Slotchbar C:\Documents and Settings\Laptop1\Local
Settings\Temp\iinstall.exe High
Other Sections:
Copyright (C) 2003-2004 PCTools Pty Ltd Legal Notice