Thanks for the replies. I am sure Cookies were a portion
of it. However, I am pretty sure there was a lot of
other materials caught by Spybot, but missed by MS. I
have posted the Report from the Spybot scan run AFTER the
MS Spyare tool was run. LOVE the look, feel and
interface of the MS product - hope it succeeds in the edn:
SPYBOT REPORT:
--- Report generated: 2004-07-16 13:49 ---
Avenue A, Inc.: Tracking cookie or cookie of tracking
site (File, nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@atdmt
[2].txt
Bargain Buddy: Executable (File, nothing done)
C:\Program Files\Bargain Buddy\bin\bargains.exe
Bargain Buddy: Executable (File, nothing done)
C:\Program Files\Bargain Buddy\bbchk.exe
Bargain Buddy: Library (File, nothing done)
C:\Program Files\Bargain Buddy\bin\apuc.dll
Bargain Buddy: Autorun settings (Registry value, nothing
done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run\Bargains
Bargain Buddy: Browser helper object (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{CE31A1F7-3D90-4874-
8FBE-A5D97F8BC8F1}
Bargain Buddy: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Apuc.UrlCatcher.1
Bargain Buddy: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\Apuc.UrlCatcher
Bargain Buddy: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{CE31A1F7-3D90-4874-8FBE-
A5D97F8BC8F1}
Bargain Buddy: Global settings (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Bargains
Bargain Buddy: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{C6906A23-4717-4E1F-B6FD-
F06EBED14177}
Bargain Buddy: Program directory (Directory, nothing done)
C:\Program Files\Bargain Buddy
Bargain Buddy: Program file (File, nothing done)
C:\Program Files\Bargain Buddy\bin2\bargains.exe
Bargain Buddy: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4EB7BBE8-2E15-424B-9DDB-
2CDB9516A2A3}
Bargain Buddy: Uninstall settings (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\Bargain Buddy
BFast: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@bfast
[2].txt
Commission Junction: Tracking cookie or cookie of
tracking site (File, nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@qksrv
[1].txt
Commission Junction: Tracking cookie or cookie of
tracking site (File, nothing done)
C:\Documents and
Settings\roattw\Cookies\roattw@commission-junction[1].txt
CoreMetrics: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\
[email protected][2].txt
DoubleClick: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\roattw@doubleclick[1].txt
DyFuCA: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-
8D85-0EA71C0748E4}
DyFuCA: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1
DyFuCA: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj
DyFuCA: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8F4E5661-F99E-4B3E-8D85-
0EA71C0748E4}
DyFuCA: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{0BE10B0D-B4DB-4693-9B1F-
9AEAD54D17DC}
DyFuCA.InternetOptimizer: Executable (File, nothing done)
C:\Program Files\Internet Optimizer\actalert.exe
DyFuCA.InternetOptimizer: Autorun settings (Registry
value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run\Internet Optimizer
DyFuCA.InternetOptimizer: Global settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\Software\Avenue Media
DyFuCA.InternetOptimizer: Program directory (Directory,
nothing done)
C:\Program Files\Internet Optimizer
DyFuCA.InternetOptimizer: Uninstall settings (Registry
key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\Internet Optimizer
DyFuCA.InternetOptimizer: Uninstall settings (Registry
key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\Internet Optimizer Active Alert
DyFuCA.InternetOptimizer: Uninstall settings (Registry
key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\DyFuCA
DyFuCA.InternetOptimizer: User settings (Registry key,
nothing done)
HKEY_USERS\S-1-5-21-527237240-602162358-839522115-1114
\Software\Avenue Media
eBates MoneyMaker: Autorun settings (Registry value,
nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run\EbatesMoeMoneyMaker
eBates MoneyMaker: IE extension (Registry value, nothing
done)
HKEY_USERS\S-1-5-21-527237240-602162358-839522115-1114
\Software\Microsoft\Internet
Explorer\Extensions\CmdMapping\{7F241C00-DAB6-11d5-AAA8-
0001028DF1BC}
eBates MoneyMaker: IE extension (Registry key, nothing
done)
HKEY_USERS\S-1-5-21-527237240-602162358-839522115-1114
\Software\Microsoft\Internet
Explorer\Extensions\{7F241C00-DAB6-11d5-AAA8-0001028DF1BC}
eBates MoneyMaker: Menu extension (Registry key, nothing
done)
HKEY_USERS\S-1-5-21-527237240-602162358-839522115-1114
\Software\Microsoft\Internet Explorer\MenuExt\Ebates
eBates MoneyMaker: Program directory (Directory, nothing
done)
C:\Program Files\EbatesMoeMoneyMaker
eBates MoneyMaker: Uninstall settings (Registry key,
nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\ebatesver2.xml
FastClick: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\roattw@fastclick[2].txt
Gator: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@gator
[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
cedarpoint.hitbox[1].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
datamonitor.hitbox[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
laptops.hitbox[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
newegg.hitbox[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@hitbox
[1].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and
Settings\roattw\Cookies\
[email protected][1].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
micron.hitbox[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and
Settings\roattw\Cookies\
[email protected][2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
ati.hitbox[2].txt
HitBox: Tracking cookie or cookie of tracking site (File,
nothing done)
C:\Documents and Settings\roattw\Cookies\roattw@ehg-
aha.hitbox[1].txt
HitsLink: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\
[email protected][2].txt
LinkSynergy: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\roattw@linksynergy[2].txt
MediaPlex: Tracking cookie or cookie of tracking site
(File, nothing done)
C:\Documents and
Settings\roattw\Cookies\roattw@mediaplex[2].txt
NavExcel: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{710BCB5B-8C6C-483E-A4F5-
FAF083B13184}
NavExcel: Browser helper object (Registry key, nothing
done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\explorer\Browser Helper Objects\{C1E58A84-95B3-4630-
B8C2-D06B77B7A0FC}
NavExcel: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\NavExcel.NavHelper.1
NavExcel: Class (Registry key, nothing done)
HKEY_CLASSES_ROOT\navexcel.navhelper
NavExcel: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{C1E58A84-95B3-4630-B8C2-
D06B77B7A0FC}
NavExcel: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{20F36AF3-3486-4BB6-8BCB-
F1F8ABE74D07}
NavExcel: Typelib (Registry key, nothing done)
HKEY_CLASSES_ROOT\Typelib\{FA4DE133-D3C3-4ED4-92D1-
CD4DDE839AB3}
n-Case: Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run\msbb
n-Case: Program file (File, nothing done)
c:\temp\msbb.exe
n-Case: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Uninstall\msbb
n-Case: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-527237240-602162358-839522115-1114
\Software\180solutions
--- Spybot-S&D version: 1.2 ---
2004-02-26 Includes\Cookies.sbi
2004-02-29 Includes\Dialer.sbi
2004-02-29 Includes\Hijackers.sbi
2004-02-26 Includes\Keyloggers.sbi
2004-02-29 Includes\Malware.sbi
2003-01-08 Includes\plugin-ignore.ini
2004-03-09 Includes\Revision.sbi
2004-02-26 Includes\Security.sbi
2004-02-29 Includes\Spybots.sbi
2004-02-26 Includes\Tracks.uti
2004-02-29 Includes\Trojans.sbi
