This is a (quick) summary of my expereince with "Microsoft AntiSpyware Beta1". Install went fine - no problems. Upon first starting up, config wizard also worked fine. No problems. I was able to pop through menus and view info all without problems. So far I'm starting to be impressed. Now let's scan... System is a PIII 450, 640MB RAM, running Windows XP Home with SP2. I did the default "Intelligent Quick Scan" without changing any settings. Here is a quick summary of what was detected, plus some additional comments of mine. Detected: - FlashGet - AckCmd - Fake GINA - Tini - WinZapper - Ghost Keylogger - WinPCap - KaZaA - SearchSquire Not a bad list - more then I expected for sure. If I realized it was going to be detecting trojans and keyloggers I would of been expecting these results. These *would* normally be a threat: - SearchSquire This is the only item found that I actually didn't expect. I couldn't find this with SpyBot or Ad-Aware. I checked the listed location and did confirm it. A point for MS! I removed this and it went well. Wizard worked and was easy to understand. Well done. **UPDATE** Conlan Adams on the Microsoft Focus list (SecurityFocus.com) informed me that this is part of the SpyBot S&D immunization procedure. This was confirmed by loading SpyBot S&D, then seeing a missing immunization. Thx! - KaZaA I'll give it credit for this - obviously can't detect the difference between KaZaA & KaZaA Lite. I'd rather have it false positive then nothing at all. Ignored this. - AckCmd (NTSecurity.nu) - Fake GINA (NTSecurity.nu) - Tini (NTSecurity.nu) - WinZapper (NTSecurity.nu) - Ghost Keylogger (Keylogger.net) In this case, all of these are just part of a special USB thumb drive I created and not actually a threat. (They sit dormant until used.) Nice to know it detects them. I also ignored all of these items. I like having the option to "Always ignore". These I'll argue against, but understand: - WinPCap - FlashGet Obviously WinPCap is detected due to the sniffing capabilities. If you meant to have it, and see it detected, then you would likely know better then to remove it. As for FlashGet, the registered version (which this is) doesn't use tracking. I believe MS should be able to detect the difference between the trial and registered version. I will be sure to inform them of this. =) (I ignored both these entries as well.) The one GUI problem I noticed - when clicking the "plus" (+) sign for more info on a detected problem, it expands the window and adds a scrollbar. Makes sense... and it worked without a hitch. However, after scrolling down quite a ways looking at Registry keys, I clicked the plus sign again to close the additional info. It was on one of the later detected problems, so when I closed it off, it brought everything back up below it. The scroll bar disappeared, however I couldn't see the entries *above* where I had just been viewing. I tried a number of things to scroll back up (wheel, highlighting, etc) without it working. I had to close the scan results, then reopen them to regain functionality and control properly. Following is the complete information provided by the scan. I haven't altered it in any way, shape, or form. Just directly copy/pasted from the viewing window. I'm not going to go through and remove all the long lines. Sorry for making you scroll. =============================================== FULL SCAN RESULTS (All copy/pasted from window) =============================================== Spyware Scan Details Start Date: 1/6/2005 3:03:09 PM End Date: 1/6/2005 3:14:07 PM Total Time: 10 mins 58 secs Detected Threats AckCmd RAT more information... Details: AckCmd is a client/server combination for Windows 2000. Status: Ignored Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\NTSecurity.nu Freeware\AckCmd\AckCmdC.exe C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\NTSecurity.nu Freeware\AckCmd\AckCmdS.exe Ghost Keylogger Commercial Key Logger more information... Status: Ignored Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\Hacking & Related\Ghost Keylogger v3.8\agent\syncagent.dll C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\Hacking & Related\Ghost Keylogger v3.8\agent\syncagent.exe C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\Hacking & Related\Ghost Keylogger v3.8\syncconfig.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synchronization Agent Fake GINA Password Hijacker more information... Status: Ignored Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. Infected files detected C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\NTSecurity.nu Freeware\FakeGINA\fakegina.dll Tini Trojan more information... Status: Ignored High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\NTSecurity.nu Freeware\Tini\tini.exe Win Zapper Trojan more information... Status: Ignored High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer. Infected files detected C:\Documents and Settings\Guinea Pig\Desktop\- ÜberUSB -\NTSecurity.nu Freeware\WinZapper\winzapper.exe SearchSquire Adware more information... Details: SearchSquire is an Internet Explorer sidebar containing paid links that open when you use search engines. Status: Removed Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com * 4 FlashGet Adware more information... Details: FlashGet is an advertisement supported software application used to increase Internet based file download speed. Status: Ignored Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge. Infected files detected c:\Program Files\FlashGet v1.4\Jccatch.dll c:\Program Files\FlashGet v1.4\fgiebar.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\jccatch.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}\ProgID JetCar.IeCatch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}\TypeLib {79DE8D41-161C-11D3-8B9B-DF77640BA112} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524}\VersionIndependentProgID JetCar.IeCatch HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} IeCatch Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\jccatch.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\ProgID JetCar.Netscape.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\TypeLib {79DE8D41-161C-11D3-8B9B-DF77640BA112} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}\VersionIndependentProgID JetCar.Netscape HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} JetCarNetscape Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand.1\CLSID {E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand.1 FgInfoBand Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand\CLSID {E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand\CurVer Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand FgInfoBand Class HKEY_CLASSES_ROOT\Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\DefaultIcon HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\DefaultIcon C:\PROGRA~1\FLASHG~1.4\flashget.exe,1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\shell\open\command HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\shell\open\command C:\PROGRA~1\FLASHG~1.4\flashget.exe "%1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\DefaultIcon C:\PROGRA~1\FLASHG~1.4\flashget.exe,1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document\shell\open\command C:\PROGRA~1\FLASHG~1.4\flashget.exe "%1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FlashGet.Document FlashGet Download Database HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch.1\CLSID {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch.1 IeCatch Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch\CLSID {FB5DA722-162B-11D3-8B9B-AA70B4B0B524} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch\CurVer JetCar.IeCatch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch IeCatch Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape.1\CLSID {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape.1 JetCarNetscape Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape\CLSID {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape\CurVer JetCar.Netscape.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape JetCarNetscape Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} ButtonText FlashGet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} Default Visible Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} Exec C:\PROGRA~1\FLASHG~1.4\flashget.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} HotIcon C:\PROGRA~1\FLASHG~1.4\flashget.exe,128 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} Icon C:\PROGRA~1\FLASHG~1.4\flashget.exe,223 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} CLSID {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} MenuStatusBar FlashGet HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} MenuText &FlashGet HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {e0e899ab-f487-11d5-8d29-0050ba6940e3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a5366673-e8ca-11d3-9cd9-0090271d075b} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) DisplayName FlashGet(JetCar) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashGet(JetCar) UninstallString C:\PROGRA~1\FLASHG~1.4\UNWISE.EXE C:\PROGRA~1\FLASHG~1.4\INSTALL.LOG HKEY_CLASSES_ROOT\Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar {E0E899AB-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5366673-E8CA-11D3-9CD9-0090271D075B} HKEY_CLASSES_ROOT\Jccatch.IeCatch2.1 HKEY_CLASSES_ROOT\Jccatch.IeCatch2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Jccatch.IeCatch2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} HKEY_CLASSES_ROOT\JetCar.IeCatch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} HKEY_CLASSES_ROOT\JetCar.Netscape.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.Netscape.1 HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Jccatch.IeCatch2.1 HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\jccatch.dll HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\ProgID Jccatch.IeCatch2.1 HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\TypeLib {79DE8D41-161C-11D3-8B9B-DF77640BA112} HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\VersionIndependentProgID Jccatch.IeCatch2 HKEY_CLASSES_ROOT\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} IeCatch2 Class HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\fgiebar.dll HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\ProgID Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B} HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\TypeLib {E0E8999E-F487-11D5-8D29-0050BA6940E3} HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\VersionIndependentProgID Fgiebar.FgInfoBand HKEY_CLASSES_ROOT\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} FlashGet Bar HKEY_CURRENT_USER\Software\JetCar\JetCar\General HKEY_CURRENT_USER\Software\JetCar\JetCar\General AppPath C:\Program Files\FlashGet v1.4\flashget.exe HKEY_CURRENT_USER\Software\JetCar\JetCar\General RegName nunya@business.com HKEY_CURRENT_USER\Software\JetCar\JetCar\General RegPass fgc-Gamn0889CoDWnPfl2LhFwLLUaLrnSvfzIj8em6Mf HKEY_CURRENT_USER\Software\JetCar\JetCar\General RegDisp Guinea Pig HKEY_CURRENT_USER\Software\JetCar\JetCar\General Version 1.40 HKEY_CURRENT_USER\Software\JetCar\JetCar\General LanguageEx jceng.ini HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} HKEY_CURRENT_USER\Software\JetCar\JetCar\General Flags 5464 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Flags1 -18 HKEY_CURRENT_USER\Software\JetCar\JetCar\General AutoSaveTime 10 HKEY_CURRENT_USER\Software\JetCar\JetCar\General BlockSize 51200 HKEY_CURRENT_USER\Software\JetCar\JetCar\General BufferSize 100 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Double Click 16 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Monitor Flags 351 HKEY_CURRENT_USER\Software\JetCar\JetCar\General MonitorType .ZIP;.EXE;.BIN;.GZ;.Z;.TAR;.ARJ;.LZH;.MP3;.A[0-9]?;.RAR;.R[0-9][0-9] HKEY_CURRENT_USER\Software\JetCar\JetCar\General File Manager 272 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Virus Scanner HKEY_CLASSES_ROOT\JetCar.IeCatch.1 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Virus Scanner Args HKEY_CURRENT_USER\Software\JetCar\JetCar\General Virus Scan Type .ZIP;.EXE;.DO?;.XL?;.COM;.BIN;.GZ;.Z;.TAR;.ARJ;.LZH;.SIT;.HQX;.TGZ;.DLL;.OCX;.VBX HKEY_CURRENT_USER\Software\JetCar\JetCar\General FtpSearchMinSize 1024 HKEY_CURRENT_USER\Software\JetCar\JetCar\General FtpSearchMaxHit 40 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Schedule flags 33023 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Schedule Start Time 915123600 HKEY_CURRENT_USER\Software\JetCar\JetCar\General Schedule Stop Time 915138000 HKEY_CURRENT_USER\Software\JetCar\JetCar\General BackDate 20041221 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 Title Direct Connection HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JetCar.IeCatch.1 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 Flags 6 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 Type 0 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 Server HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 UserName HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy\Proxy1 Port 0 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy Count 1 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy DefaultForHttp 0 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy DefaultForFtp 0 HKEY_CURRENT_USER\Software\JetCar\JetCar\Proxy Rollback 2048 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download All by FlashGet HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download All by FlashGet C:\Program Files\FlashGet v1.4\jc_all.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download All by FlashGet contexts 243 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download using FlashGet HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download using FlashGet C:\Program Files\FlashGet v1.4\jc_link.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download using FlashGet contexts 34 HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\jccatch.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\ProgID Jccatch.IeCatch2.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\TypeLib {79DE8D41-161C-11D3-8B9B-DF77640BA112} HKEY_CLASSES_ROOT\JetCar.Netscape.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b}\VersionIndependentProgID Jccatch.IeCatch2 HKEY_LOCAL_MACHINE\software\classes\clsid\{a5366673-e8ca-11d3-9cd9-0090271d075b} IeCatch2 Class HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\InprocServer32 C:\PROGRA~1\FLASHG~1.4\fgiebar.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\ProgID Fgiebar.FgInfoBand.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\TypeLib {E0E8999E-F487-11D5-8D29-0050BA6940E3} HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3}\VersionIndependentProgID Fgiebar.FgInfoBand HKEY_LOCAL_MACHINE\software\classes\clsid\{e0e899ab-f487-11d5-8d29-0050ba6940e3} FlashGet Bar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5DA722-162B-11D3-8B9B-AA70B4B0B524} KaZaA Adware Bundler more information... Details: Kazaa is a Peer to Peer file sharing application that uses some adware advertising as well as installs a number of thrid party adware software on your computer. Status: Ignored Moderate threat - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Kazaa\Advanced HKEY_CURRENT_USER\software\kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa\DontShow SetDefaultHandler 1 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoreAll 0 HKEY_CURRENT_USER\software\kazaa\InstantMessaging IgnoredUsers HKEY_CURRENT_USER\software\kazaa\k-lite InstallSig 10 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 0 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 1 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 2 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 3 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 4 91 HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 5 136 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 6 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 7 91 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\Download Width 8 182 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 0 359 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 4 82 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 7 60 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\EverythingWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 0 278 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 1 72 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 2 108 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 3 80 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 4 149 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 5 60 HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 6 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 7 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 8 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 9 180 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 10 76 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 11 64 HKEY_CURRENT_USER\software\kazaa\Kazaa Lite\PictureWidth 12 55 HKEY_CURRENT_USER\software\kazaa\LocalContent DisableSharing 1 HKEY_CURRENT_USER\software\kazaa\LocalContent DownloadDir C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\ResultsFilter adult_filter_level 0 HKEY_CURRENT_USER\Software\Kazaa\Advanced Status Installed HKEY_CURRENT_USER\software\kazaa\ResultsFilter showDisableAdultFilter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter virus_filter 0 HKEY_CURRENT_USER\software\kazaa\ResultsFilter firewall_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter bogus_filter 1 HKEY_CURRENT_USER\software\kazaa\ResultsFilter HKEY_CURRENT_USER\software\kazaa\Settings SetDefaultHandler 0 HKEY_CURRENT_USER\software\kazaa\Settings UseCount 0 HKEY_CURRENT_USER\software\kazaa\Skins SkinsDir C:\Program Files\Kazaa Lite 2.6.0\Skins HKEY_CURRENT_USER\software\kazaa\SOCKS Enabled 0 HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentDownloads 6 HKEY_CURRENT_USER\software\kazaa HKEY_CURRENT_USER\software\kazaa\Transfer ConcurrentUploads 4 HKEY_CURRENT_USER\software\kazaa\Transfer UploadBandwidth 224 HKEY_CURRENT_USER\software\kazaa\Transfer NoUploadLimitWhenIdle 0 HKEY_CURRENT_USER\software\kazaa\Transfer DlDir0 C:\My Shared Folder HKEY_CURRENT_USER\software\kazaa\Transfer CacheHost 0 HKEY_CURRENT_USER\software\kazaa\Transfer CachePort 0 HKEY_CURRENT_USER\software\kazaa\Transfer CacheDiscoveryTime 1104456522 HKEY_CURRENT_USER\software\kazaa\UserDetails UserName UberGuidoZ HKEY_CURRENT_USER\software\kazaa\UserDetails Email someone@somewhere.abc HKEY_CURRENT_USER\software\kazaa\UserDetails Newsletter 0 HKEY_CURRENT_USER\software\kazaa\Advanced MaxSearchResult 200 HKEY_CURRENT_USER\software\kazaa\UserDetails AutoConnected 0 HKEY_CURRENT_USER\software\kazaa\UserDetails CountryCode US HKEY_CURRENT_USER\software\kazaa LimitBitrate 0 HKEY_CURRENT_USER\software\kazaa LastSearchHash HKEY_LOCAL_MACHINE\software\kazaa HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b0 9218 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b1 0 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\in b0seconds 4503 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\LastEstimate b 48235 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\LastEstimate time 1104455715 HKEY_CURRENT_USER\software\kazaa\Advanced SuperNode 0 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b0 221 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b1 0 HKEY_LOCAL_MACHINE\software\kazaa\Bandwidth\out b0seconds 475 HKEY_LOCAL_MACHINE\software\kazaa\Cloudload ExeDir C:\Program Files\Kazaa Lite 2.6.0\klrun.exe HKEY_LOCAL_MACHINE\software\kazaa\ConnectionInfo HKEY_LOCAL_MACHINE\software\kazaa\k-lite Installsig 10 HKEY_LOCAL_MACHINE\software\kazaa\k-lite Installdir C:\Program Files\Kazaa Lite 2.6.0 HKEY_LOCAL_MACHINE\software\kazaa\k-lite kpp C:\Program Files\Kazaa Lite 2.6.0\start.exe HKEY_LOCAL_MACHINE\software\kazaa\k-lite Wizard C:\Program Files\Kazaa Lite 2.6.0\ConfigWizard.exe HKEY_LOCAL_MACHINE\software\kazaa\k-lite SilentSetup C:\Program Files\Kazaa Lite 2.6.0\defset.exe /VERYSILENT HKEY_CURRENT_USER\software\kazaa\Advanced ScanFolder 0 HKEY_LOCAL_MACHINE\software\kazaa\LocalContent DatabaseDir C:\Documents and Settings\All Users\Application Data\Kazaa\db HKEY_LOCAL_MACHINE\software\kazaa\LocalContent DownloadDir C:\My Shared Folder HKEY_LOCAL_MACHINE\software\kazaa InstallDir C:\Program Files\Kazaa Lite 2.6.0 HKEY_LOCAL_MACHINE\software\kazaa DisablePort80Listen 1 HKEY_LOCAL_MACHINE\software\kazaa ListenPort 9999 HKEY_LOCAL_MACHINE\software\kazaa UDP_probe_successes -1431655765 HKEY_LOCAL_MACHINE\software\kazaa WinPCap Enabler more information... Details: WinPCap is an Open Source Windows Packet Filtering Library. It provides low level internet & system traffic data to other applications that leverage its utilities. Status: Ignored Low threat - Low risk threats pose a very low risk or no immediate danger to your computer or your privacy, however these types of applications may profile user online habits, but only according to specific privacy policies stated in the applications End-User License. These types of threats generally borderline on being a threat to being a standard application that has a complex license agreement that you knowingly installed. Infected files detected c:\program files\winpcap\daemon_mgm.exe c:\program files\winpcap\install.log c:\program files\winpcap\netmoninstaller.exe c:\program files\winpcap\npf_mgm.exe c:\program files\winpcap\rpcapd.exe c:\program files\winpcap\uninstall.exe Infected folders detected c:\program files\winpcap Detected Spyware Cookies No spyware cookies were found during this scan.