Adware-HotBar

Content

Adware-HotBar

Type: Program
SubType: Adware
Discovery Date: 12/03/2003
Length: Varies
Minimum DAT: 4308 (12/10/2003)
Updated DAT: 5272 (04/11/2008)
Minimum Engine: 5.1.00
Description Added: 12/11/2003
Description Modified: 05/27/2005 2:36 PM (PT)

Risk Assessment

Corporate User: N/A
Home User: N/A

Tab Navigation

Characteristics

McAfee(R) AVERT™ recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.

See http://vil.nai.com/vil/DATReadme.asp for a list of Program detections added to the DATs.

See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.

Distribution

This is not a virus or a trojan. It is detected as a "potentially unwanted program." It is a search toolbar and direct-marketing adware application that generates pop-up advertisements while browsing the web.

The installer file name appears random. On execution the installer file copies itself to the Windows\System32 folder with a new randomly-generated name. Many other components are dropped (a "Hotbar Weather Service" utility that runs in the system tray, along with toolbars for IE, Windows Explorer, and Outlook) and two browser helper objects are installed. Registry Run keys are set up for several components, one of which is a randomly named executable in Windows\System32. It appears to be a repair component that re-installs missing or damaged files (a dialogue window is displayed that allows the user to opt out of the repair if it is determined that repair is needed). Frequent display of popup/popunder advertisements was observed, each branded with very small text at the bottom "This ad is provided by Hotbar and not by the site visited." Promotional content is also displayed in the left-hand side of the toolbar in IE based on search terms. Advertisement choice appears to depend on search keywords and URL data, which is transmitted to the Hotbar servers. Default address bar searches and 404 errors are redirected through page-not-found.net, although there is a checkbox during the installation where this can be disabled.

Privacy

This application displays a license agreement when installed (either by the installation executable or via ActiveX control at www.hotbar.com ). The software sends keyword search and browsing data to *.hotbar.com servers, apparently to use in determining what advertisement content to display. A unique identifier is created when the software is installed and is stored in the registry. This identifier is communicated to the hotbar.com servers along with the keyword and URL data.

Full license agreement may be accessed here: http://www.hotbar.com/Legal/hotbar/license.htm

System Changes

Files Added

C:\Program Files\hotbar\
hotbar.log (size varies)

C:\Program Files\hotbar\bin\
HbUninst.exe (93,461 bytes) MD5: 3BF919A2FC5B3ACF86757C096E3DE9D8

C:\Program Files\hotbar\bin\4.6.1.0\
dBenderC.dll (294,912 bytes) MD5: B58BCC6BB0BF8D12D1185FA8F7D7BEEC
games2.ico (3,262 bytes)
HbCoreSrv.dll (577,536 bytes) MD5: 474DD5B241AC08211F051DF905888330
HbGuard.exe (241,664 bytes) MD5: 70E2D9852E2CED01C8B626E9C70777D3
HbHostIE.dll (634,880 bytes) MD5: 5B5F3169ABB18FA83729170ABB6C38B6
HbHostOE.dll (53,248 bytes) MD5: 14731C6987F1D38A1BFFE84960EF599B
HbHostOL.dll (483,328 bytes) MD5: D594639A5CD6DF120AB093839280BB1F
hbinst.exe (1,444,488 bytes) MD5: 87038BACD446AAD521A44C225FE6B76B
HbOEAddOn.exe (53,248 bytes) MD5: 05EACD6A92006225BC482D3F839C1DE2
HbSrv.exe (438,272 bytes) MD5: 493B7BC5574B7B2A57E34854FD72A194
HbToolbar.dll (860,160 bytes) MD5: 4C6FE2A7412508E1C46CB8B82F454E76
ShprRprt.exe (451,347 bytes) MD5: 4C072E9BE94CB26729F56FE675F7B12A
Wallpaper.dll (258,048 bytes) MD5: 8AF6F74C2A751D3B408A0D87055FE8D1
WeatherOnTray.exe (249,856 bytes) MD5: B01A90E7C88CF2AB789BC9AA69D970A9

C:\Program Files\ShopperReports\
uninst.exe (60,783 bytes) MD5: C024735063D16A75F2AAFD32941EF360

C:\Program Files\ShopperReports\Bin\1.0.4.0\
ShprRprt.dll (1,032,192 bytes) MD5: 439C6947EAE4C5DD5EDE25F18C954F14

C:\Program Files\ShopperReports\cs\
persist.dbs (3,300 bytes)

C:\WINDOWS\Downloaded Program Files\
HbInstIE.dll (114,688 bytes) MD5: 142CDE5D3E4683E2F0C3E0E4E10582AD
hotbar.inf (312 bytes)

C:\WINDOWS\system32\
xjlnfbwz.exe (name varies) (1,444,488 bytes) MD5: 87038BACD446AAD521A44C225FE6B76B
xptojged.exe (name varies) (241,664 bytes) MD5: 70E2D9852E2CED01C8B626E9C70777D3

C:\Documents and Settings\Administrator\Cookies\
administrator@adopt.hotbar[2].txt (200 bytes - may vary)
administrator@hotbar[2].txt (998 bytes - may vary)

C:\Documents and Settings\Administrator\Desktop\
Games.lnk (1,477 bytes)
WOWpapers.lnk (1,481 bytes)

In addition, many resouce and content data files are stored under the following paths:

C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\
C:\Documents and Settings\Administrator\Application Data\ShopperReports\

Registry (most significant/high-level)

Keys Added

HKEY_CURRENT_USER\Software\Hotbar
HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\
9C52380DC745A424B853FA5C13810C29
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\
98154D9215813D11F8DE723CF4D17D87
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
HKEY_CLASSES_ROOT\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B}
HKEY_CLASSES_ROOT\AppID\{B701A705-F828-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\AppID\HbSrv.EXE
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE
HKEY_CLASSES_ROOT\CLSID\{013A482E-1893-4F49-8D41-AC89156A6955}
HKEY_CLASSES_ROOT\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}
HKEY_CLASSES_ROOT\CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}
HKEY_CLASSES_ROOT\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
HKEY_CLASSES_ROOT\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}
HKEY_CLASSES_ROOT\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}
HKEY_CLASSES_ROOT\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_CLASSES_ROOT\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159} HKEY_CLASSES_ROOT\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F}
HKEY_CLASSES_ROOT\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}
HKEY_CLASSES_ROOT\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}
HKEY_CLASSES_ROOT\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}
HKEY_CLASSES_ROOT\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC}
HKEY_CLASSES_ROOT\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D} HKEY_CLASSES_ROOT\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} HKEY_CLASSES_ROOT\CLSID\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD}
HKEY_CLASSES_ROOT\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8} HKEY_CLASSES_ROOT\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}
HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
HKEY_CLASSES_ROOT\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF} HKEY_CLASSES_ROOT\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} HKEY_CLASSES_ROOT\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
HKEY_CLASSES_ROOT\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp
HKEY_CLASSES_ROOT\HbCoreSrv.DynamicProp.1
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices
HKEY_CLASSES_ROOT\HbCoreSrv.HbCoreServices.1
HKEY_CLASSES_ROOT\HbCoreSrv.LfgAx
HKEY_CLASSES_ROOT\HbCoreSrv.LfgAx.1
HKEY_CLASSES_ROOT\HbHostIE.Bho
HKEY_CLASSES_ROOT\HbHostIE.Bho.1
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus
HKEY_CLASSES_ROOT\HbHostOL.HbElementFocus.1
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim
HKEY_CLASSES_ROOT\HbHostOL.HbMailAnim.1
HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend
HKEY_CLASSES_ROOT\HbHostOL.HbWebmailSend.1
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj
HKEY_CLASSES_ROOT\HBInstIE.HbInstObj.1
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices
HKEY_CLASSES_ROOT\HbSrv.HbCoreServices.1
HKEY_CLASSES_ROOT\HbToolbar.HbHtmlMenuUI
HKEY_CLASSES_ROOT\HbToolbar.HbHtmlMenuUI.1
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl
HKEY_CLASSES_ROOT\HbToolbar.HbToolbarCtl.1
HKEY_CLASSES_ROOT\Hotbar.HbCommBand
HKEY_CLASSES_ROOT\Hotbar.HbCommBand.1
HKEY_CLASSES_ROOT\Hotbar.HbMain
HKEY_CLASSES_ROOT\Hotbar.HbMain.1
HKEY_CLASSES_ROOT\Hotbar.HbTravelCompareBar
HKEY_CLASSES_ROOT\Hotbar.HbTravelCompareBar.1
HKEY_CLASSES_ROOT\Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746}
HKEY_CLASSES_ROOT\Interface\{31321312-E1BB-49AB-80EB-13212CA78746}
HKEY_CLASSES_ROOT\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}
HKEY_CLASSES_ROOT\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}
HKEY_CLASSES_ROOT\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}
HKEY_CLASSES_ROOT\Interface\{3F6DA8BB-3E45-44E2-B494-C55BEAF3B41E}
HKEY_CLASSES_ROOT\Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F}
HKEY_CLASSES_ROOT\Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B}
HKEY_CLASSES_ROOT\Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940}
HKEY_CLASSES_ROOT\Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A}
HKEY_CLASSES_ROOT\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}
HKEY_CLASSES_ROOT\Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D}
HKEY_CLASSES_ROOT\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}
HKEY_CLASSES_ROOT\Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A}
HKEY_CLASSES_ROOT\Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F}
HKEY_CLASSES_ROOT\Interface\{927420A3-7259-4A74-B402-9329177EC3FC}
HKEY_CLASSES_ROOT\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D}
HKEY_CLASSES_ROOT\Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976}
HKEY_CLASSES_ROOT\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}
HKEY_CLASSES_ROOT\Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D}
HKEY_CLASSES_ROOT\Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86}
HKEY_CLASSES_ROOT\Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E}
HKEY_CLASSES_ROOT\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}
HKEY_CLASSES_ROOT\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}
HKEY_CLASSES_ROOT\Interface\{C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4}
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF}
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-10101B1B1111}
HKEY_CLASSES_ROOT\Interface\{DA603411-0593-11D5-A46B-10101DDD1111}
HKEY_CLASSES_ROOT\Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7}
HKEY_CLASSES_ROOT\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}
HKEY_CLASSES_ROOT\Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F}
HKEY_CLASSES_ROOT\RprtsPSClient.PSExecuter
HKEY_CLASSES_ROOT\RprtsPSClient.PSExecuter.1
HKEY_CLASSES_ROOT\ShprRprts.HbAx
HKEY_CLASSES_ROOT\ShprRprts.HbAx.1
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand
HKEY_CLASSES_ROOT\ShprRprts.HbCommBand.1
HKEY_CLASSES_ROOT\ShprRprts.HbInfoBand
HKEY_CLASSES_ROOT\ShprRprts.HbInfoBand.1
HKEY_CLASSES_ROOT\ShprRprts.IEButton
HKEY_CLASSES_ROOT\ShprRprts.IEButton.1
HKEY_CLASSES_ROOT\ShprRprts.IEButtonA
HKEY_CLASSES_ROOT\ShprRprts.IEButtonA.1
HKEY_CLASSES_ROOT\ShprRprts.SmrtShprCtl
HKEY_CLASSES_ROOT\ShprRprts.SmrtShprCtl.1
HKEY_CLASSES_ROOT\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E}
HKEY_CLASSES_ROOT\TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D}
HKEY_CLASSES_ROOT\TypeLib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD}
HKEY_CLASSES_ROOT\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2}
HKEY_CLASSES_ROOT\TypeLib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0}
HKEY_CLASSES_ROOT\TypeLib\{A80347D3-F757-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD}
HKEY_CLASSES_ROOT\TypeLib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E}
HKEY_CLASSES_ROOT\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5}
HKEY_CLASSES_ROOT\TypeLib\{B701A704-F828-11D4-A466-00508B5BA2DF}
HKEY_CLASSES_ROOT\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B}
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager
HKEY_CLASSES_ROOT\Wallpaper.WallpaperManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\
HbHostOL.HbMailAnim HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/HbInstIE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarOutlookTools HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarWebTools HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar

Values Added

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} "(Default)"
Data: ShprRprts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} "(Default)"
Data: Hotbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "Hotbar 4.6.1"
Data:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Hotbar"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "koimaxas"
Data: C:\WINDOWS\System32\xptojged.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WeatherOnTray"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll"
Data: 01, 00, 00, 00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarOutlookTools "DisplayIcon"
Data: C:\Program Files\Hotbar\Bin\HbUninst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarOutlookTools "DisplayName"
Data: Hotbar Outlook Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarOutlookTools "UninstallString"
Data: "C:\Program Files\Hotbar\Bin\HbUninst.exe" Outlook

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarWebTools "DisplayIcon"
Data: C:\Program Files\Hotbar\Bin\HbUninst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarWebTools "DisplayName"
Data: Hotbar Web Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\HotbarWebTools "UninstallString"
Data: "C:\Program Files\Hotbar\Bin\HbUninst.exe" Web

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar "DisplayName"
Data: Shopper Reports by Hotbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar "DisplayVersion"
Data: 1.0.4.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar "Publisher"
Data: Shopper Reports

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar "UninstallString"
Data: C:\Program Files\ShopperReports\uninst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Shopper Reports by Hotbar "URLInfoAbout"
Data: http://www.ShopperReports.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} "Installer"
Data: MSICD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}\Contains\Files "C:\WINDOWS\Downloaded Program Files\HbInstIE.dll"
Data:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}\DownloadInformation "CODEBASE"
Data: http://installs.hotbar.com/installs/Hotbar/programs/Hotbar.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}\DownloadInformation "INF"
Data: C:\WINDOWS\Downloaded Program Files\hotbar.inf

HKEY_CLASSES_ROOT\CLSID\{013A482E-1893-4F49-8D41-AC89156A6955}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbCoreSrv.dll

KEY_CLASSES_ROOT\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19} "(Default)"
Data: RprtsPSExecuter

HKEY_CLASSES_ROOT\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519} "(Default)"
Data: HbWebmailSend

HKEY_CLASSES_ROOT\CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOL.dll

HKEY_CLASSES_ROOT\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} "(Default)"
Data: DynamicProp Class

HKEY_CLASSES_ROOT\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbCoreSrv.dll

HKEY_CLASSES_ROOT\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD} "(Default)"
Data: HbAx

HKEY_CLASSES_ROOT\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} "(Default)"
Data: ShopperReports – Price Comparison

HKEY_CLASSES_ROOT\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} "(Default)"
Data: ShopperReports – Price Comparison

HKEY_CLASSES_ROOT\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} "(Default)"
Data: ShprRprts

HKEY_CLASSES_ROOT\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159} "(Default)"
Data: WallpaperManager

HKEY_CLASSES_ROOT\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\Wallpaper.dll

HKEY_CLASSES_ROOT\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F} "(Default)"
Data: HbHtmlMenuUI

HKEY_CLASSES_ROOT\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbToolbar.dll

HKEY_CLASSES_ROOT\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945} "(Default)"
Data: HbElementFocus Class

HKEY_CLASSES_ROOT\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbCoreSrv.dll

HKEY_CLASSES_ROOT\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0} "(Default)"
Data: IEButtonA

HKEY_CLASSES_ROOT\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0}\InprocServer32 "(Default)"
Data: C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

HKEY_CLASSES_ROOT\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4} "(Default)"
Data: HbSrv

HKEY_CLASSES_ROOT\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}\LocalServer32 "(Default)"
Data: "C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe"

HKEY_CLASSES_ROOT\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D} "(Default)"
Data: HbCoreServices

HKEY_CLASSES_ROOT\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbCoreSrv.dll

HKEY_CLASSES_ROOT\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} "(Default)"
Data: HbInstObj

HKEY_CLASSES_ROOT\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}\InprocServer32 "(Default)"
Data: C:\WINDOWS\Downloaded Program Files\HbInstIE.dll

HKEY_CLASSES_ROOT\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8} "(Default)"
Data: MailAnim

HKEY_CLASSES_ROOT\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOL.dll

HKEY_CLASSES_ROOT\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F} "(Default)"
Data: HbMain

HKEY_CLASSES_ROOT\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

HKEY_CLASSES_ROOT\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF} "(Default)"
Data: HbToolbar

HKEY_CLASSES_ROOT\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbToolbar.dll

HKEY_CLASSES_ROOT\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} "(Default)"
Data: Hotbar

HKEY_CLASSES_ROOT\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

HKEY_CLASSES_ROOT\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}\ProgID "(Default)"
Data: HbHostIE.Bho.1

HKEY_CLASSES_ROOT\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} "(Default)"
Data: Hotbar Information Window

HKEY_CLASSES_ROOT\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

HKEY_CLASSES_ROOT\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} "(Default)"
Data: Web Assistant

HKEY_CLASSES_ROOT\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}\InprocServer32 "(Default)"
Data: C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} "(Default)"
Data: ShopperReports – Price Comparison

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} "BarSize"
Data: 23, 01, 00, 00, 00, 00, 00, 00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} "(Default)"
Data: ShopperReports – Price Comparison

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} "BarSize"
Data: 23, 01, 00, 00, 00, 00, 00, 00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} "(Default)"
Data: Hotbar Information Window

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} "BarSize"
Data: 23,01,00,00,00,00,00,00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} "(Default)"
Data: Web Assistant

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} "BarSize"
Data: 23,01,00,00,00,00,00,00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping "{946B3E9E-E21A-49c8-9F63-900533FAFE14}"
Data: 02, 20, 00, 00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping "{E77EDA01-3C56-4a96-8D08-02B42891C169}"
Data: 01, 20, 00, 00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{B195B3B3-8A05-11D3-97A4-0004ACA6948E}"
Data: B3, B3, 95, B1, 05, 8A, D3, 11, 97, A4, 00, 04, AC, A6, 94, 8E

Network Impact

Additional overhead in bandwidth due to download of advertising data and transmission of URL and keyword information.

Symptoms

N/A This is not a virus or trojan.

Method of Infection

N/A This is not a virus or trojan.

Removal

Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs

Variants

N/A

All Information

Overview -

This is a Potentially Unwanted Program (PUP) detection. It is not a virus or trojan. PUPs are any piece of software which a reasonably security-or privacy-minded computer user may want to be informed of.

Characteristics

Characteristics -