The most award-winning anti-spyware software

Get serious about removing spyware with Spy Sweeper - the award-winning anti-spyware software trusted by millions of home computer users.

$29.95

Spyware & Virus Directory

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Adware.Ezula

Updated: February 8, 2006 04:16:20 PM ZW3

Type: Adware

Name: Not available

Version: 1.0

Publisher: Ezula

Risk Impact: Medium

File Names: eZinstall.exe Ezula.dll wo.exe apev.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

SUMMARY

Behavior

Adware.Ezula alters Web pages viewed in Internet Explorer and can add extra links to certain keywords that are targeted by advertisers. This adware also runs under the name TopText.

Symptoms

The files are detected as Adware.Ezula.

Transmission

This Adware has to be manually installed.

Protection

Virus Definitions (LiveUpdate™ Weekly) August 18, 2003
Virus Definitions (Intelligent Updater) August 18, 2003

TECHNICAL DETAILS

When Adware.Ezula is installed, it performs the following actions:

Creates the following files:
- %UserProfile%TopText iLookupFeedback.url
- %UserProfile%TopText iLookupHelp.url
- %UserProfile%TopText iLookupMy Keywords.lnk
- %UserProfile%TopText iLookupMy Preferences.lnk
- %UserProfile%TopText iLookupReadMe.url
- %UserProfile%TopText iLookupTopText Button Show - Hide.lnk
- %UserProfile%EARNAbout EARN.lnk
- %UserProfile%EARNEARN website.url
- %ProgramFiles%eZulaasis.dst
- %ProgramFiles%eZulaasis.kwd
- %ProgramFiles%eZulaasis.pu
- %ProgramFiles%eZulaasis.rst
- %ProgramFiles%eZulaCHCON.dll
- %ProgramFiles%eZulaeabh.dll
- %ProgramFiles%eZulagenun.ez
- %ProgramFiles%eZulaImagesarrow1.gif
- %ProgramFiles%eZulaImagesarrow2.gif
- %ProgramFiles%eZulaImagesutton_small.gif
- %ProgramFiles%eZulaImagesicon.gif
- %ProgramFiles%eZulaImagesLayer_Bottom.gif
- %ProgramFiles%eZulaImagesLayer_Center.gif
- %ProgramFiles%eZulaImagesLayer_Top.gif
- %ProgramFiles%eZulaImages ew.gif
- %ProgramFiles%eZulaImagesPopUp_Follow_divider.gif
- %ProgramFiles%eZulaImagesPopUp_Follow_Left.gif
- %ProgramFiles%eZulaImagesPopUp_Follow_Off.gif
- %ProgramFiles%eZulaImagesPopUp_Follow_On.gif
- %ProgramFiles%eZulaImagesPopUp_Follow_Right.gif
- %ProgramFiles%eZulaImagesPopUp_Top.gif
- %ProgramFiles%eZulaImagesPopUp_Top_Bottom.gif
- %ProgramFiles%eZulaImagesSide_B.gif
- %ProgramFiles%eZulaImagesSide_L.gif
- %ProgramFiles%eZulaImagesSide_R.gif
- %ProgramFiles%eZulaImagesSide_Top.gif
- %ProgramFiles%eZulaImagesspacer.gif
- %ProgramFiles%eZulaINSTALL.LOG
- %ProgramFiles%eZulalegend.lgn
- %ProgramFiles%eZulammod.exe
- %ProgramFiles%eZulaparam.ez
- %ProgramFiles%eZulawds.rst
- %ProgramFiles%eZulasearch.src
- %ProgramFiles%eZulaseng.dll
- %ProgramFiles%eZulaUNWISE.EXE
- %ProgramFiles%eZulaupgrade.vrn
- %ProgramFiles%eZulaversion.vrn
- %ProgramFiles%eZulawndbannn.src
- %ProgramFiles%Web Offerapev.exe
- %ProgramFiles%Web Offerasisp.dst
- %ProgramFiles%Web Offerasisp.kwd
- %ProgramFiles%Web Offerasisp.pu
- %ProgramFiles%Web Offerasisp.rst
- %ProgramFiles%Web OfferCHPON.dll
- %ProgramFiles%Web Offereapbh.dll
- %ProgramFiles%Web Offergendis.ez
- %ProgramFiles%Web OfferINSTALL.LOG
- %ProgramFiles%Web Offerparamp.ez
- %ProgramFiles%Web Offerwdsp.rst
- %ProgramFiles%Web Offersepng.dll
- %ProgramFiles%Web OfferUNWISE.EXE
- %ProgramFiles%Web Offerupgradep.vrn
- %ProgramFiles%Web Offerversionp.vrn
- %ProgramFiles%Web Offerwndbannnp.src
- %ProgramFiles%Web Offerwo.exe
- %Windir%woinstall.exe
- %Windir%eZinstall.exe
- %Windir%Downloaded Program Filesezstub.dll
- %Windir%Downloaded Program Filesezstub.INF
- %System%ezstub.exe
- %System%ezpopstub.exe
  
  Notes:
- %UserProfile% is a variable that refers to the c:Documents and Settings<current user>Start MenuPrograms folder.
- %ProgramFiles% is a variable that refers to the Program Files folder. By default, this is C:Program Files.
- %Windir% is a variable that refers to the Windows folder. By default, this is C:WINNT on 2k machines and C:Windows on XP machines.
- %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
Adds the values:

"eZmmod" = "C:PROGRA~1ezulammod.exe""eZWO" = "C:PROGRA~1Web Offerwo.exe"

to the registry subkey:

HKEY_ALL_USERSSOFTWAREMicrosoftWindowsCurrentVersionRunso that the risk runs every time Windows starts.
Creates the following registry subkeys:HKEY_CLASSES_ROOTAppIDeZulaBootExe.EXE HKEY_CLASSES_ROOTAppIDeZulaMain.EXE HKEY_CLASSES_ROOTAppID{8A044397-5DA2-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTAppID{C0335198-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{19DFB2CB-9B27-11D4-B192-0050DAB79376} HKEY_CLASSES_ROOTCLSID{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}HKEY_CLASSES_ROOTCLSID{25630B47-53C6-4E66-A945-9D7B6B2171FF}HKEY_CLASSES_ROOTCLSID{2BABD334-5C3F-11D4-B184-0050DAB79376}HKEY_CLASSES_ROOTCLSID{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}HKEY_CLASSES_ROOTCLSID{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}HKEY_CLASSES_ROOTCLSID{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}HKEY_CLASSES_ROOTCLSID{55910916-8B4E-4C1E-9253-CCE296EA71EB} HKEY_CLASSES_ROOTCLSID{58359010-BF36-11d3-99A2-0050DA2EE1BE}HKEY_CLASSES_ROOTCLSID{6DF5E318-6994-4A41-85BD-45CCADA616F8}HKEY_CLASSES_ROOTCLSID{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}HKEY_CLASSES_ROOTCLSID{78BCF937-45B0-40A7-9391-DCC03420DB35}HKEY_CLASSES_ROOTCLSID{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}HKEY_CLASSES_ROOTCLSID{A166C1B0-5CDB-447A-894A-4B9FD7149D51}HKEY_CLASSES_ROOTCLSID{B1DD8A69-1B96-11D4-B175-0050DAB79376} HKEY_CLASSES_ROOTCLSID{C03351A4-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}HKEY_CLASSES_ROOTCLSID{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}HKEY_CLASSES_ROOTCLSID{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}HKEY_CLASSES_ROOTInterface{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{1823BC4B-A253-4767-9CFC-9ACA62A6B136} HKEY_CLASSES_ROOTInterface{19DFB2CA-9B27-11D4-B192-0050DAB79376}HKEY_CLASSES_ROOTInterface{241667A3-EC83-4885-84DD-C2DAAFC1C5EA}HKEY_CLASSES_ROOTInterface{25630B50-53C6-4E66-A945-9D7B6B2171FF}HKEY_CLASSES_ROOTInterface{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}HKEY_CLASSES_ROOTInterface{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}HKEY_CLASSES_ROOTInterface{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9}HKEY_CLASSES_ROOTInterface{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{4FD8645F-9B3E-46C1-9727-9837842A84AB} HKEY_CLASSES_ROOTInterface{58359012-BF36-11D3-99A2-0050DA2EE1BE}HKEY_CLASSES_ROOTInterface{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4}HKEY_CLASSES_ROOTInterface{78BCF936-45B0-40A7-9391-DCC03420DB35}HKEY_CLASSES_ROOTInterface{7EDC96E1-5DD3-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTInterface{8A0443A2-5DA2-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTInterface{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}HKEY_CLASSES_ROOTInterface{955CBF48-4313-4B1F-872B-254B7822CCF2}HKEY_CLASSES_ROOTInterface{9CFA26C2-81DA-4C9D-A501-F144A4A000FA}HKEY_CLASSES_ROOTInterface{C03351A3-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{EF0372DC-F552-11D3-8528-0050DAB79376} HKEY_CLASSES_ROOTInterface{EF0372DE-F552-11D3-8528-0050DAB79376}HKEY_CLASSES_ROOTInterface{EFA52460-8822-4191-BA38-FACDD2007910}HKEY_CLASSES_ROOTTypeLib{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}HKEY_CLASSES_ROOTTypeLib{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}HKEY_CLASSES_ROOTTypeLib{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{58359011-BF36-11D3-99A2-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{8A044396-5DA2-11D4-B185-0050DAB79376}HKEY_CLASSES_ROOTTypeLib{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}HKEY_CLASSES_ROOTTypeLib{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}HKEY_CLASSES_ROOTTypeLib{BAF13496-8F72-47A1-9CEE-09238EFC75F0}HKEY_CLASSES_ROOTTypeLib{C0335197-6755-11D4-8A73-0050DA2EE1BE}HKEY_CLASSES_ROOTAtlBrCon.AtlBrConHKEY_CLASSES_ROOTAtlBrCon.AtlBrCon.1 HKEY_CLASSES_ROOTEZulaAgent.eZulaCtrlHost HKEY_CLASSES_ROOTEZulaAgent.eZulaCtrlHost.1 HKEY_CLASSES_ROOTeZulaAgent.IEObject HKEY_CLASSES_ROOTeZulaAgent.IEObject.1 HKEY_CLASSES_ROOTEZulaAgent.PlugProt HKEY_CLASSES_ROOTEZulaAgent.PlugProt.1 HKEY_CLASSES_ROOTeZulaAgent.ToolBarBand HKEY_CLASSES_ROOTeZulaAgent.ToolBarBand.1 HKEY_CLASSES_ROOTEZulaBoot.InstallCtrl HKEY_CLASSES_ROOTEZulaBoot.InstallCtrl.1 HKEY_CLASSES_ROOTEZulaBootExe.InstallCtrl HKEY_CLASSES_ROOTEZulaBootExe.InstallCtrl.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaCode HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaCode.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaHash HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaHash.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaSearch HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaSearch.1 HKEY_CLASSES_ROOTEZulaFSearchEng.PopupDisplay HKEY_CLASSES_ROOTEZulaFSearchEng.PopupDisplay.1 HKEY_CLASSES_ROOTEZulaFSearchEng.ResultHelper HKEY_CLASSES_ROOTEZulaFSearchEng.ResultHelper.1 HKEY_CLASSES_ROOTEZulaFSearchEng.SearchHelper HKEY_CLASSES_ROOTEZulaFSearchEng.SearchHelper.1HKEY_CLASSES_ROOTEZulaMain.eZulaPopSearchPipeHKEY_CLASSES_ROOTEZulaMain.eZulaPopSearchPipe.1HKEY_CLASSES_ROOTEZulaMain.eZulaSearchPipe HKEY_CLASSES_ROOTEZulaMain.eZulaSearchPipe.1 HKEY_CLASSES_ROOTEZulaMain.TrayIConM HKEY_CLASSES_ROOTEZulaMain.TrayIConM.1HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{A166C1B0-5CDB-447A-894A-4B9FD7149D51} HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstalleZula HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsageC:/WINDOWS/Downloaded Program Files/ezstub.dll HKEY_CURRENT_USERSoftwareeZulaHKEY_CURRENT_USERSoftwareWeb Offer
Creates the following registry subkeys:

HKEY_CLASSES_ROOTAppIDAtlBrowser.EXE HKEY_CLASSES_ROOTCLSID{0818D423-6247-11D1-ABEE-00D049C10000}

Note: These subkeys may be associated with legitimate programs and should only be deleted if you are sure other programs do not use them.
An example of a legitimate program that uses these subkeys is a Macromedia Flash x32 plugin that is commonly used in online gaming.

REMOVAL

Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.

Removal using the Adware.Ezula Removal Tool
Symantec Security Response has developed a removal tool for Adware.Ezula. Use this removal tool first, as it is the easiest way to remove this risk.

The tool can be found here: http://securityresponse.symantec.com/avcenter/FixEzula.exe

The current version of the tool is 1.0.3 and will have a digital signature timestamp equivalent to 07/29/05 01:31 AM PDT.

Note: The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.

It has been reported that a computer with this security risk on it may also have other security risks installed. Symantec recommends that the following steps be carried out:

Run the Removal Tool.
Update the definitions by starting the Symantec program and running LiveUpdate.
Run a full system scan to detect any other security risks on the computer.
If the scan detects any further security risks, check for removal tools at http://securityresponse.symantec.com/avcenter/security.risks.tools.list.html
If there are no removal tools for the security risks that are detected, follow the manual removal instructions listed in the risk report.

Manual Removal

Update the virus definitions.
Uninstall TopText using the Add/Remove Programs utility.
Locating the uninstaller
Run a full system scan and delete all the files detected as Adware.Ezula.
Delete the values that were added to the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

2. Uninstalling the Adware

Do one of the following:
- On the Windows 98 taskbar:
  1. Click Start > Settings > Control Panel.
  2. In the Control Panel window, double-click Add/Remove Programs.
- On the Windows Me taskbar:
  1. Click Start > Settings > Control Panel.
  2. In the Control Panel window, double-click Add/Remove Programs.
    If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
- On the Windows 2000 taskbar:
  By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.
- On the Windows XP taskbar:
  1. Click Start > Control Panel.
  2. In the Control Panel window, double-click Add or Remove Programs.
Click TopText.

Note: You may need to use the scroll bar to view the whole list.
Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

3. Locating the uninstaller
Depending on the version of Ezula installed, there may not be the option to uninstall it from the Add or Remove Programs pane. If this is case, locate the uninstaller by doing the following:

Using Windows Explorer, browse to the folder %ProgramFiles%Ezula.
Locate the file UNWISE.EXE and double-click it.
Follow any prompts.
Using Windows Explorer again, browse to the folder %ProgramFiles%Web Offer.
Locate the file UNWISE.EXE and double-click it.
Follow any prompts.
Restart your computer

4. Scanning for and deleting the infected files

Start your Symantec antivirus program and make sure that it is configured to scan all the files.
- For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
- For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Adware.Ezula, click Delete.

5. To delete the values from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.

Click Start > Run.
Type regedit

Then click OK.
Navigate to the subkey:

HKEY_ALL_USERSSOFTWAREMicrosoftWindowsCurrentVersionRun
In the right pane, delete the values:

"eZmmod" = "C:PROGRA~1ezulammod.exe" "eZWO" = "C:PROGRA~1Web Offerwo.exe"
Navigate to and delete the following registry keys, if present:

HKEY_CLASSES_ROOTAppIDeZulaBootExe.EXE HKEY_CLASSES_ROOTAppIDeZulaMain.EXE HKEY_CLASSES_ROOTAppID{8A044397-5DA2-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTAppID{C0335198-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{19DFB2CB-9B27-11D4-B192-0050DAB79376} HKEY_CLASSES_ROOTCLSID{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{25630B47-53C6-4E66-A945-9D7B6B2171FF} HKEY_CLASSES_ROOTCLSID{2BABD334-5C3F-11D4-B184-0050DAB79376} HKEY_CLASSES_ROOTCLSID{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9} HKEY_CLASSES_ROOTCLSID{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} HKEY_CLASSES_ROOTCLSID{55910916-8B4E-4C1E-9253-CCE296EA71EB} HKEY_CLASSES_ROOTCLSID{58359010-BF36-11d3-99A2-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{6DF5E318-6994-4A41-85BD-45CCADA616F8} HKEY_CLASSES_ROOTCLSID{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4} HKEY_CLASSES_ROOTCLSID{78BCF937-45B0-40A7-9391-DCC03420DB35} HKEY_CLASSES_ROOTCLSID{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} HKEY_CLASSES_ROOTCLSID{A166C1B0-5CDB-447A-894A-4B9FD7149D51} HKEY_CLASSES_ROOTCLSID{B1DD8A69-1B96-11D4-B175-0050DAB79376} HKEY_CLASSES_ROOTCLSID{C03351A4-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTCLSID{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} HKEY_CLASSES_ROOTCLSID{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7} HKEY_CLASSES_ROOTCLSID{F75521B8-76F1-4A4D-84B1-9E642E9C51D0} HKEY_CLASSES_ROOTInterface{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{1823BC4B-A253-4767-9CFC-9ACA62A6B136} HKEY_CLASSES_ROOTInterface{19DFB2CA-9B27-11D4-B192-0050DAB79376} HKEY_CLASSES_ROOTInterface{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} HKEY_CLASSES_ROOTInterface{25630B50-53C6-4E66-A945-9D7B6B2171FF} HKEY_CLASSES_ROOTInterface{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} HKEY_CLASSES_ROOTInterface{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} HKEY_CLASSES_ROOTInterface{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{4FD8645F-9B3E-46C1-9727-9837842A84AB} HKEY_CLASSES_ROOTInterface{58359012-BF36-11D3-99A2-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} HKEY_CLASSES_ROOTInterface{78BCF936-45B0-40A7-9391-DCC03420DB35} HKEY_CLASSES_ROOTInterface{7EDC96E1-5DD3-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTInterface{8A0443A2-5DA2-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTInterface{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{955CBF48-4313-4B1F-872B-254B7822CCF2} HKEY_CLASSES_ROOTInterface{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} HKEY_CLASSES_ROOTInterface{C03351A3-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTInterface{EF0372DC-F552-11D3-8528-0050DAB79376} HKEY_CLASSES_ROOTInterface{EF0372DE-F552-11D3-8528-0050DAB79376} HKEY_CLASSES_ROOTInterface{EFA52460-8822-4191-BA38-FACDD2007910} HKEY_CLASSES_ROOTTypeLib{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} HKEY_CLASSES_ROOTTypeLib{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{58359011-BF36-11D3-99A2-0050DA2EE1BE} HKEY_CLASSES_ROOTTypeLib{8A044396-5DA2-11D4-B185-0050DAB79376} HKEY_CLASSES_ROOTTypeLib{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} HKEY_CLASSES_ROOTTypeLib{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} HKEY_CLASSES_ROOTTypeLib{BAF13496-8F72-47A1-9CEE-09238EFC75F0} HKEY_CLASSES_ROOTTypeLib{C0335197-6755-11D4-8A73-0050DA2EE1BE} HKEY_CLASSES_ROOTAtlBrCon.AtlBrCon HKEY_CLASSES_ROOTAtlBrCon.AtlBrCon.1 HKEY_CLASSES_ROOTEZulaAgent.eZulaCtrlHost HKEY_CLASSES_ROOTEZulaAgent.eZulaCtrlHost.1 HKEY_CLASSES_ROOTeZulaAgent.IEObject HKEY_CLASSES_ROOTeZulaAgent.IEObject.1 HKEY_CLASSES_ROOTEZulaAgent.PlugProt HKEY_CLASSES_ROOTEZulaAgent.PlugProt.1 HKEY_CLASSES_ROOTeZulaAgent.ToolBarBand HKEY_CLASSES_ROOTeZulaAgent.ToolBarBand.1 HKEY_CLASSES_ROOTEZulaBoot.InstallCtrl HKEY_CLASSES_ROOTEZulaBoot.InstallCtrl.1 HKEY_CLASSES_ROOTEZulaBootExe.InstallCtrl HKEY_CLASSES_ROOTEZulaBootExe.InstallCtrl.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaCode HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaCode.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaHash HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaHash.1 HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaSearch HKEY_CLASSES_ROOTEZulaFSearchEng.eZulaSearch.1 HKEY_CLASSES_ROOTEZulaFSearchEng.PopupDisplay HKEY_CLASSES_ROOTEZulaFSearchEng.PopupDisplay.1 HKEY_CLASSES_ROOTEZulaFSearchEng.ResultHelper HKEY_CLASSES_ROOTEZulaFSearchEng.ResultHelper.1 HKEY_CLASSES_ROOTEZulaFSearchEng.SearchHelper HKEY_CLASSES_ROOTEZulaFSearchEng.SearchHelper.1 HKEY_CLASSES_ROOTEZulaMain.eZulaPopSearchPipe HKEY_CLASSES_ROOTEZulaMain.eZulaPopSearchPipe.1 HKEY_CLASSES_ROOTEZulaMain.eZulaSearchPipe HKEY_CLASSES_ROOTEZulaMain.eZulaSearchPipe.1 HKEY_CLASSES_ROOTEZulaMain.TrayIConM HKEY_CLASSES_ROOTEZulaMain.TrayIConM.1 HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExplorer Bars{A166C1B0-5CDB-447A-894A-4B9FD7149D51} HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE} HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstalleZula HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionModuleUsageC:/WINDOWS/Downloaded Program Files/ezstub.dll HKEY_CURRENT_USERSoftwareeZula HKEY_CURRENT_USERSoftwareWeb Offer
Navigate to and delete the following subkeys if you are sure they are not being used by other programs:

HKEY_CLASSES_ROOTAppIDAtlBrowser.EXE HKEY_CLASSES_ROOTCLSID{0818D423-6247-11D1-ABEE-00D049C10000}
Exit the Registry Editor.

Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep: With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep: Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps: Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management: Quickly and simply configure program, sweep and upgrade options

Fast Home: Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary: A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts: Receive clear, easy-to-understand notifications when new spyware threats are detected

"Spy Sweeper remains a favorite for protection from spyware."

"This program's dominance is apparent as soon as you install it."