Spyware Scan Details Start Date: 2005-06-15 11:31:11 End Date: 2005-06-15 11:45:59 Total Time: 14 mins 48 secs Detected Threats Xrenoder Browser Plug-in more information... Details: Xrenoder is a Trojan that resets your browsers home page and search settings redirecting it to affiliate sites. Xrenoder also displays adult content pop-up advertisements. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\documents and settings\roger\favoriter\adult sites\best blowjob sites.url c:\documents and settings\roger\favoriter\adult sites\best lesbian sites.url c:\documents and settings\roger\favoriter\adult sites\best mature sites.url c:\documents and settings\roger\favoriter\adult sites\best shemales sites.url c:\documents and settings\roger\favoriter\adult sites\best up-skirt sites.url c:\documents and settings\roger\favoriter\adult sites\best voyeur sites.url c:\documents and settings\roger\favoriter\adult sites\best xxx cartoons.url c:\documents and settings\roger\favoriter\adult sites\best xxx dvd.url c:\documents and settings\roger\favoriter\adult sites\free hot porno!.url c:\documents and settings\roger\favoriter\adult sites\sex webcams.url c:\documents and settings\roger\favoriter\adult sites\virgin's sex.url c:\documents and settings\roger\favoriter\adult sites\best bondage sites.url c:\documents and settings\roger\favoriter\adult sites\best cheerleaders sites.url c:\documents and settings\roger\favoriter\adult sites\best domination sites.url c:\documents and settings\roger\favoriter\adult sites\best ebony sites.url c:\documents and settings\roger\favoriter\adult sites\best fetish sites.url c:\documents and settings\roger\favoriter\adult sites\best gay sites.url c:\documents and settings\roger\favoriter\adult sites\best group sex sites.url c:\documents and settings\roger\favoriter\adult sites\best hardcore sites.url Infected folders detected c:\documents and settings\roger\favoriter\adult sites TIB Porn Dialer Dialer more information... Details: Tib Browser profiles your browsing and shopping habits online and displays popup advertising in Internet Explorer. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\program\websiteviewer\124497.ban c:\program\websiteviewer\124497.dd c:\program\websiteviewer\124497.dlr c:\program\websiteviewer\124497.exe c:\program\websiteviewer\124497.ico c:\program\websiteviewer\lse.txt Infected folders detected c:\program\websiteviewer Infected registry keys/values detected HKEY_CURRENT_USER\software\websiteviewer HKEY_CURRENT_USER\software\websiteviewer\Settings lc 29 HKEY_CURRENT_USER\software\websiteviewer\Settings lang HKEY_CURRENT_USER\software\websiteviewer\Settings country 46 HKEY_CURRENT_USER\software\websiteviewer\Settings lang2 SE HKEY_CURRENT_USER\software\websiteviewer\Settings rc2 ghB7ZP HKEY_CURRENT_USER\software\websiteviewer\Settings prefix MediaTickets CDT Spyware more information... Details: Mediatickets is a spyware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\downloaded program files\mediaticketsinstaller.ocx c:\windows\downloaded program files\mediaticketsinstaller.inf Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files C:\WINDOWS\System32\olepro32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\DownloadInformation CODEBASE http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.INF HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InstalledVersion 0,0,0,1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InstalledVersion LastModified Tue, 31 May 2005 14:44:28 GMT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} SystemComponent 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} Installer MSICD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com * 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com * 2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com * 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx .Owner {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7}\InprocServer32 C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} MediaTicketsInstaller Property Page HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files C:\WINDOWS\System32\mfc42.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files C:\WINDOWS\System32\msvcrt.dll eXact.BullseyeNetwork Adware more information... Details: Bullseye displays pop-up advertisements. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected C:\Program\BullsEye Network\bin\adv.exe C:\Program\BullsEye Network\bin\adx.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network IE Trusted Zone Hijack Spyware more information... Details: IE Trusted Zone Hijack is a spyware related Web site that is added to your Internet Explorer Trusted Zones. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Unclassified.Trojan.E Trojan more information... Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\loadnew.exe Downloader.Lunii Trojan Downloader more information... Details: Downloader.Lunii attempts to download remote files, terminate adware products, and delete files. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\tool2.exe c:\windows\tool3.exe CoolWebSearch Browser Modifier more information... Details: CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} AvenueMedia.DyFuCA Browser Plug-in more information... Details: AvenueMedia DyFuCA Internet Optimizer is adware that changes your browser error page. It periodically displays pop-up advertisements from its remote sites and may update itself. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\windows\nem220.dll Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29716460,3471787840 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-5c84debb6689f724a26306d HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1118823939 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1118823939 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 223,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi14 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_CLASSES_ROOT\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29716460,3471787840 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-5c84debb6689f724a26306d HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1118823939 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1118823939 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 223,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer "C:\Program Files\Internet Optimizer\optimize.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} MoneyTree Dialer more information... Details: MoneyTree is an ActiveX installer control that downloads premium-rate dialers, primarily for adult content sites. On system startup MoneyTree attempts to connect to an adult content site. Status: Ignored Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{00000010-6F7D-442C-93E3-4A4827C2E4C8} BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8}\InprocServer32 C:\WINDOWS\nem220.dll Trojan.StartPage Browser Modifier more information... Details: Trojan.StartPage is an Internet Explorer start page URL redirector. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Systems Restart Twain Tech Adware more information... Details: Twain Tech is an adware based Internet Explorer browser helper object that displays targeted advertisements based on your browsing patterns. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Internet Optimizer Topconverting Crazywinnings Adware more information... Details: Topconverting Crazywinnings installs via online games through ActiveX drive-by-download. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TPUSN TPUSN_once 1 eXact.CashBack Adware more information... Details: CashBack is part of BargainBuddy adware that displays pop-up advertisements. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerID 441 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil NewPartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil PartnerName SIAC HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil System 1 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil BuildNumber 8039 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil FirstHitUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UninstallUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UniqueKeyUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil UtilFolder C:\WINDOWS\System32 HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil InstallOccurUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil AlreadyInstalledUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil ETServer www.xctrk.com eXact.BargainBuddy Adware more information... Details: BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\msbe.dll c:\program\bullseye network\ad.dat c:\program\bullseye network\t1118827554.dec c:\program\bullseye network\ub.dat c:\program\bullseye network\uninstall.exe c:\program\bullseye network\bin\adv.exe c:\program\bullseye network\bin\adx.exe c:\program\bullseye network\bin\bargains.exe Infected folders detected c:\program\bullseye network c:\program\bullseye network\bin Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\bargains MainDir C:\Program\BullsEye Network HKEY_LOCAL_MACHINE\software\bargains Binary bin HKEY_LOCAL_MACHINE\software\bargains ConfigUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d HKEY_LOCAL_MACHINE\software\bargains ADDataUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d HKEY_LOCAL_MACHINE\software\bargains SoftwareUpdateQueryUrl http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d HKEY_LOCAL_MACHINE\software\bargains ServerName adpopper.outblaze.com HKEY_LOCAL_MACHINE\software\bargains ServerPath /scripts/adpopper/webservice.main?type=upload HKEY_CLASSES_ROOT\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains SliderLegalText Bullseye Network Offer HKEY_LOCAL_MACHINE\software\bargains ServerPort 80 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryDuration 86400 HKEY_LOCAL_MACHINE\software\bargains UpdateQueryFailedDuration 1200 HKEY_LOCAL_MACHINE\software\bargains BuildNumber 8039 HKEY_LOCAL_MACHINE\software\bargains AdvDelaySec 30 HKEY_LOCAL_MACHINE\software\bargains TrackingFileFlag 1 HKEY_LOCAL_MACHINE\software\bargains RestartADPDuration 7200 HKEY_LOCAL_MACHINE\software\bargains TimeOutInterval 5000 HKEY_LOCAL_MACHINE\software\bargains FirstHit 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\software\bargains PartnerName SIAC HKEY_LOCAL_MACHINE\software\bargains PartnerID 441 HKEY_LOCAL_MACHINE\software\bargains SystemInstallTime 1118649121 HKEY_LOCAL_MACHINE\software\bargains TempUniqueKey 1118649126:000027975 HKEY_LOCAL_MACHINE\software\bargains UniqueKey 79928343:25164:8039:1 HKEY_LOCAL_MACHINE\software\bargains IdleMinutesThreshold 1 HKEY_LOCAL_MACHINE\software\bargains MinMinutesBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDomainCap 2 HKEY_LOCAL_MACHINE\software\bargains MinCountOfUrlsBetweenTwoADs 1 HKEY_LOCAL_MACHINE\software\bargains MaxDailyCapPerUSer 50 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\software\bargains ConfigVersion 10 HKEY_LOCAL_MACHINE\software\bargains ADDataVersion 1118819968 HKEY_LOCAL_MACHINE\software\bargains LastQueryTime 1118827613 HKEY_LOCAL_MACHINE\software\bargains LastADPRestart 1118827566 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1 ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher\CLSID {F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher ADP UrlCatcher Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BargainBuddy Changed 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayName The BullsEye Network HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy UninstallString C:\Program\BullsEye Network\Uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy Publisher eXact Advertising HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy URLInfoAbout http://www.exactadvertising.com HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayVersion 8.0.3.9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy DisplayIcon C:\Program\BullsEye Network\bin\bargains.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy NoRepair 1 HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 Clandestine Remote Access Trojan more information... Status: Ignored High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\system32\win32.exe Infected registry keys/values detected HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wupd eXact Search Bar Browser Plug-in more information... Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages. Status: Ignored Elevated threat - Eleveated-risk items have some potential for harm. Users should review such programs and remove them if unwanted. Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 C:\WINDOWS\System32\msbe.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID ADP.UrlCatcher.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID ADP.UrlCatcher HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} ADP UrlCatcher Class Detected Spyware Cookies No spyware cookies were found during this scan.