Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, July 24, 2005 3:56:10 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R56 21.07.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):9 total references Adintelligence.AproposToolbar(TAC index:5):1 total references Alexa(TAC index:5):2 total references BargainBuddy(TAC index:8):218 total references BonziBuddy(TAC index:7):3 total references ClearSearch(TAC index:7):2 total references CoolWebSearch(TAC index:10):9 total references eSyndicate BHO(TAC index:6):19 total references EzuLa(TAC index:6):28 total references Hijacker.TopConverting(TAC index:5):1 total references IBIS Toolbar(TAC index:5):135 total references ImIServer IEPlugin(TAC index:5):9 total references Lycos Sidesearch(TAC index:7):16 total references MemoryWatcher(TAC index:4):12 total references midADdle(TAC index:8):5 total references MRU List(TAC index:0):14 total references OverPro(TAC index:3):4 total references PeopleOnPage(TAC index:9):24 total references Possible Browser Hijack attempt(TAC index:3):19 total references PromulGate(TAC index:5):4 total references Rads01.Quadrogram(TAC index:6):5 total references StatBlaster(TAC index:8):9 total references TopPicks(TAC index:6):11 total references UpdateLoader Malware(TAC index:5):2 total references Win32.Turown.h(TAC index:6):1 total references WinFavorites(TAC index:6):2 total references VX2(TAC index:10):60 total references Zango(TAC index:6):11 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R56 21.07.2005 Internal build : 65 File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\defs.ref File size : 501264 Bytes Total size : 1511688 Bytes Signature data size : 1479157 Bytes Reference data size : 32019 Bytes Signatures total : 42142 CSI Fingerprints total : 979 CSI data size : 34474 Bytes Target categories : 15 Target families : 718 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:0 % Total physical memory:129104 kb Available physical memory:10500 kb Total page file size:1968044 kb Available on page file:1737616 kb Total virtual memory:2093056 kb Available virtual memory:1992960 kb OS:Microsoft Windows 98 SE Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 7-24-05 3:56:10 PM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] ModuleName : C:\WINDOWS\SYSTEM\KERNEL32.DLL Command Line : n/a ProcessID : 4293963615 Threads : 4 Priority : High FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] ModuleName : C:\WINDOWS\SYSTEM\MSGSRV32.EXE Command Line : n/a ProcessID : 4294933367 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [MPREXE.EXE] ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE ProcessID : 4294929927 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : MPREXE.EXE #:4 [INETINFO.EXE] ModuleName : C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE Command Line : C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc ProcessID : 4294950335 Threads : 8 Priority : Normal FileVersion : 4.02.0622 ProductVersion : 4.02.0622 ProductName : Internet Information Server CompanyName : Microsoft Corporation FileDescription : Internet Information Services InternalName : INETINFO.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : INETINFO.EXE #:5 [CSINJECT.EXE] ModuleName : C:\PROGRAM FILES\NORTON CLEANSWEEP\CSINJECT.EXE Command Line : C:\PROGRA~1\NORTON~3\CSINJECT.EXE ProcessID : 4294837275 Threads : 1 Priority : Normal FileVersion : 4.51.0026 ProductVersion : 4.5 ProductName : Norton CleanSweep CompanyName : Symantec Corporation FileDescription : csinject InternalName : CSInject LegalCopyright : Copyright © 1992-1999 Symantec Corporation OriginalFilename : CSInject.exe #:6 [MSTASK.EXE] ModuleName : C:\WINDOWS\SYSTEM\MSTASK.EXE Command Line : mstask.exe ProcessID : 4294849259 Threads : 2 Priority : Normal FileVersion : 4.71.1972.1 ProductVersion : 4.71.1972.1 ProductName : Microsoft® Windows® Task Scheduler CompanyName : Microsoft Corporation FileDescription : Task Scheduler Engine InternalName : TaskScheduler LegalCopyright : Copyright (C) Microsoft Corp. 2000 OriginalFilename : mstask.exe #:7 [ADSERVICE.EXE] ModuleName : C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE Command Line : "C:\Program Files\Iomega\AutoDisk\ADService.exe" ProcessID : 4294889703 Threads : 4 Priority : Normal FileVersion : 3,0,0,7 ProductVersion : 3,0,0,7 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk Service InternalName : ADService LegalCopyright : Copyright © 2001 OriginalFilename : ADService.exe #:8 [ODJIWJF.EXE] ModuleName : C:\WINDOWS\SYSTEM\ODJIWJF.EXE Command Line : ODJIWJF.EXE ProcessID : 4294894391 Threads : 5 Priority : Normal #:9 [WTOOLSA.EXE] ModuleName : C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE Command Line : C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE ProcessID : 4294874523 Threads : 7 Priority : Normal #:10 [HIDSERV.EXE] ModuleName : C:\WINDOWS\SYSTEM\HIDSERV.EXE Command Line : Hidserv.exe ProcessID : 4294780539 Threads : 2 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : HID Audio Service InternalName : hidserv LegalCopyright : Copyright (C) Microsoft Corp. 1998, 1999 OriginalFilename : HIDSERV.EXE #:11 [MSDTCW.EXE] ModuleName : C:\WINDOWS\SYSTEM\MSDTCW.EXE Command Line : msdtcw.exe -ns ProcessID : 4294816931 Threads : 15 Priority : Normal FileVersion : 1997.11.532.0 ProductVersion : 02.00.00.532 ProductName : Microsoft Distributed Transaction Coordinator CompanyName : Microsoft Corporation InternalName : MSDTC.EXE LegalCopyright : Copyright © Microsoft Corp. 1995 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation Comments : INTEL X86 #:12 [WSUP.EXE] ModuleName : C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE Command Line : C:\PROGRA~1\COMMON~1\WINTOOLS\WSUP.EXE ProcessID : 4294823203 Threads : 2 Priority : Normal #:13 [RPCSS.EXE] ModuleName : C:\WINDOWS\SYSTEM\RPCSS.EXE Command Line : RPCSS ProcessID : 4294645175 Threads : 6 Priority : Normal FileVersion : 4.71.2900 ProductVersion : 4.71.2900 ProductName : Microsoft(R) Windows NT(TM) Operating System CompanyName : Microsoft Corporation FileDescription : Distributed COM Services InternalName : rpcss.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : rpcss.exe #:14 [mmtask.tsk] ModuleName : C:\WINDOWS\SYSTEM\mmtask.tsk Command Line : n/a ProcessID : 4294674159 Threads : 1 Priority : Normal FileVersion : 4.03.1998 ProductVersion : 4.03.1998 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-1998 OriginalFilename : mmtask.tsk #:15 [EXPLORER.EXE] ModuleName : C:\WINDOWS\EXPLORER.EXE Command Line : C:\WINDOWS\Explorer.exe ProcessID : 4294594543 Threads : 11 Priority : Normal FileVersion : 4.72.3110.1 ProductVersion : 4.72.3110.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : EXPLORER.EXE BargainBuddy Object Recognized! Type : Process Data : MSCB.DLL TAC Rating : 8 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ FileVersion : 2, 0, 0, 17 ProductVersion : 2, 0, 0, 17 ProductName : cbdll Module CompanyName : eXact Advertising FileDescription : cb.dll Module InternalName : cb.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cb.dll Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\MSCB.DLL) BargainBuddy Object Recognized! Type : Process Data : NVMS.DLL TAC Rating : 8 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ FileVersion : 2, 0, 0, 19 ProductVersion : 2, 0, 0, 19 ProductName : nls.dll Module CompanyName : eXact Advertising FileDescription : nls.dll Module InternalName : nls.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.dll Warning! BargainBuddy Object found in memory(C:\WINDOWS\SYSTEM\NVMS.DLL) #:16 [TASKMON.EXE] ModuleName : C:\WINDOWS\TASKMON.EXE Command Line : "C:\windows\taskmon.exe" ProcessID : 4294585367 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon LegalCopyright : Copyright (C) Microsoft Corp. 1998 OriginalFilename : TASKMON.EXE #:17 [SYSTRAY.EXE] ModuleName : C:\WINDOWS\SYSTEM\SYSTRAY.EXE Command Line : "C:\WINDOWS\SYSTEM\SysTray.Exe" ProcessID : 4294630523 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : System Tray Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : SYSTRAY.EXE #:18 [SPEEDKEY.EXE] ModuleName : C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE Command Line : "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe" ProcessID : 4294635319 Threads : 1 Priority : Normal FileVersion : 1.00.245 ProductVersion : 1.00.245 ProductName : Microsoft IntelliType Pro CompanyName : Microsoft Corporation FileDescription : MS IntelliType Pro InternalName : MS IntelliType Pro LegalCopyright : Copyright (C) 1995-1999 Microsoft Corporation OriginalFilename : SpeedKey.exe #:19 [NAVAPW32.EXE] ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE Command Line : "C:\PROGRA~1\NORTON~1\NAVAPW32.EXE" /LOADQUIET ProcessID : 4294611351 Threads : 1 Priority : Normal FileVersion : 6.10.20.28 ProductVersion : 6.10.20.28 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Agent InternalName : NAVAPW32 LegalCopyright : Copyright (C) Symantec Corporation 1991-2000 OriginalFilename : NAVAPW32.DLL #:20 [PWSTRAY.EXE] ModuleName : C:\WINDOWS\SYSTEM\PWSTRAY.EXE Command Line : "C:\WINDOWS\SYSTEM\PwsTray.exe" ProcessID : 4294617383 Threads : 1 Priority : Normal FileVersion : 4.02.0622 ProductVersion : 4.02.0622 ProductName : Internet Information Server CompanyName : Microsoft Corporation FileDescription : PWS Shell extension InternalName : pwsext.dll LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : pwsext.dll #:21 [POPROXY.EXE] ModuleName : C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE Command Line : "C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe" ProcessID : 4294529607 Threads : 1 Priority : Normal FileVersion : 6.10.20.28 ProductVersion : 6.10.20.28 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Utilities InternalName : POProxy LegalCopyright : Copyright (C) Symantec Corporation 1991-2000 OriginalFilename : POProxy.exe #:22 [LOADQM.EXE] ModuleName : C:\WINDOWS\LOADQM.EXE Command Line : "C:\WINDOWS\loadqm.exe" ProcessID : 4294572595 Threads : 3 Priority : Normal FileVersion : 5.4.1103.3 ProductVersion : 5.4.1103.3 ProductName : QMgr Loader CompanyName : Microsoft Corporation FileDescription : Microsoft QMgr InternalName : LOADQM.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : LOADQM.EXE #:23 [ADUSERMON.EXE] ModuleName : C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE Command Line : "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" ProcessID : 4294547879 Threads : 2 Priority : Normal FileVersion : 3,0,0,7 ProductVersion : 3,0,0,7 ProductName : Iomega Active Disk CompanyName : Iomega Corporation FileDescription : Active Disk User Monitor InternalName : ADUserMon LegalCopyright : Copyright © 2001 OriginalFilename : ADUserMon.exe #:24 [AHQTB.EXE] ModuleName : C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE Command Line : "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE" ProcessID : 4294555911 Threads : 1 Priority : Normal FileVersion : 1.0.185 ProductVersion : 1.0.185 ProductName : AudioHQ CompanyName : Creative Technology Ltd. FileDescription : Creative AudioHQ InternalName : AHQTaskBar LegalCopyright : Copyright (c) Creative Technology Ltd. 1997-1999 OriginalFilename : AHQTb.exe Comments : Creative AudioHQ #:25 [CTSYSVOL.EXE] ModuleName : C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE Command Line : "C:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXE" ProcessID : 4294526795 Threads : 1 Priority : Normal FileVersion : 1, 0, 0, 0 ProductVersion : 1, 1, 0, 0 ProductName : Creative Surround Mixer CompanyName : Creative Technology Ltd FileDescription : System Tray Volume Control InternalName : CTSysVol LegalCopyright : Copyright (c) Creative Technology Ltd 1999 OriginalFilename : CTSysVol.exe #:26 [REALSCHED.EXE] ModuleName : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ProcessID : 4294547003 Threads : 2 Priority : Normal FileVersion : 0.1.0.1622 ProductVersion : 0.1.0.1622 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:27 [PELMICED.EXE] ModuleName : C:\WINDOWS\SYSTEM\PELMICED.EXE Command Line : "C:\WINDOWS\SYSTEM\PELMICED.EXE" ProcessID : 4294613171 Threads : 1 Priority : Normal FileVersion : 1, 0, 7, 7 ProductVersion : 1.0.0.0 ProductName : MouseSuite 98 CompanyName : Primax Electronics Ltd. FileDescription : Mouse Suite 98 Daemon InternalName : pelmiced.exe LegalCopyright : Copyright (c) 1997, Primax Electronics Ltd. LegalTrademarks : Primax Electronics Ltd. #:28 [X8ZOMKA.EXE] ModuleName : C:\WINDOWS\TEMP\X8ZOMKA.EXE Command Line : "C:\WINDOWS\TEMP\X8ZOMKA.EXE" ProcessID : 4294631487 Threads : 2 Priority : Normal StatBlaster Object Recognized! Type : Process Data : X8ZOMKA.EXE TAC Rating : 8 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\TEMP\ Warning! StatBlaster Object found in memory(C:\WINDOWS\TEMP\X8ZOMKA.EXE) "C:\WINDOWS\TEMP\X8ZOMKA.EXE"Process terminated successfully #:29 [QTTASK.EXE] ModuleName : C:\WINDOWS\SYSTEM\QTTASK.EXE Command Line : "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime ProcessID : 4294494403 Threads : 1 Priority : Normal FileVersion : 6.5 ProductVersion : QuickTime 6.5 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:30 [0GYA.EXE] ModuleName : C:\WINDOWS\SYSTEM\0GYA.EXE Command Line : "C:\WINDOWS\SYSTEM\0GYA.EXE" ProcessID : 4294506547 Threads : 2 Priority : Normal StatBlaster Object Recognized! Type : Process Data : 0GYA.EXE TAC Rating : 8 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ Warning! StatBlaster Object found in memory(C:\WINDOWS\SYSTEM\0GYA.EXE) "C:\WINDOWS\SYSTEM\0GYA.EXE"Process terminated successfully #:31 [SHWICON.EXE] ModuleName : C:\PROGRAM FILES\PNY ATTACHé\SHWICON.EXE Command Line : "C:\Program Files\PNY Attaché\shwicon.exe" -t"PNY\PNY Attaché" ProcessID : 4294479331 Threads : 1 Priority : Normal FileVersion : 2, 0, 4, 15 ProductVersion : 2, 0, 4, 15 ProductName : shwicon CompanyName : MyComp FileDescription : shwicon InternalName : shwicon LegalCopyright : Copyright © 2002-2003 OriginalFilename : shwicon.exe #:32 [GYCS8GFG.EXE] ModuleName : C:\WINDOWS\SYSTEM\GYCS8GFG.EXE Command Line : "C:\WINDOWS\SYSTEM\GYCS8GFG.EXE" ProcessID : 4294407519 Threads : 2 Priority : Normal StatBlaster Object Recognized! Type : Process Data : GYCS8GFG.EXE TAC Rating : 8 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ Warning! StatBlaster Object found in memory(C:\WINDOWS\SYSTEM\GYCS8GFG.EXE) "C:\WINDOWS\SYSTEM\GYCS8GFG.EXE"Process terminated successfully #:33 [RFHNHU.EXE] ModuleName : C:\WINDOWS\SYSTEM\RFHNHU.EXE Command Line : "C:\windows\system\rfhnhu.exe" ProcessID : 4294433575 Threads : 2 Priority : Normal FileVersion : 1, 0, 2, 17 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : Process Data : RFHNHU.EXE TAC Rating : 10 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 2, 17 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. Warning! VX2 Object found in memory(C:\WINDOWS\SYSTEM\RFHNHU.EXE) "C:\WINDOWS\SYSTEM\RFHNHU.EXE"Process terminated successfully #:34 [ED.EXE] ModuleName : C:\WINDOWS\SYSTEM\ED.EXE Command Line : "C:\WINDOWS\SYSTEM\ED.EXE" ProcessID : 4294418119 Threads : 2 Priority : Normal StatBlaster Object Recognized! Type : Process Data : ED.EXE TAC Rating : 8 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ Warning! StatBlaster Object found in memory(C:\WINDOWS\SYSTEM\ED.EXE) "C:\WINDOWS\SYSTEM\ED.EXE"Process terminated successfully #:35 [PSTORES.EXE] ModuleName : C:\WINDOWS\SYSTEM\PSTORES.EXE Command Line : C:\WINDOWS\SYSTEM\PSTORES.EXE ProcessID : 4294385271 Threads : 3 Priority : Normal FileVersion : 5.00.1877.3 ProductVersion : 5.00.1877.3 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : Protected storage server InternalName : Protected storage server LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : Protected storage server #:36 [CALC.EXE] ModuleName : C:\WINDOWS\CALC.EXE Command Line : n/a ProcessID : 4294365051 Threads : 1 Priority : Realtime FileVersion : 5.00.1764.1 ProductVersion : 5.00.1764.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows Calculator application file InternalName : CALC LegalCopyright : Copyright (C) Microsoft Corp. 1991-1995 OriginalFilename : CALC.EXE #:37 [SAAP.EXE] ModuleName : C:\PROGRAM FILES\180SEARCHASSISTANT\SAAP.EXE Command Line : "C:\Program Files\180searchassistant\saap.exe" /did=006644 /DID=000997 /install_appname=saap /did=6644 /track_page=http://cts.180solutions.com/trackedevent.aspx ProcessID : 4294259063 Threads : 2 Priority : Normal FileVersion : 6, 9, 110, 0 ProductVersion : 6, 9, 110, 0 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2005, 180solutions Inc. 180Solutions Object Recognized! Type : Process Data : SAAP.EXE TAC Rating : 6 Category : Data Miner Comment : (CSI MATCH) Object : C:\PROGRAM FILES\180SEARCHASSISTANT\ FileVersion : 6, 9, 110, 0 ProductVersion : 6, 9, 110, 0 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2005, 180solutions Inc. Warning! 180Solutions Object found in memory(C:\PROGRAM FILES\180SEARCHASSISTANT\SAAP.EXE) "C:\PROGRAM FILES\180SEARCHASSISTANT\SAAP.EXE"Process terminated successfully #:38 [CASHBACK.EXE] ModuleName : C:\PROGRAM FILES\CASHBACK\BIN\CASHBACK.EXE Command Line : "C:\Program Files\CashBack\bin\cashback.exe" ProcessID : 4250180095 Threads : 1 Priority : Normal FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : CashBack Module CompanyName : eXact Advertising FileDescription : CashBack Module InternalName : CashBack LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cashback.exe #:39 [NLS.EXE] ModuleName : C:\PROGRAM FILES\NAVISEARCH\BIN\NLS.EXE Command Line : "C:\Program Files\NaviSearch\bin\nls.exe" ProcessID : 4250175639 Threads : 1 Priority : Normal FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : NAVISearch Module CompanyName : eXact Advertising FileDescription : NLS Module InternalName : NLS LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.exe #:40 [BARGAINS.EXE] ModuleName : C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE Command Line : "C:\Program Files\BullsEye Network\bin\bargains.exe" ProcessID : 4250140431 Threads : 2 Priority : Normal FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe #:41 [XQYJ.EXE] ModuleName : C:\WINDOWS\SYSTEM\XQYJ.EXE Command Line : c:\windows\system\XQYj.exe ProcessID : 4252710135 Threads : 3 Priority : Normal midADdle Object Recognized! Type : Process Data : XQYJ.EXE TAC Rating : 8 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ Warning! midADdle Object found in memory(C:\WINDOWS\SYSTEM\XQYJ.EXE) "C:\WINDOWS\SYSTEM\XQYJ.EXE"Process terminated successfully #:42 [WINOA386.MOD] ModuleName : C:\WINDOWS\SYSTEM\WINOA386.MOD Command Line : n/a ProcessID : 4252404795 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Non-Windows application component for 386 enhanced mode InternalName : WINOLDAP LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : WINOA386.MOD #:43 [XQYJ.EXE] ModuleName : C:\WINDOWS\SYSTEM\XQYJ.EXE Command Line : n/a ProcessID : 4294222587 Threads : 2 Priority : Normal #:44 [OUAK60.EXE] ModuleName : C:\WINDOWS\SYSTEM\OUAK60.EXE Command Line : C:\WINDOWS\SYSTEM\Ouak60.exe ProcessID : 4293939163 Threads : 2 Priority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Kern32 InternalName : Kern32 OriginalFilename : Kern32.exe Rads01.Quadrogram Object Recognized! Type : Process Data : OUAK60.EXE TAC Rating : 6 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Kern32 InternalName : Kern32 OriginalFilename : Kern32.exe Warning! Rads01.Quadrogram Object found in memory(C:\WINDOWS\SYSTEM\OUAK60.EXE) "C:\WINDOWS\SYSTEM\OUAK60.EXE"Process terminated successfully #:45 [JCUD3B6.EXE] ModuleName : C:\WINDOWS\SYSTEM\JCUD3B6.EXE Command Line : c:\windows\system\jCud3B6.exe ProcessID : 4294186815 Threads : 2 Priority : Normal StatBlaster Object Recognized! Type : Process Data : JCUD3B6.EXE TAC Rating : 8 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ Warning! StatBlaster Object found in memory(C:\WINDOWS\SYSTEM\JCUD3B6.EXE) "C:\WINDOWS\SYSTEM\JCUD3B6.EXE"Process terminated successfully #:46 [SPOOL32.EXE] ModuleName : C:\WINDOWS\SYSTEM\SPOOL32.EXE Command Line : C:\WINDOWS\SYSTEM\spool32.exe ProcessID : 4294139795 Threads : 2 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Spooler Sub System Process InternalName : spool32 LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998 OriginalFilename : spool32.exe #:47 [RDZ4ECL0.EXE] ModuleName : C:\WINDOWS\SYSTEM\RDZ4ECL0.EXE Command Line : C:\WINDOWS\SYSTEM\Rdz4ecL0.exe ProcessID : 4294128523 Threads : 2 Priority : Normal FileVersion : 1.00 ProductVersion : 1.00 ProductName : Kern32 InternalName : Kern32 OriginalFilename : Kern32.exe Rads01.Quadrogram Object Recognized! Type : Process Data : RDZ4ECL0.EXE TAC Rating : 6 Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\SYSTEM\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Kern32 InternalName : Kern32 OriginalFilename : Kern32.exe Warning! Rads01.Quadrogram Object found in memory(C:\WINDOWS\SYSTEM\RDZ4ECL0.EXE) "C:\WINDOWS\SYSTEM\RDZ4ECL0.EXE"Process terminated successfully #:48 [WINOA386.MOD] ModuleName : C:\WINDOWS\SYSTEM\WINOA386.MOD Command Line : n/a ProcessID : 4252774107 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Non-Windows application component for 386 enhanced mode InternalName : WINOLDAP LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : WINOA386.MOD #:49 [EXPLORER.EXE] ModuleName : C:\WINDOWS\EXPLORER.EXE Command Line : explorer.exe ProcessID : 4250252507 Threads : 1 Priority : Normal FileVersion : 4.72.3110.1 ProductVersion : 4.72.3110.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : EXPLORER.EXE #:50 [HPZSTATX.EXE] ModuleName : C:\WINDOWS\SYSTEM\HPZSTATX.EXE Command Line : C:\WINDOWS\SYSTEM\HPZSTATX.EXE -Embedding ProcessID : 4250248659 Threads : 5 Priority : Normal FileVersion : 1.14.2000 ProductVersion : 1.14.2000 ProductName : DJStatusServer Module CompanyName : Hewlett-Packard Company FileDescription : DJStatusServer Module InternalName : DJSTATUSSERVER LegalCopyright : Copyright 1999 OriginalFilename : DJSTATUSSERVER.EXE #:51 [WEIRDONTHEWEB.EXE] ModuleName : C:\PROGRAM FILES\WEIRDONTHEWEB\WEIRDONTHEWEB.EXE Command Line : n/a ProcessID : 4252095171 Threads : 4 Priority : Normal FileVersion : 18.211.0.18 ProductVersion : 18.211.0.18 ProductName : Notifier FileDescription : Notifier LegalCopyright : Copyright © 2004 Notifier #:52 [AD-AWARE.EXE] ModuleName : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 4294576459 Threads : 3 Priority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 10 Objects found so far: 12 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : cb.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : cb.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ce188402-6ee7-4022-8868-ab25173a3e14} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e2468} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed12468} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : nls.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cc378b83-9577-44d0-b4f8-0dd965e176fc} eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : esyn.band eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : esyn.band.1 eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{941e3071-658d-4f7a-8848-a39e9a43aa97} eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{b526170e-491f-4e29-8bfb-c6157d02fefd} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{25630b47-53c6-4e66-a945-9d7b6b2171ff} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{370f6354-41c4-4fa6-a2df-1ba57ee0fbb9} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{788c6f6f-c2ea-4a63-9c38-ce7d8f43bce4} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{78bcf937-45b0-40a7-9391-dcc03420db35} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f75521b8-76f1-4a4d-84b1-9e642e9c51d0} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulabootexe.installctrl.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.ezulacode.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.ezulahash.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.ezulasearch.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.popupdisplay.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.resulthelper.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulafsearcheng.searchhelper.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulamain.ezulasearchpipe.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ezulamain.trayiconm.1 Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{87766247-311c-43b4-8499-3d5fec94a183} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\name-space handler\res\wtoolsb.resprotocol IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wtoolsb.resprotocol ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582} ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9} ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band.1 Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{c30793af-14b2-4300-8b5d-4bfa3987050e} Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{c5183abc-eb6e-4e05-b8c9-500a16b6cf94} Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5} Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{af286cea-635d-40c5-a891-b40a0f520539} Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : sep.band Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : sep.band.1 Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : sep.search Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : sep.search.1 Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4e627a1e-bc4b-4faf-8de8-1d9a54d37da3} PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : apropos.client PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : apropos.client.1.1 PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a4a58a2c-b039-432b-8bc1-dca7ac0757dc} PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{01c5bf6c-e699-4cd7-bea1-786fa05c83ab} TopPicks Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : htcheck2.checkpage.1 TopPicks Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : htcheck2.chelpobj.1 TopPicks Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : idiumupdater.idiumsysupdater.1 TopPicks Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : topicksreg.topickreg1.1 UpdateLoader Malware Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{0c1c2c3c-4c5c-6c7c-8c9c-ccbcccdcecfc} UpdateLoader Malware Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0b1b2b3b-4b5b-6b7b-8b9b-bbbbcbdbebfb} WinFavorites Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : bridge.brdg.1 VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{230c3786-1c2c-45bd-9d2d-9d277fce6289} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000049-8f91-4d9c-9573-f016e7626484} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000000-59d4-4008-9058-080011001200} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ceresdll.ceresdllobj.1 VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : ceresdll.ceresdllobj VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{09049e4f-8d9e-4c8a-a952-5baf1a115c59} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{94984402-b480-45c7-ad2d-84e5eb52cfcd} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : a4ix IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : alk3hm IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : 4irx2y4mnrk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : hrl4nyirlx2j4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : hr8g8kmi4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : hrhrirlx2j4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : hrhrirlx2j25s IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : hrjy3ralsr4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : mnvspsel IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : kjnmpsyj IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\wintools Value : rmhri PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\apropos Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : RestartADPDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TimeOutInterval BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TempUniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastADPRestart BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : TrackingServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : TrackingGIFURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : AffiliateURLUID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : AutoFlashParam BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : AutoSwfURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ClickFlashParam BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ClickSwfURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBUpdateAccParam BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBSignupWelcomeParam BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBBalance BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML00 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML01 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML02 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML03 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML04 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML05 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML06 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML07 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML08 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SliderHTML09 BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBSignUpURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBServer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : Referral BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBSignupFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBIconAnimationEnable BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBSliderEnable BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBBalloonMsgEnable BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBSignUpDelay BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : CBPW BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : errorCheck BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cashback Value : LastQueryTime BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : Readme BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : HelpLink BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\cashback Value : NoRepair BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingGIFURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingURLCount BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingURLEnable BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UseSearchAsst BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : SearchAssistant BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ErrLandingURL BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ErrLandingQuery BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\navisearch Value : LastQueryTime eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{cc378b83-9577-44d0-b4f8-0dd965e176fc} EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulabootexe.installctrl.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.ezulacode.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.ezulahash.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.ezulasearch.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.popupdisplay.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.resulthelper.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulafsearcheng.searchhelper.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulamain.ezulasearchpipe.1 EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\ezulamain.trayiconm.1 IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183} IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : lkjhn2j IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : lkbd4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : lkixw4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : libkrzl7 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 25s2jr2bjy4x IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 25s4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 25swrx IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5x62lalk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5x62labd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5x62laiar2 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzz2ym5hx3t IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzz2ym5hx3i7i IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzz2ym5hx3i7iru IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzzijyd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhminlcy4nhm5y IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhmin2ym5hx3 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhminml3r IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhmina4czhijrx IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : wrxcyir IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5hxinlk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5hxinbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rlk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rhri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rja IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rlkbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mml3rrihri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhminlzzhm5yt IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mhminlzzhm5y1 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5hxinrbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 5x62larbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : x4zrirua IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : x4zriinya IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : lk4mh4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : irlx2jhmin IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrjy3ralsr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : librmlczrjy3ralsr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczr8g8 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : librmlczr8g8 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrli IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : librmlczrli IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 8g84xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : li4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrhri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : librmlczrhri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mkralk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mkrabd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mkrari IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mkrahri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 4mkraja IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrlki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrl4nyhmin IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : rmlczrbdlki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : n4hk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzz2ym5hx3rk IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hminlzzzrwrz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : k25s4ak IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 24irxi IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydmklnr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2lki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zlki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2rlki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zrlki IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2bd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2rbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zrbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2rrbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zrrbd IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2xhr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zxhr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 28g8 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2z8g8 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2li IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 2zli IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : hri4xz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : khminlzz IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : z225s IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzlaa IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzcjy IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzaxr5 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzkr5 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : zlh IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 25sixwwlx IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzihnr IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : llrmli IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : llrm8g8 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : 25s6xri IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzbd4 IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wintools Value : kydm4xzbdk ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{c5183abc-eb6e-4e05-b8c9-500a16b6cf94} MemoryWatcher Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\memorywatcher MemoryWatcher Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\memorywatcher MemoryWatcher Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\memorywatcher Value : UninstallString PromulGate Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610} PromulGate Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{41700749-a109-4254-af13-be54011e8783} PromulGate Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\vccpgdataaccess.pgdataaccessctrl.1 StatBlaster Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\statblaster StatBlaster Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\statblaster Value : install_dir StatBlaster Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wildmedia\licensestores VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000049-8f91-4d9c-9573-f016e7626484} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-59d4-4008-9058-080011001200} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\main Value : HOMEOldSP CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "BHOW" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\main Value : BHOW BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "CashBack" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : CashBack Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 359 Objects found so far: 371 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearchAssistant.websearch.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://www.websearch.com/ie.aspx?tb_id=50093" TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : SearchAssistant Data : "http://www.websearch.com/ie.aspx?tb_id=50093" Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.websearch.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://www.websearch.com/ie.aspx?tb_id=50093" TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.websearch.com/ie.aspx?tb_id=50093" Possible Browser Hijack attempt : .DEFAULT\Software\Microsoft\Internet Explorer\MainSearch Bar.websearch.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://www.websearch.com/ie.aspx?tb_id=50093" TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.websearch.com/ie.aspx?tb_id=50093" Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : UninstallString Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : DisplayVersion Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : Readme Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : DisplayIcon Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : HelpLink Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : NoModify Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch "http://www.exactadvertising.com" TAC Rating : 10 Category : Malware Comment : (http://www.exactadvertising.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch Value : NoRepair Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : DisplayName Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : HelpLink Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 10 Category : Malware Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Contact midADdle Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "Xqyj.exe" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : Xqyj.exe midADdle Object Recognized! Type : File Data : xqyj.exe TAC Rating : 8 Category : Malware Comment : Object : c:\windows\system\ BonziBuddy Object Recognized! Type : RegValue Data : C:\WINDOWS\SYSTEM\IEHelperMiddleMan.dll TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\SYSTEM\IEHelperMiddleMan.dll Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 21 Objects found so far: 393 MRU List Object Recognized! Location: : C:\WINDOWS\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : list of recent open locations in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 407 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul3.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : mqexdlm.srg TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : javexulm.vxd TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exdl2.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BonziBuddy Object Recognized! Type : File Data : iehelpermiddleman.dll TAC Rating : 7 Category : Data Miner Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : IEHelperMiddleMan Dynamic Link Library FileDescription : IEHelperMiddleMan DLL InternalName : IEHelperMiddleMan LegalCopyright : Copyright (C) 2000 OriginalFilename : IEHelperMiddleMan.DLL PromulGate Object Recognized! Type : File Data : dp-him.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\SYSTEM\ BargainBuddy Object Recognized! Type : File Data : exdl3.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe MemoryWatcher Object Recognized! Type : File Data : mw_4s_stub.exe TAC Rating : 4 Category : Malware Comment : Object : C:\WINDOWS\TEMP\ Rads01.Quadrogram Object Recognized! Type : File Data : instnotify.exe TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\TEMP\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Installation Notifier InternalName : instnotify OriginalFilename : instnotify.exe VX2 Object Recognized! Type : File Data : ceres.cab TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\TEMP\DrTemp\ VX2 Object Recognized! Type : File Data : ceres.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\TEMP\DrTemp\ FileVersion : 0, 12, 4, 100 ProductVersion : 0, 12, 4, 100 ProductName : Ceres CompanyName : Ceres FileDescription : www.abetterinternet.com InternalName : Ceres LegalCopyright : Copyright © 2005 OriginalFilename : Ceres.dll Comments : www.abetterinternet.com WinFavorites Object Recognized! Type : File Data : bridge.dll TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\Downloaded Program Files\ FileVersion : 1, 0, 0, 117 ProductVersion : 1, 0, 0, 117 ProductName : bridge Module FileDescription : bridge Module InternalName : bridge LegalCopyright : Copyright 2003 OriginalFilename : bridge.DLL VX2 Object Recognized! Type : File Data : polall5c[1].exe TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\KLAZO1ER\ FileVersion : 1, 0, 3, 4 ProductVersion : 0, 0, 7, 0 MemoryWatcher Object Recognized! Type : File Data : mw_4s_stub[1].exe TAC Rating : 4 Category : Malware Comment : Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\YQ0JQU1B\ VX2 Object Recognized! Type : File Data : ceres[1].cab TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\Temporary Internet Files\Content.IE5\YQ0JQU1B\ BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe VX2 Object Recognized! Type : File Data : localnrd.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 4, 4, 67 ProductVersion : 0, 4, 4, 67 ProductName : LocalNRD CompanyName : LocalNRD FileDescription : www.localnrd.com InternalName : LocalNRD LegalCopyright : Copyright © 2004 OriginalFilename : LocalNRD.dll Comments : www.localnrd.com VX2 Object Recognized! Type : File Data : dlmax.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz OverPro Object Recognized! Type : File Data : minigolf_affiliate.exe TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ OverPro Object Recognized! Type : File Data : wildapp.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : WildApp Module FileDescription : WildApp Module InternalName : WildApp LegalCopyright : Copyright 2004 OriginalFilename : WildApp.DLL midADdle Object Recognized! Type : File Data : updater.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\ IBIS Toolbar Object Recognized! Type : File Data : WToolsD.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ MemoryWatcher Object Recognized! Type : File Data : MemoryWatcher.exe TAC Rating : 4 Category : Malware Comment : Object : C:\Program Files\MemoryWatcher\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : Memory Watcher CompanyName : Memory Watcher FileDescription : Memory Watcher InternalName : MemoryWatcher LegalCopyright : Memory Watcher 2003 LegalTrademarks : Memory Watcher 2003 OriginalFilename : MemoryWatcher.exe Rads01.Quadrogram Object Recognized! Type : File Data : wowex32.exe TAC Rating : 6 Category : Malware Comment : Object : C:\Program Files\MemoryWatcher\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : wowex32 InternalName : wowex32 OriginalFilename : wowex32.exe MemoryWatcher Object Recognized! Type : File Data : uninst.exe TAC Rating : 4 Category : Malware Comment : Object : C:\Program Files\MemoryWatcher\ BargainBuddy Object Recognized! Type : File Data : adv.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe Lycos Sidesearch Object Recognized! Type : File Data : sep.dll TAC Rating : 7 Category : Misc Comment : Object : C:\Program Files\SEP\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : SEP FileDescription : SEP Module InternalName : sep LegalCopyright : Copyright 2004 OriginalFilename : sep.DLL BargainBuddy Object Recognized! Type : File Data : template.html TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\CashBack\ BargainBuddy Object Recognized! Type : File Data : template2.html TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\CashBack\ PeopleOnPage Object Recognized! Type : File Data : ace.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ FileVersion : 5.1.18 ProductVersion : 5.1.18 ProductName : ACE FileDescription : ACE InternalName : ACEDLL OriginalFilename : ACE.DLL eSyndicate BHO Object Recognized! Type : File Data : esyn.dll TAC Rating : 6 Category : Malware Comment : Object : C:\Program Files\esyndicate\ FileVersion : 1, 0, 0, 13 ProductVersion : 1, 0, 0, 13 ProductName : esyn Module FileDescription : esyn Module InternalName : esyn LegalCopyright : Copyright 2004 OriginalFilename : esyn.DLL EzuLa Object Recognized! Type : File Data : ezStub.exe TAC Rating : 6 Category : Data Miner Comment : Object : C:\ FileVersion : 2, 0, 70, 00 ProductVersion : 1, 0, 0, 1 ProductName : eZstub Module CompanyName : EARNStatBlaster11 FileDescription : eZstub Module InternalName : eZstub LegalCopyright : Copyright 2000 OriginalFilename : eZstub.EXE MemoryWatcher Object Recognized! Type : File Data : MemoryWatcher_b.exe TAC Rating : 4 Category : Malware Comment : Object : C:\ ClearSearch Object Recognized! Type : File Data : csv5p072.exe TAC Rating : 7 Category : Data Miner Comment : Object : C:\ FileVersion : 1, 5, 0, 1 ProductVersion : 1, 5, 0, 1 ProductName : Loader CompanyName : Clear Search FileDescription : Loader InternalName : Loader LegalCopyright : Copyright © 2003, 2004 OriginalFilename : Loader.exe Adintelligence.AproposToolbar Object Recognized! Type : File Data : cxtpls_loader.exe TAC Rating : 5 Category : Misc Comment : Object : C:\ Win32.Turown.h Object Recognized! Type : File Data : overpro323.exe TAC Rating : 6 Category : Malware Comment : Object : C:\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 448 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 448 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : InstallOccurUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : AlreadyInstalledUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : ETServer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : NewPartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : NaviSearch BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program Files\BullsEye Network BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program Files\CashBack BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program Files\cashback\bin BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program Files\NaviSearch BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program Files\navisearch\bin BargainBuddy Object Recognized! Type : File Data : ub.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ad.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\bullseye network\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\bullseye network\ FileVersion : 8.0.4.0 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module BargainBuddy Object Recognized! Type : File Data : bargains.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\bullseye network\bin\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : t1122237745.dec TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : ad.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : ub.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : bb_click_wider.swf TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : bb_auto_wider.swf TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : bb_welcome.html TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : bb_welcome1.swf TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : blank.gif TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : icon.gif TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : logo.gif TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\ FileVersion : 8.0.4.0 ProductName : CashBackBuddy CompanyName : eXact Advertising FileDescription : CashBack Module LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. Comments : CashBack Module BargainBuddy Object Recognized! Type : File Data : cashback.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\bin\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : CashBack Module CompanyName : eXact Advertising FileDescription : CashBack Module InternalName : CashBack LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cashback.exe BargainBuddy Object Recognized! Type : File Data : cb.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\bin\ FileVersion : 1.00.0004 ProductVersion : 1.00.0004 ProductName : CashBack Program CompanyName : eXact Advertising InternalName : cb LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cb.exe BargainBuddy Object Recognized! Type : File Data : flash.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\cashback\bin\ FileVersion : 1.00.0006 ProductVersion : 1.00.0006 ProductName : CashBack Flash Notification Module CompanyName : eXact Advertising InternalName : flash LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : flash.exe BargainBuddy Object Recognized! Type : File Data : ad.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\navisearch\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\navisearch\ FileVersion : 8.0.3.9 ProductName : NaviSearch CompanyName : eXact Advertising FileDescription : NAVISearch Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : NaviSearch Module BargainBuddy Object Recognized! Type : File Data : nls.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program Files\navisearch\bin\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : NAVISearch Module CompanyName : eXact Advertising FileDescription : NLS Module InternalName : NLS LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.exe BargainBuddy Object Recognized! Type : File Data : bbchk.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ BargainBuddy Object Recognized! Type : File Data : msbe.dll TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : ADP Module CompanyName : eXact Advertising FileDescription : ADP Module InternalName : apuc LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL BargainBuddy Object Recognized! Type : File Data : mscb.dll TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 2, 0, 0, 17 ProductVersion : 2, 0, 0, 17 ProductName : cbdll Module CompanyName : eXact Advertising FileDescription : cb.dll Module InternalName : cb.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : cb.dll BargainBuddy Object Recognized! Type : File Data : nvms.dll TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 2, 0, 0, 19 ProductVersion : 2, 0, 0, 19 ProductName : nls.dll Module CompanyName : eXact Advertising FileDescription : nls.dll Module InternalName : nls.dll LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : nls.dll BargainBuddy Object Recognized! Type : File Data : bb_welcome.html TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : bb_click_wider.swf TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : bb_auto_wider.swf TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : bb_welcome1.swf TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : blank.gif TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : icon.gif TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ BargainBuddy Object Recognized! Type : File Data : logo.gif TAC Rating : 8 Category : Malware Comment : Object : c:\temp\ StatBlaster Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wildmedia VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSI4d3OfSInst VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSC4n3trMsgSDisp VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4o3pListSPos VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSs4t3icky1S VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSs4t3icky2S VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSs4t3icky3S VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSs4t3icky4S VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSC1o4d3eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4i3m6eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSD4s3tSSEnd VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CS4N3a6tionSCode VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSP4D3om VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4h3rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4h3rshSMots VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSM4o3deSSync VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSI4n3ProgSCab VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSI4n3ProgSEx VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSI4n3ProgSLstest VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSL4a3stMotsSDay VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSL4a3stSSChckin VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSB4D3om VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSE4v3nt VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4h3rshSBath VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CST4h3rshSysSInf VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSL4n3Title VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSC4u3rrentSMode VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSC4n3tFyl VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\ceres Value : CSI4g3noreS VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions Value : iexplore.exe VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\window restrictions Value : iexplore.exe VX2 Object Recognized! Type : Folder TAC Rating : 10 Category : Malware Comment : VX2 Object : C:\windows\TEMP\DrTemp VX2 Object Recognized! Type : File Data : FARMMEXT.ini TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : pynix.inf TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : CERES.INF TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : abiuninst.htm TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : ceres.inf TAC Rating : 10 Category : Malware Comment : Object : C:\windows\TEMP\drtemp\ VX2 Object Recognized! Type : File Data : dlmax.inf TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\inf\ 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\saap 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287} 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287} Value : SystemComponent 180Solutions Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saap 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saap Value : duid 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saap Value : partner_id 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saap Value : product_id 180Solutions Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : saap midADdle Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Enable Browser Extensions Rads01.Quadrogram Object Recognized! Type : RegData Data : no TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr Data : no eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\esyndicate eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\esyndicate Value : UninstallString eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\esyndicate Value : NoModify eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\esyndicate Value : NoRepair eSyndicate BHO Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn Value : SettingsUpdate eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn Value : Count eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn Value : CurrentDay eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn Value : SettingsInterval eSyndicate BHO Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\esyn Value : SettingsUrl eSyndicate BHO Object Recognized! Type : Folder TAC Rating : 6 Category : Malware Comment : eSyndicate BHO Object : C:\Program Files\esyndicate eSyndicate BHO Object Recognized! Type : File Data : uninst.exe TAC Rating : 6 Category : Malware Comment : Object : C:\Program Files\esyndicate\ EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\web offer EzuLa Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\web offer Value : UninstallString EzuLa Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\web offer Value : EzuLa Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrHighlight IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrForeColor IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrBackColor IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrDownload IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrViewed IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\mediaplayer\control\playbar Value : ClrStatic IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wintools IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wintools Value : UninstallString IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wintools Value : Publisher IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wintools Value : URLInfoAbout IBIS Toolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\toolbar IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : AutoSearch IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : CustomizeSearch IBIS Toolbar Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\installer\userdata Value : TUID IBIS Toolbar Object Recognized! Type : RegData Data : no TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no IBIS Toolbar Object Recognized! Type : Folder TAC Rating : 5 Category : Data Miner Comment : IBIS Toolbar Object : C:\Program Files\Common Files\wintools IBIS Toolbar Object Recognized! Type : File Data : WTOOLSA.EXE TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WTOOLSB.DLL TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WSup.exe TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WToolsC.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WToolsP.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WToolsR.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ IBIS Toolbar Object Recognized! Type : File Data : WToolsU.cfg TAC Rating : 5 Category : Data Miner Comment : Object : C:\Program Files\Common Files\wintools\ ImIServer IEPlugin Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : remove ImIServer IEPlugin Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} ImIServer IEPlugin Object Recognized! Type : File Data : redir.txt TAC Rating : 5 Category : Data Miner Comment : Object : C:\WINDOWS\ Lycos Sidesearch Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sep Lycos Sidesearch Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sep Value : UninstallString Lycos Sidesearch Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sep Value : NoModify Lycos Sidesearch Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sep Value : NoRepair Lycos Sidesearch Object Recognized! Type : Folder TAC Rating : 7 Category : Misc Comment : Lycos Sidesearch Object : C:\Program Files\SEP PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{a2872b10-39f2-42df-9335-7dd38cf75255} PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe} PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a7d0472e-c1fc-4d8f-aba1-98a7692561bf} PeopleOnPage Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\autoloader PeopleOnPage Object Recognized! Type : RegValue Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : AutoUpdater PeopleOnPage Object Recognized! Type : Folder TAC Rating : 9 Category : Data Miner Comment : PeopleOnPage Object : C:\Program Files\sysai PeopleOnPage Object Recognized! Type : File Data : aproposplugin.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : libexpat.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : wingenerics.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : sysai.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Ads CompanyName : Apropos Media FileDescription : Internet Explorer InternalName : Ads. LegalCopyright : Copyright © 2003 OriginalFilename : SysAI.exe PeopleOnPage Object Recognized! Type : File Data : proxystub.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : uninstaller.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : atl.dll TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ FileVersion : 3.00.8449 ProductVersion : 6.00.8449 ProductName : Microsoft (R) Visual C++ CompanyName : Microsoft Corporation FileDescription : ATL Module for Windows (ANSI) InternalName : ATL LegalCopyright : Copyright © Microsoft Corp. 1996-1998 OriginalFilename : ATL.DLL PeopleOnPage Object Recognized! Type : File Data : data.bin TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : ai_27-07-2004.log TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : ai_09-08-2004.log TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : ai_07-08-2004.log TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ PeopleOnPage Object Recognized! Type : File Data : ai_08-08-2004.log TAC Rating : 9 Category : Data Miner Comment : Object : C:\Program Files\sysai\ TopPicks Object Recognized! Type : Folder TAC Rating : 6 Category : Data Miner Comment : TopPicks Object : C:\Program Files\topicks TopPicks Object Recognized! Type : Folder TAC Rating : 6 Category : Data Miner Comment : TopPicks Object : C:\Program Files\topicks\bin TopPicks Object Recognized! Type : File Data : topicks.reg TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\topicks\bin\ TopPicks Object Recognized! Type : File Data : tpreg.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\topicks\bin\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 7.7.04 BETA ProductName : ToPicksReg Module FileDescription : ToPicksReg Module InternalName : ToPicksReg LegalCopyright : Copyright 2003 OriginalFilename : ToPicksReg.DLL TopPicks Object Recognized! Type : File Data : htcheck2.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\topicks\bin\ FileVersion : 2, 5, 0, 0 ProductVersion : 28.6.04 ProductName : HtCheck2 Module CompanyName : Idium Systems Ltd. FileDescription : HtCheck2 Module InternalName : HtCheck2 LegalCopyright : Copyright 2001 OriginalFilename : HtCheck2.DLL TopPicks Object Recognized! Type : File Data : idmup.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\topicks\bin\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 31.3.04 ProductName : IdiumUpdater Module FileDescription : IdiumUpdater Module InternalName : IdiumUpdater LegalCopyright : Copyright 2003 OriginalFilename : IdiumUpdater.DLL TopPicks Object Recognized! Type : File Data : fileversions.ini TAC Rating : 6 Category : Data Miner Comment : Object : C:\Program Files\topicks\bin\ Zango Object Recognized! Type : File Data : clientax.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINDOWS\downloaded program files\ FileVersion : 6.9.95.0 ProductVersion : 6.9.95.0 ProductName : ClientAX CompanyName : 180solutions FileDescription : ClientAX InternalName : ClientAX.dll LegalCopyright : (c) 180solutions, 2004. All rights reserved. OriginalFilename : ClientAX.dll Comments : /DID=006644 Zango Object Recognized! Type : File Data : clientax.inf TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINDOWS\downloaded program files\ MemoryWatcher Object Recognized! Type : Folder TAC Rating : 4 Category : Data Miner Comment : MemoryWatcher Object : C:\Program Files\MemoryWatcher MemoryWatcher Object Recognized! Type : File Data : EULA.URL TAC Rating : 4 Category : Data Miner Comment : Object : C:\Program Files\memorywatcher\ MemoryWatcher Object Recognized! Type : File Data : TrayIcon.ocx TAC Rating : 4 Category : Data Miner Comment : Object : C:\Program Files\memorywatcher\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : vbRad CompanyName : Robdogg Inc. InternalName : TrayIcon OriginalFilename : TrayIcon.ocx MemoryWatcher Object Recognized! Type : File Data : COMCTL32.OCX TAC Rating : 4 Category : Data Miner Comment : Object : C:\Program Files\memorywatcher\ FileVersion : 6.00.8105 ProductVersion : 6.00.8105 ProductName : COMCTL CompanyName : Microsoft Corporation FileDescription : Windows Common Controls ActiveX Control DLL InternalName : COMCTL LegalCopyright : Copyright © 1987-1997 Microsoft Corp. LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation OriginalFilename : COMCTL32.OCX Comments : October 11, 1999 CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Search Bar Data : about:blank CoolWebSearch Object Recognized! Type : File Data : hosts TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\ BonziBuddy Object Recognized! Type : File Data : iehelpermiddleman.tlb TAC Rating : 7 Category : Data Miner Comment : Object : C:\WINDOWS\SYSTEM\ OverPro Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wildarcade OverPro Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\wildarcade Value : uninstallstring ClearSearch Object Recognized! Type : File Data : ATL71.dll TAC Rating : 7 Category : Data Miner Comment : Object : C:\WINDOWS\SYSTEM\ FileVersion : 7.10.3077.0 ProductVersion : 7.10.3077.0 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : ATL Module for Windows (ANSI) InternalName : ATL71.DLL LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ATL71.DLL Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 187 Objects found so far: 635 4:39:16 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:43:06.0 Objects scanned:107224 Objects identified:624 Objects ignored:0 New critical objects:624