Ad-Aware SE Build 1.05 Logfile Created on:Thursday, May 19, 2005 10:49:02 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R46 17.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:6):39 total references 2020Search(TAC index:4):4 total references BargainBuddy(TAC index:8):181 total references BlazeFind(TAC index:5):7 total references ClickSpring(TAC index:6):18 total references CoolWebSearch(TAC index:10):122 total references DyFuCA(TAC index:3):25 total references Hijacker.TopConverting(TAC index:5):1 total references ImIServer IEPlugin(TAC index:5):71 total references istbar.dotcomToolbar(TAC index:5):3 total references MicroGaming(TAC index:4):1 total references MRU List(TAC index:0):36 total references Other(TAC index:5):1 total references OverPro(TAC index:3):10 total references Possible Browser Hijack attempt(TAC index:3):41 total references Rads01.Quadrogram(TAC index:6):11 total references Roings(TAC index:8):5 total references StatBlaster(TAC index:8):3 total references TopMoxie(TAC index:3):9 total references Windows(TAC index:3):1 total references VX2(TAC index:10):161 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R46 17.05.2005 Internal build : 54 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 474775 Bytes Total size : 1435210 Bytes Signature data size : 1404100 Bytes Reference data size : 30598 Bytes Signatures total : 40060 Fingerprints total : 883 Fingerprints size : 30250 Bytes Target categories : 15 Target families : 674 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Non Intel Memory available:19 % Total physical memory:130548 kb Available physical memory:23848 kb Total page file size:314720 kb Available on page file:123728 kb Total virtual memory:2097024 kb Available virtual memory:2046144 kb OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Run scan as background process (Low CPU usage) Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-19-2005 10:49:02 AM - Scan started. (Custom mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 440 ThreadCreationTime : 5-19-2005 3:32:34 PM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 496 ThreadCreationTime : 5-19-2005 3:32:36 PM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 520 ThreadCreationTime : 5-19-2005 3:32:37 PM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 564 ThreadCreationTime : 5-19-2005 3:32:37 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 576 ThreadCreationTime : 5-19-2005 3:32:37 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 728 ThreadCreationTime : 5-19-2005 3:32:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 772 ThreadCreationTime : 5-19-2005 3:32:38 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 836 ThreadCreationTime : 5-19-2005 3:32:39 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 888 ThreadCreationTime : 5-19-2005 3:32:39 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1028 ThreadCreationTime : 5-19-2005 3:32:40 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.exe Command Line : Explorer.exe C:\WINDOWS\Nail.exe ProcessID : 1368 ThreadCreationTime : 5-19-2005 3:32:43 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:12 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1424 ThreadCreationTime : 5-19-2005 3:32:44 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll) VX2 Object Recognized! Type : Process Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll #:13 [defwatch.exe] ModuleName : C:\Program Files\NavNT\defwatch.exe Command Line : "C:\Program Files\NavNT\defwatch.exe" ProcessID : 1664 ThreadCreationTime : 5-19-2005 3:32:52 PM BasePriority : Normal FileVersion : 7.61.00.945 ProductVersion : 7.61.00.945 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright © 1998 Symantec Corporation OriginalFilename : DefWatch.exe #:14 [pds.exe] ModuleName : C:\WINDOWS\system32\cba\pds.exe Command Line : C:\WINDOWS\system32\cba\pds.exe ProcessID : 1696 ThreadCreationTime : 5-19-2005 3:32:52 PM BasePriority : Normal FileVersion : 6.12.0.105 E ProductVersion : 6.12.0.105 ProductName : Intel Common Base Agent CompanyName : Intel® Corporation FileDescription : CBA -- Ping Discovery Service InternalName : PDS LegalCopyright : Copyright © 1997-2001 Intel® Corporation LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation OriginalFilename : PDS.EXE #:15 [rtvscan.exe] ModuleName : C:\Program Files\NavNT\rtvscan.exe Command Line : "C:\Program Files\NavNT\rtvscan.exe" ProcessID : 1732 ThreadCreationTime : 5-19-2005 3:32:52 PM BasePriority : Normal FileVersion : 7.61.00.945 ProductVersion : 7.61.00.945 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus LegalCopyright : Copyright (C) Symantec Corporation 1991-2001 #:16 [xfr.exe] ModuleName : C:\WINDOWS\system32\cba\xfr.exe Command Line : C:\WINDOWS\system32\cba\xfr.exe ProcessID : 252 ThreadCreationTime : 5-19-2005 3:33:08 PM BasePriority : Normal FileVersion : 6.12.0.105 E ProductVersion : 6.12.0.105 ProductName : Intel Common Base Agent CompanyName : Intel® Corporation FileDescription : CBA - Message Resource InternalName : xfrrc LegalCopyright : Copyright © 1997-2001 Intel® Corporation LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation OriginalFilename : XFR.EXE #:17 [msgsys.exe] ModuleName : C:\WINDOWS\system32\MsgSys.EXE Command Line : MsgSys.EXE ProcessID : 336 ThreadCreationTime : 5-19-2005 3:33:09 PM BasePriority : Normal FileVersion : 6.12.0.105 E ProductVersion : 6.12.0.105 ProductName : Intel Common Base Agent CompanyName : Intel® Corporation FileDescription : CBA -- Message System InternalName : MsgExe LegalCopyright : Copyright © 1997-2001 Intel® Corporation LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation OriginalFilename : MsgSys.EXE #:18 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 1576 ThreadCreationTime : 5-19-2005 3:33:43 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:19 [qknyecl.exe] ModuleName : c:\windows\system32\qknyecl.exe Command Line : "c:\windows\system32\qknyecl.exe" cfatlyj ProcessID : 828 ThreadCreationTime : 5-19-2005 3:33:57 PM BasePriority : Normal FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. #:20 [vptray.exe] ModuleName : C:\Program Files\NavNT\vptray.exe Command Line : "C:\Program Files\NavNT\vptray.exe" ProcessID : 1148 ThreadCreationTime : 5-19-2005 3:34:28 PM BasePriority : Normal FileVersion : 7.61.00.945 ProductVersion : 7.61.00.945 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus LegalCopyright : Copyright (C) Symantec Corporation 1991-2001 #:21 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 1012 ThreadCreationTime : 5-19-2005 3:34:38 PM BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:22 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 1528 ThreadCreationTime : 5-19-2005 3:34:43 PM BasePriority : Normal FileVersion : 4.5.0.31 ProductVersion : 4.5.0.31 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:23 [ybrwicon.exe] ModuleName : C:\Program Files\Yahoo!\browser\ybrwicon.exe Command Line : "C:\Program Files\Yahoo!\browser\ybrwicon.exe" ProcessID : 1352 ThreadCreationTime : 5-19-2005 3:34:45 PM BasePriority : Normal FileVersion : 2003, 7, 11, 1 ProductVersion : 1, 0, 0, 1 ProductName : Yahoo!, Inc. YBrwIcon CompanyName : Yahoo!, Inc. FileDescription : YBrwIcon InternalName : YBrwIcon LegalCopyright : Copyright © 2003 OriginalFilename : YBrwIcon.exe #:24 [ipclient.exe] ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l ProcessID : 1588 ThreadCreationTime : 5-19-2005 3:34:54 PM BasePriority : Normal FileVersion : 5.8.0.13 ProductVersion : 5.8.0.13 ProductName : Visual IP InSight CompanyName : Visual Networks FileDescription : IP Session Statistics InternalName : IPCLIENT LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc. OriginalFilename : ipclient32.exe #:25 [ipmon32.exe] ModuleName : C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe Command Line : "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" ProcessID : 1800 ThreadCreationTime : 5-19-2005 3:34:57 PM BasePriority : Normal FileVersion : 5.8.0.13 ProductVersion : 5.8.0.13 ProductName : Visual IP InSight CompanyName : Visual Networks FileDescription : IP Monitor InternalName : IPMON32 LegalCopyright : Copyright © 2003 Visual Networks Technologies, Inc. OriginalFilename : ipmon32.exe #:26 [ycommon.exe] ModuleName : C:\PROGRA~1\Yahoo!\browser\ycommon.exe Command Line : C:\PROGRA~1\Yahoo!\browser\ycommon.exe -Embedding ProcessID : 204 ThreadCreationTime : 5-19-2005 3:35:12 PM BasePriority : Normal FileVersion : 2003, 7, 14, 1 ProductVersion : 1, 0, 0, 1 ProductName : YCommon Exe Module CompanyName : Yahoo!, Inc. FileDescription : YCommon Exe Module InternalName : YCommonExe LegalCopyright : Copyright 2003 Yahoo! Inc. OriginalFilename : YCommon.EXE #:27 [atllm.exe] ModuleName : C:\WINDOWS\system32\atllm.exe Command Line : "C:\WINDOWS\system32\atllm.exe" ProcessID : 324 ThreadCreationTime : 5-19-2005 3:35:18 PM BasePriority : Normal Warning! CoolWebSearch Object found in memory(C:\WINDOWS\system32\atllm.exe) CoolWebSearch Object Recognized! Type : Process Data : atllm.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ "C:\WINDOWS\system32\atllm.exe"Process terminated successfully "C:\WINDOWS\system32\atllm.exe"Process terminated successfully #:28 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 1972 ThreadCreationTime : 5-19-2005 3:35:25 PM BasePriority : Normal FileVersion : 4.5.0.31 ProductVersion : 4.5.0.31 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:29 [netscp.exe] ModuleName : C:\Program Files\Netscape\Netscape\Netscp.exe Command Line : "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo ProcessID : 1456 ThreadCreationTime : 5-19-2005 3:35:35 PM BasePriority : Normal #:30 [mnyexpr.exe] ModuleName : C:\Program Files\Microsoft Money\System\mnyexpr.exe Command Line : "C:\Program Files\Microsoft Money\System\mnyexpr.exe" ProcessID : 1740 ThreadCreationTime : 5-19-2005 3:35:42 PM BasePriority : Normal FileVersion : 11.00.0716 ProductVersion : 11.00.0716 ProductName : Microsoft Money CompanyName : Microsoft Corporation FileDescription : Microsoft Money Express InternalName : mnyexpr LegalCopyright : Copyright (C) Microsoft Corp. 1990-2001. All rights reserved. OriginalFilename : mnyexpr.exe #:31 [acrotray.exe] ModuleName : C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe Command Line : "C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ProcessID : 2204 ThreadCreationTime : 5-19-2005 3:35:57 PM BasePriority : Normal FileVersion : 5, 0, 0, 0 ProductVersion : 5, 0, 0, 0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright © 2001 OriginalFilename : AcroTray.exe #:32 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 2692 ThreadCreationTime : 5-19-2005 3:48:35 PM BasePriority : Idle FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 2 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 2020Search Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} 2020Search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} Value : @ 2020Search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} Value : BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} Value : ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7} Value : @ ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : @ ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693} Value : @ ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{81eb72d7-3949-450f-b035-de599959814f} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{81eb72d7-3949-450f-b035-de599959814f} Value : @ ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : mediaticketsinstaller.mediaticketsinstallerctrl.1 Value : @ ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867} ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0 ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0 Value : @ CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{e0dce97d-ee8a-f1c7-121c-ad36b035e509} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{6d013c7f-94a6-b31c-9a8d-46cc9b7dca52} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj.1 DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj.1 Value : @ DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.sinkobj Value : @ DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297} DyFuCA Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297} Value : @ Hijacker.TopConverting Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{1c896551-8b92-4907-8c06-15db2d1f874a} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{d36f70b1-7df5-4fd4-a765-70ccc8f72cd7} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{e2bf1bf3-1fdb-4c93-8874-0b09e71c594c} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f3155057-4c2c-4078-8576-50486693fd49} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe.1 ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe.1 Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.bottomframe.1 Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe.1 ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe.1 Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.leftframe.1 Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser.1 ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser.1 Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupbrowser.1 Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow.1 ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow.1 Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : imitoolbar.popupwindow.1 Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7} Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{220959ea-b54c-4201-8df2-1cfac8b59fd7} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6a288140-3e1c-4cd9-aac5-e20fdd4f5d64} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{7371ad3f-c419-4dc0-8e8a-e21fafad53e0} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649} Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{98b2ddba-6da2-4421-af2b-814e98f53649} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9} ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band.1 ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : wbho.band.1 Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} Value : @ ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{e4458b4a-6149-4450-84f2-864adb7e8c52} Value : ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582} ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{3e589169-86ad-44fe-b426-f0bf105d5582} Value : OverPro Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ff65677a-8977-48ca-916a-dff81b037df3} OverPro Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{ff65677a-8977-48ca-916a-dff81b037df3} Value : OverPro Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{95dde570-872c-4489-945f-a77ff7b337f1} OverPro Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wildapp.wmservice OverPro Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wildapp.wmservice Value : OverPro Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wildapp.wmservice.1 OverPro Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : wildapp.wmservice.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : zservdll.zservdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : zservdll.zservdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : zservdll.zservdllobj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : zservdll.zservdllobj Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : vx2.vx2obj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : vx2.vx2obj Value : @ VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{f0f4c299-735e-4eac-b2f9-f97324d5cc1d} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{230c3786-1c2c-45bd-9d2d-9d277fce6289} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : multimppdll.multimppdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : multimppdll.multimppdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : localnrddll.localnrddllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : localnrddll.localnrddllobj.1 Value : @ VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c08175c6-b2b2-47fc-af1a-32f77a6cb673} Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a93b84c6-5278-473a-8027-f6304a291a7a} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a93b84c6-5278-473a-8027-f6304a291a7a} Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dlmaxdll.dlmaxdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dlmaxdll.dlmaxdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dlmaxdll.dlmaxdllobj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dlmaxdll.dlmaxdllobj Value : DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\avenue media TopMoxie Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer\menuext\web rebates TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer\menuext\web rebates Value : TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer\menuext\web rebates Value : Contexts VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3d5OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUC3n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUs3t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUs3t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUs3t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUs3t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUC1o3d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUT3i5m7eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUD3s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AU3N5a7tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUP3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUT3h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUT3h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUM3o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUB3D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUE3v5nt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUT3h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUT3h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUL3n5Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUC3u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUC3n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUI3g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUS3t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUL3a5stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\aurora Value : AUL3a5stSSChckin 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\180solutions 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\180solutions ClickSpring Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : SystemComponent ClickSpring Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef} Value : Installer DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer Value : DisplayIcon DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Software Installer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{01f44a8a-8c97-4325-a378-76e68dc4ab2e} istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} Value : @ istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{eaf2ccee-21a1-4203-9f36-4929fd104d43} Value : MicroGaming Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\microgaming StatBlaster Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wildmedia\licensestores StatBlaster Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wildmedia\licensestores Value : 35f05749-e699-45df-a27f-79c05110c180 TopMoxie Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\untopr1150 TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\untopr1150 Value : DisplayName TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\untopr1150 Value : UninstallString TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\untopr1150 Value : Roings Object Recognized! Type : RegValue Data : Category : Malware Comment : "Date" Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\software\intexp Value : Date 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "partner_id" Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : partner_id BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHit" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "Win Server Updt" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Win Server Updt TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "WebRebates0" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : WebRebates0 Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\nail.exe Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\nail.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 195 Objects found so far: 197 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id=" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : CustomizeSearch Data : "http://websearch.drsnsrch.com/sidesearch.cgi?id=" Possible Browser Hijack attempt : S-1-5-21-1935655697-789336058-1060284298-1003\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com Possible Browser Hijack attempt Object Recognized! Type : RegData Data : "websearch.drsnsrch.com/q.cgi?q=" Category : Vulnerability Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-789336058-1060284298-1003\Software\Microsoft\Internet Explorer\SearchURL Value : Data : "websearch.drsnsrch.com/q.cgi?q=" Trusted zone presumably compromised : 05p.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : 05p.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : 05p.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com Value : * Trusted zone presumably compromised : blazefind.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Value : * Trusted zone presumably compromised : flingstone.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Value : * Trusted zone presumably compromised : searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Value : * Trusted zone presumably compromised : searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Value : * Trusted zone presumably compromised : slotch.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Value : * Trusted zone presumably compromised : xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Value : * Trusted zone presumably compromised : 05p.com Trusted zone presumably compromised : blazefind.com Trusted zone presumably compromised : clickspring.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Value : * Trusted zone presumably compromised : flingstone.com Trusted zone presumably compromised : mt-download.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Value : * Trusted zone presumably compromised : my-internet.info Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Value : * Trusted zone presumably compromised : scoobidoo.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : scoobidoo.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : scoobidoo.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com Value : * Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchmiracle.com Trusted zone presumably compromised : slotch.com Trusted zone presumably compromised : static.topconverting.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : static.topconverting.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Vulnerability Comment : Trusted zone presumably compromised : static.topconverting.com Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com Value : * Trusted zone presumably compromised : 05p.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : 05p.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com Trusted zone presumably compromised : blazefind.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : blazefind.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blazefind.com Trusted zone presumably compromised : flingstone.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : flingstone.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com Trusted zone presumably compromised : searchbarcash.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchbarcash.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com Trusted zone presumably compromised : searchmiracle.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : searchmiracle.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmiracle.com Trusted zone presumably compromised : slotch.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : slotch.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\slotch.com Trusted zone presumably compromised : xxxtoolbar.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : xxxtoolbar.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com Trusted zone presumably compromised : 05p.com Trusted zone presumably compromised : blazefind.com Trusted zone presumably compromised : clickspring.net Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : clickspring.net Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net Trusted zone presumably compromised : flingstone.com Trusted zone presumably compromised : mt-download.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : mt-download.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com Trusted zone presumably compromised : my-internet.info Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : my-internet.info Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info Trusted zone presumably compromised : scoobidoo.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : scoobidoo.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchbarcash.com Trusted zone presumably compromised : searchmiracle.com Trusted zone presumably compromised : slotch.com Trusted zone presumably compromised : static.topconverting.com Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Category : Vulnerability Comment : Trusted zone presumably compromised : static.topconverting.com Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com Possible Browser Hijack attempt : {9EB320CE-BE1D-4304-A081-4B4665414BEF} (http://www.mt-download.com/mediaticketsinstaller.cab) CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : "atllm.exe" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Run Value : atllm.exe CoolWebSearch Object Recognized! Type : File Data : atllm.exe Category : Malware Comment : Object : c:\windows\system32\ OverPro Object Recognized! Type : RegValue Data : C:\WINDOWS\WildApp.dll Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\WildApp.dll Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 52 Objects found so far: 238 MRU List Object Recognized! Location: : C:\Documents and Settings\Julie Mumford\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\adobe\adobe acrobat\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe acrobat MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru Description : list of recent pictured inserted in microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\save as\file name mru Description : list of recent documents saved by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\excel\recent file list Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\office\8.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit\favorites Description : registry editor favorites MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1935655697-789336058-1060284298-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 274 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DyFuCA Object Recognized! Type : File Data : actalert.exe Category : Malware Comment : Object : C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp\ DyFuCA Object Recognized! Type : File Data : optimize.exe Category : Malware Comment : Object : C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp\ DyFuCA Object Recognized! Type : File Data : optimize310.exe Category : Malware Comment : Object : C:\Program Files\Yahoo!\YPSR\Quarantine\ppq166.tmp\update\ BargainBuddy Object Recognized! Type : File Data : A0045333.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0045334.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0045341.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0045344.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ CoolWebSearch Object Recognized! Type : File Data : A0045348.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ BargainBuddy Object Recognized! Type : File Data : A0046333.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0046334.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0046338.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ CoolWebSearch Object Recognized! Type : File Data : A0046342.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ BargainBuddy Object Recognized! Type : File Data : A0046354.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0046355.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0046361.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ BargainBuddy Object Recognized! Type : File Data : A0046363.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0046366.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP366\ CoolWebSearch Object Recognized! Type : File Data : A0046373.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP367\ BargainBuddy Object Recognized! Type : File Data : A0046382.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP367\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0046383.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP367\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0046387.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP367\ BargainBuddy Object Recognized! Type : File Data : A0046390.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP367\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0046392.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ BargainBuddy Object Recognized! Type : File Data : A0047382.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0047383.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0047387.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ CoolWebSearch Object Recognized! Type : File Data : A0047390.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ BargainBuddy Object Recognized! Type : File Data : A0048382.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0048383.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0048387.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ CoolWebSearch Object Recognized! Type : File Data : A0048390.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ BargainBuddy Object Recognized! Type : File Data : A0048404.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0048405.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0048409.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ BargainBuddy Object Recognized! Type : File Data : A0048410.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0048413.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ BargainBuddy Object Recognized! Type : File Data : A0049404.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0049405.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0049409.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ CoolWebSearch Object Recognized! Type : File Data : A0049412.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP368\ CoolWebSearch Object Recognized! Type : File Data : A0049417.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ BargainBuddy Object Recognized! Type : File Data : A0049422.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0049426.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 0, 4, 1, 3 ProductVersion : 0, 4, 1, 3 CompanyName : FarmMext FileDescription : www.farmmext.com LegalCopyright : Copyright © 2002 BargainBuddy Object Recognized! Type : File Data : A0050404.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050405.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0050410.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ BargainBuddy Object Recognized! Type : File Data : A0050411.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0050414.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ BargainBuddy Object Recognized! Type : File Data : A0050419.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : A0050420.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe BargainBuddy Object Recognized! Type : File Data : A0050422.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 BargainBuddy Object Recognized! Type : File Data : A0050423.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP369\ CoolWebSearch Object Recognized! Type : File Data : A0050431.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ BargainBuddy Object Recognized! Type : File Data : A0050444.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050445.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0050447.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0050449.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ BargainBuddy Object Recognized! Type : File Data : A0050452.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0050460.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP370\ CoolWebSearch Object Recognized! Type : File Data : A0050463.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP371\ BargainBuddy Object Recognized! Type : File Data : A0050467.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP371\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0050473.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP371\ CoolWebSearch Object Recognized! Type : File Data : A0050477.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ BargainBuddy Object Recognized! Type : File Data : A0050486.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050487.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0050489.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0050492.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ BargainBuddy Object Recognized! Type : File Data : A0050493.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP372\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0050498.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ BargainBuddy Object Recognized! Type : File Data : A0050507.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050508.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0050510.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0050512.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ BargainBuddy Object Recognized! Type : File Data : A0050515.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050527.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0050528.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0050530.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0050534.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ BargainBuddy Object Recognized! Type : File Data : A0050535.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051527.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051528.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0051530.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 VX2 Object Recognized! Type : File Data : A0051533.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz CoolWebSearch Object Recognized! Type : File Data : A0051538.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ BargainBuddy Object Recognized! Type : File Data : A0051550.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051551.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0051553.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 BargainBuddy Object Recognized! Type : File Data : A0051559.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0051563.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP373\ BargainBuddy Object Recognized! Type : File Data : A0051577.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051578.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0051580.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0051588.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ BargainBuddy Object Recognized! Type : File Data : A0051594.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051603.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051604.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0051606.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 VX2 Object Recognized! Type : File Data : A0051610.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz CoolWebSearch Object Recognized! Type : File Data : A0051614.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ BargainBuddy Object Recognized! Type : File Data : A0051619.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP374\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051630.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0051631.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0051633.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 VX2 Object Recognized! Type : File Data : A0051635.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz CoolWebSearch Object Recognized! Type : File Data : A0051640.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ BargainBuddy Object Recognized! Type : File Data : A0052629.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0052630.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0052632.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 CoolWebSearch Object Recognized! Type : File Data : A0052639.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ BargainBuddy Object Recognized! Type : File Data : A0052645.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP375\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0052673.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP376\ BargainBuddy Object Recognized! Type : File Data : A0052677.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP376\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0053630.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0053631.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe Rads01.Quadrogram Object Recognized! Type : File Data : A0053633.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 VX2 Object Recognized! Type : File Data : A0053635.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0053638.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0053643.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP377\ BargainBuddy Object Recognized! Type : File Data : A0053657.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP378\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0053658.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP378\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0053665.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP378\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0053666.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP378\ BargainBuddy Object Recognized! Type : File Data : A0054657.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP379\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054658.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP379\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0054663.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP379\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0054666.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP379\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0054668.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP379\ FileVersion : 0, 4, 1, 3 ProductVersion : 0, 4, 1, 3 CompanyName : FarmMext FileDescription : www.farmmext.com LegalCopyright : Copyright © 2002 VX2 Object Recognized! Type : File Data : A0054673.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 0, 4, 1, 3 ProductVersion : 0, 4, 1, 3 CompanyName : FarmMext FileDescription : www.farmmext.com LegalCopyright : Copyright © 2002 VX2 Object Recognized! Type : File Data : A0054678.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 0, 4, 1, 3 ProductVersion : 0, 4, 1, 3 CompanyName : FarmMext FileDescription : www.farmmext.com LegalCopyright : Copyright © 2002 BargainBuddy Object Recognized! Type : File Data : A0054736.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054737.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054743.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054748.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ BargainBuddy Object Recognized! Type : File Data : A0054759.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054760.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054767.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054768.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ BargainBuddy Object Recognized! Type : File Data : A0054779.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054780.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0054786.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0054789.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054792.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP380\ BargainBuddy Object Recognized! Type : File Data : A0054797.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054811.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054812.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0054818.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0054822.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054823.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ BargainBuddy Object Recognized! Type : File Data : A0054835.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054836.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0054842.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0054845.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054848.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ BargainBuddy Object Recognized! Type : File Data : A0054859.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0054860.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0054867.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP381\ BargainBuddy Object Recognized! Type : File Data : A0055859.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0055860.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0055866.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0055869.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0055870.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ BargainBuddy Object Recognized! Type : File Data : A0055882.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0055883.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0055890.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0055893.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0055894.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP382\ BargainBuddy Object Recognized! Type : File Data : A0056882.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056883.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0056888.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz CoolWebSearch Object Recognized! Type : File Data : A0056892.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ BargainBuddy Object Recognized! Type : File Data : A0056896.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056904.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056905.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0056910.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz CoolWebSearch Object Recognized! Type : File Data : A0056913.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP383\ BargainBuddy Object Recognized! Type : File Data : A0056919.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056928.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056929.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0056937.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ BargainBuddy Object Recognized! Type : File Data : A0056949.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056950.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056958.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0056971.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ BargainBuddy Object Recognized! Type : File Data : A0056997.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0056998.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0057011.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 0, 4, 1, 3 ProductVersion : 0, 4, 1, 3 CompanyName : FarmMext FileDescription : www.farmmext.com LegalCopyright : Copyright © 2002 BargainBuddy Object Recognized! Type : File Data : A0057997.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0057998.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0058007.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ BargainBuddy Object Recognized! Type : File Data : A0058997.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0058998.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0059006.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0059010.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP384\ BargainBuddy Object Recognized! Type : File Data : A0059040.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0059042.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0059048.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0059061.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0059062.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0059069.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0059072.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0059086.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP385\ BargainBuddy Object Recognized! Type : File Data : A0060061.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060063.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0060068.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 0, 6, 4, 89 ProductVersion : 0, 6, 4, 89 ProductName : DLMax CompanyName : DLMax FileDescription : www.DLMax.biz InternalName : DLMax LegalCopyright : Copyright © 2005 OriginalFilename : DLMax.dll Comments : www.DLMax.biz BargainBuddy Object Recognized! Type : File Data : A0060071.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0060074.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ BargainBuddy Object Recognized! Type : File Data : A0060088.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060089.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060097.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0060120.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP386\ BargainBuddy Object Recognized! Type : File Data : A0060134.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP387\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060135.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP387\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060142.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP387\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060155.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP388\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060156.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP388\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0060164.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP388\ BargainBuddy Object Recognized! Type : File Data : A0060203.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0060204.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0060205.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. BargainBuddy Object Recognized! Type : File Data : A0060207.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0060211.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ BargainBuddy Object Recognized! Type : File Data : A0060220.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060223.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0060227.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0060228.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. BargainBuddy Object Recognized! Type : File Data : A0060381.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : A0060382.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe BargainBuddy Object Recognized! Type : File Data : A0060383.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 2, 0, 0, 2 ProductVersion : 2, 0, 0, 2 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : A0060387.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060508.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060509.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0060519.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. CoolWebSearch Object Recognized! Type : File Data : A0060528.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ BargainBuddy Object Recognized! Type : File Data : A0060575.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0060576.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0060583.ico Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ VX2 Object Recognized! Type : File Data : A0060587.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. VX2 Object Recognized! Type : File Data : A0060588.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. CoolWebSearch Object Recognized! Type : File Data : A0060593.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ ImIServer IEPlugin Object Recognized! Type : File Data : A0060595.exe Category : Data Miner Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 5.0.2001.10043 ProductVersion : 2001, 0, 0, 0 ProductName : MimarSinan Emissary, MimarSinan Charm Family CompanyName : Mimar Sinan International FileDescription : Emissary InternalName : autonomy LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved. OriginalFilename : autonomy.exe BargainBuddy Object Recognized! Type : File Data : A0061582.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0061583.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0061587.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. BargainBuddy Object Recognized! Type : File Data : A0061599.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0061600.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0061605.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP389\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. BargainBuddy Object Recognized! Type : File Data : A0061625.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP391\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : A0061626.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP391\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : A0061633.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{4190A0AF-2745-43EB-BE5A-6DAFD8ED9869}\RP391\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. CoolWebSearch Object Recognized! Type : File Data : bikus.dll Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : ceqon.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : conscorr.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : cpznp.dll Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : cvhur.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : enhupdt.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : farmmext.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : fkkzc.dll Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : irztd.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : jmnhm.dat Category : Malware Comment : Object : C:\WINDOWS\ BlazeFind Object Recognized! Type : File Data : Key2.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : kuopx.dat Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : localNRD.dll Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 0, 4, 4, 30 ProductVersion : 0, 4, 4, 30 ProductName : localnrd CompanyName : LocalNRD FileDescription : www.localnrd.com InternalName : localnrd LegalCopyright : Copyright © 2004 OriginalFilename : localnrd.dll Comments : www.localnrd.com CoolWebSearch Object Recognized! Type : File Data : pqqus.log Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : preInMPP.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : satmat.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : sblcm.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : ssico.ico Category : Malware Comment : Object : C:\WINDOWS\ ImIServer IEPlugin Object Recognized! Type : File Data : systb.dll Category : Data Miner Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 8, 1 ProductVersion : 1, 0, 8, 1 ProductName : wbho Module FileDescription : wbho Module InternalName : wbho LegalCopyright : Copyright 2004 OriginalFilename : wbho.DLL ImIServer IEPlugin Object Recognized! Type : File Data : systb.exe Category : Data Miner Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : TurboSfx Application CompanyName : Pacific Gold Coast Corp. FileDescription : TurboSfx InternalName : TurboSfx LegalCopyright : Copyright © 1998 Pacific Gold Coast Corp. OriginalFilename : TurboSfx.EXE BargainBuddy Object Recognized! Type : File Data : angelex.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 CoolWebSearch Object Recognized! Type : File Data : copdm.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ VX2 Object Recognized! Type : File Data : DrPMon.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll BargainBuddy Object Recognized! Type : File Data : exul.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : gliql.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : instsrv.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : javexulm.vxd Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe VX2 Object Recognized! Type : File Data : kzlpgw.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Calling Home CompanyName : callinghome.biz FileDescription : Installation utility for www.callinghome.biz InternalName : Calling Home LegalCopyright : callinghome.biz © 2004 OriginalFilename : Caller.exe CoolWebSearch Object Recognized! Type : File Data : litem.log Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : obumr.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ VX2 Object Recognized! Type : File Data : stmtreco.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 12 ProductVersion : 1, 0, 0, 12 ProductName : Install Utility CompanyName : BetterInternet, Inc. FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software. InternalName : Install Utility LegalCopyright : BetterInternet, Inc. © 2004 OriginalFilename : InstUtil.exe Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info. CoolWebSearch Object Recognized! Type : File Data : tabuv.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : tcmzi.log Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : trkgif.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : trkgif CompanyName : .. InternalName : trkgif OriginalFilename : trkgif.exe CoolWebSearch Object Recognized! Type : File Data : udjap.dll Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : whpin.dat Category : Malware Comment : Object : C:\WINDOWS\system32\ VX2 Object Recognized! Type : File Data : xiuxvpy.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 7, 1 ProductVersion : 0, 0, 7, 0 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: LegalCopyright : TODO: (c) . All rights reserved. ImIServer IEPlugin Object Recognized! Type : File Data : tdtb.exe Category : Data Miner Comment : Object : C:\WINDOWS\ FileVersion : 5.0.2001.10043 ProductVersion : 2001, 0, 0, 0 ProductName : MimarSinan Emissary, MimarSinan Charm Family CompanyName : Mimar Sinan International FileDescription : Emissary InternalName : autonomy LegalCopyright : Copyright © 1992-2000 Mimar Sinan International. All rights reserved. OriginalFilename : autonomy.exe CoolWebSearch Object Recognized! Type : File Data : tdwfx.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : tilgpwl.exe Category : Malware Comment : Object : C:\WINDOWS\ BlazeFind Object Recognized! Type : File Data : UnstSA2.exe Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1.0.0.15 ProductVersion : 1.0.0.0 CompanyName : Kalptaru Infotech Ltd. CoolWebSearch Object Recognized! Type : File Data : viadc.exe Category : Malware Comment : Object : C:\WINDOWS\ OverPro Object Recognized! Type : File Data : WildApp.dll Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : WildApp Module FileDescription : WildApp Module InternalName : WildApp LegalCopyright : Copyright 2004 OriginalFilename : WildApp.DLL DyFuCA Object Recognized! Type : File Data : wsem302.dll Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL CoolWebSearch Object Recognized! Type : File Data : wupdt.exe Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : xscbz.dll Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : zbleb.txt Category : Malware Comment : Object : C:\WINDOWS\ BargainBuddy Object Recognized! Type : File Data : zeta.exe Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 1, 0 ProductVersion : 1, 0, 1, 0 CoolWebSearch Object Recognized! Type : File Data : zxmvt.dat Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 572 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Julie Mumford\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Julie Mumford\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Julie Mumford\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3d4OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMC3n4trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3d4OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3o4pListSPos VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMs3t4icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMs3t4icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMs3t4icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMs3t4icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMC1o3d4eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3i4m5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMD3s4tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMD3s4tSCHost VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMD3s4tSCPath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MM3N4a5tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMP3D4om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3n4ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3n4ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3n4ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MML3a4stSSChckin VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMB3D4om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMC3u4rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMC3n4tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMM3o4deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3h4rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3h4rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3h4rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMT3h4rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MML3n4Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMI3g4noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MML3a4stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\multimpp Value : MMS3t4atusOfSInst VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6d7OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLC6n7trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6d7OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6o7pListSPos VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLs6t7icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLs6t7icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLs6t7icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLs6t7icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLC1o6d7eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6i7m8eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLD6s7tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DL6N7a8tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLP6D7om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6h7rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6h7rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLM6o7deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6n7ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6n7ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6n7ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLL6a7stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLL6a7stSSChckin VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLB6D7om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLE6v7nt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6h7rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLT6h7rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLL6n7Title VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLC6u7rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLC6n7tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLI6g7noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\dlmax Value : DLS6t7atusOfSInst VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon Value : Driver VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : Folder Category : Malware Comment : Object : C:\DOCUME~1\JULIEM~1\LOCALS~1\Temp\DrTemp VX2 Object Recognized! Type : File Data : localNrd.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : farmmext.ini Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_zesoft CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\enum\root\legacy_zesoft Value : NextInstance CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks Value : {D0D6BE2E-E16D-30E4-6140-15086986EAA0} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search\searchproperties\en-us Value : SingleProvider CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Enable Browser Extensions CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1 Value : :Range CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : File Data : inst2.dll Category : Malware Comment : Object : C:\WINDOWS\downloaded program files\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : ActiveX Module FileDescription : ActiveX Module InternalName : ActiveX LegalCopyright : Copyright 2004 OriginalFilename : ActiveX.DLL CoolWebSearch Object Recognized! Type : File Data : desktop.html Category : Malware Comment : Object : C:\WINDOWS\ 2020Search Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\search assistant Value : DefaultSearchURL BargainBuddy Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : InstallOccurUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : AlreadyInstalledUrl BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : NewPartnerName BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PrevBBBuildNumber BargainBuddy Object Recognized! Type : File Data : bbchk.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : exdl.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl0.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : mqexdlm.srg Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : msexreg.exe Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : netut80ex.vxd Category : Malware Comment : Object : C:\WINDOWS\system32\ BargainBuddy Object Recognized! Type : File Data : vx0.nls Category : Malware Comment : Object : C:\WINDOWS\system32\ ClickSpring Object Recognized! Type : File Data : MediaTicketsInstaller.INF Category : Malware Comment : Object : C:\WINDOWS\downloaded program files\ ClickSpring Object Recognized! Type : File Data : MediaTicketsInstaller.ocx Category : Malware Comment : Object : C:\WINDOWS\downloaded program files\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : MediaTicketsInstaller ActiveX Control Module CompanyName : PowerTeam Corporation FileDescription : MediaTicketsInstaller ActiveX Control Module InternalName : MediaTicketsInstaller LegalCopyright : Copyright (C) 2003 OriginalFilename : MediaTicketsInstaller.OCX DyFuCA Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Program Files\ISTsvc ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : remove ImIServer IEPlugin Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\intexp ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\intexp Value : Date ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\intexp Value : Version ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\intexp Value : IID ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\intexp Value : bid ImIServer IEPlugin Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} ImIServer IEPlugin Object Recognized! Type : File Data : lu.dat Category : Data Miner Comment : Object : C:\WINDOWS\ ImIServer IEPlugin Object Recognized! Type : File Data : redir.txt Category : Data Miner Comment : Object : C:\WINDOWS\ OverPro Object Recognized! Type : File Data : minigolf_affiliate.exe Category : Malware Comment : Object : C:\WINDOWS\ TopMoxie Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main\ins Value : 1150 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\180solutions 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : last_conn_h 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : last_conn_l 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : we 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : TimeOffset 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : key_file 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : action_url_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : boom_ver 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : kw_last_chunk 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : cdata 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : action_url_last_chunk 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : recent_shown 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : key_int_high 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : key_int_low 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : action_url_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : keyword_file_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : geourl_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : geourl_current_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : actionurl_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : actionurl_current_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : keyword_last_full_version 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CURRENT_USER Object : software\msbb Value : keyword_current_version 180Solutions Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : smt 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : boom 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : mt1 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : mt2 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : mt3 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : gma 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : gvi 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : gpi 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : did 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : duid 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : product_id 180Solutions Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\msbb Value : umt StatBlaster Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\wildmedia Roings Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} Roings Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} Value : Roings Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} Roings Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} Value : BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler Value : BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 Value : DisplayName BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\windows sr 2.0 Value : UninstallString Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 175 Objects found so far: 750 11:10:47 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:21:45.197 Objects scanned:108148 Objects identified:735 Objects ignored:0 New critical objects:735