Ad-Aware SE Build 1.06r1 Logfile Created on:den 13 juni 2005 10:34:07 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R50 13.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):10 total references BargainBuddy(TAC index:8):80 total references ClickSpring(TAC index:6):1 total references CoolWebSearch(TAC index:10):10 total references DyFuCA(TAC index:3):32 total references EffectiveBrandToolbar(TAC index:7):18 total references Hijacker.TopConverting(TAC index:5):7 total references MRU List(TAC index:0):12 total references Other(TAC index:5):7 total references Possible Browser Hijack attempt(TAC index:3):8 total references SahAgent(TAC index:9):6 total references Tracking Cookie(TAC index:3):13 total references Windows(TAC index:3):1 total references VX2(TAC index:10):8 total references Zango(TAC index:6):11 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2005-06-13 10:34:07 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Roger\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 420 ThreadCreationTime : 2005-06-13 07:38:56 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : 2005-06-13 07:38:59 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 612 ThreadCreationTime : 2005-06-13 07:38:59 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 656 ThreadCreationTime : 2005-06-13 07:39:00 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Tjänst- och styrenhetsprogram InternalName : services.exe LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 668 ThreadCreationTime : 2005-06-13 07:39:00 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 840 ThreadCreationTime : 2005-06-13 07:39:02 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 940 ThreadCreationTime : 2005-06-13 07:39:02 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1124 ThreadCreationTime : 2005-06-13 07:39:03 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1152 ThreadCreationTime : 2005-06-13 07:39:04 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1336 ThreadCreationTime : 2005-06-13 07:39:07 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe VX2 Object Recognized! Type : Process Data : DrPMon.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll Warning! "C:\WINDOWS\system32\spoolsv.exe"Process could not be terminated! #:11 [taskmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 548 ThreadCreationTime : 2005-06-13 07:40:14 BasePriority : High FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aktivitetshanteraren InternalName : taskmgr LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : taskmgr.exe SahAgent Object Recognized! Type : Process Data : mq5f0g9f.dll TAC Rating : 9 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\System32\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Warning! SahAgent Object found in memory(C:\WINDOWS\System32\mq5f0g9f.dll) "C:\WINDOWS\System32\taskmgr.exe"Process terminated successfully #:12 [hijackthis.exe] FilePath : C:\Program\hjt\ ProcessID : 1208 ThreadCreationTime : 2005-06-13 07:45:29 BasePriority : Normal FileVersion : 1.99.0001 ProductVersion : 1.99.0001 ProductName : HijackThis CompanyName : Soeperman Enterprises Ltd. FileDescription : HijackThis InternalName : HijackThis LegalCopyright : Freeware OriginalFilename : HijackThis.exe Comments : Version history is in Help section "C:\Program\hjt\HijackThis.exe"Process terminated successfully #:13 [xxxxx.exe] FilePath : c:\ ProcessID : 1532 ThreadCreationTime : 2005-06-13 07:46:29 BasePriority : Normal #:14 [winlogon.exe] FilePath : C:\WINDOWS\inet20057\ ProcessID : 1952 ThreadCreationTime : 2005-06-13 07:47:15 BasePriority : Normal #:15 [mm.exe] FilePath : C:\WINDOWS\ ProcessID : 252 ThreadCreationTime : 2005-06-13 07:47:28 BasePriority : Normal #:16 [intronsad.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 260 ThreadCreationTime : 2005-06-13 07:47:29 BasePriority : Normal #:17 [winsocks5.exe] FilePath : C:\WINDOWS\ ProcessID : 276 ThreadCreationTime : 2005-06-13 07:47:30 BasePriority : Normal #:18 [i8.tmp] FilePath : C:\DOCUME~1\Roger\LOKALA~1\Temp\ ProcessID : 884 ThreadCreationTime : 2005-06-13 07:48:15 BasePriority : Normal #:19 [sskupdater3.exe] FilePath : C:\DOCUME~1\Roger\LOKALA~1\Temp\ ProcessID : 1016 ThreadCreationTime : 2005-06-13 07:48:25 BasePriority : Normal "C:\DOCUME~1\Roger\LOKALA~1\Temp\SskUpdater3.exe"Process terminated successfully #:20 [optimize.exe] FilePath : C:\Documents and Settings\Roger\Internet Optimizer\ ProcessID : 820 ThreadCreationTime : 2005-06-13 07:48:26 BasePriority : Normal DyFuCA Object Recognized! Type : Process Data : optimize.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Roger\Internet Optimizer\ "C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe"Process terminated successfully "C:\Documents and Settings\Roger\Internet Optimizer\optimize.exe"Process terminated successfully #:21 [ngirgk.exe] FilePath : c:\windows\system32\ ProcessID : 1120 ThreadCreationTime : 2005-06-13 07:48:31 BasePriority : Normal FileVersion : 1, 1, 0, 3 ProductVersion : 0, 0, 7, 0 "c:\windows\system32\ngirgk.exe"Process terminated successfully #:22 [180sainstaller.exe] FilePath : C:\DOCUME~1\Roger\LOKALA~1\Temp\ ProcessID : 1536 ThreadCreationTime : 2005-06-13 07:48:38 BasePriority : Normal FileVersion : 6.9.110.0 ProductVersion : 6.9.110.0 ProductName : 180SA Installer CompanyName : 180solutions FileDescription : 180SA Installer InternalName : 180SA Installer LegalCopyright : Copyright (c) 180solutions, 2004 OriginalFilename : 180SA Installer.exe Comments : /DID=000997 SahAgent Object Recognized! Type : Process Data : 2PFD5LFI.dll TAC Rating : 9 Category : Data Miner Comment : (CSI MATCH) Object : C:\DOCUME~1\Roger\LOKALA~1\Temp\ FileVersion : 4, 0, 0, 2 ProductVersion : 4, 0, 0, 2 Warning! SahAgent Object found in memory(C:\DOCUME~1\Roger\LOKALA~1\Temp\2PFD5LFI.dll) #:23 [sac.exe] FilePath : C:\Program\180searchassistant\ ProcessID : 976 ThreadCreationTime : 2005-06-13 07:49:21 BasePriority : Normal FileVersion : 6, 9, 110, 0 ProductVersion : 6, 9, 110, 0 ProductName : Search Assistant CompanyName : 180solutions, Inc. FileDescription : Search Assistant LegalCopyright : Copyright © 2005, 180solutions Inc. SahAgent Object Recognized! Type : Process Data : mq5f0g9f.dll TAC Rating : 9 Category : Data Miner Comment : (CSI MATCH) Object : C:\WINDOWS\System32\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Warning! SahAgent Object found in memory(C:\WINDOWS\System32\mq5f0g9f.dll) "C:\Program\180searchassistant\sac.exe"Process terminated successfully #:24 [bargains.exe] FilePath : C:\Program\BullsEye Network\bin\ ProcessID : 1092 ThreadCreationTime : 2005-06-13 07:49:21 BasePriority : Normal FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe "C:\Program\BullsEye Network\bin\bargains.exe"Process terminated successfully #:25 [msxct.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1372 ThreadCreationTime : 2005-06-13 07:49:22 BasePriority : Normal "C:\WINDOWS\System32\msxct.exe"Process terminated successfully #:26 [weirdontheweb.exe] FilePath : C:\Program\WeirdOnTheWeb\ ProcessID : 2132 ThreadCreationTime : 2005-06-13 07:49:46 BasePriority : Normal FileVersion : 18.317.0.18 ProductVersion : 18.317.0.18 ProductName : Notifier FileDescription : Notifier LegalCopyright : Copyright © 2004 Notifier "C:\Program\WeirdOnTheWeb\WeirdOnTheWeb.exe"Process terminated successfully #:27 [s2hcq4m0.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2284 ThreadCreationTime : 2005-06-13 07:50:42 BasePriority : Idle FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 "C:\WINDOWS\System32\s2hcq4m0.exe"Process terminated successfully #:28 [l5fhmk2h.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2372 ThreadCreationTime : 2005-06-13 07:51:32 BasePriority : Idle FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 "C:\WINDOWS\System32\l5fhmk2h.exe"Process terminated successfully #:29 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2884 ThreadCreationTime : 2005-06-13 07:55:48 BasePriority : Normal #:30 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3200 ThreadCreationTime : 2005-06-13 07:57:09 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Kör en DLL-fil som ett program InternalName : rundll LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : RUNDLL.EXE #:31 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1300 ThreadCreationTime : 2005-06-13 08:00:07 BasePriority : Normal "C:\WINDOWS\System32\dwwin.exe"Process terminated successfully #:32 [iexplore.exe] FilePath : C:\Program\Internet Explorer\ ProcessID : 2464 ThreadCreationTime : 2005-06-13 08:01:24 BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Operativsystemet Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Med ensamrätt. OriginalFilename : IEXPLORE.EXE DyFuCA Object Recognized! Type : Process Data : nem220.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL BargainBuddy Object Recognized! Type : Process Data : msbe.dll TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : ADP Module CompanyName : eXact Advertising FileDescription : ADP Module InternalName : apuc LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL #:33 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2556 ThreadCreationTime : 2005-06-13 08:01:28 BasePriority : Normal #:34 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3324 ThreadCreationTime : 2005-06-13 08:04:17 BasePriority : Normal #:35 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1788 ThreadCreationTime : 2005-06-13 08:08:37 BasePriority : Normal #:36 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3508 ThreadCreationTime : 2005-06-13 08:12:05 BasePriority : Normal #:37 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3740 ThreadCreationTime : 2005-06-13 08:13:01 BasePriority : Normal #:38 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2320 ThreadCreationTime : 2005-06-13 08:16:10 BasePriority : Normal "C:\WINDOWS\System32\dwwin.exe"Process terminated successfully #:39 [gcasdtserv.exe] FilePath : C:\Program\Microsoft AntiSpyware\ ProcessID : 2552 ThreadCreationTime : 2005-06-13 08:17:18 BasePriority : Normal FileVersion : 1.00.0509 ProductVersion : 1.00.0509 ProductName : Microsoft AntiSpyware (Beta 1) CompanyName : Microsoft Corporation FileDescription : Microsoft AntiSpyware Data Service InternalName : gcasDtServ LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet(tm) is a trademark of Microsoft Corporation. OriginalFilename : gcasDtServ.exe #:40 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3304 ThreadCreationTime : 2005-06-13 08:20:20 BasePriority : Normal #:41 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2764 ThreadCreationTime : 2005-06-13 08:25:52 BasePriority : Normal #:42 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2812 ThreadCreationTime : 2005-06-13 08:27:47 BasePriority : Normal #:43 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1420 ThreadCreationTime : 2005-06-13 08:30:15 BasePriority : Normal #:44 [dwwin.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3996 ThreadCreationTime : 2005-06-13 08:30:31 BasePriority : Normal #:45 [ad-aware.exe] FilePath : C:\Program\Lavasoft\AD-AWA~1\ ProcessID : 3448 ThreadCreationTime : 2005-06-13 08:33:00 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:46 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 1840 ThreadCreationTime : 2005-06-13 08:34:01 BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 19 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : adp.urlcatcher.1 BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} ClickSpring Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7} CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3} CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : replace.hbo.1 DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj.1 DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : dyfuca_bh.bhobj DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8} EffectiveBrandToolbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{44be0690-5429-47f0-85bb-3ffd8020233e} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{38601801-2ff5-4a62-95da-d2007161c1b4} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{2b0eceac-f597-4858-a542-d966b49055b9} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4fe82ba0-9335-4d4e-8e98-76409a88f2c1} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ace5b10b-92a3-4103-8583-3684bb09409f} Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : loader2.loader2ctrl.1 Hijacker.TopConverting Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{487e7682-b976-41fb-a944-e8b83689a454} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{99410cde-6f16-42ce-9d49-3807f78f0287} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.requiredcomponent.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{0ac49246-419b-4ee0-8917-8818daad6a4e} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\avenue media EffectiveBrandToolbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\effective-i EffectiveBrandToolbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e} VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\aurora Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : Binary BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SoftwareUpdateQueryUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPath BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SliderLegalText BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ServerPort BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UpdateQueryFailedDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : AdvDelaySec BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TrackingFileFlag BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : RestartADPDuration BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TimeOutInterval BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : FirstHit BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : SystemInstallTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : TempUniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : UniqueKey BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : IdleMinutesThreshold BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinMinutesBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDomainCap BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MinCountOfUrlsBetweenTwoADs BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : MaxDailyCapPerUSer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ConfigVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : ADDataVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastQueryTime BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\bargains Value : LastADPRestart BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : UninstallString BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : Publisher BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : URLInfoAbout BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayVersion BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : DisplayIcon BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoModify BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\bargainbuddy Value : NoRepair CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\policies\avenue media DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\dyfuca DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : DyFuCA TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\uninstall\DyFuCA DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : Regkey Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : DisplayName DyFuCA Object Recognized! Type : RegValue Data : Internet Optimizer TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer Value : UninstallString DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000010-6f7d-442c-93e3-4a4827c2e4c8} DyFuCA Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\avenue media EffectiveBrandToolbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\effective-i EffectiveBrandToolbar Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : UninstallString EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : DisplayVersion EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : HelpLink EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Publisher EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : URLInfoAbout EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Contact EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : Comments EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator Value : DisplayIcon SahAgent Object Recognized! Type : Regkey Data : TAC Rating : 9 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\winsock2\layered provider sample Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "PartnerID" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerID BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UtilFolder" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UtilFolder BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "PartnerName" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : PartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "BuildNumber" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : BuildNumber BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UninstallUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UninstallUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "UniqueKeyUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : UniqueKeyUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "FirstHitUrl" Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : FirstHitUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : "BullsEye Network" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : BullsEye Network DyFuCA Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "Internet Optimizer" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Internet Optimizer Windows Object Recognized! Type : RegData Data : explorer.exe c:\windows\nail.exe TAC Rating : 3 Category : Vulnerability Comment : Shell Possibly Compromised Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows nt\currentversion\winlogon Value : Shell Data : explorer.exe c:\windows\nail.exe Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 126 Objects found so far: 145 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : DisplayName Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : URLInfoAbout Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Publisher Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : HelpLink Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com" TAC Rating : 3 Category : Vulnerability Comment : (http://www.abetterinternet.com) Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 Value : Contact Possible Browser Hijack attempt : {79849612-A98F-45B8-95E9-4D13C7B6B35C} (http://static.topconverting.com/activex/website.ocx) Possible Browser Hijack attempt Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Vulnerability Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Vulnerability Comment : Possible Browser Hijack attempt : http://static.topconverting.com/activex/website.ocx Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} Value : Installer Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 153 EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\toolbar Value : {44be0690-5429-47f0-85bb-3ffd8020233e} EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\internet explorer\toolbar Value : {44be0690-5429-47f0-85bb-3ffd8020233e} EffectiveBrandToolbar Object Recognized! Type : RegValue Data : TAC Rating : 7 Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1229272821-413027322-839522115-1003\software\microsoft\internet explorer\toolbar\Webbrowser Value : {44be0690-5429-47f0-85bb-3ffd8020233e} Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@questionmarket[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:roger@questionmarket.com/ Expires : 2006-08-01 15:58:32 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@www.shopathomeselect[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:20 Value : Cookie:roger@www.shopathomeselect.com/ Expires : 2100-01-01 02:00:00 LastSync : Hits:20 UseCount : 0 Hits : 20 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@targetnetworks[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:roger@targetnetworks.net/ Expires : 2013-12-01 16:00:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:roger@realmedia.com/ Expires : 2021-01-01 02:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:roger@mediaplex.com/ Expires : 2009-06-22 02:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@fastclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:11 Value : Cookie:roger@fastclick.net/ Expires : 2007-06-10 23:58:30 LastSync : Hits:11 UseCount : 0 Hits : 11 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:roger@tribalfusion.com/ Expires : 2038-01-01 02:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@cgi-bin[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:roger@imrworldwide.com/cgi-bin Expires : 2009-01-19 01:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@z1.adserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:18 Value : Cookie:roger@z1.adserver.com/ Expires : 2006-06-14 12:05:22 LastSync : Hits:18 UseCount : 0 Hits : 18 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@0[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:15 Value : Cookie:roger@jinternetoptimizer.cjt1.net/HTM/587/0 Expires : 2006-06-14 11:55:20 LastSync : Hits:15 UseCount : 0 Hits : 15 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@atdmt[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:roger@atdmt.com/ Expires : 2010-06-09 02:00:00 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@revenue[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:89 Value : Cookie:roger@revenue.net/ Expires : 2022-06-10 07:05:42 LastSync : Hits:89 UseCount : 0 Hits : 89 Tracking Cookie Object Recognized! Type : IECache Entry Data : roger@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:roger@doubleclick.net/ Expires : 2008-06-09 22:43:46 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 13 Objects found so far: 169 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» DyFuCA Object Recognized! Type : File Data : optimize.exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Roger\Internet Optimizer\ SahAgent Object Recognized! Type : File Data : umqltg4cl_.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\Documents and Settings\Roger\Lokala inställningar\Temp\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 DyFuCA Object Recognized! Type : File Data : optimize[1].exe TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\8XMJGLIZ\ DyFuCA Object Recognized! Type : File Data : nem220[1].dll TAC Rating : 3 Category : Malware Comment : Object : C:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\C12FS9AV\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL VX2 Object Recognized! Type : File Data : aurora[1].exe TAC Rating : 10 Category : Malware Comment : Object : C:\Documents and Settings\Roger\Lokala inställningar\Temporary Internet Files\Content.IE5\KHYB4HUB\ BargainBuddy Object Recognized! Type : File Data : adv.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adv CompanyName : eXact Advertising InternalName : adv LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adv.exe BargainBuddy Object Recognized! Type : File Data : adx.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program\BullsEye Network\bin\ FileVersion : 1.00 ProductVersion : 1.00 ProductName : adx CompanyName : eXact Advertising InternalName : adx LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : adx.exe EffectiveBrandToolbar Object Recognized! Type : File Data : IUCmore.dll TAC Rating : 7 Category : Data Miner Comment : Object : C:\Program\TheSearchAccelerator\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : IUCmore Module FileDescription : IUCmore Module InternalName : IUCmore LegalCopyright : Copyright 2001 OriginalFilename : IUCmore.DLL BargainBuddy Object Recognized! Type : File Data : MFEX-2.DAT TAC Rating : 8 Category : Malware Comment : Object : C:\System Volume Information\_restore{1D5C04C8-39F0-4BE3-8041-04751BBBD27D}\RP2\snapshot\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe DyFuCA Object Recognized! Type : File Data : nem220.dll TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DyFuCA_BH Module FileDescription : DyFuCA_BH Module InternalName : DyFuCA_BH LegalCopyright : Copyright 2002 OriginalFilename : DyFuCA_BH.DLL DyFuCA Object Recognized! Type : File Data : optimize.exe TAC Rating : 3 Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : DrPMon.dll TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 0 ProductName : DrPMon PrintMonitor CompanyName : Direct Revenue FileDescription : DrPMon PrintMonitor InternalName : DrPMon LegalCopyright : Copyright (C) 2005 OriginalFilename : DrPMon.dll BargainBuddy Object Recognized! Type : File Data : exdl.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl0.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exdl1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : exul.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : exul1.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : javexulm.vxd TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe BargainBuddy Object Recognized! Type : File Data : mqexdlm.srg TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 8 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe BargainBuddy Object Recognized! Type : File Data : msbe.dll TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\system32\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : ADP Module CompanyName : eXact Advertising FileDescription : ADP Module InternalName : apuc LegalCopyright : Copyright © 2003-2005 eXact Advertising, LLC. All Rights Reserved. OriginalFilename : apuc.DLL SahAgent Object Recognized! Type : File Data : v0bf5gvg.exe TAC Rating : 9 Category : Data Miner Comment : Object : C:\WINDOWS\ FileVersion : 4, 0, 2, 3 ProductVersion : 4, 0, 2, 3 Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 191 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 191 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\control\print\monitors\zepmon VX2 Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\control\print\monitors\zepmon VX2 Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : Folder TAC Rating : 10 Category : Malware Comment : VX2 Object : C:\DOCUME~1\Roger\LOKALA~1\Temp\DrTemp BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : InstallOccurUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : AlreadyInstalledUrl BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : ETServer BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : NewPartnerName BargainBuddy Object Recognized! Type : RegValue Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\exactutil Value : System BargainBuddy Object Recognized! Type : Folder TAC Rating : 8 Category : Malware Comment : BargainBuddy Object : C:\Program\BullsEye Network BargainBuddy Object Recognized! Type : File Data : ad.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program\bullseye network\ BargainBuddy Object Recognized! Type : File Data : ub.dat TAC Rating : 8 Category : Malware Comment : Object : C:\Program\bullseye network\ BargainBuddy Object Recognized! Type : File Data : Uninstall.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program\bullseye network\ FileVersion : 8.0.3.9 ProductName : BullsEye Network CompanyName : eXact Advertising FileDescription : BargainBuddy Module LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. LegalTrademarks : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. Comments : BargainBuddy Module BargainBuddy Object Recognized! Type : File Data : bargains.exe TAC Rating : 8 Category : Malware Comment : Object : C:\Program\bullseye network\bin\ FileVersion : 8, 0, 3, 6 ProductVersion : 8, 0, 3, 6 ProductName : BargainsBuddy ADP Module CompanyName : eXact Advertising FileDescription : bargains InternalName : ADP LegalCopyright : Copyright © 2003-2005. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : bargains.exe BargainBuddy Object Recognized! Type : File Data : bbchk.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\System32\ FileVersion : 5.101.1663.1 ProductVersion : 5.101.1663.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : ECM ChkTrust InternalName : CHKTRUST.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : CHKTRUST.EXE BargainBuddy Object Recognized! Type : File Data : exclean.exe TAC Rating : 8 Category : Malware Comment : Object : C:\WINDOWS\System32\ CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Enable Browser Extensions CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows nt\currentversion\windows Value : run CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\run Value : xp_system CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\policies\explorer Value : NoActiveDesktopChanges CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\policies\system Value : NoDispBackgroundPage CoolWebSearch Object Recognized! Type : File Data : wbemess.log TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\System32\wbem\logs\ EffectiveBrandToolbar Object Recognized! Type : Folder TAC Rating : 7 Category : Data Miner Comment : EffectiveBrandToolbar Object : C:\Program\TheSearchAccelerator Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287} Zango Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\code store database\distribution units\{99410cde-6f16-42ce-9d49-3807f78f0287} Value : SystemComponent Other Object Recognized! Type : File Data : OPTIMIZE.EXE-0BEF8F3E.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : OPTIMIZE.EXE-15C88E5A.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : UMQLTG4CL_.EXE-06096131.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXDL.EXE-025B7023.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXDL1.EXE-03ADA40F.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : EXUL1.EXE-0DA91456.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Other Object Recognized! Type : File Data : BARGAINS.EXE-3B7CA296.pf TAC Rating : 7 Category : Malware Comment : Object : C:\WINDOWS\prefetch\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 33 Objects found so far: 224 10:37:31 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:03:23.812 Objects scanned:66455 Objects identified:222 Objects ignored:0 New critical objects:222