SearchProtectToolbar_pcap_40dd11272e

by malwarelabrobot on December 15th, 2014 in Malware Descriptions.

not-a-virus:AdWare.Win32.InstallMonster.deih (Kaspersky), SearchProtectToolbar_pcap.YR, mzpefinder_pcap_file.YR, SearchProtectToolbar.YR (Lavasoft MAS)
Behaviour: Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 40dd11272e1b74f40e23d7725bdd3f61
SHA1: 9aad8a06d295c439d78bb739b3446c34f95fed17
SHA256: c0c31df4439c54c6d2c83c165f38288b1dafa138ce5649e10e97625ec6036239
SSDeep: 49152:UfwKBmF54Fm3uTeLMBW1wZvMxPcOe5HF/:Uf9 5Km3RwZEiOe55
Size: 2067072 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: TODO:
Created at: 2014-10-17 23:35:17
Analyzed on: WindowsXP SP3 32-bit


Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The PUP creates the following process(es):

10299109:1396
7365254067:1952
%original file name%.exe:892
1873279532:1100

The PUP injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 10299109:1396 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\57_img3[1].txt (421 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\1420[1].jpg (17627 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\spidentifierimpl[1].exe (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7193316619.html (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\57_img1[1].txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IWATJRWA\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2551140156.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\7365254067 (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IWATJRWA\jquery.min[1].js (4722 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTBPZFSF\wajam_validate[1].exe (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1873279532 (304535 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6410027212.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTBPZFSF\desktop.ini (67 bytes)

The PUP deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014040820140409 (0 bytes)

The process %original file name%.exe:892 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%System%\10299109 (12288 bytes)

The process 1873279532:1100 makes changes in the file system.
The PUP creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\SPtool.dll (180359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\inetc.dll (30 bytes)

The PUP deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\SPtool.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\inetc.dll (0 bytes)

Registry activity

The process 10299109:1396 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014121420141215]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014121420141215]
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014121420141215]
"CachePrefix" = ":2014121420141215:"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014121420141215]
"CacheOptions" = "11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 2C 1C 58 8B 6B 8F 56 E6 E0 77 78 DE 89 3A FD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014121420141215]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014121420141215\"

The PUP modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The PUP modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The PUP modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The PUP deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014040820140409]

The PUP deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 7365254067:1952 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 3D FD 01 64 AB 93 43 E1 BE E0 B4 91 F8 9E 64"

The process 1873279532:1100 makes changes in the system registry.
The PUP creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 07 39 84 CA 24 8C 71 E5 B9 26 4A C4 28 91 E7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The PUP modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The PUP modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The PUP modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The PUP deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
484003524ef2000db83cb16ced0a48a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\1873279532
46f5c497f96e733176b010ff0ee56de3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\7365254067
484003524ef2000db83cb16ced0a48a1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\spidentifierimpl[1].exe
46f5c497f96e733176b010ff0ee56de3 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\LTBPZFSF\wajam_validate[1].exe
06cd61177479373c67080121874a59a3 c:\WINDOWS\system32\10299109

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: TODO:
Product Name: TODO:
Product Version: 1.0.0.1
Legal Copyright: Copyright (C) 2014
Legal Trademarks:
Original Filename: Installer.exe
Internal Name: Installer.exe
File Version: 1.0.0.1
File Description: Chrome_Update
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 18546 18944 4.46262 189c88c2ecea974696083197962be8f2
.rdata 24576 8482 8704 3.25315 e44aca5a317cdd0a5f10729135a9bf4e
.data 36864 6624 3072 1.70468 ee16d5a701ad2e6c46d500d1e0b098c2
.rsrc 45056 2020832 2020864 5.40615 be63bca43ba95a4681ee23f1f0647e74
.reloc 2068480 6926 7168 1.44623 9ae50d7ef8be7756c3d4b385b303778a

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 167
db9ec636bc1921c25071e1091af69df8
eb71361c9324b3da97719ce2be2b8431
de2f7da43ca30a8dfbf255c7346f6fb9
d94c026f77a4f4392223cff6a5e771b9
3cf60d9f9bd0e37687fa74c6977af79c
1ba21365fb5d6faaf70a298a09d55baf
b6b013b1200f393ee60f75ef0b0b2b99
2679fba5cdcb953b20c06099645e5bbb
09cf493676e4d2eda2aaed88cd6ae747
2292e40af10944af22a0467fa64936d3
7707b66b1ffd45e8680c15c636217747
18145d0b5fef8dcc27b9dfcd8545d1c3
eb707f15285805c4428fb900ad1816f4
916d5a6003570d9a25101cdffb5fc33e
be1c6d00f498129c5cecdec7b7daf4ce
4f03cde5cd1f6f74e8eec85a593f8ef5
2a3a1b9c385041cc37bb070810b4b442
594219b25cdebadaaf2ee4920bfd0414
bd8154720ce973442a39100438a31986
609c5e5a03a3b9cbfc3bed1cc7df4538
d01e8cad8c82a9f3edf7c9ee576a0eb2
725d42c1d300db30169466225135ec2a
1669fea28b2229ab19559b9480c216c5
98b213ff305e663542ccb32f8150bc49
5ccd2cb3a88a30a793165a1534cd80e0

URLs

URL IP
hxxp://installmetrix.com/common/gate/installer_gate_client.php?download_id=10299109&mode=prechecking
hxxp://e6337.g.akamaiedge.net/spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://e9287.g.akamaiedge.net//spidentifier/1.0.2.0/spidentifierimpl.exe
hxxp://jazz-1846647836.us-east-1.elb.amazonaws.com/
hxxp://www.wajam.com/download/wajam_validate.exe
hxxp://www.wajam.com/install/valid?v=1&unique_id=5A9377C1B9B59AE7E78D286BF392BB44
hxxp://installmetrix.com/common/gate/installer_gate_client.php?download_id=10299109&mode=getcombo&offers=1129|1146|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1190|1191|1060|1203|1204|1205|1207|1172|1209|1210|1212|1086|1122|1217|1196|1197|1198|1187|1224|1225|1231|1230|1220|1229|1228|1227|1226|1056|1119|1127|1175|1032|1113|1195|1038|1214|1238|1239|1240|1241|1242|1243
hxxp://installmetrix.com/common/gate/report.php?download_id=10299109&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1420&offer_id=0&templateid=57
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.1/jquery.min.js
hxxp://installmetrix.com/common/installer_logos/1420.jpg
hxxp://installmetrix.com/common/interface/images/57_img1
hxxp://installmetrix.com/common/interface/images/57_img3
hxxp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe 23.64.142.202
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js
hxxp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe 23.64.227.152
hxxp://sp-installer.conduit-data.com/ 54.243.179.23


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /ajax/libs/jquery/1.10.1/jquery.min.js HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Mon, 03 Jun 2013 01:27:22 GMT
Date: Wed, 10 Dec 2014 13:43:39 GMT
Expires: Thu, 10 Dec 2015 13:43:39 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 32862
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 349585
Alternate-Protocol: 80:quic,p=0.02
.............{...0.{....U.sD.N...3.u.4i....&-E..HPB....j.....Yf.B.....
.Mk..`.3g...>..........'..x49...ep.d<.\.......|...*.3q.u..A._..7
...<M.e....NO....w.2.6.n.........&.F.h........l.u.......8.D!.Y.m.|}
T.\..4_r......n.g.(edn^.1=K...S....X......B...#..JnG.<.J..\nw......
{/6p.d........Q.............&{].......\...F...H.....Q.......T.T.F..^..
...d1.g........WC.../...n..t..(....7..K.L......../^.<.}:^....#(...a
..c......O..Y0.w.x\....'..A..T..r_..7........./.O.'g5.~A.-Dx.?/.....y.
E..a-.n.|.`..B..q.......: .E.................U.z.wX.8.....*vq...2..]..
'<%..Sr).C.N6....F.......x.........q...,*c...7.\p.G.h.zq...MRVq..u.
.y.....BH...|.M.*.........*.........-?..h...@p..~.c...:n<....}.,.*|
... O.&..@.....\$...U\E. *.{yF.)....(...(V.*.*.nO.P..h[.U.....a....R.b
-...o..s..5lY...............'^I[.&Oml.xx.H...e.b....0..Y..l.8...N&.N..
.Ogs......"|5.o.%,..$u=H....q..1..:..hf>...h.{......3>?3...X..5.
.Q...l....e..".`.7qq..X..l....z..7......,_.oa..l....=WX.:.Fb0...~T.e..
......u.%.w.........g.t.(...K=...<Y.3u.gx.....>..d........_..q~y
.......D~|..(.. .7.=.%[email protected]~........q..\...u......L
W.....ac>.`V..........W.W[..K.h0.W..7...iQDw>..[\..z....cQ.T,tv.
...h..)5..............Vr....p|.........x./.....\.|....c%][email protected].
5.kQ5.^..j/[email protected]/....;...|/h..F..%..M.H..y...%p.D.{..:c.._...H......ME.
.N..:TA.....H.........3..:[email protected]..
..Df...........lup..J.u......P..(...~..W.[Z.....0|.C1....X.....v...HDC
....2rz.`..5pl)l..}.g{)..)bB."..8.,A)ao/e..l. {../.A;..u.q.A].%...
<<< skipped >>>


GET /install/valid?v=1&unique_id=5A9377C1B9B59AE7E78D286BF392BB44 HTTP/1.1
Host: VVV.wajam.com


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:50:00 GMT
Server: Apache/2.4.10 (Ubuntu)
Set-Cookie: PHPSESSID=h8noc73aj6ar6lp0h3mue10is6; path=/; domain=.wajam.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: _wau=14185686005934389; expires=Mon, 14-Dec-2015 14:50:00 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _wal=1418568600; expires=Mon, 14-Dec-2015 14:50:00 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: not_logged_unique_id=5A9377C1B9B59AE7E78D286BF392BB44; expires=Mon, 14-Dec-2015 14:50:00 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Set-Cookie: _waab=70,59,16,89,98,36,96,24,12,31; expires=Mon, 14-Dec-2015 14:50:00 GMT; Max-Age=31536000; path=/; domain=.wajam.com
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w51|VI2jm|VI2jm; path=/; domain=.wajam.com
0..



GET /common/interface/images/57_img3 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=3aa5cb6d907b542482d100099af235e4


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:50:05 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "1765-5449953e-4a70f802f757fa9f"
Last-Modified: Thu, 23 Oct 2014 23:54:38 GMT
Content-Type: text/plain
Content-Length: 5989
.PNG........IHDR.............8,U.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: 10299109
Host: sp-storage.conduit-services.com


HTTP/1.1 301 Moved Permanently
Location: hXXp://sp-storage.spccinta.com//spidentifier/1.0.2.0/spidentifierimpl.exe
Server: BigIP
Content-Length: 0
Cache-Control: private, max-age=900
Expires: Sun, 14 Dec 2014 15:04:42 GMT
Date: Sun, 14 Dec 2014 14:49:42 GMT
Connection: keep-alive
HTTP/1.1 301 Moved Permanently..Location: hXXp://sp-storage.spccinta.c
om//spidentifier/1.0.2.0/spidentifierimpl.exe..Server: BigIP..Content-
Length: 0..Cache-Control: private, max-age=900..Expires: Sun, 14 Dec 2
014 15:04:42 GMT..Date: Sun, 14 Dec 2014 14:49:42 GMT..Connection: kee
p-alive..



GET /common/gate/installer_gate_client.php?download_id=10299109&mode=prechecking HTTP/1.1
User-Agent: 10299109
Host: installmetrix.com


HTTP/1.1 302 Found
Date: Sun, 14 Dec 2014 14:49:40 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: hXXp://beta.installmetrix.com:5000/precheck?download_id=10299109&mode=prechecking
Content-Type: text/html
Content-Length: 1148
<!DOCTYPE html>.<html style="height:100%">.<head><
;title> 302 Found..</title></head>.<body style="colo
r: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
 height:100%; background-color: #fff;">.<div style="height:auto;
 min-height:100%; ">     <div style="text-align: center; width:8
00px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
.        <h1 style="margin:0; font-size:150px; line-height:150px; f
ont-weight:bold;">302</h1>.<h2 style="margin-top:20px;font
-size: 30px;">Found..</h2>.<p>The document has been tem
porarily moved to <A HREF="%s">here</A>.</p>.</di
v></div><div style="color:#f0f0f0; font-size:12px;margin:a
uto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100p
x;margin-top:-101px;background-color:#474747;border-top: 1px solid rgb
a(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
.<br>Proudly powered by  <a style="color:#fff;" href="hXXp://
VVV.litespeedtech.com/error-page">LiteSpeed Web Server</a><
;p>Please be advised that LiteSpeed Technologies Inc. is not a web 
hosting company and, as such, has no control over content found on thi
s site.</p></div></body></html>...
<<< skipped >>>


GET /common/gate/installer_gate_client.php?download_id=10299109&mode=getcombo&offers=1129|1146|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1190|1191|1060|1203|1204|1205|1207|1172|1209|1210|1212|1086|1122|1217|1196|1197|1198|1187|1224|1225|1231|1230|1220|1229|1228|1227|1226|1056|1119|1127|1175|1032|1113|1195|1038|1214|1238|1239|1240|1241|1242|1243 HTTP/1.1
User-Agent: 10299109
Host: installmetrix.com


HTTP/1.1 302 Found
Date: Sun, 14 Dec 2014 14:50:01 GMT
Server: LiteSpeed
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Location: hXXp://beta.installmetrix.com:5000/getcombo?download_id=10299109&mode=getcombo&offers=1129|1146|1153|1154|1147|1144|1075|1157|1161|1163|1164|1165|1173|1171|1190|1191|1060|1203|1204|1205|1207|1172|1209|1210|1212|1086|1122|1217|1196|1197|1198|1187|1224|1225|1231|1230|1220|1229|1228|1227|1226|1056|1119|1127|1175|1032|1113|1195|1038|1214|1238|1239|1240|1241|1242|1243
Content-Type: text/html
Content-Length: 1148
<!DOCTYPE html>.<html style="height:100%">.<head><
;title> 302 Found..</title></head>.<body style="colo
r: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
 height:100%; background-color: #fff;">.<div style="height:auto;
 min-height:100%; ">     <div style="text-align: center; width:8
00px; margin-left: -400px; position:absolute; top: 30%; left:50%;">
.        <h1 style="margin:0; font-size:150px; line-height:150px; f
ont-weight:bold;">302</h1>.<h2 style="margin-top:20px;font
-size: 30px;">Found..</h2>.<p>The document has been tem
porarily moved to <A HREF="%s">here</A>.</p>.</di
v></div><div style="color:#f0f0f0; font-size:12px;margin:a
uto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100p
x;margin-top:-101px;background-color:#474747;border-top: 1px solid rgb
a(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;">
.<br>Proudly powered by  <a style="color:#fff;" href="hXXp://
VVV.litespeedtech.com/error-page">LiteSpeed Web Server</a><
;p>Please be advised that LiteSpeed Technologies Inc. is not a web 
hosting company and, as such, has no control over content found on thi
s site.</p></div></body></html>.....
<<< skipped >>>

GET /common/gate/report.php?download_id=10299109&mode=6&combo_id=9999&os_name=Windows XP&os_add=Service Pack3&os_build=2600&proj_id=1420&offer_id=0&templateid=57 HTTP/1.1


User-Agent: 10299109
Host: installmetrix.com


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:50:03 GMT
Server: LiteSpeed
Connection: close
X-Powered-By: PHP/5.4.31
Set-Cookie: PHPSESSID=3aa5cb6d907b542482d100099af235e4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 0



GET /common/interface/images/57_img1 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=3aa5cb6d907b542482d100099af235e4


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:50:04 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: close
ETag: "de2-5449953d-aa71d8120fbcf097"
Last-Modified: Thu, 23 Oct 2014 23:54:37 GMT
Content-Type: text/plain
Content-Length: 3554
.PNG........IHDR...f...!..... .......pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /common/installer_logos/1420.jpg HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: installmetrix.com
Connection: Keep-Alive
Cookie: PHPSESSID=3aa5cb6d907b542482d100099af235e4


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:50:04 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
ETag: "237c1-54481cdf-3817d37110e1cbc1"
Last-Modified: Wed, 22 Oct 2014 21:08:47 GMT
Content-Type: image/jpeg
Content-Length: 145345
Cache-Control: public, max-age=604800
Expires: Sun, 21 Dec 2014 14:50:04 GMT
.PNG........IHDR..............x......tEXtSoftware.Adobe ImageReadyq.e&
lt;..7cIDATx..}...U......{.I23....#.@...."J.EP9.V.w...].Q.]....*..K...
.  g .L.....59&..$s.Y...W.._.TwW......G........z.....B).B......r...K..
...N.)W....N..j.j@...]...j(......=.C.D...f.f.4.g...........F..z..5...u
.lx.\..{...{[email protected]..=..... ..O3...=..=E..PC..5.((.....^....
..![[email protected] [email protected]...~6....l...". .....}....)[email protected]...
u.../.%.*@w.{..eK..!PC.E..P.S.}*........".U.......{}.e.T.;.I...!PC..5.
.G...u......!Yn7.i.n".Y.~6....T.e.N...E..PC..5......t.......i.....i...
.x....<[email protected]].#.g..d.gO.?...ag.y.0..Q....Bl .j
.....{..N..l........^..<..E.........F..}/r~g.-G$ .......S...~u2....
.......u..B.....N...._^VV6)_'...ek<.o6.nhh....[4M...o......d......,
]...G........W."...12.z..........{.$.k.>........E3....>..}..a3p.
...I>.....`...d..X,.|....H.V.Z..I...^...:.....>.Cvn.....y%......
......................N.4i....&L.4h..@ P^UU5C....H$......z.=.@....[n.e
..({!...{!.^..=F...PC..5....}/@.....`...q.&...L...........k.........;.
.U...W..{..uYX.^.;K.z..(...".j(..:.{!.....g..9e.......,..Q...8.f...[^y
....R.w....../...F...P. ...............0)>...:...$.M}.\|...%...;.tV
~*.....^.mw......,8.-{.......x.{1.k...(.p.bG.@t.>.......b.y...b{.$.
...h{...t.-........#....O.>.`..kj..C!.N...k...=..4g..-)8t..j.......
.W_=.%!....x.$..EE..=...!.zPC.E........v.Og.g.~/ .y......G\~..g..?~Fuu
......<....mm.y...x].!.^.o.....[o.a.E.............i~.l...kB~.I.o.@N
:B...I.>....?h.....RT.hm|.=G.A.~ .`..[t.......q..{[email protected].@
<<< skipped >>>


POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: sp-installer.conduit-data.com
Content-Length: 225
Connection: Keep-Alive
Cache-Control: no-cache

{"event_type":"SPidentifier", "environment":"",  "machine_ID":"ZJRJCZACPP86RWSEVX8GFL AMAKAC4SSR9BLLZSMMDQNC6VVPQAR3SIEJHJ6K/DKZBYXQYKKQBYUF8ETVHDB W", "result": "success", "failure_reason": "clean_machine", "SP_version": ""}
HTTP/1.1 202 Accepted
Date: Sun, 14 Dec 2014 14:49:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive



GET //spidentifier/1.0.2.0/spidentifierimpl.exe HTTP/1.1
User-Agent: 10299109
Host: sp-storage.spccinta.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 14 Dec 2014 17:39:54 GMT
Accept-Ranges: bytes
ETag: "bd95aafde34a6270e612f226404df5e3"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2592168
Date: Sun, 14 Dec 2014 14:49:42 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................t...z...B...8............@..............
.....................'...@.................................@..........
.0............t'. ....`...............................................
........................................text....r.......t.............
..... ..`.rdata..n .......,...x..............@[email protected].... ...........
...............@....ndata...................................rsrc...0..
.........................@[email protected][email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ
<<< skipped >>>


GET /download/wajam_validate.exe HTTP/1.1
User-Agent: 10299109
Host: VVV.wajam.com


HTTP/1.1 200 OK
Date: Sun, 14 Dec 2014 14:49:59 GMT
Server: Apache/2.4.10 (Ubuntu)
Last-Modified: Wed, 15 Oct 2014 15:46:54 GMT
ETag: "2c00-505780a8555f9"
Accept-Ranges: bytes
Content-Length: 11264
Connection: close
Content-Type: application/x-msdos-program
Set-Cookie: APPSESSID=w21|VI2jm|VI2jm; path=/; domain=.wajam.com
Cache-control: private
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........Z~..;...;..
.;..D'...;../$...;../$...;../$...;..D3M..;...;...;../$...;../$...;..Ri
ch.;..........PE..L...A..R.................0.......`.......p........@.
......................................................................
......................................................................
....................................................UPX0.....`........
......................UPX1.....0...p...&..................@...UPX2....
.............*..............@.........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.......3.09.UPX!......X,)rA..u..."[email protected]..._B.
.#Eg......A...........vT2.].?...%"....E.!..M.........?..k..n......}...
.....j!...}w..Y.H.../.J....M..w.{..;s.LB......~.}.A.}..tq...B..@~..{k.
.@. fi.....w..{..U..P..Q M.L......Q.{<v...>.}..n?.X....*.. M....
.R.{[email protected]......}.@|.>ns..f.Q)....&a.Z.R.7z.1....`..P.
=/.k..*.Q.....3..`....Xa...t,aP...u.o..-MM...j@:.R.E.P]s..>.M..d.F.
.U..;|..E........onY.. ...}7X.3........3..B........I.......L.p......6.
#....#...............x.j."B.a...4.X...!fu....'#U....?.....2<...
<<< skipped >>>






The PUP connects to the servers at the folowing location(s):







10299109_1396:




.text
`.rdata
@.data
.rsrc
@.reloc
u(SSSSSh
PSSSSSSh
f;T$.uBf
QSShx'V
tFHt:Ht.Ht"Hu`
j%XtL9E
t'SShl
SSSSh
tWSShW
tl9_ tgSSh
u$SShe
FTCP
u.Ph<
tAHt.HHt
FtPW
SSh@B
<SShG
s%j.Zf
RegOpenKeyTransactedW
RegCreateKeyTransactedW
CCmdTarget
RegDeleteKeyTransactedW
CNotSupportedException
CHttpFile
RegDeleteKeyExW
TaskDialogIndirect
CMDITabProxyWnd
CMDIChildWndEx
CMDIFrameWndEx
CMDIChildWnd
CMDIFrameWnd
CMDIClientAreaWnd
CMFCToolBarsKeyboardPropertyPage
GetProcessWindowStation
operator
hXXp://installmetrix.com/common/gate/report.php?download_id=%s&mode=%d&combo_id=%d&os_name=%s&os_add=%s&os_build=%s&proj_id=%s&offer_id=%s&templateid=%s
</offer_url>
<offer_url>
</software_url>
<software_url>
</software_exiturl>
<software_exiturl>
first url
Windows 8
Windows Server 2012
Windows 7
Windows Server 2008 R2
Windows Vista
Windows Server 2008
Windows XP Professional x64 Edition
Windows Server 2003
Windows XP
Windows 2000
WebStroller=I
GetWindowsDirectoryW
GetCPInfo
KERNEL32.dll
CreateDialogIndirectParamW
GetKeyState
SetWindowsHookExW
UnhookWindowsHookEx
GetKeyNameTextW
MapVirtualKeyW
GetAsyncKeyState
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyExW
USER32.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GDI32.dll
MSIMG32.dll
COMDLG32.dll
WINSPOOL.DRV
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
COMCTL32.dll
UrlUnescapeW
SHLWAPI.dll
ole32.dll
OLEAUT32.dll
oledlg.dll
GdiplusShutdown
gdiplus.dll
OLEACC.dll
InternetCrackUrlW
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetOpenUrlW
WININET.dll
IMM32.dll
WINMM.dll
.?AVCCmdUI@@
.PAVCMemoryException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCTestCmdUI@@
.?AVCHttpFile@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@
.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.PAVCArchiveException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AVCMFCToolBarCmdUI@@
.?AVCMDITabProxyWnd@@
.?AVCMDIChildWndEx@@
.?AVCMDIChildWnd@@
.?AVCMDIFrameWndEx@@
.?AVCMDIFrameWnd@@
.PAVCOleDispatchException@@
.?AVCMFCCmdUsageCount@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@
.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@
.?AVCMDIClientAreaWnd@@
.?AVCMFCRibbonCmdUI@@
.?AVCMFCColorBarCmdUI@@
.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@
.?AVCMFCAcceleratorKey@@
.?AVCMFCToolBarsKeyboardPropertyPage@@
.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@
.?AVCMFCRibbonKeyTip@@
.?AVCMFCTasksPaneToolBarCmdUI@@
.?AVCMFCAcceleratorKeyAssignCtrl@@
zcÁ
.?AVCCmdTarget@@
.PAVCException@@
.?AVCWebGrab@@
.?AVCWebGrabSession@@
.PAVCInternetException@@
.PAVCFileException@@
.?AVCWebPage@@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="hXXp://VVV.w3.org/1999/xhtml">
<script type="text/javascript" src="hXXp://ajax.googleapis.com/ajax/libs/jquery/1.10.1/jquery.min.js"></script>
background:url(hXXp://installmetrix.com/common/interface/images/57_img1);
background:url(hXXp://installmetrix.com/common/interface/images/57_img3);
if(document.getElementById("opt_checkbox1") != null)
document.getElementById("opt_checkbox1").disabled = true;
document.getElementById("opt_checkbox1").checked = true;
if(document.getElementById("opt_checkbox2") != null)
document.getElementById("opt_checkbox2").disabled = true;
document.getElementById("opt_checkbox2").checked = true;
if(document.getElementById("opt_checkbox3") != null)
document.getElementById("opt_checkbox3").disabled = true;
document.getElementById("opt_checkbox3").checked = true;
if(document.getElementById("opt_checkbox4") != null)
document.getElementById("opt_checkbox4").disabled = true;
document.getElementById("opt_checkbox4").checked = true;
if(document.getElementById("opt_checkbox5") != null)
document.getElementById("opt_checkbox5").disabled = true;
document.getElementById("opt_checkbox5").checked = true;
if(document.getElementById("checkbox_div") != null)
document.getElementById("checkbox_div").style.display = "none";
document.getElementById("opt_checkbox1").disabled = false;
document.getElementById("opt_checkbox2").disabled = false;
document.getElementById("opt_checkbox3").disabled = false;
document.getElementById("opt_checkbox4").disabled = false;
document.getElementById("opt_checkbox5").disabled = false;
document.getElementById("checkbox_div").style.display = "block";
Software Updater for Chrome Install Setup
Please click the "next" button to continue your installation of Software Updater for Chrome.
<img id="logo" src="hXXp://installmetrix.com/common/installer_logos/1420.jpg" />
<img src="hXXp://installmetrix.com/common/installer_logos/1420.jpg" height="50px" style="vertical-align:middle"> Software Updater for Chrome
Software Updater for Chrome will automatically update all your software and files to the newest, most secure version. This will make sure your computer is safe and secure as well as running at its optimal performance.
Please click the "Next" button below to begin your installation of Software Updater for Chrome.
By clicking "Next", I agree to the <a href="hXXp://fileverified.com/terms.html" target="_blank" style="color:#b0b0b0">Terms of Use</a> and <a href="hXXp://fileverified.com/privacy.html" target="_blank" style="color:#b0b0b0">Privacy Policy</a>.
<span id="decline"><input type="button" id="btn_decline" onmousedown="$('#btn_decline').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img2)');" onmouseup="$('#btn_decline').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img1)');" onmouseout="$('#btn_decline').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img1)');" /></span>
<span id="next"><input type="button" id="btn_accept" onmousedown="$('#btn_accept').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img4)');" onmouseup="$('#btn_accept').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img3)');" onmouseout="$('#btn_accept').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img3)');" /></span>
background:url(hXXp://installmetrix.com/common/interface/images/57_img5);
div.progress {
background:url(hXXp://installmetrix.com/common/interface/images/57_img9);
div.progressIndicator {
background:url(hXXp://installmetrix.com/common/interface/images/57_img10);
div.progressVal {
.hidden {
position: absolute !important;
.focus {
background-color: #eee !important;
Please click the "next" button to begin your installation of Software Updater for Chrome.
g_progress1.setValue("pb1",val);
g_progress2.setValue("pb2",val);
$(document).ready(function() {
this.valMax = max;
this.showVal = showVal;
this.divWidth = 0;
this.width = this.$container.width();
this.left = Math.round(this.$container.offset().left);
this.top = Math.round(this.$container.offset().top);
this.$container.append('<div id="'   container_id   '_progDiv" class="progressIndicator"></div>');
$('#' container_id '_progDiv').css('width', '0%');
this.$container.append('<div id="'   container_id   '_progVal" class="progressVal" aria-hidden="false"></div>');
$('#' container_id '_progVal').html('0%');
if (this.showVal == false) {
$('#' container_id '_progVal').addClass('hidden').attr('aria-hidden', 'true');
progressbar.prototype.setValue = function(container_id,val) {
var percent = val * 100 / this.valMax;
this.$container.attr('aria-valuenow', Math.round(percent));
$('#' container_id '_progDiv').css('width', percent   '%'); //Math.round(percent)   '%');
$('#' container_id '_progVal').html(this.$container.attr('aria-valuenow')   '%');
progressbar.prototype.getProgress = function() {
return this.$container.attr('aria-valuenow');
progressbar.prototype.positionHandle = function($handle, val) {
var handleHeight = $handle.outerHeight(); // the total height of the handle
var handleWidth = $handle.outerWidth(); // the total width of the handle
valPos = ((val - this.min) / (this.max - this.min)) * this.width   this.left;
xPos = Math.round(valPos - (handleWidth / 2));
yPos = Math.round(this.top   (this.height / 2) - (handleHeight / 2));
$handle.css('top', yPos   'px');
$handle.css('left', xPos   'px');
$handle.attr('aria-valuenow', val);
if (/1$/.test($handle.attr('id')) == true) {
this.val1 = val;
this.val2 = val;
if (this.showVals == true) {
this.updateValBox($handle, Math.round(valPos));
progressbar.prototype.updateValBox = function() {
var $valBox = $('#'   $handle.attr('id')   '_val');
var boxWidth = $valBox.outerWidth();
yPos = $handle.css('top');
xPos = Math.round(valPos - (boxWidth / 2))   'px';
$valBox.css('top', yPos);
$valBox.css('left', xPos);
$valBox.text($handle.attr('aria-valuenow'));
<span id="next"><input type="button" id="btn_minimize" onmousedown="$('#btn_minimize').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img6)');" onmouseup="$('#btn_minimize').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img5)');" onmouseout="$('#btn_minimize').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img5)');" /></span>
background:url(hXXp://installmetrix.com/common/interface/images/57_img7);
<strong>You have successfully installed Software Updater for Chrome.</strong><br /><br />
<span id="next"><input type="button" id="btn_exit" onmousedown="$('#btn_exit').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img8)');" onmouseup="$('#btn_exit').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img7)');" onmouseout="$('#btn_exit').css('background', 'url(hXXp://installmetrix.com/common/interface/images/57_img7)');" /></span>
10299109
C:\WIND
CCC.jjj
SSShzzz
var x = document.cookie;
<requestedExecutionLevel level='requireAdministrator' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
<!--The ID below indicates application support for Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
<!--The ID below indicates application support for Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
1 2$2(2,2
4L4]4w4
040:0`0}0
>&>,>"?9?
01
11?1^1
!171!2-2~2
=.=;=$>4>
8„8S8b8p8
88v8
5,626;6~6
515<5d6
4 4$4(4,4
> >$>(>,>0>4>8>
6 6$6(6,6064686<6@6\6`6|6
2 2$2(2,20242\2`2|2
= =$=(=,=0=4=8=<=@=
: :$:(:,:0:
? ?(?0?<?`?
;$;,;8;\;|;
7 7$7(7,7074787
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
KERNEL32.DLL
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
lX-X-x-XX-XXXXXX
Advapi32.dll
res://%s/%s
res://%s/%d
Acomctl32.dll
Acomdlg32.dll
Ashell32.dll
accKeyboardShortcut
wuser32.dll
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
Bf:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
hXXp://
@WININET.DLL
SHELL32.DLL
lXXxXXXXXXXX
dwmapi.dll
UxTheme.dll
eShell32.dll
%s:%x:%x:%x:%x
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
kernel32.dll
Af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
mfcm100u.dll
%sMFCToolBar-%d%x
%sMFCToolBar-%d
%sMFCToolBarParameters
TOOLBAR_RESETKEYBAORD
&%d %s
Df:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filetxt.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
COMCTL32.DLL
USER32.DLL
KeyboardManager
MSG_CHECKEMPTYMINIFRAME
%sDockingManager-%d
MFCLink_UrlPrefix
MFCLink_Url
%sPane-%d%x
%sPane-%d
%sBasePane-%d%x
%sBasePane-%d
windows
ShowCmd
K%c%d%c%s
%sMDIClientArea-%d
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp
HHex={X,X,X}
C%sMFCOutlookBar-%d%x
%sMFCOutlookBar-%d
%sDockablePaneAdapter-%d%x
%sDockablePaneAdapter-%d
Of:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
ENABLE_KEYS
KEYS_MENU
KEYS
ORICHED20.DLL
RGB(%d, %d, %d)
%sMFCTasksPane-%d%x
%sMFCTasksPane-%d
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\NET Framework Setup\NDP\v1.1.4322
Software\Microsoft\.NETFramework\Policy\v1.0
%s %s
hXXp://%s
Downloading %s...
Installing %s...
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=prechecking
hXXp://installmetrix.com/common/gate/installer_gate_client.php?download_id=%s&mode=getcombo&offers=%s
%s is being installed
H:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
%s (%s:%d)
.html
chrome
firefox
opera
%USERPROFILE%
amitest.txt
/s /t /i ElectroLyrics /u hXXp://VVV.amoninst.com/index.php
I/s /t /i WebStroller
hXXp://sp-storage.conduit-services.com/spidentifier/1.0.2.0/spidentifierimpl.exe
hXXps://sp-storage.spccinta.com/spidentifier/spidentifierstub/SPIdentifier.exe
hXXp://val.costmin.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Test|Result|1;
hXXp://VVV.wajam.com/download/wajam_validate.exe
Webstroller - Amonetize
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
%s = %s
Read %d bytes (%0.1f Kb/s)
Read %d bytes
Resolving name for %s
Resolved name for %s
Unknown status: %d
%System%\10299109
Software Updater for Chrome
hXXp://totalnethits.biz/apps/softwareupdater.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\6410027212.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\7193316619.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\2551140156.html
hXXp://myfreedl.com/thankyou/index3.php
Click "Next" to continue installing Software Updater for Chrome.
Please read the following important information and terms before continuing:
s Settings/Options tab. <a target="_blank" href="hXXp://info.trovi.com/searchprotect/about" style="color:#666">Learn more</a>
If you elect to change your browser settings via Search Protect, your settings preferences will be applied to Chrome
, Firefox
If you elect to change your browser settings via your web browser, Search Protect will be disabled for that setting, therefore its ability to prevent third-party software from changing your settings will be halted.
In Chrome, browser settings can be changed via the Chrome menu or wrench icon. In Firefox, settings can be changed via the Firefox button or Tools menu. In Internet Explorer, settings can be changed via the gear icon or Tools menu. For all three browsers, new tab setting can be restored by opening a new tab and clicking
You can uninstall Search Protect at any time by using the standard uninstall process that is available as part of your operating system. In Microsoft Windows
Additional information for some versions of Search Protect is available on our <a target="_blank" href="hXXp://info.trovi.com/searchprotect/uninstall" style="color:#666">help page</a>.
, and Chrome
home page and search settings. <a target="_blank" href="hXXp://info.trovi.com/searchprotect/about" style="color:#666">Learn more</a>
hXXps://sp-storage.spccinta.com/sp-downloader.exe
ViewPlay implements useful features which enhance the way you use the web. ViewPlay software
adds website ratings, exclusive offers, reviews, related search results, multi-site searching,
ViewPlay content includes advertisements and is not affiliated with any underlying websites.
hXXp://install-cdn.viewplay.net/sd?is=ix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewPlay;HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23};HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38};HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B};HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewPlay;
You acknowledge and agree that by clicking on the "I AGREE" button (or similar buttons or links as may be designated by DESKTOP DOCK to show your acceptance of this Agreement and/or your agreement to download and install the Desktop Dock), you expressly acknowledge and agree to be bound by, the Terms of Service and Privacy Policy applicable to the DESKTOP DOCK Website and the content, services and features provided on or through the Desktop Dock, and any new versions or updates thereof. Both the Terms of Service and Privacy Policy can be accessed through the DESKTOP DOCK Website. For the Terms of Service, see <a target="_blank" href="hXXp://VVV.desktopdock.net/TOS">hXXp://VVV.desktopdock.net/TOS</a> . For the Privacy Policy, see<a target="_blank" href="hXXp://VVV.desktopdock.net/Privacy">hXXp://VVV.desktopdock.net/Privacy</a> .<br>
<div style="margin-top:6px">2.1.1. Desktop Dock will permit third parties to, display advertising and other information within the interface of the Desktop Dock and/or in connection with the display of content and programming. Desktop Dock or the Desktop Dock serves, and permits third parties to serve, advertisements within or adjacent to the content and programming delivered to you by the Desktop Dock. You understand and agree that Desktop Dock, or applicable third parties, may include content-targeted advertisements or other related information, including content delivered via SSL/TSL, as further described in the Desktop Dock Privacy Policy. Your correspondence or business dealings with, or participation in promotions of, advertisers found on or through Desktop Dock, including payment and delivery of related goods or services, and any other terms, conditions, warranties or representations associated with such dealings, are solely between you and such advertiser.<br>
<div style="margin-top:6px">2.1.2. Desktop Dock will take organizational and technical measures intended to protect the privacy and integrity of the computer resources (or other applicable device) you are utilizing, however, you acknowledge and agree that this is not a representation or warranty of Desktop Dock.<br>
<div style="margin-top:6px">3.2.1. Operate or utilize the Desktop Dock in a manner that violates any applicable local, state, national or international law or governmental regulation, policy procedure or ordinance;<br>
<div style="margin-top:6px">3.2.2. Operate or utilize the Desktop Dock, including the content, programming, services and features contained on or through the Desktop Dock, if this license has been terminated by Desktop Dock;<br>
<div style="margin-top:6px">3.2.3. Operate or utilize the Desktop Dock , including the content, programming, services and features contained on or through the Desktop Dock , in a manner that violates the Terms of Service or Privacy Policy;<br>
<div style="margin-top:6px">3.2.4. Operate or utilize the Desktop Dock for non-personal or commercial purposes or for the benefit of any third party or charge any person for the use or distribution of the Desktop Dock;<br>
<div style="margin-top:6px">3.2.5. sell, assign, rent, lease, distribute, export, import, act as intermediary or provider, act as a service bureau, or otherwise grant rights in the Desktop Dock , including, without limitation, through sublicense, to any other person or entity;<br>
<div style="margin-top:6px">3.2.6. Remove any proprietary notices from the Desktop Dock, or from any content, services, programming, or features contained on or through the Desktop Dock;<br>
<div style="margin-top:6px">3.2.7. undertake, cause, permit or authorize the modification, creation of derivative works, translation, reverse engineering, decompiling, disassembling or hacking of the Desktop Dock  and/or data and/or content or programming transmitted, processed or stored by Desktop Dock  or other users of the Desktop Dock ;<br>
<div style="margin-top:6px">3.2.8. use any unlicensed or unauthorized copies of the Desktop Dock;<br>
<div style="margin-top:6px">3.2.9. collect any information or communication about the users of the Desktop Dock  by monitoring, interdicting or intercepting any process of or communication initiated by the Desktop Dock  or by developing or using any software or any other process or method that engages or assists in engaging in any of the foregoing;<br>
<div style="margin-top:6px">3.2.10. use any type of bot, spider, virus, clock, timer, counter, worm, software lock, drop dead device, packet-sniffer, Trojan-horse routing, trap door, time bomb or any other codes or instructions that are designed to be used to provide a means of surreptitious or unauthorized access or that are designed to monitor, distort, delete, damage or disassemble the Desktop Dock or its ability to communicate and function with other computers running the Desktop Dock;<br>
<div style="margin-top:6px">3.2.11. with the exception of completely deleting the Desktop Dock from your computer, and those actions permitted by your manual use of the user interface provided as part of the Desktop Dock, take any action, including downloading and/or using third party software, that (1) modifies the settings of the Desktop Dock as it functions with your computer, or (2) otherwise modifies, alters, blocks or interferes with the functioning of the Desktop Dock;<br>
<div style="margin-top:6px">3.2.12. attempt to hack the Desktop Dock  or any communication initiated by the Desktop Dock  or to defeat or overcome any encryption and/or other technical protection methods implemented by Desktop Dock  with respect to the Desktop Dock  and/or data and/or content or programming transmitted, processed or stored by Desktop Dock  or other users of the Desktop Dock ;<br>
<div style="margin-top:6px">3.2.13. Interfere with or in any manner compromise any of Desktop Dock ' security measures; or<br>
<div style="margin-top:6px">3.2.14. Alter, modify, delete, or otherwise interfere with or in any manner compromise any content, programming, advertising, services and/or features contained on or through the Desktop Dock, including, without limitation, the Desktop Dock
<div style="margin-top:6px">4.1.1. Desktop Dock, in its sole discretion, may discontinue or suspend your right to access the Desktop Dock or content delivered by Desktop Dock at any time for any reason, and may at any time suspend or terminate any license hereunder without prior notice for any reason.<br>
<div style="margin-top:6px">4.1.2. Desktop Dock reserves the right to add or remove features or functions, or to provide upgrades, updates or programming fixes, to the Desktop Dock at any time in its sole discretion. You agree to accept any and all such upgrades, updates or programming fixes presented to you, including version updates.<br>
<div style="margin-top:6px">4.1.3. When installed on your computer, the Desktop Dock may periodically communicate with Desktop Dock servers and/or Desktop Dock installed by other users.<br>
<div style="margin-top:6px">4.1.4. Desktop Dock has no obligation to make available to you any subsequent versions of its software applications.<br>
<div style="margin-top:6px">4.1.5. You can uninstall the Desktop Dock at any time, in your sole discretion, by using your computer
<div style="margin-top:6px">7.1. The links provided either through or framed within the Desktop Dock and any website operated by Desktop Dock or its affiliates are provided as a courtesy only, and the sites they link to are not under the control of Desktop Dock in any manner whatsoever. Therefore, Desktop Dock is in no manner responsible for the contents of any such linked site or any link contained within a linked site, including any changes or updates to such sites. Desktop Dock is providing these links merely as a convenience, and the inclusion of any link does not in any way imply or express affiliation, endorsement of or sponsorship by Desktop Dock of any linked site and/or any of its content therein.<br>
<div style="margin-top:6px">10.1. THE DESKTOP DOCK IS PROVIDED "AS IS" AND THERE ARE NO WARRANTIES, CLAIMS OR REPRESENTATIONS MADE BY DESKTOP DOCK, EITHER EXPRESS, IMPLIED, OR STATUTORY, WITH RESPECT TO THE DESKTOP DOCK, INCLUDING, BUT NOT LIMITED TO WARRANTIES OF QUALITY, PERFORMANCE, NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, NOR ARE THERE ANY WARRANTIES CREATED BY COURSE OF DEALING, COURSE OF PERFORMANCE, OR TRADE USAGE. FURTHER, DESKTOP DOCK DOES NOT REPRESENT OR WARRANT THAT THE DESKTOP DOCK WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE, ACCURATE, COMPLETE, ERROR-FREE, OR WILL OPERATE WITHOUT PACKET LOSS, NOR DOES DESKTOP DOCK WARRANT ANY CONNECTION TO OR TRANSMISSION FROM THE INTERNET, OR ANY QUALITY OF TRANSMISSIONS OF DATA MADE THROUGH THE DESKTOP DOCK.<br>
<div style="margin-top:6px">11.1. IN NO EVENT SHALL DESKTOP DOCK , ITS AFFILIATES, PARENT COMPANIES, SUBSIDIARIES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS OR BUNDLED SOFTWARE PROVIDERS BE LIABLE WHETHER IN CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE (WHETHER ACTIVE, PASSIVE OR IMPUTED), PRODUCT LIABILITY OR STRICT LIABILITY OR OTHER THEORY), FOR ANY INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION ANY LOSS OF DATA, SERVICE INTERRUPTION, COMPUTER FAILURE OR PECUNIARY LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THE DESKTOP DOCK , INCLUDING ANY DAMAGES RESULTING THEREFROM, EVEN IF DESKTOP DOCK  HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<br>
<div style="margin-top:6px">12.3. Investigation; Disclosure. Desktop Dock reserves the right to investigate occurrences which may involve any violations of this Agreement, the Terms of Service or Privacy Policy, and may involve, and cooperate with, law enforcement authorities in prosecuting users who have participated in such violations. You expressly acknowledge and agree that Desktop Dock may disclose information provided by you to comply with law enforcement or any legal, governmental or regulatory order or action.<br>
<div style="margin-top:6px">12.4. Reservation of Rights; Modification. Desktop Dock reserves all rights not expressly granted in this Agreement. Desktop Dock may modify this Agreement at any time by providing such revised Agreement to you or posting the revised Agreement on the Desktop Dock Website. Your continued use of the Desktop Dock shall constitute your acceptance to be bound by the terms and conditions of such revised Agreement.<br>
<li> 12.9.1. Agreement: this End User License Agreement, as may be renewed, modified and/or amended from time to time.</li>
<li> 12.9.2. Intellectual Property Rights: any and all intellectual property rights, including but not limited to copyrights, trademarks and patents, as well as knowhow and trade secrets contained in or relating to the Desktop Dock or the Desktop Dock Website.</li>
<li> 12.9.3. Desktop Dock: refers to Howard Software Ltd, a company registered in U.K.</li>
<li> 12.9.4. Desktop Dock : the software distributed by Desktop Dock  (including all software and code in such software) that provides for, among other matters, the digital distribution of video and other content, and all future programming fixes, updates and upgrades thereof. The term "Desktop Dock
<li> 12.9.5. Desktop Dock  Website: any and all elements, contents and the 'look and feel' of the website available under the URLVVV.desktopdock.com, among other URLs, from which website the Desktop Dock  can be downloaded.</li>
<li> 12.9.6. Privacy Policy: means the privacy policy set forth by Desktop Dock from time to time at VVV. desktopdock.com/privacy with respect to the collection of information from users of the Desktop Dock.</li>
<li> 12.9.7. Terms of Service: means the agreement between Desktop Dock  and you for the use of the Desktop Dock  and the content, services and features provided on or through the Desktop Dock , which can be found by visiting the TOS page on this site;</li>
<li> 12.9.8. You: you, the end user of the Desktop Dock, also used in the form "your" where applicable.</li>
<div style="margin-top:6px">14.0. The Software Products runs off an ad-supported platform. During general internet usage on sites where Software Products operates, users may see advertisement. The type of ad is dependent on the content of the page as you generally browse the internet. Software Products is not related to or endorsed by the underlying website. These advertisements will be identified with the Software Products Name or Logo.</div>
Desktop Dock is ad-supported software and displays advertisements during your web browsing experience. By clicking "Next Step", you agree to the Desktop Dock <a target="_blank" href="undefined" style="color:#b0b0b0">EULA</a> and <a target="_blank" href="undefined" style="color:#b0b0b0">Privacy Policy</a> and consent to install Desktop Dock.
hXXp://d26tn7krurvwde.cloudfront.net/installer.exe
HKEY_CURRENT_USER\Software\DesktopDockApp;
hXXp://dl.softservers.net/111001500/OptimizerPro.exe
HKEY_CURRENT_USER\Software\Optimizer Pro|BuyNowURL;
PriceLess plugin will reduce your costs to the minimum. Just install the PriceLess add-on on your browsers, surf the web and get special offers when you need them the most. The add-on will detect online-shopping websites and will offer you with special coupons, discounts and sales for the items you searched for in those websites. The offers will pop at the top right corner of your browser and will help you save money and time.
<li>priceless website (the "Site") provides you various internet services by using, among others, out browser plugin application (the "Services").</li>
<li>Our privacy policy is available <a target="_blank" href="hXXp://pricelessorsoft.com/privacypolicy.html">here</a> ("Privacy Policy"), and contains information about our policies and procedures regarding the collection, use and disclosure of information concerning our users.</li>
For the purpose of this agreement links provided by third parties to other websites, applications, products, resources or other services created shall be referred to as "Third Party Services".</li>
IN NO EVENT WILL WE NOR OUR OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS, BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE DAMAGES, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY INCLUDING, WITHOUT LIMITATION, LOST PROFIT, LOSS OF CONTRACTS, DATA, INFORMATION, GOODWILL, INCOME, ANTICIPATED SAVINGS OR BUSINESS RELATIONSHIPS, DAMAGES ARISING FROM YOUR USE OF THIS SITE OR ANY OF OUR SERVICES, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING LIMITATIONS ON OUR LIABILITY TO YOU SHALL APPLY WHETHER OR NOT WE HAVE BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED HEREIN, OUR TOTAL LIABILITY TO YOU FOR ANY CAUSE WHATSOEVER AND REGARDLESS OF THE FORM OF THE ACTION, WILL AT ALL TIMES BE LIMITED TO AN AMOUNT EQUAL TO THE LOWER OF (I) US$50 OR (II) THE AMOUNT PAID, IF ANY, BY YOU DIRECTLY TO US DURING THE 30 DAY PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.<br>
<li>You shall cooperate as fully as reasonably required in the defense of any claim.</li>
<li>No part of this website or any of our Services may be distributed or copied for any commercial purpose or financial gain.</li>
<li>This Agreement shall be enforced to the fullest extent permissible under any applicable law. Accordingly, if any particular portion of this Agreement shall be adjudicated to be invalid or unenforceable, it shall be deemed to be amended to delete the portion thus adjudicated to be invalid or unenforceable.</li>
<li>Our failure to exercise or enforce any of our rights or provisions under this Agreement shall not be deemed or operate as a waiver of any such right or provision.</li>
hXXp://dl625.depotion.org
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3};
Consumer Input (softpublisher)
<img src="hXXp://totalnethits.biz/offers/images/consumerinput.png" style="opacity:0.50;filter:alpha(opacity=40)" height="30px">
Download the software to join the Consumer Input Research Panel, provided by Compete, and register to receive $5 or more in gift cards for each survey you successfully complete!
Online activities: This includes the search terms you enter and the results of such searches, the videos you view, the products you shop for online, information you enter into forms, the materials you download or upload, the advertisements you see, information and content on web pages you visit or with which you interact and may include personal, financial and health information.<br>
Information on secure pages: This includes information and content from protected or secure pages that you access, such as online accounts or the content of complete and incomplete consumer transactions when you are checking out through a website
s shopping cart, even if the website makes this information unreadable to others.<br>
System information: This includes information about the computer and browser that you are running on, including the IP address of the computer, how the software is operating, and which other applications are installed or running.<br>
Filtering of certain personally identifiable or sensitive information - Compete has established certain procedural and technical privacy rules designed to try to avoid the use of certain types of personally identifiable and sensitive information that can be identified by those processes, such as credit card numbers, social security numbers, email addresses and email content from most web-based email accounts. Despite our efforts, certain personally identifiable or sensitive information might get through the privacy rules and procedures. However, we do not knowingly use any inadvertently retained personally identifiable or sensitive information in our services.
If you participate in any other research panels or programs run by us (whether directly or indirectly, and regardless of device and applicable policy for each such other program), by joining this program you agree that we may use any information we have about you to match the data collected through this program with the data collected through such other panels and programs (including data collected in the past), and use the combined
data pursuant to the most restrictive applicable privacy policy. If you are upgrading the Software from an older version, re-joining this research program, or otherwise accepting the latest version of this Policy, you agree that after doing so, your data previously collected by Compete under your prior participation in the program may be used as described in this Policy. You may always uninstall the Software by following the instructions provided here. You may always uninstall the Software by following the removal instructions provided here <a target="_blank" href="hXXps://VVV.consumerinput.com/removal/" style="color:#666" rel="nofollow">hXXps://VVV.consumerinput.com/removal/</a>.
By clicking "Next" you are agreeing to the Consumer Input <a target="_blank" href="undefined" style="color:#b0b0b0">End User License Agreement</a> and <a target="_blank" href="undefined" style="color:#b0b0b0">Privacy Policy</a> and consent to install Consumer Input and automatically enable it on your Firefox, Internet Explorer and Chrome browsers. You may always uninstall the Software by following the removal instructions provided here.
hXXps://securehost-2.com/offers/InstallMetrix_ConsumerInput_new.exe
HKEY_CURRENT_USER\Software\ConsumerInput;
<div style="margin-top:6px">So that we may help you to understand how our technology works, and to allow you to exercise your privacy preferences, we offer this Technology Privacy Policy. For information about the information collected and used from this website, <a style="color:#666" href="hXXp://nuvisiongloballimited.com/">VVV.nuvisiongloballimited.com</a>, please see our <a style="color:#666" href="hXXp://nuvisiongloballimited.com/website-privacy-policy">website privacy policy</a>.</div>
<div style="margin-top:6px">Nuvision Global is a member of the <a style="color:#666" href="hXXp://VVV.networkadvertising.org/">Network Advertising Initiative ("NAI")</a> and follows the <a style="color:#666" href="hXXp://VVV.networkadvertising.org/">NAI's Self-Regulatory Principles</a>. Nuvision Global is also a member of the <a style="color:#666" href="hXXp://VVV.aboutads.info/">Digital Advertising Alliance (
)</a> and is in compliance with the <a style="color:#666" href="hXXp://VVV.aboutads.info/">DAA Self-regulatory Code</a>.</div>
<div style="margin-top:6px">In order to increase the relevance of online advertisements, our technology collects information about users as they visit our partner websites. This information is typically collected:</div>
<li>When a user conducts an online search for a product or service at a website where our technology is used;</li>
<li>While a user visits certain websites where our technology is used and/or views certain content while online;</li>
<div style="margin-top:6px">This information (e.g., the search term itself, the product or service searched for, the web site visited) may be collected as-is or may be categorized into segment categories (e.g., sports, news, apparel, electronics) to help us determine which types of online advertisement might be relevant to each User. For example, if a User searches for a "digital camera" on a partner web site of Nuvision Global, Nuvision Global will collect the term "digital camera" both in its raw form (e.g., "digital camera") as well as a segment category (e.g., "electronics").</div>
<div style="margin-top:6px">It is important to note that Nuvision Global only stores collected information that has commercial value for advertisers. For example, if a User searches for his own name on a partner site of Nuvision Global, Nuvision Global' servers will collect the information but will not store it as the information has no commercial value. We may store an aggregate list of search terms entered by users, but none of that information could be used to identify a particular User.</div>
<div style="margin-top:6px">While Nuvision Global does not create nor provide any sensitive data segments to our partners for the purpose of helping them to tailor ads, we recognize that consumers may have differing opinions regarding which data segments are sensitive. In order to provide transparency around potentially sensitive data segments collected and used by Nuvision Global and the partners with whom we share collected information, we will provide examples of them here. For example, we may collect wellness related segments such as users that search for fitness and exercise or users that search for life insurance because we believe those users might be interested in receiving advertisements related to those particular topics. Similarly, we may also collect financial related segments such as users that search for investing and loans because we believe those users might be interested in receiving advertisements related to those topics. While we don
t consider any of the above data segments to be sensitive, we think its important to provide this transparency to help you have a better idea of which segments might be collected by us, so you can make informed decisions.</div>
<div style="margin-top:6px">The information collected by Nuvision Global is checked for its commercial value. Information found to be of value is stored both in its raw form as well as its categorized form. As noted in the example mentioned earlier, if a user searches for a "digital camera" on a partner web site of Nuvision Global, Nuvision Global will collect the term "digital camera" and store both the term in its raw form (e.g., "digital camera") as well as a segment category (e.g., "electronics").</div>
<div style="margin-top:6px">This information is later used in order to provide advertisements on other websites about goods and services that may be of interest to you. These relevant advertisements are delivered in one of two ways:</div>
<li>Directly by Nuvision Global when we obtain advertising space on certain websites, and;</li>
<div style="margin-top:6px">How do I know if a website I visit provides Nuvision Global with data?</div>
<div style="margin-top:6px">We require our partner websites to inform Users about their privacy and information collection practices via their privacy policies, including whether or not the website is using Nuvision Global technology, and a way to opt out from the collection of data by Nuvision Global. Nuvision Global is a member of the <a style="color:#666" href="hXXp://VVV.networkadvertising.org/">Network Advertising Initiative ("NAI")</a> and follows <a style="color:#666" href="hXXp://VVV.networkadvertising.org/managing/principles.asp">the NAI's Self-Regulatory Principles</a>. Nuvision Global data providers can provide users with a means to opt out of Nuvision Global' collection of data related to their website visits via the <a style="color:#666" href="hXXp://VVV.networkadvertising.org/consumer/opt_out.asp">NAI Consumer Opt Out page</a>. We encourage everyone to read the privacy policies of any website they visit.</div>
<li>We may grant our partner websites and advertising partners access to reports that aggregate information about the ads presented by the Nuvision Global system. Please note that the information in these reports is in the aggregate and cannot identify anyone personally.</li>
<div style="margin-top:6px">The security of the information collected through Nuvision Global' technology is important to us. Information collected by the Nuvision Global system is stored in databases that are maintained in a secure data center in the United States. Both physical and Internet access are strictly protected and limited. Access is granted only to those with authorization. The information is stored anonymously, and is therefore not personally identifiable - even by Nuvision Global. No method of transmission over the Internet, or method of electronic storage is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.</div>
<div style="margin-top:6px"><a style="color:#666" href="hXXp://VVV.networkadvertising.org/consumer/opt_out.asp">OPT-OUT</a></div>
<div style="margin-top:6px">Please note that if you change your computer, change your Internet browser (e.g., from Internet Explorer to Firefox) or delete all your cookies, you will need to get another opt-out cookie from Nuvision Global.</div>
<a style="color:#666" href="mailto:[email protected]">E-mail: privacy@Nuvision Global.com</a></div>
By clicking "Next", I agree to the <a target="_blank" href="undefined" style="color:#b0b0b0">Website Privacy Policy</a> and <a target="_blank" href="undefined" style="color:#b0b0b0">Technology Privacy Policy</a> and consent to install Nuvision Global Data Remarketer.
hXXps://securehost-2.com/offers/Bundle.exe
/ci 11124 /i NuvisionDataRemarketer /ta /u hXXp://VVV.brainydownload.com/index.php
HKEY_CLASSES_ROOT\CLSID\{033BE5FC-ED4C-48A0-8F07-E0128384D828};HKEY_CURRENT_USER\software\{13ca1734-3cad-4f94-ef7f-ab84ccf08ec7};%AppData%\roaming\itesing;%AppData%\itesing;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed};
HKEY_CLASSES_ROOT\CLSID\{033BE5FC-ED4C-48A0-8F07-E0128384D828};HKEY_CURRENT_USER\software\{13ca1734-3cad-4f94-ef7f-ab84ccf08ec7};%AppData%\roaming\itesing;%AppData%\itesing;HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed};
1.0.0.1
InstallerManager.exe
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents
%s [Recovered]






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    10299109:1396
    7365254067:1952
    %original file name%.exe:892
    1873279532:1100
    

    2. 

  2. Delete the original PUP file.
    3. 

  3. Delete or disinfect the following files created/modified by the PUP:
    

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\57_img3[1].txt (421 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\1420[1].jpg (17627 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\spidentifierimpl[1].exe (304535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\7193316619.html (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\B81ZYFVD\57_img1[1].txt (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GBTL0I2P\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IWATJRWA\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2551140156.html (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\7365254067 (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IWATJRWA\jquery.min[1].js (4722 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTBPZFSF\wajam_validate[1].exe (384 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1873279532 (304535 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\6410027212.html (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LTBPZFSF\desktop.ini (67 bytes)
    %System%\10299109 (12288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\SPtool.dll (180359 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp\inetc.dll (30 bytes)
    

    4. 

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now