not-a-virus:HEUR:AdWare.NSIS.TornTV.gen (Kaspersky), AdwareDownware.YR (Lavasoft MAS)Behaviour: Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: b55d121f9788f7ee978560bd6c763d23
SHA1: 4ad951b9dfa66284b9275953cd0a3e119ea49dc7
SHA256: 514303c4eb0842fd8840c81b7482abfb10272deb7641087221386a8bb7039950
SSDeep: 6144:bsxhzF47CxH1XXYWgjZDW6uaXBshI0CD50Y/aFhIqR q8ww:ohzXrYzjZ1uaXBsGP5EFhIqE
Size: 284048 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:46
Analyzed on: Windows7 SP1 32-bit
Summary: Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Adware creates the following process(es):No processes have been created.The Adware injects its code into the following process(es):
%original file name%.exe:2084
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2084 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\bab_off.bmp (672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\skip.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\locate.dll (804 bytes)
%Program Files%\1ClickDownload\ocmainpack.exe (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\box.bmp (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\MainPackFA2703[1].htm (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\x.bmp (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept1.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept3.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\inetc3.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFE2D.tmp (14068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\decline.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\gC0 (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\stvheader2.bmp (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept2.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\35TJMWCT.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J5WT9XQ0.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\bab_on.bmp (672 bytes)
The Adware deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsdFE1D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp (0 bytes)
Registry activity
The process %original file name%.exe:2084 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASAPI32]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{24C5EDBC-2851-452A-B521-5DA992F6C1B5}"
[HKCU\Software\1ClickDownload]
"LastInstall0" = "30557600"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecision" = "3"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecisionTime" = "90 21 80 C8 A0 45 D2 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecision" = "3"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionReason" = "1"
[HKCU\Software\1ClickDownload]
"UID" = "284555269"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 36 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadNetworkName" = "Network 2"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionTime" = "90 21 80 C8 A0 45 D2 01"
[HKLM\SOFTWARE\Microsoft\Tracing\b55d121f9788f7ee978560bd6c763d23_RASMANCS]
"MaxFileSize" = "1048576"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Adware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
| MD5 | File path |
|---|---|
| c17103ae9072a06da581dec998343fc1 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\System.dll |
| 9d8ce05f532dc7b5742831ec8a63c2d8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\inetc3.dll |
| 7d3317f57c1a368480ace3c0ca804eeb | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\locate.dll |
| c10e04dd4ad4277d5adc951bb331c777 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Adware file.
- Delete or disinfect the following files created/modified by the Adware:
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\bab_off.bmp (672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\skip.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\locate.dll (804 bytes)
%Program Files%\1ClickDownload\ocmainpack.exe (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\box.bmp (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\MainPackFA2703[1].htm (544 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\x.bmp (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept1.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept3.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\inetc3.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFE2D.tmp (14068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\decline.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\gC0 (776 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\stvheader2.bmp (4992 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\accept2.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\35TJMWCT.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J5WT9XQ0.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\bab_on.bmp (672 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 23130 | 23552 | 4.44841 | 0bc2ffd32265a08d72b795b18265828d |
| .rdata | 28672 | 4496 | 4608 | 3.59163 | f179218a059068529bdb4637ef5fa28e |
| .data | 36864 | 110488 | 1024 | 3.26405 | 975304d6dd6c4a4f076b15511e2bbbc0 |
| .ndata | 147456 | 405504 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 552960 | 16592 | 16896 | 4.13773 | abf626bfe9f174e03fe1d5c304ff19ac |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 8
e8f55980df08ddc314324abfa563a1dd
f2a56a1ec5281e6b864c825240516c3a
7c56707be7d161c5329b2b653e65cb67
eb3102582af87412c27fa904ef6f3992
15007f1438f3514d1cec18578ce05d50
d4ccc779b6c4733a2d14bcc5d789d888
6116177879c42883bb545770edbb7c51
ff94e01cec359e7393c925e90073528a
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://data.torntv.net/country.asp?st=-1&uid=284555269&tuid=3090437&sref=1CD_16_2_eztv2&vmdt=|vm|&bld=16CJ | |
| hxxp://files.download1click.ws/MainPackFA2703.exe |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Adware connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2084:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
ers\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll
ers\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll
264-IMMERSE.magnet
264-IMMERSE.magnet
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp\nsDialogs.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssFF18.tmp
eland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
eland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
END USER LICENSE AGREEMENT / TERMS OF SERVICE / AND PRIVACY POLICY IMPORTANT - PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. THIS AGREEMENT SHALL GOVERN YOUR USE OF BABYLON SOFTWARE, SERVICE AND SITE, IF, AFTER READING THIS AGREEMENT, YOU WISH TO USE THE BABYLON SOFTWARE, WEBSITE AND ITS FEATURES AS DESCRIBE LATER.
END USER LICENSE AGREEMENT / TERMS OF SERVICE / AND PRIVACY POLICY IMPORTANT - PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. THIS AGREEMENT SHALL GOVERN YOUR USE OF BABYLON SOFTWARE, SERVICE AND SITE, IF, AFTER READING THIS AGREEMENT, YOU WISH TO USE THE BABYLON SOFTWARE, WEBSITE AND ITS FEATURES AS DESCRIBE LATER.
This combined End User License Agreement / Terms / and Privacy policy (The "Agreement") constitutes a valid and binding agreement between Babylon LTD which governs the use of the Babylon Website, Software and its features and you, for the use of the Babylon Toolbar, Content and Services as defined below. You must enter into this agreement in order to install and use the Babylon Toolbar. When you download the Babylon Software, you will receive the following software features:
This combined End User License Agreement / Terms / and Privacy policy (The "Agreement") constitutes a valid and binding agreement between Babylon LTD which governs the use of the Babylon Website, Software and its features and you, for the use of the Babylon Toolbar, Content and Services as defined below. You must enter into this agreement in order to install and use the Babylon Toolbar. When you download the Babylon Software, you will receive the following software features:
1.4.1
1.4.1
1.4.2
1.4.2
1.4.3
1.4.3
To uninstall the Software, you may use the standard uninstall procedures offered by your computer's Operating System or your Internet Browser.
To uninstall the Software, you may use the standard uninstall procedures offered by your computer's Operating System or your Internet Browser.
1.5.1
1.5.1
from Windows "Add/Remove Programs" dialog, find the Software in the list of installed applications and click on it, and then click on the "Uninstall" button.
from Windows "Add/Remove Programs" dialog, find the Software in the list of installed applications and click on it, and then click on the "Uninstall" button.
1.5.2
1.5.2
Uninstall from Firefox
Uninstall from Firefox
Third Party Code; Notice and Attribution. The Babylon Toolbar includes third party software subject to open source license terms, including, without limitation, the following applications: Compression Algorithm, PCRE, Firefox Plug-in Modules, and NSIS Toolkit and Plug-ins. All rights are reserved by the licensors of such code and ownership is attributed as follows:
Third Party Code; Notice and Attribution. The Babylon Toolbar includes third party software subject to open source license terms, including, without limitation, the following applications: Compression Algorithm, PCRE, Firefox Plug-in Modules, and NSIS Toolkit and Plug-ins. All rights are reserved by the licensors of such code and ownership is attributed as follows:
1.6.1
1.6.1
Firefox Plug-ins: Copyright
Firefox Plug-ins: Copyright
1.6.2
1.6.2
2009 Contributors as identified at hXXp://nsis.sourceforge.net/Main_Page
2009 Contributors as identified at hXXp://nsis.sourceforge.net/Main_Page
THE SOFTWARE (ASIDE FROM THE Babylon Toolbar FOR FIREFOX) CAN BE UNINSTALLED FROM THE "ADD OR REMOVE PROGRAMS" DIALOG BOX IN THE WINDOWS CONTROL PANEL.
THE SOFTWARE (ASIDE FROM THE Babylon Toolbar FOR FIREFOX) CAN BE UNINSTALLED FROM THE "ADD OR REMOVE PROGRAMS" DIALOG BOX IN THE WINDOWS CONTROL PANEL.
The Babylon Toolbar is being licensed to you by Babylon Toolbar on an "AS IS" basis, for your private personal use only. Subject to the terms of this Agreement, Babylon Toolbar and its current, and future , parent and subsidiary companies (collectively "Licensor", "we", "us" or "our") hereby grants you a limited, non-exclusive, personal, non-sub licensable, non-assignable license to download, install and use the Babylon Toolbar, including any online or enclosed documentation, data distributed to your computer for processing and any future programming fixes, updates and upgrades provided to you (collectively, the "Babylon Toolbar") onto a computer for your sole use to install, interact with and utilize the Babylon Toolbar, including the content and features contained therein and the services and the Network related thereto ("Services"). The Babylon Toolbar may only be used in connection with the Services. As used herein, the term "Network" means the universe of computers connected to the Internet that are operating the Babylon Toolbar.
The Babylon Toolbar is being licensed to you by Babylon Toolbar on an "AS IS" basis, for your private personal use only. Subject to the terms of this Agreement, Babylon Toolbar and its current, and future , parent and subsidiary companies (collectively "Licensor", "we", "us" or "our") hereby grants you a limited, non-exclusive, personal, non-sub licensable, non-assignable license to download, install and use the Babylon Toolbar, including any online or enclosed documentation, data distributed to your computer for processing and any future programming fixes, updates and upgrades provided to you (collectively, the "Babylon Toolbar") onto a computer for your sole use to install, interact with and utilize the Babylon Toolbar, including the content and features contained therein and the services and the Network related thereto ("Services"). The Babylon Toolbar may only be used in connection with the Services. As used herein, the term "Network" means the universe of computers connected to the Internet that are operating the Babylon Toolbar.
(a) Notwithstanding anything to the contrary, you may not: (i) remove any proprietary notices from the Services, Babylon Toolbar or any copy thereof; (ii) cause, permit or authorize the modification, creation of derivative works, translation, reverse engineering, decompiling or disassembling or hacking of the Babylon Toolbar, the Services or the Network; (iii) sell, assign, rent, lease, act as a service bureau, or grant rights in the Babylon Toolbar or Services, including, without limitation, through sublicense, to any other entity without the prior written consent of Babylon ; (iv) export or re-export the Babylon Toolbar in violation of export laws; (v) use the Babylon Toolbar or Services for any commercial purpose or the benefit of any third party or charge any person for the use of the Babylon ; or (vi) use the Babylon Toolbar or Services to, or in any way that would violate any applicable law, regulation or ordinance; (vii) collect any information or communication about the Network or users of the Babylon Toolbar or Services by monitoring, interdicting or interce
(a) Notwithstanding anything to the contrary, you may not: (i) remove any proprietary notices from the Services, Babylon Toolbar or any copy thereof; (ii) cause, permit or authorize the modification, creation of derivative works, translation, reverse engineering, decompiling or disassembling or hacking of the Babylon Toolbar, the Services or the Network; (iii) sell, assign, rent, lease, act as a service bureau, or grant rights in the Babylon Toolbar or Services, including, without limitation, through sublicense, to any other entity without the prior written consent of Babylon ; (iv) export or re-export the Babylon Toolbar in violation of export laws; (v) use the Babylon Toolbar or Services for any commercial purpose or the benefit of any third party or charge any person for the use of the Babylon ; or (vi) use the Babylon Toolbar or Services to, or in any way that would violate any applicable law, regulation or ordinance; (vii) collect any information or communication about the Network or users of the Babylon Toolbar or Services by monitoring, interdicting or interce
ÃUI
ÃUI
*i%3s
*i%3s
.jioX
.jioX
J5uFlashInstall.log
J5uFlashInstall.log
78560bd6c763d23.exe
78560bd6c763d23.exe
FLASHI~1.LOG
FLASHI~1.LOG
Watch free TV channels, live sports and more
Watch free TV channels, live sports and more
iles\1ClickDownload\1ClickDownloader.exe
iles\1ClickDownload\1ClickDownloader.exe
-8388609
-8388609
6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
Path=Profiles/5a2ce8gs.default
Path=Profiles/5a2ce8gs.default
X6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
X6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
f9788f7ee978560bd6c763d23.exe
f9788f7ee978560bd6c763d23.exe
BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
99032376
99032376
402982697
402982697
s/5a2ce8gs.default
s/5a2ce8gs.default
5a2ce8gs.default
5a2ce8gs.default
43790880
43790880
S02E09_720p_HDTV_x264-IMMERSE.exe
S02E09_720p_HDTV_x264-IMMERSE.exe
Windows 7 Ultimate
Windows 7 Ultimate
9.tmp
9.tmp
ore.exe
ore.exe
c:\%original file name%.exe
c:\%original file name%.exe
C:\Users\"%CurrentUserName%"\Desktop
C:\Users\"%CurrentUserName%"\Desktop
%Program Files%\1ClickDownload
%Program Files%\1ClickDownload
nssFF18.tmp
nssFF18.tmp
%original file name%.exe
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsdFE1D.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nsdFE1D.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
hXXp://files.download1click.ws/MainPackFA2703.exe
hXXp://files.download1click.ws/MainPackFA2703.exe
hXXp://files.download1click.ws/gzip2.exe
hXXp://files.download1click.ws/gzip2.exe
hXXp://data.torntv.net/
hXXp://data.torntv.net/
hXXp://data.oa-software.com/
hXXp://data.oa-software.com/
hXXp://files.download1click.ws/BTB0612.exe
hXXp://files.download1click.ws/BTB0612.exe
hXXp://cdn.download.sweetpacks.com/simsdm/bundle/BundleSweetIMSetup.exe
hXXp://cdn.download.sweetpacks.com/simsdm/bundle/BundleSweetIMSetup.exe
hXXp://files.download1click.ws/FmoodsV21.exe
hXXp://files.download1click.ws/FmoodsV21.exe
hXXp://files.download1click.ws/IminentSetup5.exe
hXXp://files.download1click.ws/IminentSetup5.exe
hXXp://files.download1click.ws/Fantapper.exe
hXXp://files.download1click.ws/Fantapper.exe
hXXp://files.download1click.ws/weatherbugsetup.msi
hXXp://files.download1click.ws/weatherbugsetup.msi
hXXp://files.download1click.ws/IWantThisSetupRS.exe
hXXp://files.download1click.ws/IWantThisSetupRS.exe
hXXp://files.download1click.ws/ciuvoSetup.exe
hXXp://files.download1click.ws/ciuvoSetup.exe
hXXp://files.download1click.ws/incredibar_install3.exe
hXXp://files.download1click.ws/incredibar_install3.exe
hXXp://files.download1click.ws/yontoo-c4.exe
hXXp://files.download1click.ws/yontoo-c4.exe
hXXp://files.download1click.ws/yontoo-c2.exe
hXXp://files.download1click.ws/yontoo-c2.exe
hXXp://files.download1click.ws/yontoo-b2.exe
hXXp://files.download1click.ws/yontoo-b2.exe
hXXp://download.sterkly.com/yontoo-c3.exe
hXXp://download.sterkly.com/yontoo-c3.exe
hXXp://download.sterkly.com/yontoo-c5.exe
hXXp://download.sterkly.com/yontoo-c5.exe
hXXp://files.download1click.ws/GophotoExtSetup.exe
hXXp://files.download1click.ws/GophotoExtSetup.exe
hXXp://files.download1click.ws/OneClickExt1_filter03.exe
hXXp://files.download1click.ws/OneClickExt1_filter03.exe
hXXp://files.download1click.ws/OneClickExt1_filter13.exe
hXXp://files.download1click.ws/OneClickExt1_filter13.exe
ocmainpack.exe
ocmainpack.exe
Inetc33 (Mozilla; FW 4; WinNT 6.1|Windows 7 Ultimate; wd 20112013; dbw ie; yo ; nd 0; sd 0; fl 1; ch 02; ge ; hi 0|0|10|0)
Inetc33 (Mozilla; FW 4; WinNT 6.1|Windows 7 Ultimate; wd 20112013; dbw ie; yo ; nd 0; sd 0; fl 1; ch 02; ge ; hi 0|0|10|0)
magnet:?xt=urn:btih:3YM4Y7YIYOVBK6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
magnet:?xt=urn:btih:3YM4Y7YIYOVBK6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80
Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
1342834137
1342834137
284555269
284555269
3090437
3090437
eztv2,magnet:?xt=urn:btih:3YM4Y7YIYOVBK6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
eztv2,magnet:?xt=urn:btih:3YM4Y7YIYOVBK6BHLG6CALLX6M4VIU5A&dn=Homeland.S02E09.720p.HDTV.x264-IMMERSE&tr=udp://tracker.openbittorrent.com:80&tr=udp://tracker.publicbt.com:80&tr=udp://tracker.istole.it:80,Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe,ca
251987010
251987010
302318660
302318660
285541447
285541447
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\5a2ce8gs.default\
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\5a2ce8gs.default\
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\History\History.IE5\
503645668
503645668
285869121
285869121
285869132
285869132
285869128
285869128
235537459
235537459
118097131
118097131
436864558
436864558
319423565
319423565
302646790
302646790
319423563
319423563
201983218
201983218
1074398269
1074398269
604636405
604636405
118097133
118097133
1460274425
1460274425
671745274
671745274
Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe
Homeland_S02E09_720p_HDTV_x264-IMMERSE.exe
30557600
30557600
VVV.oneclickdownloader.com
VVV.oneclickdownloader.com
sbiectrl.exe
sbiectrl.exe
vmtoolsd.exe
vmtoolsd.exe
prl_cc.exe
prl_cc.exe
coherence.exe
coherence.exe
VirtualBox.exe
VirtualBox.exe
VBoxSVC.exe
VBoxSVC.exe
DrWeb
DrWeb
%Program Files%\1ClickDownload\Homeland_S02E09_720p_HDTV_x264-IMMERSE.magnet
%Program Files%\1ClickDownload\Homeland_S02E09_720p_HDTV_x264-IMMERSE.magnet
20112013
20112013
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
country.asp?st=
country.asp?st=
)-.Yln
)-.Yln
Nullsoft Install System v2.46
Nullsoft Install System v2.46
%original file name%.exe_2084_rwx_10004000_00001000:
callback%d
callback%d