home *** CD-ROM | disk | FTP | other *** search
/ Internet - Latest Software 2006 / Internet LS 2006.iso / Super AD Blocker 2.0.0.1036 / Setup / SuperAdBlocker.exe / PROCESSLIST.DB < prev    next >
Encoding:
Text File  |  2005-03-21  |  788.6 KB  |  28,819 lines
  1. <SABSCRIPT>
  2. <PROCESSDESCRIPTOR>
  3. <ID>45</ID>
  4. <PROCESSLIST>
  5. <PROCESS>OPTIMIZE.EXE</PROCESS>
  6. <PROCESS>ACTALERT.EXE</PROCESS>
  7. <PROCESS>OPTIMIZE313.EXE</PROCESS>
  8. </PROCESSLIST>
  9. <CLSIDLIST>
  10. </CLSIDLIST>
  11. <SUMMARY>Adware.Avenue Media/Internet Optimizer.Process</SUMMARY>
  12. <DEFAULTINSTALLPATHLIST>
  13. </DEFAULTINSTALLPATHLIST>
  14. <CATEGORY>ADWARE</CATEGORY>
  15. <CONDITIONLIST>
  16. <CONDITION>FILELOCATION~TEMP</CONDITION>
  17. <CONDITION>FILELOCATION~INTERN</CONDITION>
  18. </CONDITIONLIST>
  19. <OPERATOR>OR</OPERATOR>
  20. <THREATLEVEL>5</THREATLEVEL>
  21. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23. </PROCESSDESCRIPTOR>
  24. <PROCESSDESCRIPTOR>
  25. <ID>50</ID>
  26. <PROCESSLIST>
  27. <PROCESS>WEATHER.EXE</PROCESS>
  28. </PROCESSLIST>
  29. <CLSIDLIST>
  30. </CLSIDLIST>
  31. <SUMMARY>WeatherBug</SUMMARY>
  32. <DEFAULTINSTALLPATHLIST>
  33. </DEFAULTINSTALLPATHLIST>
  34. <CATEGORY>ADWARE</CATEGORY>
  35. <CONDITIONLIST>
  36. </CONDITIONLIST>
  37. <OPERATOR>AND</OPERATOR>
  38. <THREATLEVEL>3</THREATLEVEL>
  39. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  40. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  41. </PROCESSDESCRIPTOR>
  42. <PROCESSDESCRIPTOR>
  43. <ID>58</ID>
  44. <PROCESSLIST>
  45. <PROCESS>KEYCOUNT.EXE</PROCESS>
  46. </PROCESSLIST>
  47. <CLSIDLIST>
  48. </CLSIDLIST>
  49. <SUMMARY>Keycount Keylogger</SUMMARY>
  50. <DEFAULTINSTALLPATHLIST>
  51. </DEFAULTINSTALLPATHLIST>
  52. <CATEGORY>SPYWARE</CATEGORY>
  53. <CONDITIONLIST>
  54. </CONDITIONLIST>
  55. <OPERATOR>AND</OPERATOR>
  56. <THREATLEVEL>10</THREATLEVEL>
  57. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  58. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  59. </PROCESSDESCRIPTOR>
  60. <PROCESSDESCRIPTOR>
  61. <ID>72</ID>
  62. <PROCESSLIST>
  63. <PROCESS>AVSERVE2.EXE</PROCESS>
  64. </PROCESSLIST>
  65. <CLSIDLIST>
  66. </CLSIDLIST>
  67. <SUMMARY>Sasser Internet Worm</SUMMARY>
  68. <DEFAULTINSTALLPATHLIST>
  69. </DEFAULTINSTALLPATHLIST>
  70. <CATEGORY>VIRUS</CATEGORY>
  71. <CONDITIONLIST>
  72. </CONDITIONLIST>
  73. <OPERATOR>AND</OPERATOR>
  74. <THREATLEVEL>10</THREATLEVEL>
  75. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  76. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  77. </PROCESSDESCRIPTOR>
  78. <PROCESSDESCRIPTOR>
  79. <ID>73</ID>
  80. <PROCESSLIST>
  81. <PROCESS>LIVESEXCAMS.EXE</PROCESS>
  82. </PROCESSLIST>
  83. <CLSIDLIST>
  84. </CLSIDLIST>
  85. <SUMMARY>LiveSexCams Dialer</SUMMARY>
  86. <DEFAULTINSTALLPATHLIST>
  87. </DEFAULTINSTALLPATHLIST>
  88. <CATEGORY>DIALER</CATEGORY>
  89. <CONDITIONLIST>
  90. </CONDITIONLIST>
  91. <OPERATOR>AND</OPERATOR>
  92. <THREATLEVEL>10</THREATLEVEL>
  93. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  94. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  95. </PROCESSDESCRIPTOR>
  96. <PROCESSDESCRIPTOR>
  97. <ID>75</ID>
  98. <PROCESSLIST>
  99. <PROCESS>WEBSAVINGSFROMEBATES.EXE</PROCESS>
  100. </PROCESSLIST>
  101. <CLSIDLIST>
  102. </CLSIDLIST>
  103. <SUMMARY>WebSavings</SUMMARY>
  104. <DEFAULTINSTALLPATHLIST>
  105. </DEFAULTINSTALLPATHLIST>
  106. <CATEGORY>ADWARE</CATEGORY>
  107. <CONDITIONLIST>
  108. </CONDITIONLIST>
  109. <OPERATOR>AND</OPERATOR>
  110. <THREATLEVEL>10</THREATLEVEL>
  111. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  112. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  113. </PROCESSDESCRIPTOR>
  114. <PROCESSDESCRIPTOR>
  115. <ID>76</ID>
  116. <PROCESSLIST>
  117. <PROCESS>BARGAINS.EXE</PROCESS>
  118. </PROCESSLIST>
  119. <CLSIDLIST>
  120. </CLSIDLIST>
  121. <SUMMARY>BargainBuddy</SUMMARY>
  122. <DEFAULTINSTALLPATHLIST>
  123. </DEFAULTINSTALLPATHLIST>
  124. <CATEGORY>ADWARE</CATEGORY>
  125. <CONDITIONLIST>
  126. </CONDITIONLIST>
  127. <OPERATOR>AND</OPERATOR>
  128. <THREATLEVEL>10</THREATLEVEL>
  129. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  130. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  131. </PROCESSDESCRIPTOR>
  132. <PROCESSDESCRIPTOR>
  133. <ID>77</ID>
  134. <PROCESSLIST>
  135. <PROCESS>MSBB.EXE</PROCESS>
  136. </PROCESSLIST>
  137. <CLSIDLIST>
  138. </CLSIDLIST>
  139. <SUMMARY>n-CASE (SongSpy)</SUMMARY>
  140. <DEFAULTINSTALLPATHLIST>
  141. </DEFAULTINSTALLPATHLIST>
  142. <CATEGORY>SPYWARE</CATEGORY>
  143. <CONDITIONLIST>
  144. </CONDITIONLIST>
  145. <OPERATOR>AND</OPERATOR>
  146. <THREATLEVEL>5</THREATLEVEL>
  147. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  148. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  149. </PROCESSDESCRIPTOR>
  150. <PROCESSDESCRIPTOR>
  151. <ID>78</ID>
  152. <PROCESSLIST>
  153. <PROCESS>MMOD.EXE</PROCESS>
  154. </PROCESSLIST>
  155. <CLSIDLIST>
  156. </CLSIDLIST>
  157. <SUMMARY>Adware.eZula/TopText iLookup.Process</SUMMARY>
  158. <DEFAULTINSTALLPATHLIST>
  159. </DEFAULTINSTALLPATHLIST>
  160. <CATEGORY>ADWARE</CATEGORY>
  161. <CONDITIONLIST>
  162. </CONDITIONLIST>
  163. <OPERATOR>AND</OPERATOR>
  164. <THREATLEVEL>10</THREATLEVEL>
  165. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  166. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  167. </PROCESSDESCRIPTOR>
  168. <PROCESSDESCRIPTOR>
  169. <ID>79</ID>
  170. <PROCESSLIST>
  171. <PROCESS>WTOOLSA.EXE</PROCESS>
  172. <PROCESS>WTOOLSB.EXE</PROCESS>
  173. <PROCESS>WTOOLSS.EXE</PROCESS>
  174. <PROCESS>WSUP.EXE</PROCESS>
  175. <PROCESS>WINTOOLS.EXE</PROCESS>
  176. </PROCESSLIST>
  177. <CLSIDLIST>
  178. </CLSIDLIST>
  179. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  180. <DEFAULTINSTALLPATHLIST>
  181. </DEFAULTINSTALLPATHLIST>
  182. <CATEGORY>SPYWARE</CATEGORY>
  183. <CONDITIONLIST>
  184. </CONDITIONLIST>
  185. <OPERATOR>AND</OPERATOR>
  186. <THREATLEVEL>10</THREATLEVEL>
  187. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  188. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  189. </PROCESSDESCRIPTOR>
  190. <PROCESSDESCRIPTOR>
  191. <ID>80</ID>
  192. <PROCESSLIST>
  193. <PROCESS>POPSRV225.EXE</PROCESS>
  194. </PROCESSLIST>
  195. <CLSIDLIST>
  196. </CLSIDLIST>
  197. <SUMMARY>Browser Hijacker.Apropos Media/PeopleOnPage.Process</SUMMARY>
  198. <DEFAULTINSTALLPATHLIST>
  199. </DEFAULTINSTALLPATHLIST>
  200. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  201. <CONDITIONLIST>
  202. </CONDITIONLIST>
  203. <OPERATOR>AND</OPERATOR>
  204. <THREATLEVEL>10</THREATLEVEL>
  205. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  206. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  207. </PROCESSDESCRIPTOR>
  208. <PROCESSDESCRIPTOR>
  209. <ID>94</ID>
  210. <PROCESSLIST>
  211. <PROCESS>PURITYSCAN.EXE</PROCESS>
  212. <PROCESS>PURITYSCAN2.EXE</PROCESS>
  213. <PROCESS>WINSERVN.EXE</PROCESS>
  214. <PROCESS>SEAR1.EXE</PROCESS>
  215. <PROCESS>WAPICC.EXE</PROCESS>
  216. <PROCESS>WAPIIT.EXE</PROCESS>
  217. <PROCESS>WAPISU.EXE</PROCESS>
  218. <PROCESS>WAPISVIT.EXE</PROCESS>
  219. <PROCESS>WAPISVSU.EXE</PROCESS>
  220. <PROCESS>WCPCC.EXE</PROCESS>
  221. <PROCESS>WCPSVSU.EXE</PROCESS>
  222. <PROCESS>WCPSVTR.EXE</PROCESS>
  223. <PROCESS>WINSERVS.EXE</PROCESS>
  224. <PROCESS>WINTSU.EXE</PROCESS>
  225. <PROCESS>WINTSVCC.EXE</PROCESS>
  226. <PROCESS>WNSAPICC.EXE</PROCESS>
  227. <PROCESS>WNSAPISU.EXE</PROCESS>
  228. <PROCESS>WNSAPISV.EXE</PROCESS>
  229. <PROCESS>WNSCPSU.EXE</PROCESS>
  230. <PROCESS>WNSCPSV.EXE</PROCESS>
  231. <PROCESS>WNSINTIT.EXE</PROCESS>
  232. <PROCESS>WNSINTSU.EXE</PROCESS>
  233. <PROCESS>WNSINTSV.EXE</PROCESS>
  234. <PROCESS>WNSTSSV.EXE</PROCESS>
  235. <PROCESS>WTSIT.EXE</PROCESS>
  236. <PROCESS>WTSTR.EXE</PROCESS>
  237. </PROCESSLIST>
  238. <CLSIDLIST>
  239. </CLSIDLIST>
  240. <SUMMARY>Adware.ClickSpring/PuritySCAN.Process</SUMMARY>
  241. <DEFAULTINSTALLPATHLIST>
  242. </DEFAULTINSTALLPATHLIST>
  243. <CATEGORY>ADWARE</CATEGORY>
  244. <CONDITIONLIST>
  245. </CONDITIONLIST>
  246. <OPERATOR>AND</OPERATOR>
  247. <THREATLEVEL>10</THREATLEVEL>
  248. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  249. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  250. </PROCESSDESCRIPTOR>
  251. <PROCESSDESCRIPTOR>
  252. <ID>358</ID>
  253. <PROCESSLIST>
  254. <PROCESS>RH.EXE</PROCESS>
  255. </PROCESSLIST>
  256. <CLSIDLIST>
  257. </CLSIDLIST>
  258. <SUMMARY>Adware.SmartPops.Process</SUMMARY>
  259. <DEFAULTINSTALLPATHLIST>
  260. </DEFAULTINSTALLPATHLIST>
  261. <CATEGORY>ADWARE</CATEGORY>
  262. <CONDITIONLIST>
  263. <CONDITION>PRODUCTNAME~Hopper</CONDITION>
  264. </CONDITIONLIST>
  265. <OPERATOR>AND</OPERATOR>
  266. <THREATLEVEL>10</THREATLEVEL>
  267. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  268. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  269. </PROCESSDESCRIPTOR>
  270. <PROCESSDESCRIPTOR>
  271. <ID>512</ID>
  272. <PROCESSLIST>
  273. <PROCESS>*</PROCESS>
  274. <PROCESS>(RUNDLL32.EXE)</PROCESS>
  275. </PROCESSLIST>
  276. <CLSIDLIST>
  277. </CLSIDLIST>
  278. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  279. <DEFAULTINSTALLPATHLIST>
  280. </DEFAULTINSTALLPATHLIST>
  281. <CATEGORY>ADWARE</CATEGORY>
  282. <CONDITIONLIST>
  283. <CONDITION>MD5=24795c034a595311eac8039a05abbd0e</CONDITION>
  284. </CONDITIONLIST>
  285. <OPERATOR>AND</OPERATOR>
  286. <THREATLEVEL>10</THREATLEVEL>
  287. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  288. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  289. </PROCESSDESCRIPTOR>
  290. <PROCESSDESCRIPTOR>
  291. <ID>97</ID>
  292. <PROCESSLIST>
  293. <PROCESS>INTDEL.EXE</PROCESS>
  294. </PROCESSLIST>
  295. <CLSIDLIST>
  296. </CLSIDLIST>
  297. <SUMMARY>InternetDelivery</SUMMARY>
  298. <DEFAULTINSTALLPATHLIST>
  299. </DEFAULTINSTALLPATHLIST>
  300. <CATEGORY>ADWARE</CATEGORY>
  301. <CONDITIONLIST>
  302. </CONDITIONLIST>
  303. <OPERATOR>AND</OPERATOR>
  304. <THREATLEVEL>5</THREATLEVEL>
  305. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  306. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  307. </PROCESSDESCRIPTOR>
  308. <PROCESSDESCRIPTOR>
  309. <ID>113</ID>
  310. <PROCESSLIST>
  311. <PROCESS>HBSRV.EXE</PROCESS>
  312. <PROCESS>HBINST.EXE</PROCESS>
  313. <PROCESS>WEATHERONTRAY.EXE</PROCESS>
  314. </PROCESSLIST>
  315. <CLSIDLIST>
  316. </CLSIDLIST>
  317. <SUMMARY>Adware.HotBar.Process</SUMMARY>
  318. <DEFAULTINSTALLPATHLIST>
  319. </DEFAULTINSTALLPATHLIST>
  320. <CATEGORY>ADWARE</CATEGORY>
  321. <CONDITIONLIST>
  322. </CONDITIONLIST>
  323. <OPERATOR>AND</OPERATOR>
  324. <THREATLEVEL>10</THREATLEVEL>
  325. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  326. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  327. </PROCESSDESCRIPTOR>
  328. <PROCESSDESCRIPTOR>
  329. <ID>114</ID>
  330. <PROCESSLIST>
  331. <PROCESS>CS4P028.EXE</PROCESS>
  332. </PROCESSLIST>
  333. <CLSIDLIST>
  334. </CLSIDLIST>
  335. <SUMMARY>Unknown Threat (CS4P028)</SUMMARY>
  336. <DEFAULTINSTALLPATHLIST>
  337. </DEFAULTINSTALLPATHLIST>
  338. <CATEGORY>ADWARE</CATEGORY>
  339. <CONDITIONLIST>
  340. </CONDITIONLIST>
  341. <OPERATOR>AND</OPERATOR>
  342. <THREATLEVEL>10</THREATLEVEL>
  343. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  344. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  345. </PROCESSDESCRIPTOR>
  346. <PROCESSDESCRIPTOR>
  347. <ID>115</ID>
  348. <PROCESSLIST>
  349. <PROCESS>DAP.EXE</PROCESS>
  350. </PROCESSLIST>
  351. <CLSIDLIST>
  352. </CLSIDLIST>
  353. <SUMMARY>Download Accelerator Plus</SUMMARY>
  354. <DEFAULTINSTALLPATHLIST>
  355. </DEFAULTINSTALLPATHLIST>
  356. <CATEGORY>ADWARE</CATEGORY>
  357. <CONDITIONLIST>
  358. <CONDITION>COMPANYNAME~SpeedBit</CONDITION>
  359. </CONDITIONLIST>
  360. <OPERATOR>AND</OPERATOR>
  361. <THREATLEVEL>2</THREATLEVEL>
  362. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  363. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  364. </PROCESSDESCRIPTOR>
  365. <PROCESSDESCRIPTOR>
  366. <ID>118</ID>
  367. <PROCESSLIST>
  368. <PROCESS>MEMORYWATCHER.EXE</PROCESS>
  369. </PROCESSLIST>
  370. <CLSIDLIST>
  371. </CLSIDLIST>
  372. <SUMMARY>Adware.Sandboxer (MemoryWatcher).Installer</SUMMARY>
  373. <DEFAULTINSTALLPATHLIST>
  374. </DEFAULTINSTALLPATHLIST>
  375. <CATEGORY>ADWARE</CATEGORY>
  376. <CONDITIONLIST>
  377. </CONDITIONLIST>
  378. <OPERATOR>AND</OPERATOR>
  379. <THREATLEVEL>10</THREATLEVEL>
  380. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  381. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  382. </PROCESSDESCRIPTOR>
  383. <PROCESSDESCRIPTOR>
  384. <ID>119</ID>
  385. <PROCESSLIST>
  386. <PROCESS>REMOVED.EXE</PROCESS>
  387. </PROCESSLIST>
  388. <CLSIDLIST>
  389. </CLSIDLIST>
  390. <SUMMARY>Unknown Threat (Removed)</SUMMARY>
  391. <DEFAULTINSTALLPATHLIST>
  392. </DEFAULTINSTALLPATHLIST>
  393. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  394. <CONDITIONLIST>
  395. </CONDITIONLIST>
  396. <OPERATOR>AND</OPERATOR>
  397. <THREATLEVEL>5</THREATLEVEL>
  398. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  399. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  400. </PROCESSDESCRIPTOR>
  401. <PROCESSDESCRIPTOR>
  402. <ID>121</ID>
  403. <PROCESSLIST>
  404. <PROCESS>CSREMND.EXE</PROCESS>
  405. </PROCESSLIST>
  406. <CLSIDLIST>
  407. </CLSIDLIST>
  408. <SUMMARY>CasinoOnline</SUMMARY>
  409. <DEFAULTINSTALLPATHLIST>
  410. </DEFAULTINSTALLPATHLIST>
  411. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  412. <CONDITIONLIST>
  413. </CONDITIONLIST>
  414. <OPERATOR>AND</OPERATOR>
  415. <THREATLEVEL>5</THREATLEVEL>
  416. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  417. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  418. </PROCESSDESCRIPTOR>
  419. <PROCESSDESCRIPTOR>
  420. <ID>122</ID>
  421. <PROCESSLIST>
  422. <PROCESS>UPD.EXE</PROCESS>
  423. </PROCESSLIST>
  424. <CLSIDLIST>
  425. </CLSIDLIST>
  426. <SUMMARY>Totem</SUMMARY>
  427. <DEFAULTINSTALLPATHLIST>
  428. </DEFAULTINSTALLPATHLIST>
  429. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  430. <CONDITIONLIST>
  431. </CONDITIONLIST>
  432. <OPERATOR>AND</OPERATOR>
  433. <THREATLEVEL>5</THREATLEVEL>
  434. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  435. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  436. </PROCESSDESCRIPTOR>
  437. <PROCESSDESCRIPTOR>
  438. <ID>127</ID>
  439. <PROCESSLIST>
  440. <PROCESS>PRECISIONTIME.EXE</PROCESS>
  441. </PROCESSLIST>
  442. <CLSIDLIST>
  443. </CLSIDLIST>
  444. <SUMMARY>PrecisionTime</SUMMARY>
  445. <DEFAULTINSTALLPATHLIST>
  446. </DEFAULTINSTALLPATHLIST>
  447. <CATEGORY>ADWARE</CATEGORY>
  448. <CONDITIONLIST>
  449. </CONDITIONLIST>
  450. <OPERATOR>AND</OPERATOR>
  451. <THREATLEVEL>5</THREATLEVEL>
  452. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  453. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  454. </PROCESSDESCRIPTOR>
  455. <PROCESSDESCRIPTOR>
  456. <ID>128</ID>
  457. <PROCESSLIST>
  458. <PROCESS>PNETAWARE.EXE</PROCESS>
  459. <PROCESS>PALTALK.EXE</PROCESS>
  460. <PROCESS>PALNET.EXE</PROCESS>
  461. </PROCESSLIST>
  462. <CLSIDLIST>
  463. </CLSIDLIST>
  464. <SUMMARY>PalTalk</SUMMARY>
  465. <DEFAULTINSTALLPATHLIST>
  466. </DEFAULTINSTALLPATHLIST>
  467. <CATEGORY>ADWARE</CATEGORY>
  468. <CONDITIONLIST>
  469. </CONDITIONLIST>
  470. <OPERATOR>AND</OPERATOR>
  471. <THREATLEVEL>2</THREATLEVEL>
  472. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  473. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  474. </PROCESSDESCRIPTOR>
  475. <PROCESSDESCRIPTOR>
  476. <ID>129</ID>
  477. <PROCESSLIST>
  478. <PROCESS>R_SERVER.EXE</PROCESS>
  479. </PROCESSLIST>
  480. <CLSIDLIST>
  481. </CLSIDLIST>
  482. <SUMMARY>Remote Administrator</SUMMARY>
  483. <DEFAULTINSTALLPATHLIST>
  484. </DEFAULTINSTALLPATHLIST>
  485. <CATEGORY>APPLICATION</CATEGORY>
  486. <CONDITIONLIST>
  487. </CONDITIONLIST>
  488. <OPERATOR>AND</OPERATOR>
  489. <THREATLEVEL>1</THREATLEVEL>
  490. <TERMINATEACTION></TERMINATEACTION>
  491. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  492. </PROCESSDESCRIPTOR>
  493. <PROCESSDESCRIPTOR>
  494. <ID>161</ID>
  495. <PROCESSLIST>
  496. <PROCESS>*</PROCESS>
  497. </PROCESSLIST>
  498. <CLSIDLIST>
  499. </CLSIDLIST>
  500. <SUMMARY>Adware.BonziBuddy.Installer</SUMMARY>
  501. <DEFAULTINSTALLPATHLIST>
  502. </DEFAULTINSTALLPATHLIST>
  503. <CATEGORY>ADWARE</CATEGORY>
  504. <CONDITIONLIST>
  505. <CONDITION>COMPANYNAME~Bonzi</CONDITION>
  506. </CONDITIONLIST>
  507. <OPERATOR>AND</OPERATOR>
  508. <THREATLEVEL>5</THREATLEVEL>
  509. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  510. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  511. </PROCESSDESCRIPTOR>
  512. <PROCESSDESCRIPTOR>
  513. <ID>156</ID>
  514. <PROCESSLIST>
  515. <PROCESS>CMESYS.EXE</PROCESS>
  516. </PROCESSLIST>
  517. <CLSIDLIST>
  518. </CLSIDLIST>
  519. <SUMMARY>Adware.GAIN/Gator.Process</SUMMARY>
  520. <DEFAULTINSTALLPATHLIST>
  521. </DEFAULTINSTALLPATHLIST>
  522. <CATEGORY>ADWARE</CATEGORY>
  523. <CONDITIONLIST>
  524. </CONDITIONLIST>
  525. <OPERATOR>AND</OPERATOR>
  526. <THREATLEVEL>5</THREATLEVEL>
  527. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  528. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  529. </PROCESSDESCRIPTOR>
  530. <PROCESSDESCRIPTOR>
  531. <ID>157</ID>
  532. <PROCESSLIST>
  533. <PROCESS>GMT.EXE</PROCESS>
  534. </PROCESSLIST>
  535. <CLSIDLIST>
  536. </CLSIDLIST>
  537. <SUMMARY>Adware.GAIN/Gator.Process</SUMMARY>
  538. <DEFAULTINSTALLPATHLIST>
  539. </DEFAULTINSTALLPATHLIST>
  540. <CATEGORY>ADWARE</CATEGORY>
  541. <CONDITIONLIST>
  542. </CONDITIONLIST>
  543. <OPERATOR>AND</OPERATOR>
  544. <THREATLEVEL>5</THREATLEVEL>
  545. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  546. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  547. </PROCESSDESCRIPTOR>
  548. <PROCESSDESCRIPTOR>
  549. <ID>158</ID>
  550. <PROCESSLIST>
  551. <PROCESS>BONZIBDY.EXE</PROCESS>
  552. <PROCESS>BBSETUPHOM.EXE</PROCESS>
  553. <PROCESS>BBSMARTSETUP.EXE</PROCESS>
  554. <PROCESS>BBSMARTSTUBFAL.EXE</PROCESS>
  555. </PROCESSLIST>
  556. <CLSIDLIST>
  557. </CLSIDLIST>
  558. <SUMMARY>Adware.BonziBuddy.Process</SUMMARY>
  559. <DEFAULTINSTALLPATHLIST>
  560. </DEFAULTINSTALLPATHLIST>
  561. <CATEGORY>ADWARE</CATEGORY>
  562. <CONDITIONLIST>
  563. </CONDITIONLIST>
  564. <OPERATOR>AND</OPERATOR>
  565. <THREATLEVEL>10</THREATLEVEL>
  566. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  567. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  568. </PROCESSDESCRIPTOR>
  569. <PROCESSDESCRIPTOR>
  570. <ID>163</ID>
  571. <PROCESSLIST>
  572. <PROCESS>LOADER.EXE</PROCESS>
  573. <PROCESS>CSAOLLDR.EXE</PROCESS>
  574. </PROCESSLIST>
  575. <CLSIDLIST>
  576. </CLSIDLIST>
  577. <SUMMARY>Adware.ClearSearch.Process</SUMMARY>
  578. <DEFAULTINSTALLPATHLIST>
  579. </DEFAULTINSTALLPATHLIST>
  580. <CATEGORY>ADWARE</CATEGORY>
  581. <CONDITIONLIST>
  582. <CONDITION>MD5=F7184EE4124F294560E7251065A73A3B</CONDITION>
  583. </CONDITIONLIST>
  584. <OPERATOR>OR</OPERATOR>
  585. <THREATLEVEL>10</THREATLEVEL>
  586. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  587. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  588. </PROCESSDESCRIPTOR>
  589. <PROCESSDESCRIPTOR>
  590. <ID>160</ID>
  591. <PROCESSLIST>
  592. <PROCESS>*</PROCESS>
  593. </PROCESSLIST>
  594. <CLSIDLIST>
  595. </CLSIDLIST>
  596. <SUMMARY>Adware.Sandboxer (MemoryWatcher).Process</SUMMARY>
  597. <DEFAULTINSTALLPATHLIST>
  598. </DEFAULTINSTALLPATHLIST>
  599. <CATEGORY>ADWARE</CATEGORY>
  600. <CONDITIONLIST>
  601. <CONDITION>INTERNALNAME=Kern32</CONDITION>
  602. <CONDITION>ORIGINALFILENAME=Kern32.exe</CONDITION>
  603. </CONDITIONLIST>
  604. <OPERATOR>AND</OPERATOR>
  605. <THREATLEVEL>10</THREATLEVEL>
  606. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  607. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  608. </PROCESSDESCRIPTOR>
  609. <PROCESSDESCRIPTOR>
  610. <ID>162</ID>
  611. <PROCESSLIST>
  612. <PROCESS>MWSOEMON.EXE</PROCESS>
  613. </PROCESSLIST>
  614. <CLSIDLIST>
  615. </CLSIDLIST>
  616. <SUMMARY>Adware.MyWebSearch.Process</SUMMARY>
  617. <DEFAULTINSTALLPATHLIST>
  618. </DEFAULTINSTALLPATHLIST>
  619. <CATEGORY>ADWARE</CATEGORY>
  620. <CONDITIONLIST>
  621. </CONDITIONLIST>
  622. <OPERATOR>AND</OPERATOR>
  623. <THREATLEVEL>5</THREATLEVEL>
  624. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  625. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  626. </PROCESSDESCRIPTOR>
  627. <PROCESSDESCRIPTOR>
  628. <ID>164</ID>
  629. <PROCESSLIST>
  630. <PROCESS>KEYWORD.EXE</PROCESS>
  631. </PROCESSLIST>
  632. <CLSIDLIST>
  633. </CLSIDLIST>
  634. <SUMMARY>Adware.Jraun/WinEssential.Process</SUMMARY>
  635. <DEFAULTINSTALLPATHLIST>
  636. </DEFAULTINSTALLPATHLIST>
  637. <CATEGORY>ADWARE</CATEGORY>
  638. <CONDITIONLIST>
  639. <CONDITION>FILELOCATION~system</CONDITION>
  640. </CONDITIONLIST>
  641. <OPERATOR>AND</OPERATOR>
  642. <THREATLEVEL>5</THREATLEVEL>
  643. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  644. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  645. </PROCESSDESCRIPTOR>
  646. <PROCESSDESCRIPTOR>
  647. <ID>165</ID>
  648. <PROCESSLIST>
  649. <PROCESS>ADDESTROYER.EXE</PROCESS>
  650. <PROCESS>ADDESTROYERINNER.EXE</PROCESS>
  651. </PROCESSLIST>
  652. <CLSIDLIST>
  653. </CLSIDLIST>
  654. <SUMMARY>Adware.Spyware Labs/AdDestroyer.Process</SUMMARY>
  655. <DEFAULTINSTALLPATHLIST>
  656. </DEFAULTINSTALLPATHLIST>
  657. <CATEGORY>ADWARE</CATEGORY>
  658. <CONDITIONLIST>
  659. </CONDITIONLIST>
  660. <OPERATOR>AND</OPERATOR>
  661. <THREATLEVEL>10</THREATLEVEL>
  662. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  663. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  664. </PROCESSDESCRIPTOR>
  665. <PROCESSDESCRIPTOR>
  666. <ID>166</ID>
  667. <PROCESSLIST>
  668. <PROCESS>APRLOAD.EXE</PROCESS>
  669. <PROCESS>APROPOS_CLIENT_LOADER.EXE</PROCESS>
  670. </PROCESSLIST>
  671. <CLSIDLIST>
  672. </CLSIDLIST>
  673. <SUMMARY>Adware.Apropos Media.Process</SUMMARY>
  674. <DEFAULTINSTALLPATHLIST>
  675. </DEFAULTINSTALLPATHLIST>
  676. <CATEGORY>ADWARE</CATEGORY>
  677. <CONDITIONLIST>
  678. </CONDITIONLIST>
  679. <OPERATOR>AND</OPERATOR>
  680. <THREATLEVEL>10</THREATLEVEL>
  681. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  682. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  683. </PROCESSDESCRIPTOR>
  684. <PROCESSDESCRIPTOR>
  685. <ID>167</ID>
  686. <PROCESSLIST>
  687. <PROCESS>SEARCH.EXE</PROCESS>
  688. </PROCESSLIST>
  689. <CLSIDLIST>
  690. </CLSIDLIST>
  691. <SUMMARY>Adware.WhenU.Process</SUMMARY>
  692. <DEFAULTINSTALLPATHLIST>
  693. </DEFAULTINSTALLPATHLIST>
  694. <CATEGORY>ADWARE</CATEGORY>
  695. <CONDITIONLIST>
  696. <CONDITION>COMPANYNAME~WhenU</CONDITION>
  697. </CONDITIONLIST>
  698. <OPERATOR>AND</OPERATOR>
  699. <THREATLEVEL>10</THREATLEVEL>
  700. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  701. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  702. </PROCESSDESCRIPTOR>
  703. <PROCESSDESCRIPTOR>
  704. <ID>169</ID>
  705. <PROCESSLIST>
  706. <PROCESS>STCLOADER.EXE</PROCESS>
  707. </PROCESSLIST>
  708. <CLSIDLIST>
  709. </CLSIDLIST>
  710. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  711. <DEFAULTINSTALLPATHLIST>
  712. </DEFAULTINSTALLPATHLIST>
  713. <CATEGORY>ADWARE</CATEGORY>
  714. <CONDITIONLIST>
  715. </CONDITIONLIST>
  716. <OPERATOR>AND</OPERATOR>
  717. <THREATLEVEL>10</THREATLEVEL>
  718. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  719. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  720. </PROCESSDESCRIPTOR>
  721. <PROCESSDESCRIPTOR>
  722. <ID>170</ID>
  723. <PROCESSLIST>
  724. <PROCESS>IEXPLORE.EXE</PROCESS>
  725. </PROCESSLIST>
  726. <CLSIDLIST>
  727. </CLSIDLIST>
  728. <SUMMARY>IExplore Stealth Redirector</SUMMARY>
  729. <DEFAULTINSTALLPATHLIST>
  730. </DEFAULTINSTALLPATHLIST>
  731. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  732. <CONDITIONLIST>
  733. <CONDITION>ORIGINALFILENAME=Redirect.EXE</CONDITION>
  734. </CONDITIONLIST>
  735. <OPERATOR>AND</OPERATOR>
  736. <THREATLEVEL>10</THREATLEVEL>
  737. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  738. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  739. </PROCESSDESCRIPTOR>
  740. <PROCESSDESCRIPTOR>
  741. <ID>171</ID>
  742. <PROCESSLIST>
  743. <PROCESS>ALCHEM.EXE</PROCESS>
  744. </PROCESSLIST>
  745. <CLSIDLIST>
  746. </CLSIDLIST>
  747. <SUMMARY>Alchem</SUMMARY>
  748. <DEFAULTINSTALLPATHLIST>
  749. </DEFAULTINSTALLPATHLIST>
  750. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  751. <CONDITIONLIST>
  752. </CONDITIONLIST>
  753. <OPERATOR>AND</OPERATOR>
  754. <THREATLEVEL>10</THREATLEVEL>
  755. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  756. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  757. </PROCESSDESCRIPTOR>
  758. <PROCESSDESCRIPTOR>
  759. <ID>172</ID>
  760. <PROCESSLIST>
  761. <PROCESS>SLMSS.EXE</PROCESS>
  762. <PROCESS>MWSVM.EXE</PROCESS>
  763. </PROCESSLIST>
  764. <CLSIDLIST>
  765. </CLSIDLIST>
  766. <SUMMARY>SeekSeek (DefaultSearch)</SUMMARY>
  767. <DEFAULTINSTALLPATHLIST>
  768. </DEFAULTINSTALLPATHLIST>
  769. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  770. <CONDITIONLIST>
  771. </CONDITIONLIST>
  772. <OPERATOR>AND</OPERATOR>
  773. <THREATLEVEL>5</THREATLEVEL>
  774. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  775. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  776. </PROCESSDESCRIPTOR>
  777. <PROCESSDESCRIPTOR>
  778. <ID>173</ID>
  779. <PROCESSLIST>
  780. <PROCESS>DPCPROXY.EXE</PROCESS>
  781. </PROCESSLIST>
  782. <CLSIDLIST>
  783. </CLSIDLIST>
  784. <SUMMARY>Dpcproxy</SUMMARY>
  785. <DEFAULTINSTALLPATHLIST>
  786. </DEFAULTINSTALLPATHLIST>
  787. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  788. <CONDITIONLIST>
  789. <CONDITION>FILELOCATION~SYSTEM</CONDITION>
  790. </CONDITIONLIST>
  791. <OPERATOR>AND</OPERATOR>
  792. <THREATLEVEL>10</THREATLEVEL>
  793. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  794. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  795. </PROCESSDESCRIPTOR>
  796. <PROCESSDESCRIPTOR>
  797. <ID>174</ID>
  798. <PROCESSLIST>
  799. <PROCESS>WINST.EXE</PROCESS>
  800. </PROCESSLIST>
  801. <CLSIDLIST>
  802. </CLSIDLIST>
  803. <SUMMARY>Winst</SUMMARY>
  804. <DEFAULTINSTALLPATHLIST>
  805. </DEFAULTINSTALLPATHLIST>
  806. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  807. <CONDITIONLIST>
  808. <CONDITION>FILELOCATION~SYSTEM</CONDITION>
  809. </CONDITIONLIST>
  810. <OPERATOR>AND</OPERATOR>
  811. <THREATLEVEL>10</THREATLEVEL>
  812. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  813. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  814. </PROCESSDESCRIPTOR>
  815. <PROCESSDESCRIPTOR>
  816. <ID>176</ID>
  817. <PROCESSLIST>
  818. <PROCESS>IEXPLORESKINS.EXE</PROCESS>
  819. </PROCESSLIST>
  820. <CLSIDLIST>
  821. </CLSIDLIST>
  822. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  823. <DEFAULTINSTALLPATHLIST>
  824. </DEFAULTINSTALLPATHLIST>
  825. <CATEGORY>SPYWARE</CATEGORY>
  826. <CONDITIONLIST>
  827. </CONDITIONLIST>
  828. <OPERATOR>AND</OPERATOR>
  829. <THREATLEVEL>10</THREATLEVEL>
  830. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  831. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  832. </PROCESSDESCRIPTOR>
  833. <PROCESSDESCRIPTOR>
  834. <ID>178</ID>
  835. <PROCESSLIST>
  836. <PROCESS>*</PROCESS>
  837. </PROCESSLIST>
  838. <CLSIDLIST>
  839. </CLSIDLIST>
  840. <SUMMARY>Calling Home</SUMMARY>
  841. <DEFAULTINSTALLPATHLIST>
  842. </DEFAULTINSTALLPATHLIST>
  843. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  844. <CONDITIONLIST>
  845. <CONDITION>COMPANYNAME~callinghome</CONDITION>
  846. </CONDITIONLIST>
  847. <OPERATOR>AND</OPERATOR>
  848. <THREATLEVEL>5</THREATLEVEL>
  849. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  850. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  851. </PROCESSDESCRIPTOR>
  852. <PROCESSDESCRIPTOR>
  853. <ID>179</ID>
  854. <PROCESSLIST>
  855. <PROCESS>NDRV.EXE</PROCESS>
  856. </PROCESSLIST>
  857. <CLSIDLIST>
  858. </CLSIDLIST>
  859. <SUMMARY>Adware.ClickSpring/PuritySCAN.Process</SUMMARY>
  860. <DEFAULTINSTALLPATHLIST>
  861. </DEFAULTINSTALLPATHLIST>
  862. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  863. <CONDITIONLIST>
  864. </CONDITIONLIST>
  865. <OPERATOR>AND</OPERATOR>
  866. <THREATLEVEL>10</THREATLEVEL>
  867. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  868. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  869. </PROCESSDESCRIPTOR>
  870. <PROCESSDESCRIPTOR>
  871. <ID>180</ID>
  872. <PROCESSLIST>
  873. <PROCESS>CASINO.EXE</PROCESS>
  874. </PROCESSLIST>
  875. <CLSIDLIST>
  876. </CLSIDLIST>
  877. <SUMMARY>Casino Games (Golden Palace Casino)</SUMMARY>
  878. <DEFAULTINSTALLPATHLIST>
  879. </DEFAULTINSTALLPATHLIST>
  880. <CATEGORY>ADWARE</CATEGORY>
  881. <CONDITIONLIST>
  882. </CONDITIONLIST>
  883. <OPERATOR>AND</OPERATOR>
  884. <THREATLEVEL>3</THREATLEVEL>
  885. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  886. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  887. </PROCESSDESCRIPTOR>
  888. <PROCESSDESCRIPTOR>
  889. <ID>181</ID>
  890. <PROCESSLIST>
  891. <PROCESS>*</PROCESS>
  892. </PROCESSLIST>
  893. <CLSIDLIST>
  894. </CLSIDLIST>
  895. <SUMMARY>Adware.GAIN/Gator.Process</SUMMARY>
  896. <DEFAULTINSTALLPATHLIST>
  897. </DEFAULTINSTALLPATHLIST>
  898. <CATEGORY>ADWARE</CATEGORY>
  899. <CONDITIONLIST>
  900. <CONDITION>ORIGINALFILENAME=Trickler.exe</CONDITION>
  901. </CONDITIONLIST>
  902. <OPERATOR>AND</OPERATOR>
  903. <THREATLEVEL>5</THREATLEVEL>
  904. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  905. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  906. </PROCESSDESCRIPTOR>
  907. <PROCESSDESCRIPTOR>
  908. <ID>182</ID>
  909. <PROCESSLIST>
  910. <PROCESS>IDHOST.EXE</PROCESS>
  911. <PROCESS>HTHOST.EXE</PROCESS>
  912. <PROCESS>IDMUN.EXE</PROCESS>
  913. </PROCESSLIST>
  914. <CLSIDLIST>
  915. </CLSIDLIST>
  916. <SUMMARY>Cydoor (TOPicks)</SUMMARY>
  917. <DEFAULTINSTALLPATHLIST>
  918. </DEFAULTINSTALLPATHLIST>
  919. <CATEGORY>ADWARE</CATEGORY>
  920. <CONDITIONLIST>
  921. </CONDITIONLIST>
  922. <OPERATOR>AND</OPERATOR>
  923. <THREATLEVEL>10</THREATLEVEL>
  924. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  925. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  926. </PROCESSDESCRIPTOR>
  927. <PROCESSDESCRIPTOR>
  928. <ID>183</ID>
  929. <PROCESSLIST>
  930. <PROCESS>YYHLNBAE.EXE</PROCESS>
  931. </PROCESSLIST>
  932. <CLSIDLIST>
  933. </CLSIDLIST>
  934. <SUMMARY>Calling Home (Variant 1)</SUMMARY>
  935. <DEFAULTINSTALLPATHLIST>
  936. </DEFAULTINSTALLPATHLIST>
  937. <CATEGORY>ADWARE</CATEGORY>
  938. <CONDITIONLIST>
  939. </CONDITIONLIST>
  940. <OPERATOR>AND</OPERATOR>
  941. <THREATLEVEL>10</THREATLEVEL>
  942. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  943. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  944. </PROCESSDESCRIPTOR>
  945. <PROCESSDESCRIPTOR>
  946. <ID>184</ID>
  947. <PROCESSLIST>
  948. <PROCESS>*</PROCESS>
  949. </PROCESSLIST>
  950. <CLSIDLIST>
  951. </CLSIDLIST>
  952. <SUMMARY>iGetNet Natural Language Toolbar</SUMMARY>
  953. <DEFAULTINSTALLPATHLIST>
  954. </DEFAULTINSTALLPATHLIST>
  955. <CATEGORY>ADWARE</CATEGORY>
  956. <CONDITIONLIST>
  957. <CONDITION>COMPANYNAME~igetnet</CONDITION>
  958. <CONDITION>ORIGINALFILENAME=WinStart.exe</CONDITION>
  959. </CONDITIONLIST>
  960. <OPERATOR>AND</OPERATOR>
  961. <THREATLEVEL>10</THREATLEVEL>
  962. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  963. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  964. </PROCESSDESCRIPTOR>
  965. <PROCESSDESCRIPTOR>
  966. <ID>185</ID>
  967. <PROCESSLIST>
  968. <PROCESS>KEENVALUE.EXE</PROCESS>
  969. <PROCESS>KWM.EXE</PROCESS>
  970. </PROCESSLIST>
  971. <CLSIDLIST>
  972. </CLSIDLIST>
  973. <SUMMARY>EUniverse KeenValue</SUMMARY>
  974. <DEFAULTINSTALLPATHLIST>
  975. </DEFAULTINSTALLPATHLIST>
  976. <CATEGORY>ADWARE</CATEGORY>
  977. <CONDITIONLIST>
  978. </CONDITIONLIST>
  979. <OPERATOR>AND</OPERATOR>
  980. <THREATLEVEL>10</THREATLEVEL>
  981. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  982. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  983. </PROCESSDESCRIPTOR>
  984. <PROCESSDESCRIPTOR>
  985. <ID>186</ID>
  986. <PROCESSLIST>
  987. <PROCESS>POWERSCAN.EXE</PROCESS>
  988. <PROCESS>ISTSVC.EXE</PROCESS>
  989. </PROCESSLIST>
  990. <CLSIDLIST>
  991. </CLSIDLIST>
  992. <SUMMARY>Adware.IST/ISTBar (Slotch Bar).Process</SUMMARY>
  993. <DEFAULTINSTALLPATHLIST>
  994. </DEFAULTINSTALLPATHLIST>
  995. <CATEGORY>ADWARE</CATEGORY>
  996. <CONDITIONLIST>
  997. </CONDITIONLIST>
  998. <OPERATOR>AND</OPERATOR>
  999. <THREATLEVEL>10</THREATLEVEL>
  1000. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1001. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1002. </PROCESSDESCRIPTOR>
  1003. <PROCESSDESCRIPTOR>
  1004. <ID>187</ID>
  1005. <PROCESSLIST>
  1006. <PROCESS>OMNISCIENT.EXE</PROCESS>
  1007. </PROCESSLIST>
  1008. <CLSIDLIST>
  1009. </CLSIDLIST>
  1010. <SUMMARY>Windows SearchAssistant</SUMMARY>
  1011. <DEFAULTINSTALLPATHLIST>
  1012. </DEFAULTINSTALLPATHLIST>
  1013. <CATEGORY>ADWARE</CATEGORY>
  1014. <CONDITIONLIST>
  1015. </CONDITIONLIST>
  1016. <OPERATOR>AND</OPERATOR>
  1017. <THREATLEVEL>10</THREATLEVEL>
  1018. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1019. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1020. </PROCESSDESCRIPTOR>
  1021. <PROCESSDESCRIPTOR>
  1022. <ID>356</ID>
  1023. <PROCESSLIST>
  1024. <PROCESS>VIRTUALBOUNCER.EXE</PROCESS>
  1025. <PROCESS>VBOUNCERINNER1007.EXE</PROCESS>
  1026. <PROCESS>VBOUNCEROUTER1402030731.EXE</PROCESS>
  1027. <PROCESS>VBOUNCERINNER.EXE</PROCESS>
  1028. <PROCESS>BUNDLEOUTER.EXE</PROCESS>
  1029. </PROCESSLIST>
  1030. <CLSIDLIST>
  1031. </CLSIDLIST>
  1032. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  1033. <DEFAULTINSTALLPATHLIST>
  1034. </DEFAULTINSTALLPATHLIST>
  1035. <CATEGORY>ADWARE</CATEGORY>
  1036. <CONDITIONLIST>
  1037. </CONDITIONLIST>
  1038. <OPERATOR>AND</OPERATOR>
  1039. <THREATLEVEL>10</THREATLEVEL>
  1040. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1041. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1042. </PROCESSDESCRIPTOR>
  1043. <PROCESSDESCRIPTOR>
  1044. <ID>188</ID>
  1045. <PROCESSLIST>
  1046. <PROCESS>*</PROCESS>
  1047. </PROCESSLIST>
  1048. <CLSIDLIST>
  1049. </CLSIDLIST>
  1050. <SUMMARY>Thunderdome</SUMMARY>
  1051. <DEFAULTINSTALLPATHLIST>
  1052. </DEFAULTINSTALLPATHLIST>
  1053. <CATEGORY>ADWARE</CATEGORY>
  1054. <CONDITIONLIST>
  1055. <CONDITION>COMPANYNAME~thunderdome</CONDITION>
  1056. </CONDITIONLIST>
  1057. <OPERATOR>AND</OPERATOR>
  1058. <THREATLEVEL>10</THREATLEVEL>
  1059. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1060. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1061. </PROCESSDESCRIPTOR>
  1062. <PROCESSDESCRIPTOR>
  1063. <ID>189</ID>
  1064. <PROCESSLIST>
  1065. <PROCESS>*</PROCESS>
  1066. </PROCESSLIST>
  1067. <CLSIDLIST>
  1068. </CLSIDLIST>
  1069. <SUMMARY>Totempole</SUMMARY>
  1070. <DEFAULTINSTALLPATHLIST>
  1071. </DEFAULTINSTALLPATHLIST>
  1072. <CATEGORY>ADWARE</CATEGORY>
  1073. <CONDITIONLIST>
  1074. <CONDITION>COMPANYNAME~totempole</CONDITION>
  1075. </CONDITIONLIST>
  1076. <OPERATOR>AND</OPERATOR>
  1077. <THREATLEVEL>10</THREATLEVEL>
  1078. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1079. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1080. </PROCESSDESCRIPTOR>
  1081. <PROCESSDESCRIPTOR>
  1082. <ID>190</ID>
  1083. <PROCESSLIST>
  1084. <PROCESS>*</PROCESS>
  1085. </PROCESSLIST>
  1086. <CLSIDLIST>
  1087. </CLSIDLIST>
  1088. <SUMMARY>WinPup (winpup.exe)</SUMMARY>
  1089. <DEFAULTINSTALLPATHLIST>
  1090. </DEFAULTINSTALLPATHLIST>
  1091. <CATEGORY>ADWARE</CATEGORY>
  1092. <CONDITIONLIST>
  1093. <CONDITION>ORIGINALFILENAME=winpup.exe</CONDITION>
  1094. </CONDITIONLIST>
  1095. <OPERATOR>AND</OPERATOR>
  1096. <THREATLEVEL>10</THREATLEVEL>
  1097. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1098. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1099. </PROCESSDESCRIPTOR>
  1100. <PROCESSDESCRIPTOR>
  1101. <ID>191</ID>
  1102. <PROCESSLIST>
  1103. <PROCESS>*</PROCESS>
  1104. </PROCESSLIST>
  1105. <CLSIDLIST>
  1106. </CLSIDLIST>
  1107. <SUMMARY>WinPup (comms.exe)</SUMMARY>
  1108. <DEFAULTINSTALLPATHLIST>
  1109. </DEFAULTINSTALLPATHLIST>
  1110. <CATEGORY>ADWARE</CATEGORY>
  1111. <CONDITIONLIST>
  1112. <CONDITION>ORIGINALFILENAME=comms.exe</CONDITION>
  1113. <CONDITION>INTERNALNAME=comms</CONDITION>
  1114. </CONDITIONLIST>
  1115. <OPERATOR>AND</OPERATOR>
  1116. <THREATLEVEL>10</THREATLEVEL>
  1117. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1118. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1119. </PROCESSDESCRIPTOR>
  1120. <PROCESSDESCRIPTOR>
  1121. <ID>192</ID>
  1122. <PROCESSLIST>
  1123. <PROCESS>*</PROCESS>
  1124. </PROCESSLIST>
  1125. <CLSIDLIST>
  1126. </CLSIDLIST>
  1127. <SUMMARY>WinPup (syscm.exe)</SUMMARY>
  1128. <DEFAULTINSTALLPATHLIST>
  1129. </DEFAULTINSTALLPATHLIST>
  1130. <CATEGORY>ADWARE</CATEGORY>
  1131. <CONDITIONLIST>
  1132. <CONDITION>ORIGINALFILENAME=syscm.exe</CONDITION>
  1133. <CONDITION>INTERNALNAME=syscm</CONDITION>
  1134. </CONDITIONLIST>
  1135. <OPERATOR>AND</OPERATOR>
  1136. <THREATLEVEL>10</THREATLEVEL>
  1137. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1138. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1139. </PROCESSDESCRIPTOR>
  1140. <PROCESSDESCRIPTOR>
  1141. <ID>193</ID>
  1142. <PROCESSLIST>
  1143. <PROCESS>*</PROCESS>
  1144. </PROCESSLIST>
  1145. <CLSIDLIST>
  1146. </CLSIDLIST>
  1147. <SUMMARY>WinPup (pup.exe)</SUMMARY>
  1148. <DEFAULTINSTALLPATHLIST>
  1149. </DEFAULTINSTALLPATHLIST>
  1150. <CATEGORY>ADWARE</CATEGORY>
  1151. <CONDITIONLIST>
  1152. <CONDITION>ORIGINALFILENAME=pup.exe</CONDITION>
  1153. <CONDITION>INTERNALNAME=pup</CONDITION>
  1154. </CONDITIONLIST>
  1155. <OPERATOR>AND</OPERATOR>
  1156. <THREATLEVEL>10</THREATLEVEL>
  1157. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1158. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1159. </PROCESSDESCRIPTOR>
  1160. <PROCESSDESCRIPTOR>
  1161. <ID>194</ID>
  1162. <PROCESSLIST>
  1163. <PROCESS>AGENTSVR.EXE</PROCESS>
  1164. </PROCESSLIST>
  1165. <CLSIDLIST>
  1166. </CLSIDLIST>
  1167. <SUMMARY>Bogus MS Agent Server</SUMMARY>
  1168. <DEFAULTINSTALLPATHLIST>
  1169. </DEFAULTINSTALLPATHLIST>
  1170. <CATEGORY>ADWARE</CATEGORY>
  1171. <CONDITIONLIST>
  1172. <CONDITION>ORIGINALFILENAME^AgentSvr.exe</CONDITION>
  1173. <CONDITION>COMPANYNAME^Microsoft Corporation</CONDITION>
  1174. </CONDITIONLIST>
  1175. <OPERATOR>AND</OPERATOR>
  1176. <THREATLEVEL>10</THREATLEVEL>
  1177. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1178. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1179. </PROCESSDESCRIPTOR>
  1180. <PROCESSDESCRIPTOR>
  1181. <ID>195</ID>
  1182. <PROCESSLIST>
  1183. <PROCESS>DW.EXE</PROCESS>
  1184. </PROCESSLIST>
  1185. <CLSIDLIST>
  1186. </CLSIDLIST>
  1187. <SUMMARY>Adware.DownloadWare.Process</SUMMARY>
  1188. <DEFAULTINSTALLPATHLIST>
  1189. </DEFAULTINSTALLPATHLIST>
  1190. <CATEGORY>ADWARE</CATEGORY>
  1191. <CONDITIONLIST>
  1192. <CONDITION>PRODUCTNAME=DownloadWare</CONDITION>
  1193. </CONDITIONLIST>
  1194. <OPERATOR>AND</OPERATOR>
  1195. <THREATLEVEL>10</THREATLEVEL>
  1196. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1197. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1198. </PROCESSDESCRIPTOR>
  1199. <PROCESSDESCRIPTOR>
  1200. <ID>196</ID>
  1201. <PROCESSLIST>
  1202. <PROCESS>SE.EXE</PROCESS>
  1203. </PROCESSLIST>
  1204. <CLSIDLIST>
  1205. </CLSIDLIST>
  1206. <SUMMARY>Adware.Search-Exe.Process</SUMMARY>
  1207. <DEFAULTINSTALLPATHLIST>
  1208. </DEFAULTINSTALLPATHLIST>
  1209. <CATEGORY>ADWARE</CATEGORY>
  1210. <CONDITIONLIST>
  1211. <CONDITION>FILELOCATION~se</CONDITION>
  1212. </CONDITIONLIST>
  1213. <OPERATOR>AND</OPERATOR>
  1214. <THREATLEVEL>10</THREATLEVEL>
  1215. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1216. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1217. </PROCESSDESCRIPTOR>
  1218. <PROCESSDESCRIPTOR>
  1219. <ID>197</ID>
  1220. <PROCESSLIST>
  1221. <PROCESS>WUPDATER.EXE</PROCESS>
  1222. </PROCESSLIST>
  1223. <CLSIDLIST>
  1224. </CLSIDLIST>
  1225. <SUMMARY>EUniverse Wupdater</SUMMARY>
  1226. <DEFAULTINSTALLPATHLIST>
  1227. </DEFAULTINSTALLPATHLIST>
  1228. <CATEGORY>ADWARE</CATEGORY>
  1229. <CONDITIONLIST>
  1230. </CONDITIONLIST>
  1231. <OPERATOR>AND</OPERATOR>
  1232. <THREATLEVEL>10</THREATLEVEL>
  1233. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1234. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1235. </PROCESSDESCRIPTOR>
  1236. <PROCESSDESCRIPTOR>
  1237. <ID>198</ID>
  1238. <PROCESSLIST>
  1239. <PROCESS>SAHAGENT.EXE</PROCESS>
  1240. </PROCESSLIST>
  1241. <CLSIDLIST>
  1242. </CLSIDLIST>
  1243. <SUMMARY>Spyware.ShopAtHomeSelect.Process</SUMMARY>
  1244. <DEFAULTINSTALLPATHLIST>
  1245. </DEFAULTINSTALLPATHLIST>
  1246. <CATEGORY>SPYWARE</CATEGORY>
  1247. <CONDITIONLIST>
  1248. </CONDITIONLIST>
  1249. <OPERATOR>AND</OPERATOR>
  1250. <THREATLEVEL>10</THREATLEVEL>
  1251. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1252. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1253. </PROCESSDESCRIPTOR>
  1254. <PROCESSDESCRIPTOR>
  1255. <ID>199</ID>
  1256. <PROCESSLIST>
  1257. <PROCESS>*</PROCESS>
  1258. </PROCESSLIST>
  1259. <CLSIDLIST>
  1260. </CLSIDLIST>
  1261. <SUMMARY>ExactSearchBar</SUMMARY>
  1262. <DEFAULTINSTALLPATHLIST>
  1263. </DEFAULTINSTALLPATHLIST>
  1264. <CATEGORY>ADWARE</CATEGORY>
  1265. <CONDITIONLIST>
  1266. <CONDITION>ORIGINALFILENAME=exactUpdate.exe</CONDITION>
  1267. </CONDITIONLIST>
  1268. <OPERATOR>AND</OPERATOR>
  1269. <THREATLEVEL>10</THREATLEVEL>
  1270. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1271. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1272. </PROCESSDESCRIPTOR>
  1273. <PROCESSDESCRIPTOR>
  1274. <ID>200</ID>
  1275. <PROCESSLIST>
  1276. <PROCESS>*</PROCESS>
  1277. </PROCESSLIST>
  1278. <CLSIDLIST>
  1279. </CLSIDLIST>
  1280. <SUMMARY>Adware.ClearSearch.Process</SUMMARY>
  1281. <DEFAULTINSTALLPATHLIST>
  1282. </DEFAULTINSTALLPATHLIST>
  1283. <CATEGORY>ADWARE</CATEGORY>
  1284. <CONDITIONLIST>
  1285. <CONDITION>COMPANYNAME=Clear Search</CONDITION>
  1286. <CONDITION>ORIGINALFILENAME=Loader.exe</CONDITION>
  1287. </CONDITIONLIST>
  1288. <OPERATOR>AND</OPERATOR>
  1289. <THREATLEVEL>10</THREATLEVEL>
  1290. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1291. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1292. </PROCESSDESCRIPTOR>
  1293. <PROCESSDESCRIPTOR>
  1294. <ID>201</ID>
  1295. <PROCESSLIST>
  1296. <PROCESS>IINSTALL.EXE</PROCESS>
  1297. </PROCESSLIST>
  1298. <CLSIDLIST>
  1299. </CLSIDLIST>
  1300. <SUMMARY>Adware.IST/ISTBar (Slotch Bar).Installer</SUMMARY>
  1301. <DEFAULTINSTALLPATHLIST>
  1302. </DEFAULTINSTALLPATHLIST>
  1303. <CATEGORY>ADWARE</CATEGORY>
  1304. <CONDITIONLIST>
  1305. <CONDITION>FILELOCATION~TEMP</CONDITION>
  1306. </CONDITIONLIST>
  1307. <OPERATOR>AND</OPERATOR>
  1308. <THREATLEVEL>10</THREATLEVEL>
  1309. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1310. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1311. </PROCESSDESCRIPTOR>
  1312. <PROCESSDESCRIPTOR>
  1313. <ID>202</ID>
  1314. <PROCESSLIST>
  1315. <PROCESS>WUPDT.EXE</PROCESS>
  1316. </PROCESSLIST>
  1317. <CLSIDLIST>
  1318. </CLSIDLIST>
  1319. <SUMMARY>Win Server Updt</SUMMARY>
  1320. <DEFAULTINSTALLPATHLIST>
  1321. </DEFAULTINSTALLPATHLIST>
  1322. <CATEGORY>VIRUS</CATEGORY>
  1323. <CONDITIONLIST>
  1324. </CONDITIONLIST>
  1325. <OPERATOR>AND</OPERATOR>
  1326. <THREATLEVEL>10</THREATLEVEL>
  1327. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1328. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1329. </PROCESSDESCRIPTOR>
  1330. <PROCESSDESCRIPTOR>
  1331. <ID>203</ID>
  1332. <PROCESSLIST>
  1333. <PROCESS>SYNC.EXE</PROCESS>
  1334. <PROCESS>CLOCKSYNCINST.EXE</PROCESS>
  1335. </PROCESSLIST>
  1336. <CLSIDLIST>
  1337. </CLSIDLIST>
  1338. <SUMMARY>ClockSync</SUMMARY>
  1339. <DEFAULTINSTALLPATHLIST>
  1340. </DEFAULTINSTALLPATHLIST>
  1341. <CATEGORY>ADWARE</CATEGORY>
  1342. <CONDITIONLIST>
  1343. </CONDITIONLIST>
  1344. <OPERATOR>AND</OPERATOR>
  1345. <THREATLEVEL>10</THREATLEVEL>
  1346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1348. </PROCESSDESCRIPTOR>
  1349. <PROCESSDESCRIPTOR>
  1350. <ID>204</ID>
  1351. <PROCESSLIST>
  1352. <PROCESS>*</PROCESS>
  1353. </PROCESSLIST>
  1354. <CLSIDLIST>
  1355. </CLSIDLIST>
  1356. <SUMMARY>Adware.WhenU.Process</SUMMARY>
  1357. <DEFAULTINSTALLPATHLIST>
  1358. </DEFAULTINSTALLPATHLIST>
  1359. <CATEGORY>ADWARE</CATEGORY>
  1360. <CONDITIONLIST>
  1361. <CONDITION>COMPANYNAME~WhenU.com</CONDITION>
  1362. </CONDITIONLIST>
  1363. <OPERATOR>AND</OPERATOR>
  1364. <THREATLEVEL>10</THREATLEVEL>
  1365. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1366. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1367. </PROCESSDESCRIPTOR>
  1368. <PROCESSDESCRIPTOR>
  1369. <ID>205</ID>
  1370. <PROCESSLIST>
  1371. <PROCESS>QBKGUW.EXE</PROCESS>
  1372. <PROCESS>VVZ.EXE</PROCESS>
  1373. <PROCESS>D3LO.EXE</PROCESS>
  1374. <PROCESS>APPIW32.EXE</PROCESS>
  1375. <PROCESS>CFIB.EXE</PROCESS>
  1376. <PROCESS>5CYWE.EXE</PROCESS>
  1377. <PROCESS>GZNVJQV.EXE</PROCESS>
  1378. <PROCESS>AGGTWA.EXE</PROCESS>
  1379. <PROCESS>EDXJSI.EXE</PROCESS>
  1380. <PROCESS>AITYTW.EXE</PROCESS>
  1381. <PROCESS>MJQJGMYO.EXE</PROCESS>
  1382. <PROCESS>MSHVFW.EXE</PROCESS>
  1383. <PROCESS>GSJDMG.EXE</PROCESS>
  1384. <PROCESS>BOWIXI.EXE</PROCESS>
  1385. <PROCESS>SWEZTD.EXE</PROCESS>
  1386. <PROCESS>KUJFUG.EXE</PROCESS>
  1387. <PROCESS>IDWDSVPS.EXE</PROCESS>
  1388. <PROCESS>XUVVTTFC.EXE</PROCESS>
  1389. <PROCESS>WMYXN.EXE</PROCESS>
  1390. <PROCESS>IPOQDDS.EXE</PROCESS>
  1391. <PROCESS>IFGPB.EXE</PROCESS>
  1392. <PROCESS>PZCZZFP.EXE</PROCESS>
  1393. <PROCESS>DIMSTLA.EXE</PROCESS>
  1394. <PROCESS>XOQEHH.EXE</PROCESS>
  1395. <PROCESS>MSOO.EXE</PROCESS>
  1396. <PROCESS>QXTGWL.EXE</PROCESS>
  1397. <PROCESS>ESHQKWM.EXE</PROCESS>
  1398. <PROCESS>HXVHDMS.EXE</PROCESS>
  1399. <PROCESS>MSUPD5.EXE</PROCESS>
  1400. <PROCESS>OPGCPQRW.EXE</PROCESS>
  1401. <PROCESS>BRETIUXH.EXE</PROCESS>
  1402. <PROCESS>CNETCFG8.EXE</PROCESS>
  1403. <PROCESS>ANVVKNE.EXE</PROCESS>
  1404. <PROCESS>GDMEX.EXE</PROCESS>
  1405. <PROCESS>WKNAPXOK.EXE</PROCESS>
  1406. <PROCESS>MHNTACHY.EXE</PROCESS>
  1407. <PROCESS>TKYWV.EXE</PROCESS>
  1408. <PROCESS>MRHLGFPR.EXE</PROCESS>
  1409. <PROCESS>PYINTAU.EXE</PROCESS>
  1410. <PROCESS>TOUDDNYP.EXE</PROCESS>
  1411. <PROCESS>TPIE.EXE</PROCESS>
  1412. <PROCESS>VHTPQVZO.EXE</PROCESS>
  1413. <PROCESS>XDE55805.EXE</PROCESS>
  1414. <PROCESS>TQEZEGS.EXE</PROCESS>
  1415. <PROCESS>NTPGGIM.EXE</PROCESS>
  1416. <PROCESS>OHEJHQPW.EXE</PROCESS>
  1417. <PROCESS>NCKP.EXE</PROCESS>
  1418. <PROCESS>HLOZQA.EXE</PROCESS>
  1419. <PROCESS>SHMRSKO.EXE</PROCESS>
  1420. <PROCESS>SHURAES.EXE</PROCESS>
  1421. <PROCESS>LYPUQUOT.EXE</PROCESS>
  1422. <PROCESS>UZBJGFAI.EXE</PROCESS>
  1423. <PROCESS>NMLAZT.EXE</PROCESS>
  1424. <PROCESS>TBSKDY.EXE</PROCESS>
  1425. <PROCESS>RQEOXPDE.EXE</PROCESS>
  1426. <PROCESS>YVSDV.EXE</PROCESS>
  1427. <PROCESS>WVWUGY.EXE</PROCESS>
  1428. <PROCESS>YQOKSVOE.EXE</PROCESS>
  1429. <PROCESS>TWUGCK.EXE</PROCESS>
  1430. <PROCESS>MXNEGI.EXE</PROCESS>
  1431. <PROCESS>DNNUYJ.EXE</PROCESS>
  1432. <PROCESS>IETEREU.EXE</PROCESS>
  1433. <PROCESS>ZDABLPU.EXE</PROCESS>
  1434. <PROCESS>EIGNDDXW.EXE</PROCESS>
  1435. <PROCESS>PWDRZG.EXE</PROCESS>
  1436. <PROCESS>KIDKQVC.EXE</PROCESS>
  1437. <PROCESS>HMJRDK.EXE</PROCESS>
  1438. <PROCESS>BJENFZDK.EXE</PROCESS>
  1439. <PROCESS>EQDDIC.EXE</PROCESS>
  1440. <PROCESS>IKPGQL.EXE</PROCESS>
  1441. <PROCESS>CKUFNK.EXE</PROCESS>
  1442. <PROCESS>SSETYTO.EXE</PROCESS>
  1443. <PROCESS>A3D05255.EXE</PROCESS>
  1444. <PROCESS>YLYZOYS.EXE</PROCESS>
  1445. <PROCESS>JQQREPEO.EXE</PROCESS>
  1446. <PROCESS>UXYLAUZ.EXE</PROCESS>
  1447. <PROCESS>OFFOQRUW.EXE</PROCESS>
  1448. <PROCESS>TQLVPZ.EXE</PROCESS>
  1449. <PROCESS>FGGJWUW.EXE</PROCESS>
  1450. <PROCESS>GFSKQUQI.EXE</PROCESS>
  1451. <PROCESS>BSUYDHJO.EXE</PROCESS>
  1452. <PROCESS>RXRTNQ.EXE</PROCESS>
  1453. <PROCESS>QHIARBD.EXE</PROCESS>
  1454. <PROCESS>QPAPPE.EXE</PROCESS>
  1455. <PROCESS>IKHNBVRN.EXE</PROCESS>
  1456. <PROCESS>FDJFOCV.EXE</PROCESS>
  1457. <PROCESS>XMGUODR.EXE</PROCESS>
  1458. <PROCESS>RRWKWO.EXE</PROCESS>
  1459. <PROCESS>WVGXJDN.EXE</PROCESS>
  1460. <PROCESS>GWEEDSHA.EXE</PROCESS>
  1461. <PROCESS>WYYURR.EXE</PROCESS>
  1462. <PROCESS>JJQBAC.EXE</PROCESS>
  1463. </PROCESSLIST>
  1464. <CLSIDLIST>
  1465. </CLSIDLIST>
  1466. <SUMMARY>Uncategorized Pests</SUMMARY>
  1467. <DEFAULTINSTALLPATHLIST>
  1468. </DEFAULTINSTALLPATHLIST>
  1469. <CATEGORY>ADWARE</CATEGORY>
  1470. <CONDITIONLIST>
  1471. </CONDITIONLIST>
  1472. <OPERATOR>AND</OPERATOR>
  1473. <THREATLEVEL>10</THREATLEVEL>
  1474. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1475. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1476. </PROCESSDESCRIPTOR>
  1477. <PROCESSDESCRIPTOR>
  1478. <ID>207</ID>
  1479. <PROCESSLIST>
  1480. <PROCESS>DPI.EXE</PROCESS>
  1481. </PROCESSLIST>
  1482. <CLSIDLIST>
  1483. </CLSIDLIST>
  1484. <SUMMARY>Dpi Trojan Downloader</SUMMARY>
  1485. <DEFAULTINSTALLPATHLIST>
  1486. </DEFAULTINSTALLPATHLIST>
  1487. <CATEGORY>TROJAN</CATEGORY>
  1488. <CONDITIONLIST>
  1489. <CONDITION>FILELOCATION~COMMON</CONDITION>
  1490. </CONDITIONLIST>
  1491. <OPERATOR>AND</OPERATOR>
  1492. <THREATLEVEL>10</THREATLEVEL>
  1493. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1494. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1495. </PROCESSDESCRIPTOR>
  1496. <PROCESSDESCRIPTOR>
  1497. <ID>208</ID>
  1498. <PROCESSLIST>
  1499. <PROCESS>DMSERVER.EXE</PROCESS>
  1500. </PROCESSLIST>
  1501. <CLSIDLIST>
  1502. </CLSIDLIST>
  1503. <SUMMARY>Comet DMServer</SUMMARY>
  1504. <DEFAULTINSTALLPATHLIST>
  1505. </DEFAULTINSTALLPATHLIST>
  1506. <CATEGORY>TROJAN</CATEGORY>
  1507. <CONDITIONLIST>
  1508. <CONDITION>FILELOCATION~BIN</CONDITION>
  1509. </CONDITIONLIST>
  1510. <OPERATOR>AND</OPERATOR>
  1511. <THREATLEVEL>10</THREATLEVEL>
  1512. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1513. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1514. </PROCESSDESCRIPTOR>
  1515. <PROCESSDESCRIPTOR>
  1516. <ID>209</ID>
  1517. <PROCESSLIST>
  1518. <PROCESS>BTV.EXE</PROCESS>
  1519. </PROCESSLIST>
  1520. <CLSIDLIST>
  1521. </CLSIDLIST>
  1522. <SUMMARY>BTV Dialer</SUMMARY>
  1523. <DEFAULTINSTALLPATHLIST>
  1524. </DEFAULTINSTALLPATHLIST>
  1525. <CATEGORY>DIALER</CATEGORY>
  1526. <CONDITIONLIST>
  1527. </CONDITIONLIST>
  1528. <OPERATOR>AND</OPERATOR>
  1529. <THREATLEVEL>10</THREATLEVEL>
  1530. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1531. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1532. </PROCESSDESCRIPTOR>
  1533. <PROCESSDESCRIPTOR>
  1534. <ID>210</ID>
  1535. <PROCESSLIST>
  1536. <PROCESS>RBENH.EXE</PROCESS>
  1537. </PROCESSLIST>
  1538. <CLSIDLIST>
  1539. </CLSIDLIST>
  1540. <SUMMARY>RapidBlaster</SUMMARY>
  1541. <DEFAULTINSTALLPATHLIST>
  1542. </DEFAULTINSTALLPATHLIST>
  1543. <CATEGORY>ADWARE</CATEGORY>
  1544. <CONDITIONLIST>
  1545. <CONDITION>FILELOCATION~RBENHANCE</CONDITION>
  1546. </CONDITIONLIST>
  1547. <OPERATOR>AND</OPERATOR>
  1548. <THREATLEVEL>10</THREATLEVEL>
  1549. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1550. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1551. </PROCESSDESCRIPTOR>
  1552. <PROCESSDESCRIPTOR>
  1553. <ID>213</ID>
  1554. <PROCESSLIST>
  1555. <PROCESS>RUNDLL32.EXE</PROCESS>
  1556. </PROCESSLIST>
  1557. <CLSIDLIST>
  1558. </CLSIDLIST>
  1559. <SUMMARY>Runpool</SUMMARY>
  1560. <DEFAULTINSTALLPATHLIST>
  1561. </DEFAULTINSTALLPATHLIST>
  1562. <CATEGORY>ADWARE</CATEGORY>
  1563. <CONDITIONLIST>
  1564. <CONDITION>COMMANDLINE~ndsrch.dll</CONDITION>
  1565. </CONDITIONLIST>
  1566. <OPERATOR>AND</OPERATOR>
  1567. <THREATLEVEL>10</THREATLEVEL>
  1568. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1569. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1570. </PROCESSDESCRIPTOR>
  1571. <PROCESSDESCRIPTOR>
  1572. <ID>214</ID>
  1573. <PROCESSLIST>
  1574. <PROCESS>RUNDLL32.EXE</PROCESS>
  1575. </PROCESSLIST>
  1576. <CLSIDLIST>
  1577. </CLSIDLIST>
  1578. <SUMMARY>CouponDeals (CDCORE.DLL)</SUMMARY>
  1579. <DEFAULTINSTALLPATHLIST>
  1580. </DEFAULTINSTALLPATHLIST>
  1581. <CATEGORY>ADWARE</CATEGORY>
  1582. <CONDITIONLIST>
  1583. <CONDITION>COMMANDLINE~cdcore.dll</CONDITION>
  1584. </CONDITIONLIST>
  1585. <OPERATOR>AND</OPERATOR>
  1586. <THREATLEVEL>10</THREATLEVEL>
  1587. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1588. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1589. </PROCESSDESCRIPTOR>
  1590. <PROCESSDESCRIPTOR>
  1591. <ID>215</ID>
  1592. <PROCESSLIST>
  1593. <PROCESS>WEBREBATES0.EXE</PROCESS>
  1594. <PROCESS>WEBREBATES1.EXE</PROCESS>
  1595. <PROCESS>WEBREBATES.EXE</PROCESS>
  1596. <PROCESS>DJTOPR1150.EXE</PROCESS>
  1597. </PROCESSLIST>
  1598. <CLSIDLIST>
  1599. </CLSIDLIST>
  1600. <SUMMARY>Adware.Avenue Media/Web Rebates (TopRebates).Process</SUMMARY>
  1601. <DEFAULTINSTALLPATHLIST>
  1602. </DEFAULTINSTALLPATHLIST>
  1603. <CATEGORY>APPLICATION</CATEGORY>
  1604. <CONDITIONLIST>
  1605. </CONDITIONLIST>
  1606. <OPERATOR>AND</OPERATOR>
  1607. <THREATLEVEL>10</THREATLEVEL>
  1608. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1609. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1610. </PROCESSDESCRIPTOR>
  1611. <PROCESSDESCRIPTOR>
  1612. <ID>216</ID>
  1613. <PROCESSLIST>
  1614. <PROCESS>MYDAIL~1.EXE</PROCESS>
  1615. <PROCESS>MYDAILYHOROSCOPE.EXE</PROCESS>
  1616. </PROCESSLIST>
  1617. <CLSIDLIST>
  1618. </CLSIDLIST>
  1619. <SUMMARY>My Daily Horoscope</SUMMARY>
  1620. <DEFAULTINSTALLPATHLIST>
  1621. </DEFAULTINSTALLPATHLIST>
  1622. <CATEGORY>ADWARE</CATEGORY>
  1623. <CONDITIONLIST>
  1624. </CONDITIONLIST>
  1625. <OPERATOR>AND</OPERATOR>
  1626. <THREATLEVEL>10</THREATLEVEL>
  1627. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1628. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1629. </PROCESSDESCRIPTOR>
  1630. <PROCESSDESCRIPTOR>
  1631. <ID>217</ID>
  1632. <PROCESSLIST>
  1633. <PROCESS>GOIDR.EXE</PROCESS>
  1634. </PROCESSLIST>
  1635. <CLSIDLIST>
  1636. </CLSIDLIST>
  1637. <SUMMARY>Goidr</SUMMARY>
  1638. <DEFAULTINSTALLPATHLIST>
  1639. </DEFAULTINSTALLPATHLIST>
  1640. <CATEGORY>TROJAN</CATEGORY>
  1641. <CONDITIONLIST>
  1642. </CONDITIONLIST>
  1643. <OPERATOR>AND</OPERATOR>
  1644. <THREATLEVEL>10</THREATLEVEL>
  1645. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1646. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1647. </PROCESSDESCRIPTOR>
  1648. <PROCESSDESCRIPTOR>
  1649. <ID>222</ID>
  1650. <PROCESSLIST>
  1651. <PROCESS>JAWA32.EXE</PROCESS>
  1652. </PROCESSLIST>
  1653. <CLSIDLIST>
  1654. </CLSIDLIST>
  1655. <SUMMARY>Jawa32</SUMMARY>
  1656. <DEFAULTINSTALLPATHLIST>
  1657. </DEFAULTINSTALLPATHLIST>
  1658. <CATEGORY>ADWARE</CATEGORY>
  1659. <CONDITIONLIST>
  1660. <CONDITION>FILELOCATION~WINDOWS\JAWA32.EXE</CONDITION>
  1661. </CONDITIONLIST>
  1662. <OPERATOR>AND</OPERATOR>
  1663. <THREATLEVEL>10</THREATLEVEL>
  1664. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1665. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1666. </PROCESSDESCRIPTOR>
  1667. <PROCESSDESCRIPTOR>
  1668. <ID>218</ID>
  1669. <PROCESSLIST>
  1670. <PROCESS>RUNDLL32.EXE</PROCESS>
  1671. </PROCESSLIST>
  1672. <CLSIDLIST>
  1673. </CLSIDLIST>
  1674. <SUMMARY>Wincore</SUMMARY>
  1675. <DEFAULTINSTALLPATHLIST>
  1676. </DEFAULTINSTALLPATHLIST>
  1677. <CATEGORY>ADWARE</CATEGORY>
  1678. <CONDITIONLIST>
  1679. <CONDITION>COMMANDLINE~wincore.dll</CONDITION>
  1680. </CONDITIONLIST>
  1681. <OPERATOR>AND</OPERATOR>
  1682. <THREATLEVEL>10</THREATLEVEL>
  1683. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1684. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1685. </PROCESSDESCRIPTOR>
  1686. <PROCESSDESCRIPTOR>
  1687. <ID>219</ID>
  1688. <PROCESSLIST>
  1689. <PROCESS>RUNDLL32.EXE</PROCESS>
  1690. </PROCESSLIST>
  1691. <CLSIDLIST>
  1692. </CLSIDLIST>
  1693. <SUMMARY>CouponDeals (CDSYNC.DLL)</SUMMARY>
  1694. <DEFAULTINSTALLPATHLIST>
  1695. </DEFAULTINSTALLPATHLIST>
  1696. <CATEGORY>ADWARE</CATEGORY>
  1697. <CONDITIONLIST>
  1698. <CONDITION>COMMANDLINE~cdsync.dll</CONDITION>
  1699. </CONDITIONLIST>
  1700. <OPERATOR>AND</OPERATOR>
  1701. <THREATLEVEL>10</THREATLEVEL>
  1702. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1703. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1704. </PROCESSDESCRIPTOR>
  1705. <PROCESSDESCRIPTOR>
  1706. <ID>220</ID>
  1707. <PROCESSLIST>
  1708. <PROCESS>RUNDLL32.EXE</PROCESS>
  1709. </PROCESSLIST>
  1710. <CLSIDLIST>
  1711. </CLSIDLIST>
  1712. <SUMMARY>CouponDeals (CDISP.DLL)</SUMMARY>
  1713. <DEFAULTINSTALLPATHLIST>
  1714. </DEFAULTINSTALLPATHLIST>
  1715. <CATEGORY>ADWARE</CATEGORY>
  1716. <CONDITIONLIST>
  1717. <CONDITION>COMMANDLINE~cdisp.dll</CONDITION>
  1718. </CONDITIONLIST>
  1719. <OPERATOR>AND</OPERATOR>
  1720. <THREATLEVEL>10</THREATLEVEL>
  1721. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1722. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1723. </PROCESSDESCRIPTOR>
  1724. <PROCESSDESCRIPTOR>
  1725. <ID>221</ID>
  1726. <PROCESSLIST>
  1727. <PROCESS>RUNDLL32.EXE</PROCESS>
  1728. </PROCESSLIST>
  1729. <CLSIDLIST>
  1730. </CLSIDLIST>
  1731. <SUMMARY>CouponDeals (CDRULES.DLL)</SUMMARY>
  1732. <DEFAULTINSTALLPATHLIST>
  1733. </DEFAULTINSTALLPATHLIST>
  1734. <CATEGORY>ADWARE</CATEGORY>
  1735. <CONDITIONLIST>
  1736. <CONDITION>COMMANDLINE~cdrules.dll</CONDITION>
  1737. </CONDITIONLIST>
  1738. <OPERATOR>AND</OPERATOR>
  1739. <THREATLEVEL>10</THREATLEVEL>
  1740. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1741. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1742. </PROCESSDESCRIPTOR>
  1743. <PROCESSDESCRIPTOR>
  1744. <ID>223</ID>
  1745. <PROCESSLIST>
  1746. <PROCESS>*</PROCESS>
  1747. </PROCESSLIST>
  1748. <CLSIDLIST>
  1749. </CLSIDLIST>
  1750. <SUMMARY>Adware.BetterInternet.Process</SUMMARY>
  1751. <DEFAULTINSTALLPATHLIST>
  1752. </DEFAULTINSTALLPATHLIST>
  1753. <CATEGORY>ADWARE</CATEGORY>
  1754. <CONDITIONLIST>
  1755. <CONDITION>COMPANYNAME~BetterInternet</CONDITION>
  1756. </CONDITIONLIST>
  1757. <OPERATOR>AND</OPERATOR>
  1758. <THREATLEVEL>10</THREATLEVEL>
  1759. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1760. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1761. </PROCESSDESCRIPTOR>
  1762. <PROCESSDESCRIPTOR>
  1763. <ID>224</ID>
  1764. <PROCESSLIST>
  1765. <PROCESS>HOT_TARTS.EXE</PROCESS>
  1766. <PROCESS>HOT_TARTS_MC.EXE</PROCESS>
  1767. </PROCESSLIST>
  1768. <CLSIDLIST>
  1769. </CLSIDLIST>
  1770. <SUMMARY>Hot_tarts</SUMMARY>
  1771. <DEFAULTINSTALLPATHLIST>
  1772. </DEFAULTINSTALLPATHLIST>
  1773. <CATEGORY>DIALER</CATEGORY>
  1774. <CONDITIONLIST>
  1775. </CONDITIONLIST>
  1776. <OPERATOR>AND</OPERATOR>
  1777. <THREATLEVEL>10</THREATLEVEL>
  1778. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1779. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1780. </PROCESSDESCRIPTOR>
  1781. <PROCESSDESCRIPTOR>
  1782. <ID>225</ID>
  1783. <PROCESSLIST>
  1784. <PROCESS>*</PROCESS>
  1785. </PROCESSLIST>
  1786. <CLSIDLIST>
  1787. </CLSIDLIST>
  1788. <SUMMARY>Temp EXE</SUMMARY>
  1789. <DEFAULTINSTALLPATHLIST>
  1790. </DEFAULTINSTALLPATHLIST>
  1791. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  1792. <CONDITIONLIST>
  1793. <CONDITION>COMPANYNAME~Temp</CONDITION>
  1794. <CONDITION>INTERNALNAME~Temp Internal</CONDITION>
  1795. </CONDITIONLIST>
  1796. <OPERATOR>AND</OPERATOR>
  1797. <THREATLEVEL>10</THREATLEVEL>
  1798. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1799. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1800. </PROCESSDESCRIPTOR>
  1801. <PROCESSDESCRIPTOR>
  1802. <ID>383</ID>
  1803. <PROCESSLIST>
  1804. <PROCESS>*</PROCESS>
  1805. <PROCESS>POP225.DLL</PROCESS>
  1806. </PROCESSLIST>
  1807. <CLSIDLIST>
  1808. <CLSID>{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}</CLSID>
  1809. </CLSIDLIST>
  1810. <SUMMARY>Browser Hijacker.Apropos Media/PeopleOnPage.Toolbar</SUMMARY>
  1811. <DEFAULTINSTALLPATHLIST>
  1812. </DEFAULTINSTALLPATHLIST>
  1813. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  1814. <CONDITIONLIST>
  1815. </CONDITIONLIST>
  1816. <OPERATOR>AND</OPERATOR>
  1817. <THREATLEVEL>10</THREATLEVEL>
  1818. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1819. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1820. </PROCESSDESCRIPTOR>
  1821. <PROCESSDESCRIPTOR>
  1822. <ID>268</ID>
  1823. <PROCESSLIST>
  1824. <PROCESS>WUAMGRD.EXE</PROCESS>
  1825. </PROCESSLIST>
  1826. <CLSIDLIST>
  1827. </CLSIDLIST>
  1828. <SUMMARY>Wuamgrd Worm</SUMMARY>
  1829. <DEFAULTINSTALLPATHLIST>
  1830. </DEFAULTINSTALLPATHLIST>
  1831. <CATEGORY>VIRUS</CATEGORY>
  1832. <CONDITIONLIST>
  1833. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  1834. </CONDITIONLIST>
  1835. <OPERATOR>AND</OPERATOR>
  1836. <THREATLEVEL>10</THREATLEVEL>
  1837. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1838. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1839. </PROCESSDESCRIPTOR>
  1840. <PROCESSDESCRIPTOR>
  1841. <ID>270</ID>
  1842. <PROCESSLIST>
  1843. <PROCESS>SCVHOST.EXE</PROCESS>
  1844. </PROCESSLIST>
  1845. <CLSIDLIST>
  1846. </CLSIDLIST>
  1847. <SUMMARY>Scvhost Worm</SUMMARY>
  1848. <DEFAULTINSTALLPATHLIST>
  1849. </DEFAULTINSTALLPATHLIST>
  1850. <CATEGORY>VIRUS</CATEGORY>
  1851. <CONDITIONLIST>
  1852. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  1853. </CONDITIONLIST>
  1854. <OPERATOR>AND</OPERATOR>
  1855. <THREATLEVEL>10</THREATLEVEL>
  1856. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1857. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1858. </PROCESSDESCRIPTOR>
  1859. <PROCESSDESCRIPTOR>
  1860. <ID>282</ID>
  1861. <PROCESSLIST>
  1862. <PROCESS>EASYWWW2.EXE</PROCESS>
  1863. <PROCESS>EASYWWW.EXE</PROCESS>
  1864. </PROCESSLIST>
  1865. <CLSIDLIST>
  1866. </CLSIDLIST>
  1867. <SUMMARY>EasyWWW</SUMMARY>
  1868. <DEFAULTINSTALLPATHLIST>
  1869. </DEFAULTINSTALLPATHLIST>
  1870. <CATEGORY>ADWARE</CATEGORY>
  1871. <CONDITIONLIST>
  1872. </CONDITIONLIST>
  1873. <OPERATOR>AND</OPERATOR>
  1874. <THREATLEVEL>10</THREATLEVEL>
  1875. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  1876. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  1877. </PROCESSDESCRIPTOR>
  1878. <PROCESSDESCRIPTOR>
  1879. <ID>283</ID>
  1880. <PROCESSLIST>
  1881. <PROCESS>*</PROCESS>
  1882. </PROCESSLIST>
  1883. <CLSIDLIST>
  1884. </CLSIDLIST>
  1885. <SUMMARY>EasyWWW (Redirect) / Dot Com Toolbar</SUMMARY>
  1886. <DEFAULTINSTALLPATHLIST>
  1887. </DEFAULTINSTALLPATHLIST>
  1888. <CATEGORY>ADWARE</CATEGORY>
  1889. <CONDITIONLIST>
  1890. <CONDITION>ORIGINALFILENAME~redirect</CONDITION>
  1891. <CONDITION>INTERNALNAME~redirect</CONDITION>
  1892. <CONDITION>PRODUCTNAME~project</CONDITION>
  1893. </CONDITIONLIST>
  1894. <OPERATOR>AND</OPERATOR>
  1895. <THREATLEVEL>10</THREATLEVEL>
  1896. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  1897. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  1898. </PROCESSDESCRIPTOR>
  1899. <PROCESSDESCRIPTOR>
  1900. <ID>291</ID>
  1901. <PROCESSLIST>
  1902. <PROCESS>WINUPDT.EXE</PROCESS>
  1903. <PROCESS>WINKA.EXE</PROCESS>
  1904. </PROCESSLIST>
  1905. <CLSIDLIST>
  1906. </CLSIDLIST>
  1907. <SUMMARY>Trojan.Winupdt</SUMMARY>
  1908. <DEFAULTINSTALLPATHLIST>
  1909. </DEFAULTINSTALLPATHLIST>
  1910. <CATEGORY>TROJAN</CATEGORY>
  1911. <CONDITIONLIST>
  1912. <CONDITION>FILELOCATION~WINDUPDATES</CONDITION>
  1913. </CONDITIONLIST>
  1914. <OPERATOR>AND</OPERATOR>
  1915. <THREATLEVEL>10</THREATLEVEL>
  1916. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1917. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1918. </PROCESSDESCRIPTOR>
  1919. <PROCESSDESCRIPTOR>
  1920. <ID>309</ID>
  1921. <PROCESSLIST>
  1922. <PROCESS>CASHBACK.EXE</PROCESS>
  1923. </PROCESSLIST>
  1924. <CLSIDLIST>
  1925. </CLSIDLIST>
  1926. <SUMMARY>CashBack</SUMMARY>
  1927. <DEFAULTINSTALLPATHLIST>
  1928. </DEFAULTINSTALLPATHLIST>
  1929. <CATEGORY>ADWARE</CATEGORY>
  1930. <CONDITIONLIST>
  1931. </CONDITIONLIST>
  1932. <OPERATOR>AND</OPERATOR>
  1933. <THREATLEVEL>10</THREATLEVEL>
  1934. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1935. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1936. </PROCESSDESCRIPTOR>
  1937. <PROCESSDESCRIPTOR>
  1938. <ID>310</ID>
  1939. <PROCESSLIST>
  1940. <PROCESS>NLS.EXE</PROCESS>
  1941. </PROCESSLIST>
  1942. <CLSIDLIST>
  1943. </CLSIDLIST>
  1944. <SUMMARY>NaviSearch</SUMMARY>
  1945. <DEFAULTINSTALLPATHLIST>
  1946. </DEFAULTINSTALLPATHLIST>
  1947. <CATEGORY>ADWARE</CATEGORY>
  1948. <CONDITIONLIST>
  1949. <CONDITION>FILELOCATION~NAVISEARCH</CONDITION>
  1950. </CONDITIONLIST>
  1951. <OPERATOR>AND</OPERATOR>
  1952. <THREATLEVEL>10</THREATLEVEL>
  1953. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1954. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1955. </PROCESSDESCRIPTOR>
  1956. <PROCESSDESCRIPTOR>
  1957. <ID>313</ID>
  1958. <PROCESSLIST>
  1959. <PROCESS>TSADBOT.EXE</PROCESS>
  1960. </PROCESSLIST>
  1961. <CLSIDLIST>
  1962. </CLSIDLIST>
  1963. <SUMMARY>TimeSink (TSAdBot)</SUMMARY>
  1964. <DEFAULTINSTALLPATHLIST>
  1965. </DEFAULTINSTALLPATHLIST>
  1966. <CATEGORY>ADWARE</CATEGORY>
  1967. <CONDITIONLIST>
  1968. </CONDITIONLIST>
  1969. <OPERATOR>AND</OPERATOR>
  1970. <THREATLEVEL>10</THREATLEVEL>
  1971. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1972. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1973. </PROCESSDESCRIPTOR>
  1974. <PROCESSDESCRIPTOR>
  1975. <ID>314</ID>
  1976. <PROCESSLIST>
  1977. <PROCESS>SHOWBEHIND.EXE</PROCESS>
  1978. </PROCESSLIST>
  1979. <CLSIDLIST>
  1980. </CLSIDLIST>
  1981. <SUMMARY>ShowBehind</SUMMARY>
  1982. <DEFAULTINSTALLPATHLIST>
  1983. </DEFAULTINSTALLPATHLIST>
  1984. <CATEGORY>ADWARE</CATEGORY>
  1985. <CONDITIONLIST>
  1986. </CONDITIONLIST>
  1987. <OPERATOR>AND</OPERATOR>
  1988. <THREATLEVEL>10</THREATLEVEL>
  1989. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  1990. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  1991. </PROCESSDESCRIPTOR>
  1992. <PROCESSDESCRIPTOR>
  1993. <ID>322</ID>
  1994. <PROCESSLIST>
  1995. <PROCESS>SVCHOSTS.EXE</PROCESS>
  1996. </PROCESSLIST>
  1997. <CLSIDLIST>
  1998. </CLSIDLIST>
  1999. <SUMMARY>Svchosts</SUMMARY>
  2000. <DEFAULTINSTALLPATHLIST>
  2001. </DEFAULTINSTALLPATHLIST>
  2002. <CATEGORY>TROJAN</CATEGORY>
  2003. <CONDITIONLIST>
  2004. </CONDITIONLIST>
  2005. <OPERATOR>AND</OPERATOR>
  2006. <THREATLEVEL>10</THREATLEVEL>
  2007. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2008. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2009. </PROCESSDESCRIPTOR>
  2010. <PROCESSDESCRIPTOR>
  2011. <ID>323</ID>
  2012. <PROCESSLIST>
  2013. <PROCESS>NVSCV.EXE</PROCESS>
  2014. </PROCESSLIST>
  2015. <CLSIDLIST>
  2016. </CLSIDLIST>
  2017. <SUMMARY>Nvscv</SUMMARY>
  2018. <DEFAULTINSTALLPATHLIST>
  2019. </DEFAULTINSTALLPATHLIST>
  2020. <CATEGORY>TROJAN</CATEGORY>
  2021. <CONDITIONLIST>
  2022. </CONDITIONLIST>
  2023. <OPERATOR>AND</OPERATOR>
  2024. <THREATLEVEL>10</THREATLEVEL>
  2025. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2026. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2027. </PROCESSDESCRIPTOR>
  2028. <PROCESSDESCRIPTOR>
  2029. <ID>334</ID>
  2030. <PROCESSLIST>
  2031. <PROCESS>PIB.EXE</PROCESS>
  2032. <PROCESS>TBPS.EXE</PROCESS>
  2033. <PROCESS>TBPSSVC.EXE</PROCESS>
  2034. <PROCESS>WSG.EXE</PROCESS>
  2035. </PROCESSLIST>
  2036. <CLSIDLIST>
  2037. </CLSIDLIST>
  2038. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  2039. <DEFAULTINSTALLPATHLIST>
  2040. </DEFAULTINSTALLPATHLIST>
  2041. <CATEGORY>SPYWARE</CATEGORY>
  2042. <CONDITIONLIST>
  2043. <CONDITION>FILELOCATION~TOOLBAR</CONDITION>
  2044. </CONDITIONLIST>
  2045. <OPERATOR>AND</OPERATOR>
  2046. <THREATLEVEL>10</THREATLEVEL>
  2047. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2048. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2049. </PROCESSDESCRIPTOR>
  2050. <PROCESSDESCRIPTOR>
  2051. <ID>339</ID>
  2052. <PROCESSLIST>
  2053. <PROCESS>*</PROCESS>
  2054. <PROCESS>TOOLBAR.DLL</PROCESS>
  2055. </PROCESSLIST>
  2056. <CLSIDLIST>
  2057. <CLSID>{8952A998-1E7E-4716-B23D-3DBE03910972}</CLSID>
  2058. </CLSIDLIST>
  2059. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Toolbar</SUMMARY>
  2060. <DEFAULTINSTALLPATHLIST>
  2061. </DEFAULTINSTALLPATHLIST>
  2062. <CATEGORY>SPYWARE</CATEGORY>
  2063. <CONDITIONLIST>
  2064. </CONDITIONLIST>
  2065. <OPERATOR>AND</OPERATOR>
  2066. <THREATLEVEL>10</THREATLEVEL>
  2067. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2068. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2069. </PROCESSDESCRIPTOR>
  2070. <PROCESSDESCRIPTOR>
  2071. <ID>340</ID>
  2072. <PROCESSLIST>
  2073. <PROCESS>*</PROCESS>
  2074. <PROCESS>WTOOLSB.DLL</PROCESS>
  2075. </PROCESSLIST>
  2076. <CLSIDLIST>
  2077. <CLSID>{87766247-311C-43B4-8499-3D5FEC94A183}</CLSID>
  2078. </CLSIDLIST>
  2079. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).BHO</SUMMARY>
  2080. <DEFAULTINSTALLPATHLIST>
  2081. </DEFAULTINSTALLPATHLIST>
  2082. <CATEGORY>SPYWARE</CATEGORY>
  2083. <CONDITIONLIST>
  2084. </CONDITIONLIST>
  2085. <OPERATOR>AND</OPERATOR>
  2086. <THREATLEVEL>10</THREATLEVEL>
  2087. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2088. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2089. </PROCESSDESCRIPTOR>
  2090. <PROCESSDESCRIPTOR>
  2091. <ID>341</ID>
  2092. <PROCESSLIST>
  2093. <PROCESS>NEXTAXHA.DLL</PROCESS>
  2094. </PROCESSLIST>
  2095. <CLSIDLIST>
  2096. <CLSID>{6FAD625C-9814-50B3-8224-65550DF22B62}</CLSID>
  2097. </CLSIDLIST>
  2098. <SUMMARY>NEXTAXHA.DLL BHO</SUMMARY>
  2099. <DEFAULTINSTALLPATHLIST>
  2100. </DEFAULTINSTALLPATHLIST>
  2101. <CATEGORY>ADWARE</CATEGORY>
  2102. <CONDITIONLIST>
  2103. </CONDITIONLIST>
  2104. <OPERATOR>AND</OPERATOR>
  2105. <THREATLEVEL>10</THREATLEVEL>
  2106. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2107. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2108. </PROCESSDESCRIPTOR>
  2109. <PROCESSDESCRIPTOR>
  2110. <ID>342</ID>
  2111. <PROCESSLIST>
  2112. <PROCESS>*</PROCESS>
  2113. <PROCESS>POP225.DLL</PROCESS>
  2114. </PROCESSLIST>
  2115. <CLSIDLIST>
  2116. <CLSID>{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}</CLSID>
  2117. </CLSIDLIST>
  2118. <SUMMARY>Browser Hijacker.Apropos Media/PeopleOnPage.BHO</SUMMARY>
  2119. <DEFAULTINSTALLPATHLIST>
  2120. </DEFAULTINSTALLPATHLIST>
  2121. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2122. <CONDITIONLIST>
  2123. </CONDITIONLIST>
  2124. <OPERATOR>AND</OPERATOR>
  2125. <THREATLEVEL>10</THREATLEVEL>
  2126. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2127. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2128. </PROCESSDESCRIPTOR>
  2129. <PROCESSDESCRIPTOR>
  2130. <ID>343</ID>
  2131. <PROCESSLIST>
  2132. <PROCESS>*</PROCESS>
  2133. <PROCESS>MWSBAR.DLL</PROCESS>
  2134. </PROCESSLIST>
  2135. <CLSIDLIST>
  2136. <CLSID>{07B18EA1-A523-4961-B6BB-170DE4475CCA}</CLSID>
  2137. </CLSIDLIST>
  2138. <SUMMARY>Adware.MyWebSearch.BHO</SUMMARY>
  2139. <DEFAULTINSTALLPATHLIST>
  2140. </DEFAULTINSTALLPATHLIST>
  2141. <CATEGORY>ADWARE</CATEGORY>
  2142. <CONDITIONLIST>
  2143. </CONDITIONLIST>
  2144. <OPERATOR>AND</OPERATOR>
  2145. <THREATLEVEL>10</THREATLEVEL>
  2146. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2147. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2148. </PROCESSDESCRIPTOR>
  2149. <PROCESSDESCRIPTOR>
  2150. <ID>344</ID>
  2151. <PROCESSLIST>
  2152. <PROCESS>*</PROCESS>
  2153. <PROCESS>MWSSRCAS.DLL</PROCESS>
  2154. </PROCESSLIST>
  2155. <CLSIDLIST>
  2156. <CLSID>{00A6FAF1-072E-44CF-8957-5838F569A31D}</CLSID>
  2157. </CLSIDLIST>
  2158. <SUMMARY>Adware.MyWebSearch.BHO</SUMMARY>
  2159. <DEFAULTINSTALLPATHLIST>
  2160. </DEFAULTINSTALLPATHLIST>
  2161. <CATEGORY>ADWARE</CATEGORY>
  2162. <CONDITIONLIST>
  2163. </CONDITIONLIST>
  2164. <OPERATOR>AND</OPERATOR>
  2165. <THREATLEVEL>10</THREATLEVEL>
  2166. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2167. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2168. </PROCESSDESCRIPTOR>
  2169. <PROCESSDESCRIPTOR>
  2170. <ID>345</ID>
  2171. <PROCESSLIST>
  2172. <PROCESS>*</PROCESS>
  2173. <PROCESS>TWAINTEC.DLL</PROCESS>
  2174. </PROCESSLIST>
  2175. <CLSIDLIST>
  2176. <CLSID>{000020DD-C72E-4113-AF77-DD56626C6C42}</CLSID>
  2177. </CLSIDLIST>
  2178. <SUMMARY>TwaintecObj Class BHO</SUMMARY>
  2179. <DEFAULTINSTALLPATHLIST>
  2180. </DEFAULTINSTALLPATHLIST>
  2181. <CATEGORY>ADWARE</CATEGORY>
  2182. <CONDITIONLIST>
  2183. </CONDITIONLIST>
  2184. <OPERATOR>AND</OPERATOR>
  2185. <THREATLEVEL>10</THREATLEVEL>
  2186. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2187. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2188. </PROCESSDESCRIPTOR>
  2189. <PROCESSDESCRIPTOR>
  2190. <ID>346</ID>
  2191. <PROCESSLIST>
  2192. <PROCESS>*</PROCESS>
  2193. </PROCESSLIST>
  2194. <CLSIDLIST>
  2195. <CLSID>{00000EF1-0786-4633-87C6-1AA7A44296DA}</CLSID>
  2196. </CLSIDLIST>
  2197. <SUMMARY>F1 Organizer Class BHO</SUMMARY>
  2198. <DEFAULTINSTALLPATHLIST>
  2199. </DEFAULTINSTALLPATHLIST>
  2200. <CATEGORY>ADWARE</CATEGORY>
  2201. <CONDITIONLIST>
  2202. </CONDITIONLIST>
  2203. <OPERATOR>AND</OPERATOR>
  2204. <THREATLEVEL>10</THREATLEVEL>
  2205. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2206. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2207. </PROCESSDESCRIPTOR>
  2208. <PROCESSDESCRIPTOR>
  2209. <ID>347</ID>
  2210. <PROCESSLIST>
  2211. <PROCESS>*</PROCESS>
  2212. <PROCESS>SIDESEARCH1500.DLL</PROCESS>
  2213. </PROCESSLIST>
  2214. <CLSIDLIST>
  2215. <CLSID>{00000762-3965-4A1A-98CE-3D4BF457D4C8}</CLSID>
  2216. </CLSIDLIST>
  2217. <SUMMARY>Sidesearch BHO</SUMMARY>
  2218. <DEFAULTINSTALLPATHLIST>
  2219. </DEFAULTINSTALLPATHLIST>
  2220. <CATEGORY>ADWARE</CATEGORY>
  2221. <CONDITIONLIST>
  2222. </CONDITIONLIST>
  2223. <OPERATOR>AND</OPERATOR>
  2224. <THREATLEVEL>10</THREATLEVEL>
  2225. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2226. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2227. </PROCESSDESCRIPTOR>
  2228. <PROCESSDESCRIPTOR>
  2229. <ID>348</ID>
  2230. <PROCESSLIST>
  2231. <PROCESS>CSIE.DLL</PROCESS>
  2232. </PROCESSLIST>
  2233. <CLSIDLIST>
  2234. <CLSID>*</CLSID>
  2235. </CLSIDLIST>
  2236. <SUMMARY>Adware.ClearSearch.BHO</SUMMARY>
  2237. <DEFAULTINSTALLPATHLIST>
  2238. </DEFAULTINSTALLPATHLIST>
  2239. <CATEGORY>ADWARE</CATEGORY>
  2240. <CONDITIONLIST>
  2241. </CONDITIONLIST>
  2242. <OPERATOR>AND</OPERATOR>
  2243. <THREATLEVEL>10</THREATLEVEL>
  2244. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2245. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2246. </PROCESSDESCRIPTOR>
  2247. <PROCESSDESCRIPTOR>
  2248. <ID>349</ID>
  2249. <PROCESSLIST>
  2250. <PROCESS>CSBB.DLL</PROCESS>
  2251. </PROCESSLIST>
  2252. <CLSIDLIST>
  2253. <CLSID>*</CLSID>
  2254. <CLSID>{00000000-0000-0000-0000-000000002230}</CLSID>
  2255. <CLSID>{23E84039-3F61-4BEB-A6AE-B182A821061C}</CLSID>
  2256. </CLSIDLIST>
  2257. <SUMMARY>Adware.ClearSearch.BHO</SUMMARY>
  2258. <DEFAULTINSTALLPATHLIST>
  2259. </DEFAULTINSTALLPATHLIST>
  2260. <CATEGORY>ADWARE</CATEGORY>
  2261. <CONDITIONLIST>
  2262. <CONDITION>FILELOCATION~CSBB</CONDITION>
  2263. </CONDITIONLIST>
  2264. <OPERATOR>AND</OPERATOR>
  2265. <THREATLEVEL>10</THREATLEVEL>
  2266. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2267. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2268. </PROCESSDESCRIPTOR>
  2269. <PROCESSDESCRIPTOR>
  2270. <ID>350</ID>
  2271. <PROCESSLIST>
  2272. <PROCESS>*</PROCESS>
  2273. <PROCESS>CDSM32.DLL</PROCESS>
  2274. </PROCESSLIST>
  2275. <CLSIDLIST>
  2276. <CLSID>{965A592F-8EFA-4250-8630-7960230792F1}</CLSID>
  2277. </CLSIDLIST>
  2278. <SUMMARY>Adware.Second Thought.URL Search Hook</SUMMARY>
  2279. <DEFAULTINSTALLPATHLIST>
  2280. </DEFAULTINSTALLPATHLIST>
  2281. <CATEGORY>ADWARE</CATEGORY>
  2282. <CONDITIONLIST>
  2283. </CONDITIONLIST>
  2284. <OPERATOR>AND</OPERATOR>
  2285. <THREATLEVEL>10</THREATLEVEL>
  2286. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2287. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2288. </PROCESSDESCRIPTOR>
  2289. <PROCESSDESCRIPTOR>
  2290. <ID>351</ID>
  2291. <PROCESSLIST>
  2292. <PROCESS>SED.EXE</PROCESS>
  2293. <PROCESS>SE.EXE</PROCESS>
  2294. </PROCESSLIST>
  2295. <CLSIDLIST>
  2296. </CLSIDLIST>
  2297. <SUMMARY>Uncategorized Application</SUMMARY>
  2298. <DEFAULTINSTALLPATHLIST>
  2299. </DEFAULTINSTALLPATHLIST>
  2300. <CATEGORY>UNCATEGORIZED</CATEGORY>
  2301. <CONDITIONLIST>
  2302. <CONDITION>FILELOCATION~\SED\</CONDITION>
  2303. </CONDITIONLIST>
  2304. <OPERATOR>AND</OPERATOR>
  2305. <THREATLEVEL>10</THREATLEVEL>
  2306. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2307. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2308. </PROCESSDESCRIPTOR>
  2309. <PROCESSDESCRIPTOR>
  2310. <ID>352</ID>
  2311. <PROCESSLIST>
  2312. <PROCESS>RUNDLL32.EXE</PROCESS>
  2313. </PROCESSLIST>
  2314. <CLSIDLIST>
  2315. </CLSIDLIST>
  2316. <SUMMARY>CouponAge (CASYNC.DLL)</SUMMARY>
  2317. <DEFAULTINSTALLPATHLIST>
  2318. </DEFAULTINSTALLPATHLIST>
  2319. <CATEGORY>ADWARE</CATEGORY>
  2320. <CONDITIONLIST>
  2321. <CONDITION>COMMANDLINE~casync.dll</CONDITION>
  2322. </CONDITIONLIST>
  2323. <OPERATOR>AND</OPERATOR>
  2324. <THREATLEVEL>10</THREATLEVEL>
  2325. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2326. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2327. </PROCESSDESCRIPTOR>
  2328. <PROCESSDESCRIPTOR>
  2329. <ID>353</ID>
  2330. <PROCESSLIST>
  2331. <PROCESS>RUNDLL32.EXE</PROCESS>
  2332. </PROCESSLIST>
  2333. <CLSIDLIST>
  2334. </CLSIDLIST>
  2335. <SUMMARY>Adware.CouponAge.Process</SUMMARY>
  2336. <DEFAULTINSTALLPATHLIST>
  2337. </DEFAULTINSTALLPATHLIST>
  2338. <CATEGORY>ADWARE</CATEGORY>
  2339. <CONDITIONLIST>
  2340. <CONDITION>COMMANDLINE~cacore.dll</CONDITION>
  2341. <CONDITION>COMMANDLINE~docore.dll</CONDITION>
  2342. </CONDITIONLIST>
  2343. <OPERATOR>OR</OPERATOR>
  2344. <THREATLEVEL>10</THREATLEVEL>
  2345. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2346. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2347. </PROCESSDESCRIPTOR>
  2348. <PROCESSDESCRIPTOR>
  2349. <ID>354</ID>
  2350. <PROCESSLIST>
  2351. <PROCESS>RUNDLL32.EXE</PROCESS>
  2352. </PROCESSLIST>
  2353. <CLSIDLIST>
  2354. </CLSIDLIST>
  2355. <SUMMARY>6IO4SVC.DLL</SUMMARY>
  2356. <DEFAULTINSTALLPATHLIST>
  2357. </DEFAULTINSTALLPATHLIST>
  2358. <CATEGORY>ADWARE</CATEGORY>
  2359. <CONDITIONLIST>
  2360. <CONDITION>COMMANDLINE~6io4svc.dll</CONDITION>
  2361. </CONDITIONLIST>
  2362. <OPERATOR>AND</OPERATOR>
  2363. <THREATLEVEL>10</THREATLEVEL>
  2364. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2365. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2366. </PROCESSDESCRIPTOR>
  2367. <PROCESSDESCRIPTOR>
  2368. <ID>355</ID>
  2369. <PROCESSLIST>
  2370. <PROCESS>*</PROCESS>
  2371. </PROCESSLIST>
  2372. <CLSIDLIST>
  2373. </CLSIDLIST>
  2374. <SUMMARY>ClearSearch Loader (Variant 2)</SUMMARY>
  2375. <DEFAULTINSTALLPATHLIST>
  2376. </DEFAULTINSTALLPATHLIST>
  2377. <CATEGORY>ADWARE</CATEGORY>
  2378. <CONDITIONLIST>
  2379. <CONDITION>COMPANYNAME=ClearSearch</CONDITION>
  2380. <CONDITION>ORIGINALFILENAME=Loader.exe</CONDITION>
  2381. </CONDITIONLIST>
  2382. <OPERATOR>AND</OPERATOR>
  2383. <THREATLEVEL>10</THREATLEVEL>
  2384. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2385. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2386. </PROCESSDESCRIPTOR>
  2387. <PROCESSDESCRIPTOR>
  2388. <ID>359</ID>
  2389. <PROCESSLIST>
  2390. <PROCESS>*</PROCESS>
  2391. <PROCESS>HTCHECK2.DLL</PROCESS>
  2392. </PROCESSLIST>
  2393. <CLSIDLIST>
  2394. <CLSID>{0352960F-47BE-11D5-AB93-00D0B760B4EB}</CLSID>
  2395. </CLSIDLIST>
  2396. <SUMMARY>Cydoor (TOPicks BHO)</SUMMARY>
  2397. <DEFAULTINSTALLPATHLIST>
  2398. </DEFAULTINSTALLPATHLIST>
  2399. <CATEGORY>ADWARE</CATEGORY>
  2400. <CONDITIONLIST>
  2401. </CONDITIONLIST>
  2402. <OPERATOR>AND</OPERATOR>
  2403. <THREATLEVEL>10</THREATLEVEL>
  2404. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2405. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2406. </PROCESSDESCRIPTOR>
  2407. <PROCESSDESCRIPTOR>
  2408. <ID>360</ID>
  2409. <PROCESSLIST>
  2410. <PROCESS>*</PROCESS>
  2411. <PROCESS>TPBAR.DLL</PROCESS>
  2412. </PROCESSLIST>
  2413. <CLSIDLIST>
  2414. <CLSID>{80E81A0E-9741-4FBC-8EE3-3B78C04ADA1D}</CLSID>
  2415. </CLSIDLIST>
  2416. <SUMMARY>Cydoor (TOPicks Toolbar)</SUMMARY>
  2417. <DEFAULTINSTALLPATHLIST>
  2418. </DEFAULTINSTALLPATHLIST>
  2419. <CATEGORY>ADWARE</CATEGORY>
  2420. <CONDITIONLIST>
  2421. </CONDITIONLIST>
  2422. <OPERATOR>AND</OPERATOR>
  2423. <THREATLEVEL>10</THREATLEVEL>
  2424. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2425. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2426. </PROCESSDESCRIPTOR>
  2427. <PROCESSDESCRIPTOR>
  2428. <ID>362</ID>
  2429. <PROCESSLIST>
  2430. <PROCESS>WO.EXE</PROCESS>
  2431. </PROCESSLIST>
  2432. <CLSIDLIST>
  2433. </CLSIDLIST>
  2434. <SUMMARY>WO.EXE (EARN)</SUMMARY>
  2435. <DEFAULTINSTALLPATHLIST>
  2436. </DEFAULTINSTALLPATHLIST>
  2437. <CATEGORY>ADWARE</CATEGORY>
  2438. <CONDITIONLIST>
  2439. <CONDITION>COMPANYNAME~EARN</CONDITION>
  2440. </CONDITIONLIST>
  2441. <OPERATOR>AND</OPERATOR>
  2442. <THREATLEVEL>10</THREATLEVEL>
  2443. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2444. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2445. </PROCESSDESCRIPTOR>
  2446. <PROCESSDESCRIPTOR>
  2447. <ID>364</ID>
  2448. <PROCESSLIST>
  2449. <PROCESS>*</PROCESS>
  2450. </PROCESSLIST>
  2451. <CLSIDLIST>
  2452. </CLSIDLIST>
  2453. <SUMMARY>eXact Adversiting .EXE Component</SUMMARY>
  2454. <DEFAULTINSTALLPATHLIST>
  2455. </DEFAULTINSTALLPATHLIST>
  2456. <CATEGORY>ADWARE</CATEGORY>
  2457. <CONDITIONLIST>
  2458. <CONDITION>COMPANYNAME~eXact Advertising</CONDITION>
  2459. </CONDITIONLIST>
  2460. <OPERATOR>AND</OPERATOR>
  2461. <THREATLEVEL>10</THREATLEVEL>
  2462. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2463. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2464. </PROCESSDESCRIPTOR>
  2465. <PROCESSDESCRIPTOR>
  2466. <ID>365</ID>
  2467. <PROCESSLIST>
  2468. <PROCESS>*</PROCESS>
  2469. <PROCESS>MSBE.DLL</PROCESS>
  2470. </PROCESSLIST>
  2471. <CLSIDLIST>
  2472. <CLSID>{F4E04583-354E-4076-BE7D-ED6A80FD66DA}</CLSID>
  2473. </CLSIDLIST>
  2474. <SUMMARY>ADP UrlCatcher Class BHO</SUMMARY>
  2475. <DEFAULTINSTALLPATHLIST>
  2476. </DEFAULTINSTALLPATHLIST>
  2477. <CATEGORY>ADWARE</CATEGORY>
  2478. <CONDITIONLIST>
  2479. </CONDITIONLIST>
  2480. <OPERATOR>AND</OPERATOR>
  2481. <THREATLEVEL>10</THREATLEVEL>
  2482. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2483. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2484. </PROCESSDESCRIPTOR>
  2485. <PROCESSDESCRIPTOR>
  2486. <ID>366</ID>
  2487. <PROCESSLIST>
  2488. <PROCESS>*</PROCESS>
  2489. <PROCESS>MSCB.DLL</PROCESS>
  2490. </PROCESSLIST>
  2491. <CLSIDLIST>
  2492. <CLSID>{CE188402-6EE7-4022-8868-AB25173A3E14}</CLSID>
  2493. </CLSIDLIST>
  2494. <SUMMARY>CB UrlCatcher Class BHO</SUMMARY>
  2495. <DEFAULTINSTALLPATHLIST>
  2496. </DEFAULTINSTALLPATHLIST>
  2497. <CATEGORY>ADWARE</CATEGORY>
  2498. <CONDITIONLIST>
  2499. </CONDITIONLIST>
  2500. <OPERATOR>AND</OPERATOR>
  2501. <THREATLEVEL>10</THREATLEVEL>
  2502. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2503. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2504. </PROCESSDESCRIPTOR>
  2505. <PROCESSDESCRIPTOR>
  2506. <ID>367</ID>
  2507. <PROCESSLIST>
  2508. <PROCESS>*</PROCESS>
  2509. <PROCESS>APUC.DLL</PROCESS>
  2510. </PROCESSLIST>
  2511. <CLSIDLIST>
  2512. <CLSID>{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}</CLSID>
  2513. </CLSIDLIST>
  2514. <SUMMARY>UrlCatcher Class BHO</SUMMARY>
  2515. <DEFAULTINSTALLPATHLIST>
  2516. </DEFAULTINSTALLPATHLIST>
  2517. <CATEGORY>ADWARE</CATEGORY>
  2518. <CONDITIONLIST>
  2519. </CONDITIONLIST>
  2520. <OPERATOR>AND</OPERATOR>
  2521. <THREATLEVEL>10</THREATLEVEL>
  2522. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2523. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2524. </PROCESSDESCRIPTOR>
  2525. <PROCESSDESCRIPTOR>
  2526. <ID>368</ID>
  2527. <PROCESSLIST>
  2528. <PROCESS>*</PROCESS>
  2529. <PROCESS>TIRSRQPW.DLL</PROCESS>
  2530. </PROCESSLIST>
  2531. <CLSIDLIST>
  2532. <CLSID>{C3ED6E0C-A773-6D46-8AF5-8BA0901209CA}</CLSID>
  2533. </CLSIDLIST>
  2534. <SUMMARY>Unknown BHO</SUMMARY>
  2535. <DEFAULTINSTALLPATHLIST>
  2536. </DEFAULTINSTALLPATHLIST>
  2537. <CATEGORY>ADWARE</CATEGORY>
  2538. <CONDITIONLIST>
  2539. </CONDITIONLIST>
  2540. <OPERATOR>AND</OPERATOR>
  2541. <THREATLEVEL>10</THREATLEVEL>
  2542. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2543. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2544. </PROCESSDESCRIPTOR>
  2545. <PROCESSDESCRIPTOR>
  2546. <ID>369</ID>
  2547. <PROCESSLIST>
  2548. <PROCESS>*</PROCESS>
  2549. <PROCESS>NVMS.DLL</PROCESS>
  2550. </PROCESSLIST>
  2551. <CLSIDLIST>
  2552. <CLSID>{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}</CLSID>
  2553. </CLSIDLIST>
  2554. <SUMMARY>NLS UrlCatcher Class  BHO</SUMMARY>
  2555. <DEFAULTINSTALLPATHLIST>
  2556. </DEFAULTINSTALLPATHLIST>
  2557. <CATEGORY>ADWARE</CATEGORY>
  2558. <CONDITIONLIST>
  2559. </CONDITIONLIST>
  2560. <OPERATOR>AND</OPERATOR>
  2561. <THREATLEVEL>10</THREATLEVEL>
  2562. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2563. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2564. </PROCESSDESCRIPTOR>
  2565. <PROCESSDESCRIPTOR>
  2566. <ID>370</ID>
  2567. <PROCESSLIST>
  2568. <PROCESS>*</PROCESS>
  2569. </PROCESSLIST>
  2570. <CLSIDLIST>
  2571. <CLSID>{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}</CLSID>
  2572. </CLSIDLIST>
  2573. <SUMMARY>CExtension Object BHO</SUMMARY>
  2574. <DEFAULTINSTALLPATHLIST>
  2575. </DEFAULTINSTALLPATHLIST>
  2576. <CATEGORY>ADWARE</CATEGORY>
  2577. <CONDITIONLIST>
  2578. </CONDITIONLIST>
  2579. <OPERATOR>AND</OPERATOR>
  2580. <THREATLEVEL>10</THREATLEVEL>
  2581. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2582. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2583. </PROCESSDESCRIPTOR>
  2584. <PROCESSDESCRIPTOR>
  2585. <ID>372</ID>
  2586. <PROCESSLIST>
  2587. <PROCESS>RUNDLL32.EXE</PROCESS>
  2588. </PROCESSLIST>
  2589. <CLSIDLIST>
  2590. </CLSIDLIST>
  2591. <SUMMARY>TargetSoft (Winupd)</SUMMARY>
  2592. <DEFAULTINSTALLPATHLIST>
  2593. </DEFAULTINSTALLPATHLIST>
  2594. <CATEGORY>ADWARE</CATEGORY>
  2595. <CONDITIONLIST>
  2596. <CONDITION>COMMANDLINE~winupd.dll</CONDITION>
  2597. </CONDITIONLIST>
  2598. <OPERATOR>AND</OPERATOR>
  2599. <THREATLEVEL>10</THREATLEVEL>
  2600. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2601. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2602. </PROCESSDESCRIPTOR>
  2603. <PROCESSDESCRIPTOR>
  2604. <ID>374</ID>
  2605. <PROCESSLIST>
  2606. <PROCESS>RUNDLL32.EXE</PROCESS>
  2607. </PROCESSLIST>
  2608. <CLSIDLIST>
  2609. </CLSIDLIST>
  2610. <SUMMARY>6RO4SVC.DLL</SUMMARY>
  2611. <DEFAULTINSTALLPATHLIST>
  2612. </DEFAULTINSTALLPATHLIST>
  2613. <CATEGORY>ADWARE</CATEGORY>
  2614. <CONDITIONLIST>
  2615. <CONDITION>COMMANDLINE~6ro4svc.dll</CONDITION>
  2616. </CONDITIONLIST>
  2617. <OPERATOR>AND</OPERATOR>
  2618. <THREATLEVEL>10</THREATLEVEL>
  2619. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2620. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2621. </PROCESSDESCRIPTOR>
  2622. <PROCESSDESCRIPTOR>
  2623. <ID>376</ID>
  2624. <PROCESSLIST>
  2625. <PROCESS>RUNDLL32.EXE</PROCESS>
  2626. </PROCESSLIST>
  2627. <CLSIDLIST>
  2628. </CLSIDLIST>
  2629. <SUMMARY>2*DSRCH.DLL</SUMMARY>
  2630. <DEFAULTINSTALLPATHLIST>
  2631. </DEFAULTINSTALLPATHLIST>
  2632. <CATEGORY>ADWARE</CATEGORY>
  2633. <CONDITIONLIST>
  2634. <CONDITION>COMMANDLINE~2</CONDITION>
  2635. <CONDITION>COMMANDLINE~DSRCH.DLL</CONDITION>
  2636. <CONDITION>COMMANDLINE~UMonitor</CONDITION>
  2637. </CONDITIONLIST>
  2638. <OPERATOR>AND</OPERATOR>
  2639. <THREATLEVEL>10</THREATLEVEL>
  2640. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2641. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2642. </PROCESSDESCRIPTOR>
  2643. <PROCESSDESCRIPTOR>
  2644. <ID>377</ID>
  2645. <PROCESSLIST>
  2646. <PROCESS>RUNDLL32.EXE</PROCESS>
  2647. </PROCESSLIST>
  2648. <CLSIDLIST>
  2649. </CLSIDLIST>
  2650. <SUMMARY>COREAK.DLL</SUMMARY>
  2651. <DEFAULTINSTALLPATHLIST>
  2652. </DEFAULTINSTALLPATHLIST>
  2653. <CATEGORY>ADWARE</CATEGORY>
  2654. <CONDITIONLIST>
  2655. <CONDITION>COMMANDLINE~COREAK.DLL</CONDITION>
  2656. </CONDITIONLIST>
  2657. <OPERATOR>AND</OPERATOR>
  2658. <THREATLEVEL>10</THREATLEVEL>
  2659. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2660. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2661. </PROCESSDESCRIPTOR>
  2662. <PROCESSDESCRIPTOR>
  2663. <ID>378</ID>
  2664. <PROCESSLIST>
  2665. <PROCESS>*</PROCESS>
  2666. <PROCESS>TOOLBAR.DLL</PROCESS>
  2667. </PROCESSLIST>
  2668. <CLSIDLIST>
  2669. <CLSID>{339BB23F-A864-48C0-A59F-29EA915965EC}</CLSID>
  2670. </CLSIDLIST>
  2671. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Toolbar</SUMMARY>
  2672. <DEFAULTINSTALLPATHLIST>
  2673. </DEFAULTINSTALLPATHLIST>
  2674. <CATEGORY>SPYWARE</CATEGORY>
  2675. <CONDITIONLIST>
  2676. </CONDITIONLIST>
  2677. <OPERATOR>AND</OPERATOR>
  2678. <THREATLEVEL>10</THREATLEVEL>
  2679. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2680. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2681. </PROCESSDESCRIPTOR>
  2682. <PROCESSDESCRIPTOR>
  2683. <ID>379</ID>
  2684. <PROCESSLIST>
  2685. <PROCESS>*</PROCESS>
  2686. <PROCESS>WINB2S32.DLL</PROCESS>
  2687. </PROCESSLIST>
  2688. <CLSIDLIST>
  2689. <CLSID>{52FE5233-367C-4EFB-BDD7-0BE4D212C107}</CLSID>
  2690. </CLSIDLIST>
  2691. <SUMMARY>Browser Hijacker.Begin2Search.Toolbar</SUMMARY>
  2692. <DEFAULTINSTALLPATHLIST>
  2693. </DEFAULTINSTALLPATHLIST>
  2694. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2695. <CONDITIONLIST>
  2696. </CONDITIONLIST>
  2697. <OPERATOR>AND</OPERATOR>
  2698. <THREATLEVEL>10</THREATLEVEL>
  2699. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2700. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2701. </PROCESSDESCRIPTOR>
  2702. <PROCESSDESCRIPTOR>
  2703. <ID>380</ID>
  2704. <PROCESSLIST>
  2705. <PROCESS>*</PROCESS>
  2706. <PROCESS>WINB2S32.DLL</PROCESS>
  2707. </PROCESSLIST>
  2708. <CLSIDLIST>
  2709. <CLSID>{4D568F0F-8AC9-40AB-88B7-415134C78777}</CLSID>
  2710. </CLSIDLIST>
  2711. <SUMMARY>Browser Hijacker.Begin2Search.BHO</SUMMARY>
  2712. <DEFAULTINSTALLPATHLIST>
  2713. </DEFAULTINSTALLPATHLIST>
  2714. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2715. <CONDITIONLIST>
  2716. </CONDITIONLIST>
  2717. <OPERATOR>AND</OPERATOR>
  2718. <THREATLEVEL>10</THREATLEVEL>
  2719. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2720. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2721. </PROCESSDESCRIPTOR>
  2722. <PROCESSDESCRIPTOR>
  2723. <ID>381</ID>
  2724. <PROCESSLIST>
  2725. <PROCESS>*</PROCESS>
  2726. <PROCESS>SYSTB.DLL</PROCESS>
  2727. </PROCESSLIST>
  2728. <CLSIDLIST>
  2729. <CLSID>{01F44A8A-8C97-4325-A378-76E68DC4AB2E}</CLSID>
  2730. </CLSIDLIST>
  2731. <SUMMARY>IE Plugin Variant BHO</SUMMARY>
  2732. <DEFAULTINSTALLPATHLIST>
  2733. </DEFAULTINSTALLPATHLIST>
  2734. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2735. <CONDITIONLIST>
  2736. </CONDITIONLIST>
  2737. <OPERATOR>AND</OPERATOR>
  2738. <THREATLEVEL>10</THREATLEVEL>
  2739. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2740. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2741. </PROCESSDESCRIPTOR>
  2742. <PROCESSDESCRIPTOR>
  2743. <ID>382</ID>
  2744. <PROCESSLIST>
  2745. <PROCESS>*</PROCESS>
  2746. <PROCESS>LOCALNRD.DLL</PROCESS>
  2747. </PROCESSLIST>
  2748. <CLSIDLIST>
  2749. <CLSID>{00320615-B6C2-40A6-8F99-F1C52D674FAD}</CLSID>
  2750. </CLSIDLIST>
  2751. <SUMMARY>Transponder Parasite Variant BHO</SUMMARY>
  2752. <DEFAULTINSTALLPATHLIST>
  2753. </DEFAULTINSTALLPATHLIST>
  2754. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2755. <CONDITIONLIST>
  2756. </CONDITIONLIST>
  2757. <OPERATOR>AND</OPERATOR>
  2758. <THREATLEVEL>10</THREATLEVEL>
  2759. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2760. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2761. </PROCESSDESCRIPTOR>
  2762. <PROCESSDESCRIPTOR>
  2763. <ID>384</ID>
  2764. <PROCESSLIST>
  2765. <PROCESS>*</PROCESS>
  2766. <PROCESS>YSB.DLL</PROCESS>
  2767. </PROCESSLIST>
  2768. <CLSIDLIST>
  2769. <CLSID>{86227D9C-0EFE-4f8a-AA55-30386A3F5686}</CLSID>
  2770. </CLSIDLIST>
  2771. <SUMMARY>YourSiteBar</SUMMARY>
  2772. <DEFAULTINSTALLPATHLIST>
  2773. </DEFAULTINSTALLPATHLIST>
  2774. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2775. <CONDITIONLIST>
  2776. </CONDITIONLIST>
  2777. <OPERATOR>AND</OPERATOR>
  2778. <THREATLEVEL>10</THREATLEVEL>
  2779. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2780. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2781. </PROCESSDESCRIPTOR>
  2782. <PROCESSDESCRIPTOR>
  2783. <ID>385</ID>
  2784. <PROCESSLIST>
  2785. <PROCESS>RUNDLL32.EXE</PROCESS>
  2786. </PROCESSLIST>
  2787. <CLSIDLIST>
  2788. </CLSIDLIST>
  2789. <SUMMARY>Unknown rundll32 Adware</SUMMARY>
  2790. <DEFAULTINSTALLPATHLIST>
  2791. </DEFAULTINSTALLPATHLIST>
  2792. <CATEGORY>ADWARE</CATEGORY>
  2793. <CONDITIONLIST>
  2794. <CONDITION>COMMANDLINE~{</CONDITION>
  2795. <CONDITION>COMMANDLINE~}</CONDITION>
  2796. <CONDITION>COMMANDLINE~.DLL</CONDITION>
  2797. <CONDITION>COMMANDLINE~UMonitor</CONDITION>
  2798. <CONDITION>COMMANDLINE~,</CONDITION>
  2799. </CONDITIONLIST>
  2800. <OPERATOR>AND</OPERATOR>
  2801. <THREATLEVEL>10</THREATLEVEL>
  2802. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2803. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2804. </PROCESSDESCRIPTOR>
  2805. <PROCESSDESCRIPTOR>
  2806. <ID>386</ID>
  2807. <PROCESSLIST>
  2808. <PROCESS>*</PROCESS>
  2809. <PROCESS>POP225.DLL</PROCESS>
  2810. </PROCESSLIST>
  2811. <CLSIDLIST>
  2812. <CLSID>{7DD95801-9882-11CF-9FA9-00AA006C42C4}</CLSID>
  2813. <CLSID>{8023A3E7-AB95-4C23-8313-0BE9842CC70E}</CLSID>
  2814. </CLSIDLIST>
  2815. <SUMMARY>Browser Hijacker.Apropos Media/PeopleOnPage.Explorer Bar</SUMMARY>
  2816. <DEFAULTINSTALLPATHLIST>
  2817. </DEFAULTINSTALLPATHLIST>
  2818. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  2819. <CONDITIONLIST>
  2820. </CONDITIONLIST>
  2821. <OPERATOR>AND</OPERATOR>
  2822. <THREATLEVEL>10</THREATLEVEL>
  2823. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2824. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2825. </PROCESSDESCRIPTOR>
  2826. <PROCESSDESCRIPTOR>
  2827. <ID>387</ID>
  2828. <PROCESSLIST>
  2829. <PROCESS>FLASHTALK.EXE</PROCESS>
  2830. </PROCESSLIST>
  2831. <CLSIDLIST>
  2832. </CLSIDLIST>
  2833. <SUMMARY>FlashTalk</SUMMARY>
  2834. <DEFAULTINSTALLPATHLIST>
  2835. </DEFAULTINSTALLPATHLIST>
  2836. <CATEGORY>ADWARE</CATEGORY>
  2837. <CONDITIONLIST>
  2838. </CONDITIONLIST>
  2839. <OPERATOR>AND</OPERATOR>
  2840. <THREATLEVEL>10</THREATLEVEL>
  2841. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2842. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2843. </PROCESSDESCRIPTOR>
  2844. <PROCESSDESCRIPTOR>
  2845. <ID>388</ID>
  2846. <PROCESSLIST>
  2847. <PROCESS>*</PROCESS>
  2848. <PROCESS>SIDESEARCH1400.DLL</PROCESS>
  2849. </PROCESSLIST>
  2850. <CLSIDLIST>
  2851. <CLSID>{000007AB-7059-463E-BD44-101A1750D732}</CLSID>
  2852. </CLSIDLIST>
  2853. <SUMMARY>Adware.Lycos/SideSearch.Explorer Bar</SUMMARY>
  2854. <DEFAULTINSTALLPATHLIST>
  2855. </DEFAULTINSTALLPATHLIST>
  2856. <CATEGORY>ADWARE</CATEGORY>
  2857. <CONDITIONLIST>
  2858. </CONDITIONLIST>
  2859. <OPERATOR>AND</OPERATOR>
  2860. <THREATLEVEL>10</THREATLEVEL>
  2861. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2862. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2863. </PROCESSDESCRIPTOR>
  2864. <PROCESSDESCRIPTOR>
  2865. <ID>389</ID>
  2866. <PROCESSLIST>
  2867. <PROCESS>*</PROCESS>
  2868. <PROCESS>MWSBAR.DLL</PROCESS>
  2869. </PROCESSLIST>
  2870. <CLSIDLIST>
  2871. <CLSID>{07B18EA9-A523-4961-B6BB-170DE4475CCA}</CLSID>
  2872. </CLSIDLIST>
  2873. <SUMMARY>Adware.MyWebSearch.Toolbar</SUMMARY>
  2874. <DEFAULTINSTALLPATHLIST>
  2875. </DEFAULTINSTALLPATHLIST>
  2876. <CATEGORY>ADWARE</CATEGORY>
  2877. <CONDITIONLIST>
  2878. </CONDITIONLIST>
  2879. <OPERATOR>AND</OPERATOR>
  2880. <THREATLEVEL>10</THREATLEVEL>
  2881. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2882. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2883. </PROCESSDESCRIPTOR>
  2884. <PROCESSDESCRIPTOR>
  2885. <ID>390</ID>
  2886. <PROCESSLIST>
  2887. <PROCESS>*</PROCESS>
  2888. </PROCESSLIST>
  2889. <CLSIDLIST>
  2890. </CLSIDLIST>
  2891. <SUMMARY>Adware.eZula.Installer</SUMMARY>
  2892. <DEFAULTINSTALLPATHLIST>
  2893. </DEFAULTINSTALLPATHLIST>
  2894. <CATEGORY>ADWARE</CATEGORY>
  2895. <CONDITIONLIST>
  2896. <CONDITION>COMPANYNAME~eZula</CONDITION>
  2897. </CONDITIONLIST>
  2898. <OPERATOR>AND</OPERATOR>
  2899. <THREATLEVEL>10</THREATLEVEL>
  2900. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2901. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2902. </PROCESSDESCRIPTOR>
  2903. <PROCESSDESCRIPTOR>
  2904. <ID>391</ID>
  2905. <PROCESSLIST>
  2906. <PROCESS>*</PROCESS>
  2907. <PROCESS>DHBRWSR.EXE</PROCESS>
  2908. </PROCESSLIST>
  2909. <CLSIDLIST>
  2910. </CLSIDLIST>
  2911. <SUMMARY>DealHelper Dhbrwsr Module</SUMMARY>
  2912. <DEFAULTINSTALLPATHLIST>
  2913. </DEFAULTINSTALLPATHLIST>
  2914. <CATEGORY>ADWARE</CATEGORY>
  2915. <CONDITIONLIST>
  2916. <CONDITION>INTERNALNAME~dhbrwsr</CONDITION>
  2917. </CONDITIONLIST>
  2918. <OPERATOR>AND</OPERATOR>
  2919. <THREATLEVEL>10</THREATLEVEL>
  2920. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2921. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2922. </PROCESSDESCRIPTOR>
  2923. <PROCESSDESCRIPTOR>
  2924. <ID>392</ID>
  2925. <PROCESSLIST>
  2926. <PROCESS>*</PROCESS>
  2927. <PROCESS>SALE.EXE</PROCESS>
  2928. </PROCESSLIST>
  2929. <CLSIDLIST>
  2930. </CLSIDLIST>
  2931. <SUMMARY>Adware.180solutions/Search Assistant.Process</SUMMARY>
  2932. <DEFAULTINSTALLPATHLIST>
  2933. </DEFAULTINSTALLPATHLIST>
  2934. <CATEGORY>ADWARE</CATEGORY>
  2935. <CONDITIONLIST>
  2936. <CONDITION>COMPANYNAME~180solutions</CONDITION>
  2937. </CONDITIONLIST>
  2938. <OPERATOR>AND</OPERATOR>
  2939. <THREATLEVEL>10</THREATLEVEL>
  2940. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2941. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2942. </PROCESSDESCRIPTOR>
  2943. <PROCESSDESCRIPTOR>
  2944. <ID>393</ID>
  2945. <PROCESSLIST>
  2946. <PROCESS>*</PROCESS>
  2947. <PROCESS>DHSVR.EXE</PROCESS>
  2948. </PROCESSLIST>
  2949. <CLSIDLIST>
  2950. </CLSIDLIST>
  2951. <SUMMARY>DealHelper Dhsvr Module</SUMMARY>
  2952. <DEFAULTINSTALLPATHLIST>
  2953. </DEFAULTINSTALLPATHLIST>
  2954. <CATEGORY>ADWARE</CATEGORY>
  2955. <CONDITIONLIST>
  2956. <CONDITION>INTERNALNAME~dhsvr</CONDITION>
  2957. </CONDITIONLIST>
  2958. <OPERATOR>AND</OPERATOR>
  2959. <THREATLEVEL>10</THREATLEVEL>
  2960. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2961. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2962. </PROCESSDESCRIPTOR>
  2963. <PROCESSDESCRIPTOR>
  2964. <ID>394</ID>
  2965. <PROCESSLIST>
  2966. <PROCESS>*</PROCESS>
  2967. <PROCESS>DHUPDT.EXE</PROCESS>
  2968. </PROCESSLIST>
  2969. <CLSIDLIST>
  2970. </CLSIDLIST>
  2971. <SUMMARY>DealHelperUpdate</SUMMARY>
  2972. <DEFAULTINSTALLPATHLIST>
  2973. </DEFAULTINSTALLPATHLIST>
  2974. <CATEGORY>ADWARE</CATEGORY>
  2975. <CONDITIONLIST>
  2976. <CONDITION>INTERNALNAME~DealHelperUpdate</CONDITION>
  2977. </CONDITIONLIST>
  2978. <OPERATOR>AND</OPERATOR>
  2979. <THREATLEVEL>10</THREATLEVEL>
  2980. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  2981. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  2982. </PROCESSDESCRIPTOR>
  2983. <PROCESSDESCRIPTOR>
  2984. <ID>395</ID>
  2985. <PROCESSLIST>
  2986. <PROCESS>*</PROCESS>
  2987. <PROCESS>TVMBHO.DLL</PROCESS>
  2988. </PROCESSLIST>
  2989. <CLSIDLIST>
  2990. <CLSID>{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2}</CLSID>
  2991. </CLSIDLIST>
  2992. <SUMMARY>TV Media URL Search Hook</SUMMARY>
  2993. <DEFAULTINSTALLPATHLIST>
  2994. </DEFAULTINSTALLPATHLIST>
  2995. <CATEGORY>ADWARE</CATEGORY>
  2996. <CONDITIONLIST>
  2997. </CONDITIONLIST>
  2998. <OPERATOR>AND</OPERATOR>
  2999. <THREATLEVEL>10</THREATLEVEL>
  3000. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3001. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3002. </PROCESSDESCRIPTOR>
  3003. <PROCESSDESCRIPTOR>
  3004. <ID>533</ID>
  3005. <PROCESSLIST>
  3006. <PROCESS>*</PROCESS>
  3007. <PROCESS>(BCPC.EXE)</PROCESS>
  3008. </PROCESSLIST>
  3009. <CLSIDLIST>
  3010. </CLSIDLIST>
  3011. <SUMMARY>BCPC.EXE</SUMMARY>
  3012. <DEFAULTINSTALLPATHLIST>
  3013. </DEFAULTINSTALLPATHLIST>
  3014. <CATEGORY>ADWARE</CATEGORY>
  3015. <CONDITIONLIST>
  3016. <CONDITION>MD5=0923492530bf99be2a89d4a844d8f7c0</CONDITION>
  3017. </CONDITIONLIST>
  3018. <OPERATOR>AND</OPERATOR>
  3019. <THREATLEVEL>10</THREATLEVEL>
  3020. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3021. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3022. </PROCESSDESCRIPTOR>
  3023. <PROCESSDESCRIPTOR>
  3024. <ID>398</ID>
  3025. <PROCESSLIST>
  3026. <PROCESS>*</PROCESS>
  3027. <PROCESS>(DS3DEX.EXE)</PROCESS>
  3028. </PROCESSLIST>
  3029. <CLSIDLIST>
  3030. </CLSIDLIST>
  3031. <SUMMARY>DS3DEX.EXE</SUMMARY>
  3032. <DEFAULTINSTALLPATHLIST>
  3033. </DEFAULTINSTALLPATHLIST>
  3034. <CATEGORY>ADWARE</CATEGORY>
  3035. <CONDITIONLIST>
  3036. <CONDITION>MD5=54ea5e9d9250ecd1256c529aced07bd3</CONDITION>
  3037. </CONDITIONLIST>
  3038. <OPERATOR>AND</OPERATOR>
  3039. <THREATLEVEL>10</THREATLEVEL>
  3040. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3041. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3042. </PROCESSDESCRIPTOR>
  3043. <PROCESSDESCRIPTOR>
  3044. <ID>399</ID>
  3045. <PROCESSLIST>
  3046. <PROCESS>*</PROCESS>
  3047. <PROCESS>(ITIBS.EXE)</PROCESS>
  3048. </PROCESSLIST>
  3049. <CLSIDLIST>
  3050. </CLSIDLIST>
  3051. <SUMMARY>ITIBS.EXE</SUMMARY>
  3052. <DEFAULTINSTALLPATHLIST>
  3053. </DEFAULTINSTALLPATHLIST>
  3054. <CATEGORY>ADWARE</CATEGORY>
  3055. <CONDITIONLIST>
  3056. <CONDITION>MD5=73637525245f1d441290180b6cb7bf27</CONDITION>
  3057. </CONDITIONLIST>
  3058. <OPERATOR>AND</OPERATOR>
  3059. <THREATLEVEL>10</THREATLEVEL>
  3060. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3061. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3062. </PROCESSDESCRIPTOR>
  3063. <PROCESSDESCRIPTOR>
  3064. <ID>400</ID>
  3065. <PROCESSLIST>
  3066. <PROCESS>*</PROCESS>
  3067. <PROCESS>(BGLABOH.EXE)</PROCESS>
  3068. </PROCESSLIST>
  3069. <CLSIDLIST>
  3070. </CLSIDLIST>
  3071. <SUMMARY>Adware.180solutions/Search Assistant.Process</SUMMARY>
  3072. <DEFAULTINSTALLPATHLIST>
  3073. </DEFAULTINSTALLPATHLIST>
  3074. <CATEGORY>ADWARE</CATEGORY>
  3075. <CONDITIONLIST>
  3076. <CONDITION>MD5=bf8489ef5e9bdfc21ffd2b7de5bb546c</CONDITION>
  3077. </CONDITIONLIST>
  3078. <OPERATOR>AND</OPERATOR>
  3079. <THREATLEVEL>10</THREATLEVEL>
  3080. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3081. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3082. </PROCESSDESCRIPTOR>
  3083. <PROCESSDESCRIPTOR>
  3084. <ID>401</ID>
  3085. <PROCESSLIST>
  3086. <PROCESS>*</PROCESS>
  3087. <PROCESS>(BW.EXE)</PROCESS>
  3088. </PROCESSLIST>
  3089. <CLSIDLIST>
  3090. </CLSIDLIST>
  3091. <SUMMARY>BW.EXE Loader Application (Variant 1)</SUMMARY>
  3092. <DEFAULTINSTALLPATHLIST>
  3093. </DEFAULTINSTALLPATHLIST>
  3094. <CATEGORY>ADWARE</CATEGORY>
  3095. <CONDITIONLIST>
  3096. <CONDITION>MD5=a54f8ba1f87aa64a962a28c20205fc3b</CONDITION>
  3097. </CONDITIONLIST>
  3098. <OPERATOR>AND</OPERATOR>
  3099. <THREATLEVEL>10</THREATLEVEL>
  3100. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3101. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3102. </PROCESSDESCRIPTOR>
  3103. <PROCESSDESCRIPTOR>
  3104. <ID>402</ID>
  3105. <PROCESSLIST>
  3106. <PROCESS>*</PROCESS>
  3107. <PROCESS>(FOUQCOB.EXE)</PROCESS>
  3108. </PROCESSLIST>
  3109. <CLSIDLIST>
  3110. </CLSIDLIST>
  3111. <SUMMARY>FOUQCOB.EXE</SUMMARY>
  3112. <DEFAULTINSTALLPATHLIST>
  3113. </DEFAULTINSTALLPATHLIST>
  3114. <CATEGORY>ADWARE</CATEGORY>
  3115. <CONDITIONLIST>
  3116. <CONDITION>MD5=b65324bcdc08c1dedca9fa77cd20b5bc</CONDITION>
  3117. </CONDITIONLIST>
  3118. <OPERATOR>AND</OPERATOR>
  3119. <THREATLEVEL>10</THREATLEVEL>
  3120. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3121. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3122. </PROCESSDESCRIPTOR>
  3123. <PROCESSDESCRIPTOR>
  3124. <ID>403</ID>
  3125. <PROCESSLIST>
  3126. <PROCESS>*</PROCESS>
  3127. <PROCESS>(LAPCEDIT.EXE)</PROCESS>
  3128. </PROCESSLIST>
  3129. <CLSIDLIST>
  3130. </CLSIDLIST>
  3131. <SUMMARY>LAPCEDIT.EXE</SUMMARY>
  3132. <DEFAULTINSTALLPATHLIST>
  3133. </DEFAULTINSTALLPATHLIST>
  3134. <CATEGORY>ADWARE</CATEGORY>
  3135. <CONDITIONLIST>
  3136. <CONDITION>MD5=9a3de9c6392d6b20d9aa8ccb573895fd</CONDITION>
  3137. </CONDITIONLIST>
  3138. <OPERATOR>AND</OPERATOR>
  3139. <THREATLEVEL>10</THREATLEVEL>
  3140. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3141. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3142. </PROCESSDESCRIPTOR>
  3143. <PROCESSDESCRIPTOR>
  3144. <ID>404</ID>
  3145. <PROCESSLIST>
  3146. <PROCESS>*</PROCESS>
  3147. <PROCESS>(SBKFAH.EXE)</PROCESS>
  3148. </PROCESSLIST>
  3149. <CLSIDLIST>
  3150. </CLSIDLIST>
  3151. <SUMMARY>SBKFAH.EXE</SUMMARY>
  3152. <DEFAULTINSTALLPATHLIST>
  3153. </DEFAULTINSTALLPATHLIST>
  3154. <CATEGORY>ADWARE</CATEGORY>
  3155. <CONDITIONLIST>
  3156. <CONDITION>MD5=bf8489ef5e9bdfc21ffd2b7de5bb546c</CONDITION>
  3157. </CONDITIONLIST>
  3158. <OPERATOR>AND</OPERATOR>
  3159. <THREATLEVEL>10</THREATLEVEL>
  3160. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3161. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3162. </PROCESSDESCRIPTOR>
  3163. <PROCESSDESCRIPTOR>
  3164. <ID>406</ID>
  3165. <PROCESSLIST>
  3166. <PROCESS>*</PROCESS>
  3167. <PROCESS>SEARCH~1.DLL</PROCESS>
  3168. </PROCESSLIST>
  3169. <CLSIDLIST>
  3170. <CLSID>{907CA0E5-CE84-11D6-9508-02608CDD2846}</CLSID>
  3171. </CLSIDLIST>
  3172. <SUMMARY>SearchSquire BHO</SUMMARY>
  3173. <DEFAULTINSTALLPATHLIST>
  3174. </DEFAULTINSTALLPATHLIST>
  3175. <CATEGORY>ADWARE</CATEGORY>
  3176. <CONDITIONLIST>
  3177. </CONDITIONLIST>
  3178. <OPERATOR>AND</OPERATOR>
  3179. <THREATLEVEL>10</THREATLEVEL>
  3180. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3181. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3182. </PROCESSDESCRIPTOR>
  3183. <PROCESSDESCRIPTOR>
  3184. <ID>407</ID>
  3185. <PROCESSLIST>
  3186. <PROCESS>*</PROCESS>
  3187. <PROCESS>MXTARGET.DLL</PROCESS>
  3188. </PROCESSLIST>
  3189. <CLSIDLIST>
  3190. <CLSID>{0000607D-D204-42C7-8E46-216055BF9918}</CLSID>
  3191. </CLSIDLIST>
  3192. <SUMMARY>www.mx-targeting.com BHO</SUMMARY>
  3193. <DEFAULTINSTALLPATHLIST>
  3194. </DEFAULTINSTALLPATHLIST>
  3195. <CATEGORY>ADWARE</CATEGORY>
  3196. <CONDITIONLIST>
  3197. </CONDITIONLIST>
  3198. <OPERATOR>AND</OPERATOR>
  3199. <THREATLEVEL>10</THREATLEVEL>
  3200. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3201. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3202. </PROCESSDESCRIPTOR>
  3203. <PROCESSDESCRIPTOR>
  3204. <ID>408</ID>
  3205. <PROCESSLIST>
  3206. <PROCESS>*</PROCESS>
  3207. <PROCESS>MYBAR.DLL</PROCESS>
  3208. </PROCESSLIST>
  3209. <CLSIDLIST>
  3210. <CLSID>{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}</CLSID>
  3211. <CLSID>{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}</CLSID>
  3212. </CLSIDLIST>
  3213. <SUMMARY>MySearch Toolbar</SUMMARY>
  3214. <DEFAULTINSTALLPATHLIST>
  3215. </DEFAULTINSTALLPATHLIST>
  3216. <CATEGORY>ADWARE</CATEGORY>
  3217. <CONDITIONLIST>
  3218. </CONDITIONLIST>
  3219. <OPERATOR>AND</OPERATOR>
  3220. <THREATLEVEL>10</THREATLEVEL>
  3221. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3222. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3223. </PROCESSDESCRIPTOR>
  3224. <PROCESSDESCRIPTOR>
  3225. <ID>409</ID>
  3226. <PROCESSLIST>
  3227. <PROCESS>*</PROCESS>
  3228. <PROCESS>(PYTPUI.EXE)</PROCESS>
  3229. </PROCESSLIST>
  3230. <CLSIDLIST>
  3231. </CLSIDLIST>
  3232. <SUMMARY>PYTPUI.EXE</SUMMARY>
  3233. <DEFAULTINSTALLPATHLIST>
  3234. </DEFAULTINSTALLPATHLIST>
  3235. <CATEGORY>ADWARE</CATEGORY>
  3236. <CONDITIONLIST>
  3237. <CONDITION>MD5=cff892b5b63bb48704f5191ceed780d5</CONDITION>
  3238. </CONDITIONLIST>
  3239. <OPERATOR>AND</OPERATOR>
  3240. <THREATLEVEL>10</THREATLEVEL>
  3241. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3242. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3243. </PROCESSDESCRIPTOR>
  3244. <PROCESSDESCRIPTOR>
  3245. <ID>411</ID>
  3246. <PROCESSLIST>
  3247. <PROCESS>*</PROCESS>
  3248. <PROCESS>(ONGMLSH.EXE)</PROCESS>
  3249. </PROCESSLIST>
  3250. <CLSIDLIST>
  3251. </CLSIDLIST>
  3252. <SUMMARY>ONGMLSH.EXE</SUMMARY>
  3253. <DEFAULTINSTALLPATHLIST>
  3254. </DEFAULTINSTALLPATHLIST>
  3255. <CATEGORY>ADWARE</CATEGORY>
  3256. <CONDITIONLIST>
  3257. <CONDITION>MD5=4a6f54fc8c38e46363f4465a718cbbdc</CONDITION>
  3258. </CONDITIONLIST>
  3259. <OPERATOR>AND</OPERATOR>
  3260. <THREATLEVEL>10</THREATLEVEL>
  3261. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3262. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3263. </PROCESSDESCRIPTOR>
  3264. <PROCESSDESCRIPTOR>
  3265. <ID>412</ID>
  3266. <PROCESSLIST>
  3267. <PROCESS>*</PROCESS>
  3268. <PROCESS>(JWVPPC.EXE)</PROCESS>
  3269. </PROCESSLIST>
  3270. <CLSIDLIST>
  3271. </CLSIDLIST>
  3272. <SUMMARY>JWVPPC.EXE</SUMMARY>
  3273. <DEFAULTINSTALLPATHLIST>
  3274. </DEFAULTINSTALLPATHLIST>
  3275. <CATEGORY>ADWARE</CATEGORY>
  3276. <CONDITIONLIST>
  3277. <CONDITION>MD5=e37cb1e20ba8db50e572fc801d3c9e5e</CONDITION>
  3278. </CONDITIONLIST>
  3279. <OPERATOR>AND</OPERATOR>
  3280. <THREATLEVEL>10</THREATLEVEL>
  3281. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3282. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3283. </PROCESSDESCRIPTOR>
  3284. <PROCESSDESCRIPTOR>
  3285. <ID>413</ID>
  3286. <PROCESSLIST>
  3287. <PROCESS>*</PROCESS>
  3288. <PROCESS>(JWVPPD.EXE)</PROCESS>
  3289. </PROCESSLIST>
  3290. <CLSIDLIST>
  3291. </CLSIDLIST>
  3292. <SUMMARY>JWVPPD.EXE</SUMMARY>
  3293. <DEFAULTINSTALLPATHLIST>
  3294. </DEFAULTINSTALLPATHLIST>
  3295. <CATEGORY>ADWARE</CATEGORY>
  3296. <CONDITIONLIST>
  3297. <CONDITION>MD5=60c11ea56a17dee28be6572380f23992</CONDITION>
  3298. </CONDITIONLIST>
  3299. <OPERATOR>AND</OPERATOR>
  3300. <THREATLEVEL>10</THREATLEVEL>
  3301. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3302. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3303. </PROCESSDESCRIPTOR>
  3304. <PROCESSDESCRIPTOR>
  3305. <ID>414</ID>
  3306. <PROCESSLIST>
  3307. <PROCESS>*</PROCESS>
  3308. <PROCESS>(TIMESYNCHRONIZE.EXE)</PROCESS>
  3309. </PROCESSLIST>
  3310. <CLSIDLIST>
  3311. </CLSIDLIST>
  3312. <SUMMARY>DealHelper (TIMESYNCHRONIZE.EXE)</SUMMARY>
  3313. <DEFAULTINSTALLPATHLIST>
  3314. </DEFAULTINSTALLPATHLIST>
  3315. <CATEGORY>ADWARE</CATEGORY>
  3316. <CONDITIONLIST>
  3317. <CONDITION>MD5=53fa6bc4a5dc05b17149b5580ef19c2a</CONDITION>
  3318. </CONDITIONLIST>
  3319. <OPERATOR>AND</OPERATOR>
  3320. <THREATLEVEL>10</THREATLEVEL>
  3321. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3322. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3323. </PROCESSDESCRIPTOR>
  3324. <PROCESSDESCRIPTOR>
  3325. <ID>415</ID>
  3326. <PROCESSLIST>
  3327. <PROCESS>*</PROCESS>
  3328. <PROCESS>(TXDESUF.EXE)</PROCESS>
  3329. </PROCESSLIST>
  3330. <CLSIDLIST>
  3331. </CLSIDLIST>
  3332. <SUMMARY>TXDESUF.EXE</SUMMARY>
  3333. <DEFAULTINSTALLPATHLIST>
  3334. </DEFAULTINSTALLPATHLIST>
  3335. <CATEGORY>ADWARE</CATEGORY>
  3336. <CONDITIONLIST>
  3337. <CONDITION>MD5=a0be820de580145f3cf9813178663d8a</CONDITION>
  3338. </CONDITIONLIST>
  3339. <OPERATOR>AND</OPERATOR>
  3340. <THREATLEVEL>10</THREATLEVEL>
  3341. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3342. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3343. </PROCESSDESCRIPTOR>
  3344. <PROCESSDESCRIPTOR>
  3345. <ID>416</ID>
  3346. <PROCESSLIST>
  3347. <PROCESS>*</PROCESS>
  3348. <PROCESS>(SHOPINST.EXE)</PROCESS>
  3349. </PROCESSLIST>
  3350. <CLSIDLIST>
  3351. </CLSIDLIST>
  3352. <SUMMARY>SHOPINST.EXE</SUMMARY>
  3353. <DEFAULTINSTALLPATHLIST>
  3354. </DEFAULTINSTALLPATHLIST>
  3355. <CATEGORY>ADWARE</CATEGORY>
  3356. <CONDITIONLIST>
  3357. <CONDITION>MD5=3bd34e4a37c44a07c72687d559bc2bc0</CONDITION>
  3358. </CONDITIONLIST>
  3359. <OPERATOR>AND</OPERATOR>
  3360. <THREATLEVEL>10</THREATLEVEL>
  3361. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3362. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3363. </PROCESSDESCRIPTOR>
  3364. <PROCESSDESCRIPTOR>
  3365. <ID>417</ID>
  3366. <PROCESSLIST>
  3367. <PROCESS>CXTPLS_LOADER.EXE</PROCESS>
  3368. <PROCESS>CXTPLS_LOADER_FF.EXE</PROCESS>
  3369. <PROCESS>CXTPLS~1.EXE</PROCESS>
  3370. </PROCESSLIST>
  3371. <CLSIDLIST>
  3372. </CLSIDLIST>
  3373. <SUMMARY>Adware.Apropos Media/CxtPls.Process</SUMMARY>
  3374. <DEFAULTINSTALLPATHLIST>
  3375. </DEFAULTINSTALLPATHLIST>
  3376. <CATEGORY>ADWARE</CATEGORY>
  3377. <CONDITIONLIST>
  3378. </CONDITIONLIST>
  3379. <OPERATOR>AND</OPERATOR>
  3380. <THREATLEVEL>10</THREATLEVEL>
  3381. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3382. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3383. </PROCESSDESCRIPTOR>
  3384. <PROCESSDESCRIPTOR>
  3385. <ID>418</ID>
  3386. <PROCESSLIST>
  3387. <PROCESS>*</PROCESS>
  3388. <PROCESS>(BS5-TSRKQN.EXE)</PROCESS>
  3389. </PROCESSLIST>
  3390. <CLSIDLIST>
  3391. </CLSIDLIST>
  3392. <SUMMARY>BS5-TSRKQN.EXE</SUMMARY>
  3393. <DEFAULTINSTALLPATHLIST>
  3394. </DEFAULTINSTALLPATHLIST>
  3395. <CATEGORY>ADWARE</CATEGORY>
  3396. <CONDITIONLIST>
  3397. <CONDITION>MD5=b9f717215c98db6b1a9e7b3e87588dd8</CONDITION>
  3398. </CONDITIONLIST>
  3399. <OPERATOR>AND</OPERATOR>
  3400. <THREATLEVEL>10</THREATLEVEL>
  3401. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3402. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3403. </PROCESSDESCRIPTOR>
  3404. <PROCESSDESCRIPTOR>
  3405. <ID>419</ID>
  3406. <PROCESSLIST>
  3407. <PROCESS>*</PROCESS>
  3408. <PROCESS>(2517040824.EXE)</PROCESS>
  3409. </PROCESSLIST>
  3410. <CLSIDLIST>
  3411. </CLSIDLIST>
  3412. <SUMMARY>2517040824.EXE</SUMMARY>
  3413. <DEFAULTINSTALLPATHLIST>
  3414. </DEFAULTINSTALLPATHLIST>
  3415. <CATEGORY>ADWARE</CATEGORY>
  3416. <CONDITIONLIST>
  3417. <CONDITION>MD5=15e3862ad2c276c4275bc0c812499995</CONDITION>
  3418. </CONDITIONLIST>
  3419. <OPERATOR>AND</OPERATOR>
  3420. <THREATLEVEL>10</THREATLEVEL>
  3421. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3422. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3423. </PROCESSDESCRIPTOR>
  3424. <PROCESSDESCRIPTOR>
  3425. <ID>420</ID>
  3426. <PROCESSLIST>
  3427. <PROCESS>*</PROCESS>
  3428. <PROCESS>(2504040901.EXE)</PROCESS>
  3429. </PROCESSLIST>
  3430. <CLSIDLIST>
  3431. </CLSIDLIST>
  3432. <SUMMARY>2504040901.EXE</SUMMARY>
  3433. <DEFAULTINSTALLPATHLIST>
  3434. </DEFAULTINSTALLPATHLIST>
  3435. <CATEGORY>ADWARE</CATEGORY>
  3436. <CONDITIONLIST>
  3437. <CONDITION>MD5=256ba9c85a9899e6bb7ca3f7d911302c</CONDITION>
  3438. </CONDITIONLIST>
  3439. <OPERATOR>AND</OPERATOR>
  3440. <THREATLEVEL>10</THREATLEVEL>
  3441. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3442. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3443. </PROCESSDESCRIPTOR>
  3444. <PROCESSDESCRIPTOR>
  3445. <ID>421</ID>
  3446. <PROCESSLIST>
  3447. <PROCESS>*</PROCESS>
  3448. <PROCESS>(STC.EXE)</PROCESS>
  3449. </PROCESSLIST>
  3450. <CLSIDLIST>
  3451. </CLSIDLIST>
  3452. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  3453. <DEFAULTINSTALLPATHLIST>
  3454. </DEFAULTINSTALLPATHLIST>
  3455. <CATEGORY>ADWARE</CATEGORY>
  3456. <CONDITIONLIST>
  3457. <CONDITION>MD5=9f728d660a67fdb4fe896283194140aa</CONDITION>
  3458. </CONDITIONLIST>
  3459. <OPERATOR>AND</OPERATOR>
  3460. <THREATLEVEL>10</THREATLEVEL>
  3461. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3462. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3463. </PROCESSDESCRIPTOR>
  3464. <PROCESSDESCRIPTOR>
  3465. <ID>422</ID>
  3466. <PROCESSLIST>
  3467. <PROCESS>*</PROCESS>
  3468. <PROCESS>(BUNDLES53.EXE)</PROCESS>
  3469. </PROCESSLIST>
  3470. <CLSIDLIST>
  3471. </CLSIDLIST>
  3472. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  3473. <DEFAULTINSTALLPATHLIST>
  3474. </DEFAULTINSTALLPATHLIST>
  3475. <CATEGORY>ADWARE</CATEGORY>
  3476. <CONDITIONLIST>
  3477. <CONDITION>MD5=8ab01040b344389e218b9bb9661d82f0</CONDITION>
  3478. </CONDITIONLIST>
  3479. <OPERATOR>AND</OPERATOR>
  3480. <THREATLEVEL>10</THREATLEVEL>
  3481. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3482. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3483. </PROCESSDESCRIPTOR>
  3484. <PROCESSDESCRIPTOR>
  3485. <ID>423</ID>
  3486. <PROCESSLIST>
  3487. <PROCESS>*</PROCESS>
  3488. <PROCESS>(BUNDLES118.EXE)</PROCESS>
  3489. </PROCESSLIST>
  3490. <CLSIDLIST>
  3491. </CLSIDLIST>
  3492. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  3493. <DEFAULTINSTALLPATHLIST>
  3494. </DEFAULTINSTALLPATHLIST>
  3495. <CATEGORY>ADWARE</CATEGORY>
  3496. <CONDITIONLIST>
  3497. <CONDITION>MD5=75dafd13a33ef0e954765a06511b9eec</CONDITION>
  3498. </CONDITIONLIST>
  3499. <OPERATOR>AND</OPERATOR>
  3500. <THREATLEVEL>10</THREATLEVEL>
  3501. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3502. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3503. </PROCESSDESCRIPTOR>
  3504. <PROCESSDESCRIPTOR>
  3505. <ID>424</ID>
  3506. <PROCESSLIST>
  3507. <PROCESS>*</PROCESS>
  3508. <PROCESS>(BUNDLES.EXE)</PROCESS>
  3509. </PROCESSLIST>
  3510. <CLSIDLIST>
  3511. </CLSIDLIST>
  3512. <SUMMARY>BUNDLES.EXE</SUMMARY>
  3513. <DEFAULTINSTALLPATHLIST>
  3514. </DEFAULTINSTALLPATHLIST>
  3515. <CATEGORY>ADWARE</CATEGORY>
  3516. <CONDITIONLIST>
  3517. <CONDITION>MD5=194da93fe5b56abdbad5ef5f3793fc21</CONDITION>
  3518. </CONDITIONLIST>
  3519. <OPERATOR>AND</OPERATOR>
  3520. <THREATLEVEL>10</THREATLEVEL>
  3521. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3522. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3523. </PROCESSDESCRIPTOR>
  3524. <PROCESSDESCRIPTOR>
  3525. <ID>425</ID>
  3526. <PROCESSLIST>
  3527. <PROCESS>*</PROCESS>
  3528. <PROCESS>(BUNDLEOUTER2601031121.EXE)</PROCESS>
  3529. </PROCESSLIST>
  3530. <CLSIDLIST>
  3531. </CLSIDLIST>
  3532. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  3533. <DEFAULTINSTALLPATHLIST>
  3534. </DEFAULTINSTALLPATHLIST>
  3535. <CATEGORY>ADWARE</CATEGORY>
  3536. <CONDITIONLIST>
  3537. <CONDITION>MD5=af1a9729003872341d84c5596c2e75ac</CONDITION>
  3538. </CONDITIONLIST>
  3539. <OPERATOR>AND</OPERATOR>
  3540. <THREATLEVEL>10</THREATLEVEL>
  3541. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3542. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3543. </PROCESSDESCRIPTOR>
  3544. <PROCESSDESCRIPTOR>
  3545. <ID>426</ID>
  3546. <PROCESSLIST>
  3547. <PROCESS>*</PROCESS>
  3548. <PROCESS>(BDL14108.EXE)</PROCESS>
  3549. </PROCESSLIST>
  3550. <CLSIDLIST>
  3551. </CLSIDLIST>
  3552. <SUMMARY>BDL14108.EXE</SUMMARY>
  3553. <DEFAULTINSTALLPATHLIST>
  3554. </DEFAULTINSTALLPATHLIST>
  3555. <CATEGORY>ADWARE</CATEGORY>
  3556. <CONDITIONLIST>
  3557. <CONDITION>MD5=f9531200c381331a6fe0a59dbcfeb55e</CONDITION>
  3558. </CONDITIONLIST>
  3559. <OPERATOR>AND</OPERATOR>
  3560. <THREATLEVEL>10</THREATLEVEL>
  3561. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3562. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3563. </PROCESSDESCRIPTOR>
  3564. <PROCESSDESCRIPTOR>
  3565. <ID>427</ID>
  3566. <PROCESSLIST>
  3567. <PROCESS>*</PROCESS>
  3568. <PROCESS>(GLB1.TMP)</PROCESS>
  3569. </PROCESSLIST>
  3570. <CLSIDLIST>
  3571. </CLSIDLIST>
  3572. <SUMMARY>GLB1.TMP</SUMMARY>
  3573. <DEFAULTINSTALLPATHLIST>
  3574. </DEFAULTINSTALLPATHLIST>
  3575. <CATEGORY>ADWARE</CATEGORY>
  3576. <CONDITIONLIST>
  3577. <CONDITION>MD5=383c48d85f10760530de08679220613e</CONDITION>
  3578. </CONDITIONLIST>
  3579. <OPERATOR>AND</OPERATOR>
  3580. <THREATLEVEL>10</THREATLEVEL>
  3581. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3582. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3583. </PROCESSDESCRIPTOR>
  3584. <PROCESSDESCRIPTOR>
  3585. <ID>428</ID>
  3586. <PROCESSLIST>
  3587. <PROCESS>*</PROCESS>
  3588. <PROCESS>(GLB2E.TMP)</PROCESS>
  3589. </PROCESSLIST>
  3590. <CLSIDLIST>
  3591. </CLSIDLIST>
  3592. <SUMMARY>GLB2E.TMP</SUMMARY>
  3593. <DEFAULTINSTALLPATHLIST>
  3594. </DEFAULTINSTALLPATHLIST>
  3595. <CATEGORY>ADWARE</CATEGORY>
  3596. <CONDITIONLIST>
  3597. <CONDITION>MD5=96d162ed3bd1b4a4a45b0b7a44b66c51</CONDITION>
  3598. </CONDITIONLIST>
  3599. <OPERATOR>AND</OPERATOR>
  3600. <THREATLEVEL>10</THREATLEVEL>
  3601. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3602. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3603. </PROCESSDESCRIPTOR>
  3604. <PROCESSDESCRIPTOR>
  3605. <ID>429</ID>
  3606. <PROCESSLIST>
  3607. <PROCESS>*</PROCESS>
  3608. <PROCESS>(GLB32.TMP)</PROCESS>
  3609. </PROCESSLIST>
  3610. <CLSIDLIST>
  3611. </CLSIDLIST>
  3612. <SUMMARY>GLB32.TMP</SUMMARY>
  3613. <DEFAULTINSTALLPATHLIST>
  3614. </DEFAULTINSTALLPATHLIST>
  3615. <CATEGORY>ADWARE</CATEGORY>
  3616. <CONDITIONLIST>
  3617. <CONDITION>MD5=65dba6dd9dd5408d877f2bdf346896db</CONDITION>
  3618. </CONDITIONLIST>
  3619. <OPERATOR>AND</OPERATOR>
  3620. <THREATLEVEL>10</THREATLEVEL>
  3621. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3622. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3623. </PROCESSDESCRIPTOR>
  3624. <PROCESSDESCRIPTOR>
  3625. <ID>430</ID>
  3626. <PROCESSLIST>
  3627. <PROCESS>*</PROCESS>
  3628. <PROCESS>(GLB3F.TMP)</PROCESS>
  3629. </PROCESSLIST>
  3630. <CLSIDLIST>
  3631. </CLSIDLIST>
  3632. <SUMMARY>GLB3F.TMP</SUMMARY>
  3633. <DEFAULTINSTALLPATHLIST>
  3634. </DEFAULTINSTALLPATHLIST>
  3635. <CATEGORY>ADWARE</CATEGORY>
  3636. <CONDITIONLIST>
  3637. <CONDITION>MD5=f5302767862bd7ccce8cb9074e91b614</CONDITION>
  3638. </CONDITIONLIST>
  3639. <OPERATOR>AND</OPERATOR>
  3640. <THREATLEVEL>10</THREATLEVEL>
  3641. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3642. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3643. </PROCESSDESCRIPTOR>
  3644. <PROCESSDESCRIPTOR>
  3645. <ID>431</ID>
  3646. <PROCESSLIST>
  3647. <PROCESS>*</PROCESS>
  3648. <PROCESS>(FREEBIRD.EXE)</PROCESS>
  3649. </PROCESSLIST>
  3650. <CLSIDLIST>
  3651. </CLSIDLIST>
  3652. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3653. <DEFAULTINSTALLPATHLIST>
  3654. </DEFAULTINSTALLPATHLIST>
  3655. <CATEGORY>ADWARE</CATEGORY>
  3656. <CONDITIONLIST>
  3657. <CONDITION>MD5=b3feda7a21598a9916da44ab9345658f</CONDITION>
  3658. </CONDITIONLIST>
  3659. <OPERATOR>AND</OPERATOR>
  3660. <THREATLEVEL>10</THREATLEVEL>
  3661. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3662. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3663. </PROCESSDESCRIPTOR>
  3664. <PROCESSDESCRIPTOR>
  3665. <ID>432</ID>
  3666. <PROCESSLIST>
  3667. <PROCESS>*</PROCESS>
  3668. <PROCESS>(OBJ WMA.EXE)</PROCESS>
  3669. </PROCESSLIST>
  3670. <CLSIDLIST>
  3671. </CLSIDLIST>
  3672. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3673. <DEFAULTINSTALLPATHLIST>
  3674. </DEFAULTINSTALLPATHLIST>
  3675. <CATEGORY>ADWARE</CATEGORY>
  3676. <CONDITIONLIST>
  3677. <CONDITION>MD5=37478a6705dddd208fbbdb69a8b393f8</CONDITION>
  3678. </CONDITIONLIST>
  3679. <OPERATOR>AND</OPERATOR>
  3680. <THREATLEVEL>10</THREATLEVEL>
  3681. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3682. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3683. </PROCESSDESCRIPTOR>
  3684. <PROCESSDESCRIPTOR>
  3685. <ID>433</ID>
  3686. <PROCESSLIST>
  3687. <PROCESS>*</PROCESS>
  3688. <PROCESS>(SEARCHUPGRADER.EXE)</PROCESS>
  3689. </PROCESSLIST>
  3690. <CLSIDLIST>
  3691. </CLSIDLIST>
  3692. <SUMMARY>SEARCHUPGRADER.EXE</SUMMARY>
  3693. <DEFAULTINSTALLPATHLIST>
  3694. </DEFAULTINSTALLPATHLIST>
  3695. <CATEGORY>ADWARE</CATEGORY>
  3696. <CONDITIONLIST>
  3697. <CONDITION>MD5=2441d14b86f145357229070811601c01</CONDITION>
  3698. </CONDITIONLIST>
  3699. <OPERATOR>AND</OPERATOR>
  3700. <THREATLEVEL>10</THREATLEVEL>
  3701. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3702. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3703. </PROCESSDESCRIPTOR>
  3704. <PROCESSDESCRIPTOR>
  3705. <ID>434</ID>
  3706. <PROCESSLIST>
  3707. <PROCESS>*</PROCESS>
  3708. <PROCESS>(VERN16.EXE)</PROCESS>
  3709. </PROCESSLIST>
  3710. <CLSIDLIST>
  3711. </CLSIDLIST>
  3712. <SUMMARY>VERN16.EXE</SUMMARY>
  3713. <DEFAULTINSTALLPATHLIST>
  3714. </DEFAULTINSTALLPATHLIST>
  3715. <CATEGORY>ADWARE</CATEGORY>
  3716. <CONDITIONLIST>
  3717. <CONDITION>MD5=f4b4fb33b2de3fab5c0c8b6c25cc4e5f</CONDITION>
  3718. </CONDITIONLIST>
  3719. <OPERATOR>AND</OPERATOR>
  3720. <THREATLEVEL>10</THREATLEVEL>
  3721. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3722. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3723. </PROCESSDESCRIPTOR>
  3724. <PROCESSDESCRIPTOR>
  3725. <ID>435</ID>
  3726. <PROCESSLIST>
  3727. <PROCESS>*</PROCESS>
  3728. <PROCESS>(SETUP_SILENT_17086.EXE)</PROCESS>
  3729. </PROCESSLIST>
  3730. <CLSIDLIST>
  3731. </CLSIDLIST>
  3732. <SUMMARY>SETUP_SILENT_17086.EXE</SUMMARY>
  3733. <DEFAULTINSTALLPATHLIST>
  3734. </DEFAULTINSTALLPATHLIST>
  3735. <CATEGORY>ADWARE</CATEGORY>
  3736. <CONDITIONLIST>
  3737. <CONDITION>MD5=394bd31f1aec8f769fdec2d5cf5be8d2</CONDITION>
  3738. </CONDITIONLIST>
  3739. <OPERATOR>AND</OPERATOR>
  3740. <THREATLEVEL>10</THREATLEVEL>
  3741. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3742. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3743. </PROCESSDESCRIPTOR>
  3744. <PROCESSDESCRIPTOR>
  3745. <ID>436</ID>
  3746. <PROCESSLIST>
  3747. <PROCESS>*</PROCESS>
  3748. <PROCESS>SVCMM32.EXE</PROCESS>
  3749. </PROCESSLIST>
  3750. <CLSIDLIST>
  3751. </CLSIDLIST>
  3752. <SUMMARY>n-lite (SVCMM32.EXE)</SUMMARY>
  3753. <DEFAULTINSTALLPATHLIST>
  3754. </DEFAULTINSTALLPATHLIST>
  3755. <CATEGORY>ADWARE</CATEGORY>
  3756. <CONDITIONLIST>
  3757. <CONDITION>INTERNALNAME~svcmm32.exe</CONDITION>
  3758. </CONDITIONLIST>
  3759. <OPERATOR>AND</OPERATOR>
  3760. <THREATLEVEL>10</THREATLEVEL>
  3761. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3762. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3763. </PROCESSDESCRIPTOR>
  3764. <PROCESSDESCRIPTOR>
  3765. <ID>437</ID>
  3766. <PROCESSLIST>
  3767. <PROCESS>*</PROCESS>
  3768. <PROCESS>(AXACY.EXE)</PROCESS>
  3769. </PROCESSLIST>
  3770. <CLSIDLIST>
  3771. </CLSIDLIST>
  3772. <SUMMARY>AXACY.EXE Trojan Downloader</SUMMARY>
  3773. <DEFAULTINSTALLPATHLIST>
  3774. </DEFAULTINSTALLPATHLIST>
  3775. <CATEGORY>ADWARE</CATEGORY>
  3776. <CONDITIONLIST>
  3777. <CONDITION>MD5=1180177b4f649295a626022048618d2c</CONDITION>
  3778. </CONDITIONLIST>
  3779. <OPERATOR>AND</OPERATOR>
  3780. <THREATLEVEL>10</THREATLEVEL>
  3781. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3782. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3783. </PROCESSDESCRIPTOR>
  3784. <PROCESSDESCRIPTOR>
  3785. <ID>438</ID>
  3786. <PROCESSLIST>
  3787. <PROCESS>*</PROCESS>
  3788. <PROCESS>(SEARCHUPDATE33.EXE)</PROCESS>
  3789. </PROCESSLIST>
  3790. <CLSIDLIST>
  3791. </CLSIDLIST>
  3792. <SUMMARY>Search Squid (SEARCHUPDATE33.EXE)
  3793. </SUMMARY>
  3794. <DEFAULTINSTALLPATHLIST>
  3795. </DEFAULTINSTALLPATHLIST>
  3796. <CATEGORY>ADWARE</CATEGORY>
  3797. <CONDITIONLIST>
  3798. <CONDITION>MD5=ccb97f720fa2c93ea901d46361c4728b</CONDITION>
  3799. </CONDITIONLIST>
  3800. <OPERATOR>AND</OPERATOR>
  3801. <THREATLEVEL>10</THREATLEVEL>
  3802. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3803. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3804. </PROCESSDESCRIPTOR>
  3805. <PROCESSDESCRIPTOR>
  3806. <ID>439</ID>
  3807. <PROCESSLIST>
  3808. <PROCESS>*</PROCESS>
  3809. <PROCESS>(LAZKNAB.EXE)</PROCESS>
  3810. </PROCESSLIST>
  3811. <CLSIDLIST>
  3812. </CLSIDLIST>
  3813. <SUMMARY>Search Squid (LAZKNAB.EXE)
  3814. </SUMMARY>
  3815. <DEFAULTINSTALLPATHLIST>
  3816. </DEFAULTINSTALLPATHLIST>
  3817. <CATEGORY>ADWARE</CATEGORY>
  3818. <CONDITIONLIST>
  3819. <CONDITION>MD5=bf8489ef5e9bdfc21ffd2b7de5bb546c</CONDITION>
  3820. </CONDITIONLIST>
  3821. <OPERATOR>AND</OPERATOR>
  3822. <THREATLEVEL>10</THREATLEVEL>
  3823. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3824. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3825. </PROCESSDESCRIPTOR>
  3826. <PROCESSDESCRIPTOR>
  3827. <ID>440</ID>
  3828. <PROCESSLIST>
  3829. <PROCESS>*</PROCESS>
  3830. <PROCESS>(BAGSMEET.EXE)</PROCESS>
  3831. </PROCESSLIST>
  3832. <CLSIDLIST>
  3833. </CLSIDLIST>
  3834. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3835. <DEFAULTINSTALLPATHLIST>
  3836. </DEFAULTINSTALLPATHLIST>
  3837. <CATEGORY>ADWARE</CATEGORY>
  3838. <CONDITIONLIST>
  3839. <CONDITION>MD5=2893d1a7d1a69bdac0c1e4b07a6383c2</CONDITION>
  3840. </CONDITIONLIST>
  3841. <OPERATOR>AND</OPERATOR>
  3842. <THREATLEVEL>10</THREATLEVEL>
  3843. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3844. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3845. </PROCESSDESCRIPTOR>
  3846. <PROCESSDESCRIPTOR>
  3847. <ID>441</ID>
  3848. <PROCESSLIST>
  3849. <PROCESS>*</PROCESS>
  3850. <PROCESS>(BIRD32.EXE)</PROCESS>
  3851. </PROCESSLIST>
  3852. <CLSIDLIST>
  3853. </CLSIDLIST>
  3854. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3855. <DEFAULTINSTALLPATHLIST>
  3856. </DEFAULTINSTALLPATHLIST>
  3857. <CATEGORY>ADWARE</CATEGORY>
  3858. <CONDITIONLIST>
  3859. <CONDITION>MD5=c9cdeb55d49a6e40e8a27cacbe7c4e6c</CONDITION>
  3860. </CONDITIONLIST>
  3861. <OPERATOR>AND</OPERATOR>
  3862. <THREATLEVEL>10</THREATLEVEL>
  3863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3865. </PROCESSDESCRIPTOR>
  3866. <PROCESSDESCRIPTOR>
  3867. <ID>442</ID>
  3868. <PROCESSLIST>
  3869. <PROCESS>*</PROCESS>
  3870. <PROCESS>(DVD AXIS.EXE)</PROCESS>
  3871. </PROCESSLIST>
  3872. <CLSIDLIST>
  3873. </CLSIDLIST>
  3874. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3875. <DEFAULTINSTALLPATHLIST>
  3876. </DEFAULTINSTALLPATHLIST>
  3877. <CATEGORY>ADWARE</CATEGORY>
  3878. <CONDITIONLIST>
  3879. <CONDITION>MD5=7a2743763f51e5a377ba59f6a420bac6</CONDITION>
  3880. </CONDITIONLIST>
  3881. <OPERATOR>AND</OPERATOR>
  3882. <THREATLEVEL>10</THREATLEVEL>
  3883. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3884. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3885. </PROCESSDESCRIPTOR>
  3886. <PROCESSDESCRIPTOR>
  3887. <ID>443</ID>
  3888. <PROCESSLIST>
  3889. <PROCESS>*</PROCESS>
  3890. <PROCESS>(FLAG FLAP GREAT.EXE)</PROCESS>
  3891. </PROCESSLIST>
  3892. <CLSIDLIST>
  3893. </CLSIDLIST>
  3894. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3895. <DEFAULTINSTALLPATHLIST>
  3896. </DEFAULTINSTALLPATHLIST>
  3897. <CATEGORY>ADWARE</CATEGORY>
  3898. <CONDITIONLIST>
  3899. <CONDITION>MD5=4851c52758f628c1f78aad431241da70</CONDITION>
  3900. </CONDITIONLIST>
  3901. <OPERATOR>AND</OPERATOR>
  3902. <THREATLEVEL>10</THREATLEVEL>
  3903. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3904. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3905. </PROCESSDESCRIPTOR>
  3906. <PROCESSDESCRIPTOR>
  3907. <ID>444</ID>
  3908. <PROCESSLIST>
  3909. <PROCESS>*</PROCESS>
  3910. <PROCESS>(ILSRRFTW.EXE)</PROCESS>
  3911. </PROCESSLIST>
  3912. <CLSIDLIST>
  3913. </CLSIDLIST>
  3914. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3915. <DEFAULTINSTALLPATHLIST>
  3916. </DEFAULTINSTALLPATHLIST>
  3917. <CATEGORY>ADWARE</CATEGORY>
  3918. <CONDITIONLIST>
  3919. <CONDITION>MD5=2893d1a7d1a69bdac0c1e4b07a6383c2</CONDITION>
  3920. </CONDITIONLIST>
  3921. <OPERATOR>AND</OPERATOR>
  3922. <THREATLEVEL>10</THREATLEVEL>
  3923. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3924. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3925. </PROCESSDESCRIPTOR>
  3926. <PROCESSDESCRIPTOR>
  3927. <ID>445</ID>
  3928. <PROCESSLIST>
  3929. <PROCESS>*</PROCESS>
  3930. <PROCESS>(RULE WAVE.EXE)</PROCESS>
  3931. </PROCESSLIST>
  3932. <CLSIDLIST>
  3933. </CLSIDLIST>
  3934. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3935. <DEFAULTINSTALLPATHLIST>
  3936. </DEFAULTINSTALLPATHLIST>
  3937. <CATEGORY>ADWARE</CATEGORY>
  3938. <CONDITIONLIST>
  3939. <CONDITION>MD5=1200e9aefce0dcb1f3290ed657a1f4e6</CONDITION>
  3940. </CONDITIONLIST>
  3941. <OPERATOR>AND</OPERATOR>
  3942. <THREATLEVEL>10</THREATLEVEL>
  3943. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3944. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3945. </PROCESSDESCRIPTOR>
  3946. <PROCESSDESCRIPTOR>
  3947. <ID>446</ID>
  3948. <PROCESSLIST>
  3949. <PROCESS>*</PROCESS>
  3950. <PROCESS>(TEAMDEFAULTTONSPROXY.EXE)</PROCESS>
  3951. </PROCESSLIST>
  3952. <CLSIDLIST>
  3953. </CLSIDLIST>
  3954. <SUMMARY>Adware.Lop.Process</SUMMARY>
  3955. <DEFAULTINSTALLPATHLIST>
  3956. </DEFAULTINSTALLPATHLIST>
  3957. <CATEGORY>ADWARE</CATEGORY>
  3958. <CONDITIONLIST>
  3959. <CONDITION>MD5=9d293408cf06a0a1ed53a3ca6141be70</CONDITION>
  3960. </CONDITIONLIST>
  3961. <OPERATOR>AND</OPERATOR>
  3962. <THREATLEVEL>10</THREATLEVEL>
  3963. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3964. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3965. </PROCESSDESCRIPTOR>
  3966. <PROCESSDESCRIPTOR>
  3967. <ID>447</ID>
  3968. <PROCESSLIST>
  3969. <PROCESS>*</PROCESS>
  3970. <PROCESS>(F358765.EXE)</PROCESS>
  3971. </PROCESSLIST>
  3972. <CLSIDLIST>
  3973. </CLSIDLIST>
  3974. <SUMMARY>F358765.EXE</SUMMARY>
  3975. <DEFAULTINSTALLPATHLIST>
  3976. </DEFAULTINSTALLPATHLIST>
  3977. <CATEGORY>ADWARE</CATEGORY>
  3978. <CONDITIONLIST>
  3979. <CONDITION>MD5=cff892b5b63bb48704f5191ceed780d5</CONDITION>
  3980. </CONDITIONLIST>
  3981. <OPERATOR>AND</OPERATOR>
  3982. <THREATLEVEL>10</THREATLEVEL>
  3983. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  3984. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  3985. </PROCESSDESCRIPTOR>
  3986. <PROCESSDESCRIPTOR>
  3987. <ID>448</ID>
  3988. <PROCESSLIST>
  3989. <PROCESS>*</PROCESS>
  3990. <PROCESS>(!UPDATE.EXE)</PROCESS>
  3991. </PROCESSLIST>
  3992. <CLSIDLIST>
  3993. </CLSIDLIST>
  3994. <SUMMARY>!UPDATE.EXE</SUMMARY>
  3995. <DEFAULTINSTALLPATHLIST>
  3996. </DEFAULTINSTALLPATHLIST>
  3997. <CATEGORY>ADWARE</CATEGORY>
  3998. <CONDITIONLIST>
  3999. <CONDITION>MD5=751a7f27d8462de68341844026dd859f</CONDITION>
  4000. </CONDITIONLIST>
  4001. <OPERATOR>AND</OPERATOR>
  4002. <THREATLEVEL>10</THREATLEVEL>
  4003. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4004. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4005. </PROCESSDESCRIPTOR>
  4006. <PROCESSDESCRIPTOR>
  4007. <ID>449</ID>
  4008. <PROCESSLIST>
  4009. <PROCESS>*</PROCESS>
  4010. <PROCESS>(ADDESTROYERINNER.EXE)</PROCESS>
  4011. </PROCESSLIST>
  4012. <CLSIDLIST>
  4013. </CLSIDLIST>
  4014. <SUMMARY>Adware.Spyware Labs/AdDestroyer.Process</SUMMARY>
  4015. <DEFAULTINSTALLPATHLIST>
  4016. </DEFAULTINSTALLPATHLIST>
  4017. <CATEGORY>ADWARE</CATEGORY>
  4018. <CONDITIONLIST>
  4019. <CONDITION>MD5=ef48e5a760ec85139ee944b1578a3a76</CONDITION>
  4020. </CONDITIONLIST>
  4021. <OPERATOR>AND</OPERATOR>
  4022. <THREATLEVEL>10</THREATLEVEL>
  4023. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4024. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4025. </PROCESSDESCRIPTOR>
  4026. <PROCESSDESCRIPTOR>
  4027. <ID>450</ID>
  4028. <PROCESSLIST>
  4029. <PROCESS>*</PROCESS>
  4030. <PROCESS>(VBOUNCERINNER.EXE)</PROCESS>
  4031. </PROCESSLIST>
  4032. <CLSIDLIST>
  4033. </CLSIDLIST>
  4034. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  4035. <DEFAULTINSTALLPATHLIST>
  4036. </DEFAULTINSTALLPATHLIST>
  4037. <CATEGORY>ADWARE</CATEGORY>
  4038. <CONDITIONLIST>
  4039. <CONDITION>MD5=8aa63e9cf56967f03cec8fb0dce928c1</CONDITION>
  4040. </CONDITIONLIST>
  4041. <OPERATOR>AND</OPERATOR>
  4042. <THREATLEVEL>10</THREATLEVEL>
  4043. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4044. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4045. </PROCESSDESCRIPTOR>
  4046. <PROCESSDESCRIPTOR>
  4047. <ID>451</ID>
  4048. <PROCESSLIST>
  4049. <PROCESS>*</PROCESS>
  4050. <PROCESS>(VIRTUALBOUNCER.EXE)</PROCESS>
  4051. </PROCESSLIST>
  4052. <CLSIDLIST>
  4053. </CLSIDLIST>
  4054. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  4055. <DEFAULTINSTALLPATHLIST>
  4056. </DEFAULTINSTALLPATHLIST>
  4057. <CATEGORY>ADWARE</CATEGORY>
  4058. <CONDITIONLIST>
  4059. <CONDITION>MD5=f2d7af892975006117b6763a71b73cce</CONDITION>
  4060. </CONDITIONLIST>
  4061. <OPERATOR>AND</OPERATOR>
  4062. <THREATLEVEL>10</THREATLEVEL>
  4063. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4064. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4065. </PROCESSDESCRIPTOR>
  4066. <PROCESSDESCRIPTOR>
  4067. <ID>452</ID>
  4068. <PROCESSLIST>
  4069. <PROCESS>*</PROCESS>
  4070. <PROCESS>(SETUP_SILENT_26222.EXE)</PROCESS>
  4071. </PROCESSLIST>
  4072. <CLSIDLIST>
  4073. </CLSIDLIST>
  4074. <SUMMARY>SETUP_SILENT_26222.EXE</SUMMARY>
  4075. <DEFAULTINSTALLPATHLIST>
  4076. </DEFAULTINSTALLPATHLIST>
  4077. <CATEGORY>ADWARE</CATEGORY>
  4078. <CONDITIONLIST>
  4079. <CONDITION>MD5=de0e2091bb4a8747fac15f9d4f327ce1</CONDITION>
  4080. </CONDITIONLIST>
  4081. <OPERATOR>AND</OPERATOR>
  4082. <THREATLEVEL>10</THREATLEVEL>
  4083. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4084. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4085. </PROCESSDESCRIPTOR>
  4086. <PROCESSDESCRIPTOR>
  4087. <ID>453</ID>
  4088. <PROCESSLIST>
  4089. <PROCESS>*</PROCESS>
  4090. <PROCESS>(KYWKPU.EXE)</PROCESS>
  4091. </PROCESSLIST>
  4092. <CLSIDLIST>
  4093. </CLSIDLIST>
  4094. <SUMMARY>KYWKPU.EXE</SUMMARY>
  4095. <DEFAULTINSTALLPATHLIST>
  4096. </DEFAULTINSTALLPATHLIST>
  4097. <CATEGORY>ADWARE</CATEGORY>
  4098. <CONDITIONLIST>
  4099. <CONDITION>MD5=cff892b5b63bb48704f5191ceed780d5</CONDITION>
  4100. </CONDITIONLIST>
  4101. <OPERATOR>AND</OPERATOR>
  4102. <THREATLEVEL>10</THREATLEVEL>
  4103. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4104. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4105. </PROCESSDESCRIPTOR>
  4106. <PROCESSDESCRIPTOR>
  4107. <ID>454</ID>
  4108. <PROCESSLIST>
  4109. <PROCESS>*</PROCESS>
  4110. <PROCESS>MEGASEAR.DLL</PROCESS>
  4111. </PROCESSLIST>
  4112. <CLSIDLIST>
  4113. <CLSID>{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}</CLSID>
  4114. </CLSIDLIST>
  4115. <SUMMARY>MEGASEAR Toolbar (MEGASEAR.DLL)</SUMMARY>
  4116. <DEFAULTINSTALLPATHLIST>
  4117. </DEFAULTINSTALLPATHLIST>
  4118. <CATEGORY>ADWARE</CATEGORY>
  4119. <CONDITIONLIST>
  4120. </CONDITIONLIST>
  4121. <OPERATOR>AND</OPERATOR>
  4122. <THREATLEVEL>10</THREATLEVEL>
  4123. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4124. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4125. </PROCESSDESCRIPTOR>
  4126. <PROCESSDESCRIPTOR>
  4127. <ID>455</ID>
  4128. <PROCESSLIST>
  4129. <PROCESS>*</PROCESS>
  4130. <PROCESS>MEGASEAR.DLL</PROCESS>
  4131. </PROCESSLIST>
  4132. <CLSIDLIST>
  4133. <CLSID>{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}</CLSID>
  4134. </CLSIDLIST>
  4135. <SUMMARY>MEGASEAR BHO (MEGASEAR.DLL)</SUMMARY>
  4136. <DEFAULTINSTALLPATHLIST>
  4137. </DEFAULTINSTALLPATHLIST>
  4138. <CATEGORY>ADWARE</CATEGORY>
  4139. <CONDITIONLIST>
  4140. </CONDITIONLIST>
  4141. <OPERATOR>AND</OPERATOR>
  4142. <THREATLEVEL>10</THREATLEVEL>
  4143. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4144. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4145. </PROCESSDESCRIPTOR>
  4146. <PROCESSDESCRIPTOR>
  4147. <ID>456</ID>
  4148. <PROCESSLIST>
  4149. <PROCESS>*</PROCESS>
  4150. <PROCESS>(CHKNTFS.EXE)</PROCESS>
  4151. </PROCESSLIST>
  4152. <CLSIDLIST>
  4153. </CLSIDLIST>
  4154. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  4155. <DEFAULTINSTALLPATHLIST>
  4156. </DEFAULTINSTALLPATHLIST>
  4157. <CATEGORY>ADWARE</CATEGORY>
  4158. <CONDITIONLIST>
  4159. <CONDITION>MD5=d9c6b7308091ea2b9a4e1da0b9353b8c</CONDITION>
  4160. </CONDITIONLIST>
  4161. <OPERATOR>AND</OPERATOR>
  4162. <THREATLEVEL>10</THREATLEVEL>
  4163. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4164. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4165. </PROCESSDESCRIPTOR>
  4166. <PROCESSDESCRIPTOR>
  4167. <ID>457</ID>
  4168. <PROCESSLIST>
  4169. <PROCESS>*</PROCESS>
  4170. <PROCESS>(WTMP.EXE)</PROCESS>
  4171. </PROCESSLIST>
  4172. <CLSIDLIST>
  4173. </CLSIDLIST>
  4174. <SUMMARY>WTMP.EXE</SUMMARY>
  4175. <DEFAULTINSTALLPATHLIST>
  4176. </DEFAULTINSTALLPATHLIST>
  4177. <CATEGORY>ADWARE</CATEGORY>
  4178. <CONDITIONLIST>
  4179. <CONDITION>MD5=d806203ef8eb84f1df8f888170532e86</CONDITION>
  4180. </CONDITIONLIST>
  4181. <OPERATOR>AND</OPERATOR>
  4182. <THREATLEVEL>10</THREATLEVEL>
  4183. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4184. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4185. </PROCESSDESCRIPTOR>
  4186. <PROCESSDESCRIPTOR>
  4187. <ID>458</ID>
  4188. <PROCESSLIST>
  4189. <PROCESS>*</PROCESS>
  4190. <PROCESS>(SPOOLSV.EXE)</PROCESS>
  4191. </PROCESSLIST>
  4192. <CLSIDLIST>
  4193. </CLSIDLIST>
  4194. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  4195. <DEFAULTINSTALLPATHLIST>
  4196. </DEFAULTINSTALLPATHLIST>
  4197. <CATEGORY>ADWARE</CATEGORY>
  4198. <CONDITIONLIST>
  4199. <CONDITION>MD5=8555a6c1fa3419add0e6eeeb4c9ee89e</CONDITION>
  4200. </CONDITIONLIST>
  4201. <OPERATOR>AND</OPERATOR>
  4202. <THREATLEVEL>10</THREATLEVEL>
  4203. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4204. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4205. </PROCESSDESCRIPTOR>
  4206. <PROCESSDESCRIPTOR>
  4207. <ID>459</ID>
  4208. <PROCESSLIST>
  4209. <PROCESS>*</PROCESS>
  4210. <PROCESS>(CPYDMH.EXE)</PROCESS>
  4211. </PROCESSLIST>
  4212. <CLSIDLIST>
  4213. </CLSIDLIST>
  4214. <SUMMARY>Adware.180solutions/Search Assistant.Process</SUMMARY>
  4215. <DEFAULTINSTALLPATHLIST>
  4216. </DEFAULTINSTALLPATHLIST>
  4217. <CATEGORY>ADWARE</CATEGORY>
  4218. <CONDITIONLIST>
  4219. <CONDITION>MD5=bf8489ef5e9bdfc21ffd2b7de5bb546c</CONDITION>
  4220. </CONDITIONLIST>
  4221. <OPERATOR>AND</OPERATOR>
  4222. <THREATLEVEL>10</THREATLEVEL>
  4223. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4224. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4225. </PROCESSDESCRIPTOR>
  4226. <PROCESSDESCRIPTOR>
  4227. <ID>460</ID>
  4228. <PROCESSLIST>
  4229. <PROCESS>*</PROCESS>
  4230. <PROCESS>INCFIN~1.DLL</PROCESS>
  4231. </PROCESSLIST>
  4232. <CLSIDLIST>
  4233. <CLSID>{5D60FF48-95BE-4956-B4C6-6BB168A70310}</CLSID>
  4234. </CLSIDLIST>
  4235. <SUMMARY>Adware.IncrediFind.BHO</SUMMARY>
  4236. <DEFAULTINSTALLPATHLIST>
  4237. </DEFAULTINSTALLPATHLIST>
  4238. <CATEGORY>ADWARE</CATEGORY>
  4239. <CONDITIONLIST>
  4240. </CONDITIONLIST>
  4241. <OPERATOR>AND</OPERATOR>
  4242. <THREATLEVEL>10</THREATLEVEL>
  4243. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4244. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4245. </PROCESSDESCRIPTOR>
  4246. <PROCESSDESCRIPTOR>
  4247. <ID>461</ID>
  4248. <PROCESSLIST>
  4249. <PROCESS>*</PROCESS>
  4250. <PROCESS>OGBFIKY.DLL</PROCESS>
  4251. </PROCESSLIST>
  4252. <CLSIDLIST>
  4253. <CLSID>{38FF6155-C545-05B5-8328-65550DF62A38}</CLSID>
  4254. </CLSIDLIST>
  4255. <SUMMARY>Unknown BHO (OGBFIKY.DLL)</SUMMARY>
  4256. <DEFAULTINSTALLPATHLIST>
  4257. </DEFAULTINSTALLPATHLIST>
  4258. <CATEGORY>ADWARE</CATEGORY>
  4259. <CONDITIONLIST>
  4260. </CONDITIONLIST>
  4261. <OPERATOR>AND</OPERATOR>
  4262. <THREATLEVEL>10</THREATLEVEL>
  4263. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4264. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4265. </PROCESSDESCRIPTOR>
  4266. <PROCESSDESCRIPTOR>
  4267. <ID>462</ID>
  4268. <PROCESSLIST>
  4269. <PROCESS>*</PROCESS>
  4270. <PROCESS>(DVD AXIS.EXE)</PROCESS>
  4271. <PROCESS>(YWDPQILE.EXE)</PROCESS>
  4272. </PROCESSLIST>
  4273. <CLSIDLIST>
  4274. </CLSIDLIST>
  4275. <SUMMARY>Adware.Lop.Process</SUMMARY>
  4276. <DEFAULTINSTALLPATHLIST>
  4277. </DEFAULTINSTALLPATHLIST>
  4278. <CATEGORY>ADWARE</CATEGORY>
  4279. <CONDITIONLIST>
  4280. <CONDITION>MD5=caa80dfd71228ea0c352ef0a8204d3dc</CONDITION>
  4281. </CONDITIONLIST>
  4282. <OPERATOR>AND</OPERATOR>
  4283. <THREATLEVEL>10</THREATLEVEL>
  4284. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4285. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4286. </PROCESSDESCRIPTOR>
  4287. <PROCESSDESCRIPTOR>
  4288. <ID>463</ID>
  4289. <PROCESSLIST>
  4290. <PROCESS>*</PROCESS>
  4291. <PROCESS>(BW.EXE)</PROCESS>
  4292. </PROCESSLIST>
  4293. <CLSIDLIST>
  4294. </CLSIDLIST>
  4295. <SUMMARY>BW.EXE Loader Application (Variant 2)</SUMMARY>
  4296. <DEFAULTINSTALLPATHLIST>
  4297. </DEFAULTINSTALLPATHLIST>
  4298. <CATEGORY>ADWARE</CATEGORY>
  4299. <CONDITIONLIST>
  4300. <CONDITION>MD5=76cf69471dc0965d13b8501df29f45eb</CONDITION>
  4301. </CONDITIONLIST>
  4302. <OPERATOR>AND</OPERATOR>
  4303. <THREATLEVEL>10</THREATLEVEL>
  4304. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4305. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4306. </PROCESSDESCRIPTOR>
  4307. <PROCESSDESCRIPTOR>
  4308. <ID>464</ID>
  4309. <PROCESSLIST>
  4310. <PROCESS>*</PROCESS>
  4311. <PROCESS>(INETFUEL.EXE)</PROCESS>
  4312. </PROCESSLIST>
  4313. <CLSIDLIST>
  4314. </CLSIDLIST>
  4315. <SUMMARY>Lookme-C Trojan Component</SUMMARY>
  4316. <DEFAULTINSTALLPATHLIST>
  4317. </DEFAULTINSTALLPATHLIST>
  4318. <CATEGORY>ADWARE</CATEGORY>
  4319. <CONDITIONLIST>
  4320. <CONDITION>MD5=a11de8976d93336fc0a40f489ba01aeb</CONDITION>
  4321. </CONDITIONLIST>
  4322. <OPERATOR>AND</OPERATOR>
  4323. <THREATLEVEL>10</THREATLEVEL>
  4324. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4325. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4326. </PROCESSDESCRIPTOR>
  4327. <PROCESSDESCRIPTOR>
  4328. <ID>465</ID>
  4329. <PROCESSLIST>
  4330. <PROCESS>*</PROCESS>
  4331. <PROCESS>(HEART 4.EXE)</PROCESS>
  4332. </PROCESSLIST>
  4333. <CLSIDLIST>
  4334. </CLSIDLIST>
  4335. <SUMMARY>Adware.Lop.Process</SUMMARY>
  4336. <DEFAULTINSTALLPATHLIST>
  4337. </DEFAULTINSTALLPATHLIST>
  4338. <CATEGORY>ADWARE</CATEGORY>
  4339. <CONDITIONLIST>
  4340. <CONDITION>MD5=8095cfcddd4f621dc1c124eefe6d60ab</CONDITION>
  4341. </CONDITIONLIST>
  4342. <OPERATOR>AND</OPERATOR>
  4343. <THREATLEVEL>10</THREATLEVEL>
  4344. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4345. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4346. </PROCESSDESCRIPTOR>
  4347. <PROCESSDESCRIPTOR>
  4348. <ID>466</ID>
  4349. <PROCESSLIST>
  4350. <PROCESS>*</PROCESS>
  4351. <PROCESS>(MIPL9X4.EXE)</PROCESS>
  4352. </PROCESSLIST>
  4353. <CLSIDLIST>
  4354. </CLSIDLIST>
  4355. <SUMMARY>MIPL9X4.EXE</SUMMARY>
  4356. <DEFAULTINSTALLPATHLIST>
  4357. </DEFAULTINSTALLPATHLIST>
  4358. <CATEGORY>ADWARE</CATEGORY>
  4359. <CONDITIONLIST>
  4360. <CONDITION>MD5=e7fcd9b638b84aab50acff6105592589</CONDITION>
  4361. </CONDITIONLIST>
  4362. <OPERATOR>AND</OPERATOR>
  4363. <THREATLEVEL>10</THREATLEVEL>
  4364. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4365. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4366. </PROCESSDESCRIPTOR>
  4367. <PROCESSDESCRIPTOR>
  4368. <ID>467</ID>
  4369. <PROCESSLIST>
  4370. <PROCESS>*</PROCESS>
  4371. <PROCESS>(WOWEX32.EXE)</PROCESS>
  4372. </PROCESSLIST>
  4373. <CLSIDLIST>
  4374. </CLSIDLIST>
  4375. <SUMMARY>Adware.Sandboxer (MemoryWatcher).Process (Variant 1)</SUMMARY>
  4376. <DEFAULTINSTALLPATHLIST>
  4377. </DEFAULTINSTALLPATHLIST>
  4378. <CATEGORY>ADWARE</CATEGORY>
  4379. <CONDITIONLIST>
  4380. <CONDITION>MD5=9db7ba8e8f0507d5985768a78b083327</CONDITION>
  4381. </CONDITIONLIST>
  4382. <OPERATOR>AND</OPERATOR>
  4383. <THREATLEVEL>10</THREATLEVEL>
  4384. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4385. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4386. </PROCESSDESCRIPTOR>
  4387. <PROCESSDESCRIPTOR>
  4388. <ID>468</ID>
  4389. <PROCESSLIST>
  4390. <PROCESS>*</PROCESS>
  4391. <PROCESS>WOWEX32.EXE</PROCESS>
  4392. </PROCESSLIST>
  4393. <CLSIDLIST>
  4394. </CLSIDLIST>
  4395. <SUMMARY>Adware.Sandboxer (MemoryWatcher).Process (Variant 2)</SUMMARY>
  4396. <DEFAULTINSTALLPATHLIST>
  4397. </DEFAULTINSTALLPATHLIST>
  4398. <CATEGORY>ADWARE</CATEGORY>
  4399. <CONDITIONLIST>
  4400. <CONDITION>INTERNALNAME~wowex32</CONDITION>
  4401. <CONDITION>PRODUCTNAME~wowex32</CONDITION>
  4402. </CONDITIONLIST>
  4403. <OPERATOR>AND</OPERATOR>
  4404. <THREATLEVEL>10</THREATLEVEL>
  4405. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4406. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4407. </PROCESSDESCRIPTOR>
  4408. <PROCESSDESCRIPTOR>
  4409. <ID>469</ID>
  4410. <PROCESSLIST>
  4411. <PROCESS>BW.EXE</PROCESS>
  4412. </PROCESSLIST>
  4413. <CLSIDLIST>
  4414. </CLSIDLIST>
  4415. <SUMMARY>BW.EXE Loader Application (Variant 3)</SUMMARY>
  4416. <DEFAULTINSTALLPATHLIST>
  4417. </DEFAULTINSTALLPATHLIST>
  4418. <CATEGORY>ADWARE</CATEGORY>
  4419. <CONDITIONLIST>
  4420. <CONDITION>FILELOCATION~TEMP</CONDITION>
  4421. <CONDITION>CMDLINEARGS~.exe</CONDITION>
  4422. </CONDITIONLIST>
  4423. <OPERATOR>AND</OPERATOR>
  4424. <THREATLEVEL>10</THREATLEVEL>
  4425. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4426. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4427. </PROCESSDESCRIPTOR>
  4428. <PROCESSDESCRIPTOR>
  4429. <ID>470</ID>
  4430. <PROCESSLIST>
  4431. <PROCESS>*</PROCESS>
  4432. <PROCESS>(WINSPOOL.EXE)</PROCESS>
  4433. </PROCESSLIST>
  4434. <CLSIDLIST>
  4435. </CLSIDLIST>
  4436. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  4437. <DEFAULTINSTALLPATHLIST>
  4438. </DEFAULTINSTALLPATHLIST>
  4439. <CATEGORY>ADWARE</CATEGORY>
  4440. <CONDITIONLIST>
  4441. <CONDITION>MD5=a90994a99dc66c0cd043974659aaee9c</CONDITION>
  4442. </CONDITIONLIST>
  4443. <OPERATOR>AND</OPERATOR>
  4444. <THREATLEVEL>10</THREATLEVEL>
  4445. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4446. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4447. </PROCESSDESCRIPTOR>
  4448. <PROCESSDESCRIPTOR>
  4449. <ID>471</ID>
  4450. <PROCESSLIST>
  4451. <PROCESS>*</PROCESS>
  4452. </PROCESSLIST>
  4453. <CLSIDLIST>
  4454. </CLSIDLIST>
  4455. <SUMMARY>Kudd.com Process</SUMMARY>
  4456. <DEFAULTINSTALLPATHLIST>
  4457. </DEFAULTINSTALLPATHLIST>
  4458. <CATEGORY>ADWARE</CATEGORY>
  4459. <CONDITIONLIST>
  4460. <CONDITION>COMPANYNAME~kudd.com</CONDITION>
  4461. </CONDITIONLIST>
  4462. <OPERATOR>AND</OPERATOR>
  4463. <THREATLEVEL>1</THREATLEVEL>
  4464. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  4465. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  4466. </PROCESSDESCRIPTOR>
  4467. <PROCESSDESCRIPTOR>
  4468. <ID>472</ID>
  4469. <PROCESSLIST>
  4470. <PROCESS>*</PROCESS>
  4471. <PROCESS>(CREATEAMONSTER.EXE)</PROCESS>
  4472. </PROCESSLIST>
  4473. <CLSIDLIST>
  4474. </CLSIDLIST>
  4475. <SUMMARY>Kudd.com Process</SUMMARY>
  4476. <DEFAULTINSTALLPATHLIST>
  4477. </DEFAULTINSTALLPATHLIST>
  4478. <CATEGORY>ADWARE</CATEGORY>
  4479. <CONDITIONLIST>
  4480. <CONDITION>MD5=9ad39cfbb4320d2e8462b39f5e79f267</CONDITION>
  4481. </CONDITIONLIST>
  4482. <OPERATOR>AND</OPERATOR>
  4483. <THREATLEVEL>1</THREATLEVEL>
  4484. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  4485. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  4486. </PROCESSDESCRIPTOR>
  4487. <PROCESSDESCRIPTOR>
  4488. <ID>473</ID>
  4489. <PROCESSLIST>
  4490. <PROCESS>*</PROCESS>
  4491. <PROCESS>(CREATEAMONSTER.TMP.EXE)</PROCESS>
  4492. </PROCESSLIST>
  4493. <CLSIDLIST>
  4494. </CLSIDLIST>
  4495. <SUMMARY>Kudd.com Process</SUMMARY>
  4496. <DEFAULTINSTALLPATHLIST>
  4497. </DEFAULTINSTALLPATHLIST>
  4498. <CATEGORY>ADWARE</CATEGORY>
  4499. <CONDITIONLIST>
  4500. <CONDITION>MD5=7e3fe2bfe6c46028bf5f60cd5f162b42</CONDITION>
  4501. </CONDITIONLIST>
  4502. <OPERATOR>AND</OPERATOR>
  4503. <THREATLEVEL>1</THREATLEVEL>
  4504. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  4505. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  4506. </PROCESSDESCRIPTOR>
  4507. <PROCESSDESCRIPTOR>
  4508. <ID>474</ID>
  4509. <PROCESSLIST>
  4510. <PROCESS>*</PROCESS>
  4511. <PROCESS>(CHOOSEYOURPRESIDENT.EXE)</PROCESS>
  4512. </PROCESSLIST>
  4513. <CLSIDLIST>
  4514. </CLSIDLIST>
  4515. <SUMMARY>Kudd.com Process</SUMMARY>
  4516. <DEFAULTINSTALLPATHLIST>
  4517. </DEFAULTINSTALLPATHLIST>
  4518. <CATEGORY>ADWARE</CATEGORY>
  4519. <CONDITIONLIST>
  4520. <CONDITION>MD5=8f88f54401dab8a4cefe5f9768949e59</CONDITION>
  4521. </CONDITIONLIST>
  4522. <OPERATOR>AND</OPERATOR>
  4523. <THREATLEVEL>1</THREATLEVEL>
  4524. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  4525. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  4526. </PROCESSDESCRIPTOR>
  4527. <PROCESSDESCRIPTOR>
  4528. <ID>601</ID>
  4529. <PROCESSLIST>
  4530. <PROCESS>*</PROCESS>
  4531. <PROCESS>HYPERBAR.DLL</PROCESS>
  4532. </PROCESSLIST>
  4533. <CLSIDLIST>
  4534. <CLSID>{4B2F5308-2CB0-40E2-8030-59936ED5D22C}</CLSID>
  4535. <CLSID>{1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257}</CLSID>
  4536. </CLSIDLIST>
  4537. <SUMMARY>HyperBHO BHO</SUMMARY>
  4538. <DEFAULTINSTALLPATHLIST>
  4539. </DEFAULTINSTALLPATHLIST>
  4540. <CATEGORY>ADWARE</CATEGORY>
  4541. <CONDITIONLIST>
  4542. </CONDITIONLIST>
  4543. <OPERATOR>AND</OPERATOR>
  4544. <THREATLEVEL>10</THREATLEVEL>
  4545. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4546. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4547. </PROCESSDESCRIPTOR>
  4548. <PROCESSDESCRIPTOR>
  4549. <ID>479</ID>
  4550. <PROCESSLIST>
  4551. <PROCESS>MEDLOAD.EXE</PROCESS>
  4552. </PROCESSLIST>
  4553. <CLSIDLIST>
  4554. </CLSIDLIST>
  4555. <SUMMARY>Medload Component</SUMMARY>
  4556. <DEFAULTINSTALLPATHLIST>
  4557. </DEFAULTINSTALLPATHLIST>
  4558. <CATEGORY>ADWARE</CATEGORY>
  4559. <CONDITIONLIST>
  4560. <CONDITION>INTERNALNAME~medload</CONDITION>
  4561. </CONDITIONLIST>
  4562. <OPERATOR>AND</OPERATOR>
  4563. <THREATLEVEL>10</THREATLEVEL>
  4564. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4565. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4566. </PROCESSDESCRIPTOR>
  4567. <PROCESSDESCRIPTOR>
  4568. <ID>480</ID>
  4569. <PROCESSLIST>
  4570. <PROCESS>*</PROCESS>
  4571. </PROCESSLIST>
  4572. <CLSIDLIST>
  4573. </CLSIDLIST>
  4574. <SUMMARY>webHancer</SUMMARY>
  4575. <DEFAULTINSTALLPATHLIST>
  4576. </DEFAULTINSTALLPATHLIST>
  4577. <CATEGORY>ADWARE</CATEGORY>
  4578. <CONDITIONLIST>
  4579. <CONDITION>COMPANYNAME~webHancer</CONDITION>
  4580. </CONDITIONLIST>
  4581. <OPERATOR>AND</OPERATOR>
  4582. <THREATLEVEL>10</THREATLEVEL>
  4583. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4584. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4585. </PROCESSDESCRIPTOR>
  4586. <PROCESSDESCRIPTOR>
  4587. <ID>481</ID>
  4588. <PROCESSLIST>
  4589. <PROCESS>*</PROCESS>
  4590. <PROCESS>(MEDIAMOTOR25.EXE)</PROCESS>
  4591. </PROCESSLIST>
  4592. <CLSIDLIST>
  4593. </CLSIDLIST>
  4594. <SUMMARY>MediaMotor</SUMMARY>
  4595. <DEFAULTINSTALLPATHLIST>
  4596. </DEFAULTINSTALLPATHLIST>
  4597. <CATEGORY>ADWARE</CATEGORY>
  4598. <CONDITIONLIST>
  4599. <CONDITION>MD5=0e8343d1b26fc6d9624d2f47c387d063</CONDITION>
  4600. </CONDITIONLIST>
  4601. <OPERATOR>AND</OPERATOR>
  4602. <THREATLEVEL>10</THREATLEVEL>
  4603. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4604. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4605. </PROCESSDESCRIPTOR>
  4606. <PROCESSDESCRIPTOR>
  4607. <ID>482</ID>
  4608. <PROCESSLIST>
  4609. <PROCESS>RUNDLL32.EXE</PROCESS>
  4610. </PROCESSLIST>
  4611. <CLSIDLIST>
  4612. </CLSIDLIST>
  4613. <SUMMARY>WebSpecials</SUMMARY>
  4614. <DEFAULTINSTALLPATHLIST>
  4615. </DEFAULTINSTALLPATHLIST>
  4616. <CATEGORY>ADWARE</CATEGORY>
  4617. <CONDITIONLIST>
  4618. <CONDITION>COMMANDLINE~webspec.dll</CONDITION>
  4619. <CONDITION>CMDLINEARGS~webspec.dll</CONDITION>
  4620. </CONDITIONLIST>
  4621. <OPERATOR>AND</OPERATOR>
  4622. <THREATLEVEL>10</THREATLEVEL>
  4623. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4624. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4625. </PROCESSDESCRIPTOR>
  4626. <PROCESSDESCRIPTOR>
  4627. <ID>483</ID>
  4628. <PROCESSLIST>
  4629. <PROCESS>*</PROCESS>
  4630. <PROCESS>WHIEHLPR.DLL</PROCESS>
  4631. </PROCESSLIST>
  4632. <CLSIDLIST>
  4633. <CLSID>{c900b400-cdfe-11d3-976a-00e02913a9e0}</CLSID>
  4634. </CLSIDLIST>
  4635. <SUMMARY>webHancer BHO</SUMMARY>
  4636. <DEFAULTINSTALLPATHLIST>
  4637. </DEFAULTINSTALLPATHLIST>
  4638. <CATEGORY>ADWARE</CATEGORY>
  4639. <CONDITIONLIST>
  4640. </CONDITIONLIST>
  4641. <OPERATOR>AND</OPERATOR>
  4642. <THREATLEVEL>10</THREATLEVEL>
  4643. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4644. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4645. </PROCESSDESCRIPTOR>
  4646. <PROCESSDESCRIPTOR>
  4647. <ID>484</ID>
  4648. <PROCESSLIST>
  4649. <PROCESS>*</PROCESS>
  4650. <PROCESS>3_0_1BROWSERHELPER3.DLL</PROCESS>
  4651. </PROCESSLIST>
  4652. <CLSIDLIST>
  4653. <CLSID>{C5941EE5-6DFA-11D8-86B0-0002441A9695}</CLSID>
  4654. </CLSIDLIST>
  4655. <SUMMARY>Unknown BHO (3_0_1BROWSERHELPER3.DLL)</SUMMARY>
  4656. <DEFAULTINSTALLPATHLIST>
  4657. </DEFAULTINSTALLPATHLIST>
  4658. <CATEGORY>ADWARE</CATEGORY>
  4659. <CONDITIONLIST>
  4660. </CONDITIONLIST>
  4661. <OPERATOR>AND</OPERATOR>
  4662. <THREATLEVEL>10</THREATLEVEL>
  4663. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4664. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4665. </PROCESSDESCRIPTOR>
  4666. <PROCESSDESCRIPTOR>
  4667. <ID>485</ID>
  4668. <PROCESSLIST>
  4669. <PROCESS>*</PROCESS>
  4670. <PROCESS>NETI.DLL</PROCESS>
  4671. </PROCESSLIST>
  4672. <CLSIDLIST>
  4673. <CLSID>{BCF96FB4-5F1B-497B-AECC-910304A55011}</CLSID>
  4674. </CLSIDLIST>
  4675. <SUMMARY>CHungryBHO Object (NETI.DLL)</SUMMARY>
  4676. <DEFAULTINSTALLPATHLIST>
  4677. </DEFAULTINSTALLPATHLIST>
  4678. <CATEGORY>ADWARE</CATEGORY>
  4679. <CONDITIONLIST>
  4680. </CONDITIONLIST>
  4681. <OPERATOR>AND</OPERATOR>
  4682. <THREATLEVEL>10</THREATLEVEL>
  4683. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4684. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4685. </PROCESSDESCRIPTOR>
  4686. <PROCESSDESCRIPTOR>
  4687. <ID>486</ID>
  4688. <PROCESSLIST>
  4689. <PROCESS>*</PROCESS>
  4690. <PROCESS>IEBHOS.DLL</PROCESS>
  4691. </PROCESSLIST>
  4692. <CLSIDLIST>
  4693. <CLSID>{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}</CLSID>
  4694. </CLSIDLIST>
  4695. <SUMMARY>CControl Object (IEBHOS.DLL)</SUMMARY>
  4696. <DEFAULTINSTALLPATHLIST>
  4697. </DEFAULTINSTALLPATHLIST>
  4698. <CATEGORY>ADWARE</CATEGORY>
  4699. <CONDITIONLIST>
  4700. </CONDITIONLIST>
  4701. <OPERATOR>AND</OPERATOR>
  4702. <THREATLEVEL>10</THREATLEVEL>
  4703. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4704. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4705. </PROCESSDESCRIPTOR>
  4706. <PROCESSDESCRIPTOR>
  4707. <ID>487</ID>
  4708. <PROCESSLIST>
  4709. <PROCESS>RADIO.EXE</PROCESS>
  4710. </PROCESSLIST>
  4711. <CLSIDLIST>
  4712. </CLSIDLIST>
  4713. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  4714. <DEFAULTINSTALLPATHLIST>
  4715. </DEFAULTINSTALLPATHLIST>
  4716. <CATEGORY>SPYWARE</CATEGORY>
  4717. <CONDITIONLIST>
  4718. <CONDITION>MD5=172b61756dbb1dda4068fc6b80be1964</CONDITION>
  4719. <CONDITION>MD5=0d2d661202ed8fd08cef0cb7b121ca52</CONDITION>
  4720. <CONDITION>MD5=89217EED9E0D7FBA1A6D84A4EFE4E670</CONDITION>
  4721. <CONDITION>MD5=9AFE1289C9BE01510B971CB6E36FD9ED</CONDITION>
  4722. <CONDITION>MD5=A7BBB718B816CCBE2ECD9E71E87AE2BC</CONDITION>
  4723. <CONDITION>MD5=8D44A3E92920046773726D88B8EAF315</CONDITION>
  4724. </CONDITIONLIST>
  4725. <OPERATOR>OR</OPERATOR>
  4726. <THREATLEVEL>10</THREATLEVEL>
  4727. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4728. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4729. </PROCESSDESCRIPTOR>
  4730. <PROCESSDESCRIPTOR>
  4731. <ID>488</ID>
  4732. <PROCESSLIST>
  4733. <PROCESS>*</PROCESS>
  4734. <PROCESS>(TBSSAVER.SCR)</PROCESS>
  4735. </PROCESSLIST>
  4736. <CLSIDLIST>
  4737. </CLSIDLIST>
  4738. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  4739. <DEFAULTINSTALLPATHLIST>
  4740. </DEFAULTINSTALLPATHLIST>
  4741. <CATEGORY>SPYWARE</CATEGORY>
  4742. <CONDITIONLIST>
  4743. <CONDITION>MD5=be176c2571670f6d776909deb7f8c078</CONDITION>
  4744. <CONDITION>MD5=d4a37eef4452e6147556a0b35b763270</CONDITION>
  4745. </CONDITIONLIST>
  4746. <OPERATOR>OR</OPERATOR>
  4747. <THREATLEVEL>10</THREATLEVEL>
  4748. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4749. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4750. </PROCESSDESCRIPTOR>
  4751. <PROCESSDESCRIPTOR>
  4752. <ID>489</ID>
  4753. <PROCESSLIST>
  4754. <PROCESS>*</PROCESS>
  4755. <PROCESS>(SPTSUPD.EXE)</PROCESS>
  4756. </PROCESSLIST>
  4757. <CLSIDLIST>
  4758. </CLSIDLIST>
  4759. <SUMMARY>SPTSUPD.EXE</SUMMARY>
  4760. <DEFAULTINSTALLPATHLIST>
  4761. </DEFAULTINSTALLPATHLIST>
  4762. <CATEGORY>ADWARE</CATEGORY>
  4763. <CONDITIONLIST>
  4764. <CONDITION>MD5=3f96f698c517a863f5281b30f4218aea</CONDITION>
  4765. </CONDITIONLIST>
  4766. <OPERATOR>AND</OPERATOR>
  4767. <THREATLEVEL>10</THREATLEVEL>
  4768. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4769. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4770. </PROCESSDESCRIPTOR>
  4771. <PROCESSDESCRIPTOR>
  4772. <ID>490</ID>
  4773. <PROCESSLIST>
  4774. <PROCESS>*</PROCESS>
  4775. <PROCESS>(ACSPROXYSTUB.EXE)</PROCESS>
  4776. </PROCESSLIST>
  4777. <CLSIDLIST>
  4778. </CLSIDLIST>
  4779. <SUMMARY>ACSPROXYSTUB.EXE</SUMMARY>
  4780. <DEFAULTINSTALLPATHLIST>
  4781. </DEFAULTINSTALLPATHLIST>
  4782. <CATEGORY>ADWARE</CATEGORY>
  4783. <CONDITIONLIST>
  4784. <CONDITION>MD5=10b3f87e218b6fdd7b103d921b46ff14</CONDITION>
  4785. </CONDITIONLIST>
  4786. <OPERATOR>AND</OPERATOR>
  4787. <THREATLEVEL>10</THREATLEVEL>
  4788. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4789. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4790. </PROCESSDESCRIPTOR>
  4791. <PROCESSDESCRIPTOR>
  4792. <ID>491</ID>
  4793. <PROCESSLIST>
  4794. <PROCESS>*</PROCESS>
  4795. <PROCESS>(SENH.EXE)</PROCESS>
  4796. </PROCESSLIST>
  4797. <CLSIDLIST>
  4798. </CLSIDLIST>
  4799. <SUMMARY>SENH.EXE</SUMMARY>
  4800. <DEFAULTINSTALLPATHLIST>
  4801. </DEFAULTINSTALLPATHLIST>
  4802. <CATEGORY>ADWARE</CATEGORY>
  4803. <CONDITIONLIST>
  4804. <CONDITION>MD5=b86752f41f2ff6330f9d4f2ded63f482</CONDITION>
  4805. </CONDITIONLIST>
  4806. <OPERATOR>AND</OPERATOR>
  4807. <THREATLEVEL>10</THREATLEVEL>
  4808. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4809. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4810. </PROCESSDESCRIPTOR>
  4811. <PROCESSDESCRIPTOR>
  4812. <ID>492</ID>
  4813. <PROCESSLIST>
  4814. <PROCESS>*</PROCESS>
  4815. <PROCESS>(WEBR.EXE)</PROCESS>
  4816. </PROCESSLIST>
  4817. <CLSIDLIST>
  4818. </CLSIDLIST>
  4819. <SUMMARY>WEBR.EXE</SUMMARY>
  4820. <DEFAULTINSTALLPATHLIST>
  4821. </DEFAULTINSTALLPATHLIST>
  4822. <CATEGORY>ADWARE</CATEGORY>
  4823. <CONDITIONLIST>
  4824. <CONDITION>MD5=156441d5a49e14bf7e4662b4c353fb4b</CONDITION>
  4825. </CONDITIONLIST>
  4826. <OPERATOR>AND</OPERATOR>
  4827. <THREATLEVEL>10</THREATLEVEL>
  4828. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4829. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4830. </PROCESSDESCRIPTOR>
  4831. <PROCESSDESCRIPTOR>
  4832. <ID>493</ID>
  4833. <PROCESSLIST>
  4834. <PROCESS>*</PROCESS>
  4835. <PROCESS>(RUN.EXE)</PROCESS>
  4836. </PROCESSLIST>
  4837. <CLSIDLIST>
  4838. </CLSIDLIST>
  4839. <SUMMARY>RUN.EXE</SUMMARY>
  4840. <DEFAULTINSTALLPATHLIST>
  4841. </DEFAULTINSTALLPATHLIST>
  4842. <CATEGORY>ADWARE</CATEGORY>
  4843. <CONDITIONLIST>
  4844. <CONDITION>MD5=efd9ab226787b2a42332b0c9e20b1b1e</CONDITION>
  4845. </CONDITIONLIST>
  4846. <OPERATOR>AND</OPERATOR>
  4847. <THREATLEVEL>10</THREATLEVEL>
  4848. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4849. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4850. </PROCESSDESCRIPTOR>
  4851. <PROCESSDESCRIPTOR>
  4852. <ID>494</ID>
  4853. <PROCESSLIST>
  4854. <PROCESS>*</PROCESS>
  4855. <PROCESS>(STUBBUNDLETC.EXE)</PROCESS>
  4856. </PROCESSLIST>
  4857. <CLSIDLIST>
  4858. </CLSIDLIST>
  4859. <SUMMARY>STUBBUNDLETC.EXE</SUMMARY>
  4860. <DEFAULTINSTALLPATHLIST>
  4861. </DEFAULTINSTALLPATHLIST>
  4862. <CATEGORY>ADWARE</CATEGORY>
  4863. <CONDITIONLIST>
  4864. <CONDITION>MD5=daa822563f564be36ea16baf6e7fb9db</CONDITION>
  4865. </CONDITIONLIST>
  4866. <OPERATOR>AND</OPERATOR>
  4867. <THREATLEVEL>10</THREATLEVEL>
  4868. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4869. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4870. </PROCESSDESCRIPTOR>
  4871. <PROCESSDESCRIPTOR>
  4872. <ID>495</ID>
  4873. <PROCESSLIST>
  4874. <PROCESS>*</PROCESS>
  4875. <PROCESS>ISTBAR.DLL</PROCESS>
  4876. </PROCESSLIST>
  4877. <CLSIDLIST>
  4878. <CLSID>{5F1ABCDB-A875-46C1-8345-B72A4567E486}</CLSID>
  4879. </CLSIDLIST>
  4880. <SUMMARY>Adware.IST/ISTBar (Slotch Bar).Toolbar</SUMMARY>
  4881. <DEFAULTINSTALLPATHLIST>
  4882. </DEFAULTINSTALLPATHLIST>
  4883. <CATEGORY>ADWARE</CATEGORY>
  4884. <CONDITIONLIST>
  4885. </CONDITIONLIST>
  4886. <OPERATOR>AND</OPERATOR>
  4887. <THREATLEVEL>10</THREATLEVEL>
  4888. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4889. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4890. </PROCESSDESCRIPTOR>
  4891. <PROCESSDESCRIPTOR>
  4892. <ID>496</ID>
  4893. <PROCESSLIST>
  4894. <PROCESS>*</PROCESS>
  4895. <PROCESS>SFBHO.DLL</PROCESS>
  4896. </PROCESSLIST>
  4897. <CLSIDLIST>
  4898. <CLSID>{A3FDD654-A057-4971-9844-4ED8E67DBBB8}</CLSID>
  4899. </CLSIDLIST>
  4900. <SUMMARY>Adware.IST/SideFind.BHO</SUMMARY>
  4901. <DEFAULTINSTALLPATHLIST>
  4902. </DEFAULTINSTALLPATHLIST>
  4903. <CATEGORY>ADWARE</CATEGORY>
  4904. <CONDITIONLIST>
  4905. </CONDITIONLIST>
  4906. <OPERATOR>AND</OPERATOR>
  4907. <THREATLEVEL>10</THREATLEVEL>
  4908. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4909. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4910. </PROCESSDESCRIPTOR>
  4911. <PROCESSDESCRIPTOR>
  4912. <ID>497</ID>
  4913. <PROCESSLIST>
  4914. <PROCESS>*</PROCESS>
  4915. <PROCESS>2_0_1BROWSERHELPER2.DLL</PROCESS>
  4916. </PROCESSLIST>
  4917. <CLSIDLIST>
  4918. <CLSID>{83DE62E0-5805-11D8-9B25-00E04C60FAF2}</CLSID>
  4919. </CLSIDLIST>
  4920. <SUMMARY>Unknown BHO (2_0_1BROWSERHELPER2.DLL)</SUMMARY>
  4921. <DEFAULTINSTALLPATHLIST>
  4922. </DEFAULTINSTALLPATHLIST>
  4923. <CATEGORY>ADWARE</CATEGORY>
  4924. <CONDITIONLIST>
  4925. </CONDITIONLIST>
  4926. <OPERATOR>AND</OPERATOR>
  4927. <THREATLEVEL>10</THREATLEVEL>
  4928. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4929. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4930. </PROCESSDESCRIPTOR>
  4931. <PROCESSDESCRIPTOR>
  4932. <ID>498</ID>
  4933. <PROCESSLIST>
  4934. <PROCESS>*</PROCESS>
  4935. <PROCESS>QMSKURLH.DLL</PROCESS>
  4936. </PROCESSLIST>
  4937. <CLSIDLIST>
  4938. <CLSID>{38FC345A-9F47-22E9-8220-66557FF37944}</CLSID>
  4939. </CLSIDLIST>
  4940. <SUMMARY>Unknown BHO (QMSKURLH.DLL)</SUMMARY>
  4941. <DEFAULTINSTALLPATHLIST>
  4942. </DEFAULTINSTALLPATHLIST>
  4943. <CATEGORY>ADWARE</CATEGORY>
  4944. <CONDITIONLIST>
  4945. </CONDITIONLIST>
  4946. <OPERATOR>AND</OPERATOR>
  4947. <THREATLEVEL>10</THREATLEVEL>
  4948. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4949. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4950. </PROCESSDESCRIPTOR>
  4951. <PROCESSDESCRIPTOR>
  4952. <ID>499</ID>
  4953. <PROCESSLIST>
  4954. <PROCESS>*</PROCESS>
  4955. <PROCESS>INCFIN~1.DLL</PROCESS>
  4956. </PROCESSLIST>
  4957. <CLSIDLIST>
  4958. <CLSID>{0199DF25-9820-4BD5-9FEE-5A765AB4371E}</CLSID>
  4959. <CLSID>{0026AD90-C86F-4269-97F3-DAB4897C6D06}</CLSID>
  4960. </CLSIDLIST>
  4961. <SUMMARY>Adware.IncrediFind.BHO</SUMMARY>
  4962. <DEFAULTINSTALLPATHLIST>
  4963. </DEFAULTINSTALLPATHLIST>
  4964. <CATEGORY>ADWARE</CATEGORY>
  4965. <CONDITIONLIST>
  4966. </CONDITIONLIST>
  4967. <OPERATOR>AND</OPERATOR>
  4968. <THREATLEVEL>10</THREATLEVEL>
  4969. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4970. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4971. </PROCESSDESCRIPTOR>
  4972. <PROCESSDESCRIPTOR>
  4973. <ID>500</ID>
  4974. <PROCESSLIST>
  4975. <PROCESS>*</PROCESS>
  4976. <PROCESS>SRCHFST.DLL</PROCESS>
  4977. </PROCESSLIST>
  4978. <CLSIDLIST>
  4979. <CLSID>{000277A3-7D84-406a-9799-D12A81594693}</CLSID>
  4980. </CLSIDLIST>
  4981. <SUMMARY>Searchfst Class BHO (SRCHFST.DLL)</SUMMARY>
  4982. <DEFAULTINSTALLPATHLIST>
  4983. </DEFAULTINSTALLPATHLIST>
  4984. <CATEGORY>ADWARE</CATEGORY>
  4985. <CONDITIONLIST>
  4986. </CONDITIONLIST>
  4987. <OPERATOR>AND</OPERATOR>
  4988. <THREATLEVEL>10</THREATLEVEL>
  4989. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  4990. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  4991. </PROCESSDESCRIPTOR>
  4992. <PROCESSDESCRIPTOR>
  4993. <ID>501</ID>
  4994. <PROCESSLIST>
  4995. <PROCESS>*</PROCESS>
  4996. <PROCESS>BITS IDLE.EXE</PROCESS>
  4997. </PROCESSLIST>
  4998. <CLSIDLIST>
  4999. <CLSID>{C5BB15B1-507B-E3BE-7D15-35F3E55042D1}</CLSID>
  5000. </CLSIDLIST>
  5001. <SUMMARY>Bits Idle.exe BHO (BITS IDLE.EXE)</SUMMARY>
  5002. <DEFAULTINSTALLPATHLIST>
  5003. </DEFAULTINSTALLPATHLIST>
  5004. <CATEGORY>ADWARE</CATEGORY>
  5005. <CONDITIONLIST>
  5006. </CONDITIONLIST>
  5007. <OPERATOR>AND</OPERATOR>
  5008. <THREATLEVEL>10</THREATLEVEL>
  5009. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5010. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5011. </PROCESSDESCRIPTOR>
  5012. <PROCESSDESCRIPTOR>
  5013. <ID>502</ID>
  5014. <PROCESSLIST>
  5015. <PROCESS>*</PROCESS>
  5016. <PROCESS>BITS IDLE.EXE</PROCESS>
  5017. </PROCESSLIST>
  5018. <CLSIDLIST>
  5019. <CLSID>{9E78E017-CDA5-E7E6-2B2C-2E152185DA1D}</CLSID>
  5020. </CLSIDLIST>
  5021. <SUMMARY>Bits Idle.exe BHO (BITS IDLE.EXE)</SUMMARY>
  5022. <DEFAULTINSTALLPATHLIST>
  5023. </DEFAULTINSTALLPATHLIST>
  5024. <CATEGORY>ADWARE</CATEGORY>
  5025. <CONDITIONLIST>
  5026. </CONDITIONLIST>
  5027. <OPERATOR>AND</OPERATOR>
  5028. <THREATLEVEL>10</THREATLEVEL>
  5029. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5030. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5031. </PROCESSDESCRIPTOR>
  5032. <PROCESSDESCRIPTOR>
  5033. <ID>504</ID>
  5034. <PROCESSLIST>
  5035. <PROCESS>SEXCAMS_AU.EXE</PROCESS>
  5036. </PROCESSLIST>
  5037. <CLSIDLIST>
  5038. </CLSIDLIST>
  5039. <SUMMARY>SexCams Dialer</SUMMARY>
  5040. <DEFAULTINSTALLPATHLIST>
  5041. </DEFAULTINSTALLPATHLIST>
  5042. <CATEGORY>ADWARE</CATEGORY>
  5043. <CONDITIONLIST>
  5044. </CONDITIONLIST>
  5045. <OPERATOR>AND</OPERATOR>
  5046. <THREATLEVEL>10</THREATLEVEL>
  5047. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5048. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5049. </PROCESSDESCRIPTOR>
  5050. <PROCESSDESCRIPTOR>
  5051. <ID>505</ID>
  5052. <PROCESSLIST>
  5053. <PROCESS>*</PROCESS>
  5054. <PROCESS>CELZJHK.DLL</PROCESS>
  5055. </PROCESSLIST>
  5056. <CLSIDLIST>
  5057. <CLSID>{6DFA6B52-9312-5AE2-8226-65550DF6283C}</CLSID>
  5058. </CLSIDLIST>
  5059. <SUMMARY>Unknown BHO (CELZJHK.DLL)</SUMMARY>
  5060. <DEFAULTINSTALLPATHLIST>
  5061. </DEFAULTINSTALLPATHLIST>
  5062. <CATEGORY>ADWARE</CATEGORY>
  5063. <CONDITIONLIST>
  5064. </CONDITIONLIST>
  5065. <OPERATOR>AND</OPERATOR>
  5066. <THREATLEVEL>10</THREATLEVEL>
  5067. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5068. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5069. </PROCESSDESCRIPTOR>
  5070. <PROCESSDESCRIPTOR>
  5071. <ID>506</ID>
  5072. <PROCESSLIST>
  5073. <PROCESS>*</PROCESS>
  5074. <PROCESS>NSU2.DLL</PROCESS>
  5075. </PROCESSLIST>
  5076. <CLSIDLIST>
  5077. <CLSID>{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}</CLSID>
  5078. </CLSIDLIST>
  5079. <SUMMARY>CSearchHelpIEExtension Object BHO</SUMMARY>
  5080. <DEFAULTINSTALLPATHLIST>
  5081. </DEFAULTINSTALLPATHLIST>
  5082. <CATEGORY>ADWARE</CATEGORY>
  5083. <CONDITIONLIST>
  5084. </CONDITIONLIST>
  5085. <OPERATOR>AND</OPERATOR>
  5086. <THREATLEVEL>10</THREATLEVEL>
  5087. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5088. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5089. </PROCESSDESCRIPTOR>
  5090. <PROCESSDESCRIPTOR>
  5091. <ID>507</ID>
  5092. <PROCESSLIST>
  5093. <PROCESS>*</PROCESS>
  5094. <PROCESS>SYSTB.DLL</PROCESS>
  5095. </PROCESSLIST>
  5096. <CLSIDLIST>
  5097. <CLSID>{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}</CLSID>
  5098. <CLSID>{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}</CLSID>
  5099. </CLSIDLIST>
  5100. <SUMMARY>Intelligent Explorer BHO</SUMMARY>
  5101. <DEFAULTINSTALLPATHLIST>
  5102. </DEFAULTINSTALLPATHLIST>
  5103. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  5104. <CONDITIONLIST>
  5105. </CONDITIONLIST>
  5106. <OPERATOR>AND</OPERATOR>
  5107. <THREATLEVEL>10</THREATLEVEL>
  5108. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5109. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5110. </PROCESSDESCRIPTOR>
  5111. <PROCESSDESCRIPTOR>
  5112. <ID>508</ID>
  5113. <PROCESSLIST>
  5114. <PROCESS>*</PROCESS>
  5115. <PROCESS>RH.DLL</PROCESS>
  5116. </PROCESSLIST>
  5117. <CLSIDLIST>
  5118. <CLSID>{0421701D-CF13-4E70-ADF0-45A953E7CB8B}</CLSID>
  5119. </CLSIDLIST>
  5120. <SUMMARY>Adware.SmartPops.BHO</SUMMARY>
  5121. <DEFAULTINSTALLPATHLIST>
  5122. </DEFAULTINSTALLPATHLIST>
  5123. <CATEGORY>ADWARE</CATEGORY>
  5124. <CONDITIONLIST>
  5125. </CONDITIONLIST>
  5126. <OPERATOR>AND</OPERATOR>
  5127. <THREATLEVEL>10</THREATLEVEL>
  5128. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5129. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5130. </PROCESSDESCRIPTOR>
  5131. <PROCESSDESCRIPTOR>
  5132. <ID>509</ID>
  5133. <PROCESSLIST>
  5134. <PROCESS>*</PROCESS>
  5135. <PROCESS>SE.DLL</PROCESS>
  5136. </PROCESSLIST>
  5137. <CLSIDLIST>
  5138. <CLSID>{00041A26-7033-432C-94C7-6371DE343822}</CLSID>
  5139. </CLSIDLIST>
  5140. <SUMMARY>Adware.Search-Exe.BHO</SUMMARY>
  5141. <DEFAULTINSTALLPATHLIST>
  5142. </DEFAULTINSTALLPATHLIST>
  5143. <CATEGORY>ADWARE</CATEGORY>
  5144. <CONDITIONLIST>
  5145. </CONDITIONLIST>
  5146. <OPERATOR>AND</OPERATOR>
  5147. <THREATLEVEL>10</THREATLEVEL>
  5148. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5149. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5150. </PROCESSDESCRIPTOR>
  5151. <PROCESSDESCRIPTOR>
  5152. <ID>510</ID>
  5153. <PROCESSLIST>
  5154. <PROCESS>*</PROCESS>
  5155. <PROCESS>(J9ESPRC.EXE)</PROCESS>
  5156. </PROCESSLIST>
  5157. <CLSIDLIST>
  5158. </CLSIDLIST>
  5159. <SUMMARY>J9ESPRC.EXE</SUMMARY>
  5160. <DEFAULTINSTALLPATHLIST>
  5161. </DEFAULTINSTALLPATHLIST>
  5162. <CATEGORY>ADWARE</CATEGORY>
  5163. <CONDITIONLIST>
  5164. <CONDITION>MD5=eb6a4356f202376780a420eb47864a76</CONDITION>
  5165. </CONDITIONLIST>
  5166. <OPERATOR>AND</OPERATOR>
  5167. <THREATLEVEL>10</THREATLEVEL>
  5168. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5169. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5170. </PROCESSDESCRIPTOR>
  5171. <PROCESSDESCRIPTOR>
  5172. <ID>511</ID>
  5173. <PROCESSLIST>
  5174. <PROCESS>*</PROCESS>
  5175. <PROCESS>(WDSKCTL.EXE)</PROCESS>
  5176. </PROCESSLIST>
  5177. <CLSIDLIST>
  5178. </CLSIDLIST>
  5179. <SUMMARY>IE Plugin Variant (WDSKCTL.EXE)</SUMMARY>
  5180. <DEFAULTINSTALLPATHLIST>
  5181. </DEFAULTINSTALLPATHLIST>
  5182. <CATEGORY>ADWARE</CATEGORY>
  5183. <CONDITIONLIST>
  5184. <CONDITION>MD5=cd074582eac0c9c7e1ad8f63ed1df03f</CONDITION>
  5185. </CONDITIONLIST>
  5186. <OPERATOR>AND</OPERATOR>
  5187. <THREATLEVEL>10</THREATLEVEL>
  5188. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5189. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5190. </PROCESSDESCRIPTOR>
  5191. <PROCESSDESCRIPTOR>
  5192. <ID>513</ID>
  5193. <PROCESSLIST>
  5194. <PROCESS>*</PROCESS>
  5195. <PROCESS>JPSUTNV.DLL</PROCESS>
  5196. </PROCESSLIST>
  5197. <CLSIDLIST>
  5198. <CLSID>{33A83156-9142-0DB1-8726-65550DF62C6D}</CLSID>
  5199. </CLSIDLIST>
  5200. <SUMMARY>Unknown BHO (JPSUTNV.DLL)</SUMMARY>
  5201. <DEFAULTINSTALLPATHLIST>
  5202. </DEFAULTINSTALLPATHLIST>
  5203. <CATEGORY>ADWARE</CATEGORY>
  5204. <CONDITIONLIST>
  5205. </CONDITIONLIST>
  5206. <OPERATOR>AND</OPERATOR>
  5207. <THREATLEVEL>10</THREATLEVEL>
  5208. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5209. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5210. </PROCESSDESCRIPTOR>
  5211. <PROCESSDESCRIPTOR>
  5212. <ID>514</ID>
  5213. <PROCESSLIST>
  5214. <PROCESS>*</PROCESS>
  5215. <PROCESS>TOOLBAR.DLL</PROCESS>
  5216. </PROCESSLIST>
  5217. <CLSIDLIST>
  5218. <CLSID>{1C78AB3F-A857-482E-80C0-3A1E5238A565}</CLSID>
  5219. </CLSIDLIST>
  5220. <SUMMARY>Adware.iSearch.Toolbar/BHO</SUMMARY>
  5221. <DEFAULTINSTALLPATHLIST>
  5222. </DEFAULTINSTALLPATHLIST>
  5223. <CATEGORY>ADWARE</CATEGORY>
  5224. <CONDITIONLIST>
  5225. </CONDITIONLIST>
  5226. <OPERATOR>AND</OPERATOR>
  5227. <THREATLEVEL>10</THREATLEVEL>
  5228. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5229. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5230. </PROCESSDESCRIPTOR>
  5231. <PROCESSDESCRIPTOR>
  5232. <ID>515</ID>
  5233. <PROCESSLIST>
  5234. <PROCESS>*</PROCESS>
  5235. <PROCESS>SSKBHO.DLL</PROCESS>
  5236. </PROCESSLIST>
  5237. <CLSIDLIST>
  5238. <CLSID>{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}</CLSID>
  5239. </CLSIDLIST>
  5240. <SUMMARY>SurfSideKick 2 URL Search Hook</SUMMARY>
  5241. <DEFAULTINSTALLPATHLIST>
  5242. </DEFAULTINSTALLPATHLIST>
  5243. <CATEGORY>ADWARE</CATEGORY>
  5244. <CONDITIONLIST>
  5245. </CONDITIONLIST>
  5246. <OPERATOR>AND</OPERATOR>
  5247. <THREATLEVEL>10</THREATLEVEL>
  5248. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5249. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5250. </PROCESSDESCRIPTOR>
  5251. <PROCESSDESCRIPTOR>
  5252. <ID>516</ID>
  5253. <PROCESSLIST>
  5254. <PROCESS>*</PROCESS>
  5255. <PROCESS>(SSK.EXE)</PROCESS>
  5256. </PROCESSLIST>
  5257. <CLSIDLIST>
  5258. </CLSIDLIST>
  5259. <SUMMARY>SurfSideKick 2 Process</SUMMARY>
  5260. <DEFAULTINSTALLPATHLIST>
  5261. </DEFAULTINSTALLPATHLIST>
  5262. <CATEGORY>ADWARE</CATEGORY>
  5263. <CONDITIONLIST>
  5264. <CONDITION>MD5=baecf81d333166bdabe04c9cb865ec3e</CONDITION>
  5265. </CONDITIONLIST>
  5266. <OPERATOR>AND</OPERATOR>
  5267. <THREATLEVEL>10</THREATLEVEL>
  5268. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5269. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5270. </PROCESSDESCRIPTOR>
  5271. <PROCESSDESCRIPTOR>
  5272. <ID>517</ID>
  5273. <PROCESSLIST>
  5274. <PROCESS>*</PROCESS>
  5275. <PROCESS>(SSKUPDATER.EXE)</PROCESS>
  5276. </PROCESSLIST>
  5277. <CLSIDLIST>
  5278. </CLSIDLIST>
  5279. <SUMMARY>SurfSideKick 2 Updater Process</SUMMARY>
  5280. <DEFAULTINSTALLPATHLIST>
  5281. </DEFAULTINSTALLPATHLIST>
  5282. <CATEGORY>ADWARE</CATEGORY>
  5283. <CONDITIONLIST>
  5284. <CONDITION>MD5=0a32635efc9f0f9f3d5edfb91d625fec</CONDITION>
  5285. </CONDITIONLIST>
  5286. <OPERATOR>AND</OPERATOR>
  5287. <THREATLEVEL>10</THREATLEVEL>
  5288. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5289. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5290. </PROCESSDESCRIPTOR>
  5291. <PROCESSDESCRIPTOR>
  5292. <ID>518</ID>
  5293. <PROCESSLIST>
  5294. <PROCESS>CONSCORR.EXE</PROCESS>
  5295. </PROCESSLIST>
  5296. <CLSIDLIST>
  5297. </CLSIDLIST>
  5298. <SUMMARY>ConsCorr (Cliks) Process</SUMMARY>
  5299. <DEFAULTINSTALLPATHLIST>
  5300. </DEFAULTINSTALLPATHLIST>
  5301. <CATEGORY>ADWARE</CATEGORY>
  5302. <CONDITIONLIST>
  5303. <CONDITION>COMPANYNAME~conscorr</CONDITION>
  5304. </CONDITIONLIST>
  5305. <OPERATOR>AND</OPERATOR>
  5306. <THREATLEVEL>10</THREATLEVEL>
  5307. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5308. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5309. </PROCESSDESCRIPTOR>
  5310. <PROCESSDESCRIPTOR>
  5311. <ID>519</ID>
  5312. <PROCESSLIST>
  5313. <PROCESS>*</PROCESS>
  5314. <PROCESS>(CONSCORR.EXE)</PROCESS>
  5315. </PROCESSLIST>
  5316. <CLSIDLIST>
  5317. </CLSIDLIST>
  5318. <SUMMARY>ConsCorr (Cliks) Process</SUMMARY>
  5319. <DEFAULTINSTALLPATHLIST>
  5320. </DEFAULTINSTALLPATHLIST>
  5321. <CATEGORY>ADWARE</CATEGORY>
  5322. <CONDITIONLIST>
  5323. <CONDITION>MD5=f89eab3d483b0fecfd3f946198807e09</CONDITION>
  5324. </CONDITIONLIST>
  5325. <OPERATOR>AND</OPERATOR>
  5326. <THREATLEVEL>10</THREATLEVEL>
  5327. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5328. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5329. </PROCESSDESCRIPTOR>
  5330. <PROCESSDESCRIPTOR>
  5331. <ID>520</ID>
  5332. <PROCESSLIST>
  5333. <PROCESS>*</PROCESS>
  5334. <PROCESS>SE.DLL</PROCESS>
  5335. </PROCESSLIST>
  5336. <CLSIDLIST>
  5337. <CLSID>{9368D063-44BE-49B9-BD14-BB9663FD38FC}</CLSID>
  5338. </CLSIDLIST>
  5339. <SUMMARY>Adware.Search-Exe.URL Search Hook</SUMMARY>
  5340. <DEFAULTINSTALLPATHLIST>
  5341. </DEFAULTINSTALLPATHLIST>
  5342. <CATEGORY>ADWARE</CATEGORY>
  5343. <CONDITIONLIST>
  5344. </CONDITIONLIST>
  5345. <OPERATOR>AND</OPERATOR>
  5346. <THREATLEVEL>10</THREATLEVEL>
  5347. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5348. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5349. </PROCESSDESCRIPTOR>
  5350. <PROCESSDESCRIPTOR>
  5351. <ID>521</ID>
  5352. <PROCESSLIST>
  5353. <PROCESS>*</PROCESS>
  5354. <PROCESS>SE.DLL</PROCESS>
  5355. </PROCESSLIST>
  5356. <CLSIDLIST>
  5357. <CLSID>{002F4E27-B273-4FA5-ADFC-1FB9ED210B37}</CLSID>
  5358. </CLSIDLIST>
  5359. <SUMMARY>Adware.Search-Exe.Explorer Bar</SUMMARY>
  5360. <DEFAULTINSTALLPATHLIST>
  5361. </DEFAULTINSTALLPATHLIST>
  5362. <CATEGORY>ADWARE</CATEGORY>
  5363. <CONDITIONLIST>
  5364. </CONDITIONLIST>
  5365. <OPERATOR>AND</OPERATOR>
  5366. <THREATLEVEL>10</THREATLEVEL>
  5367. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5368. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5369. </PROCESSDESCRIPTOR>
  5370. <PROCESSDESCRIPTOR>
  5371. <ID>523</ID>
  5372. <PROCESSLIST>
  5373. <PROCESS>LAUNCHURL.EXE</PROCESS>
  5374. </PROCESSLIST>
  5375. <CLSIDLIST>
  5376. </CLSIDLIST>
  5377. <SUMMARY>Launchurl</SUMMARY>
  5378. <DEFAULTINSTALLPATHLIST>
  5379. </DEFAULTINSTALLPATHLIST>
  5380. <CATEGORY>ADWARE</CATEGORY>
  5381. <CONDITIONLIST>
  5382. <CONDITION>INTERNALNAME~launchurl</CONDITION>
  5383. </CONDITIONLIST>
  5384. <OPERATOR>AND</OPERATOR>
  5385. <THREATLEVEL>10</THREATLEVEL>
  5386. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5387. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5388. </PROCESSDESCRIPTOR>
  5389. <PROCESSDESCRIPTOR>
  5390. <ID>524</ID>
  5391. <PROCESSLIST>
  5392. <PROCESS>*</PROCESS>
  5393. <PROCESS>(SS.EXE)</PROCESS>
  5394. </PROCESSLIST>
  5395. <CLSIDLIST>
  5396. </CLSIDLIST>
  5397. <SUMMARY>nLite SS.EXE</SUMMARY>
  5398. <DEFAULTINSTALLPATHLIST>
  5399. </DEFAULTINSTALLPATHLIST>
  5400. <CATEGORY>ADWARE</CATEGORY>
  5401. <CONDITIONLIST>
  5402. <CONDITION>MD5=5375d517b79eb873ce2e3ed379614821</CONDITION>
  5403. </CONDITIONLIST>
  5404. <OPERATOR>AND</OPERATOR>
  5405. <THREATLEVEL>10</THREATLEVEL>
  5406. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5407. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5408. </PROCESSDESCRIPTOR>
  5409. <PROCESSDESCRIPTOR>
  5410. <ID>525</ID>
  5411. <PROCESSLIST>
  5412. <PROCESS>*</PROCESS>
  5413. <PROCESS>MMVIEW_101.DLL</PROCESS>
  5414. </PROCESSLIST>
  5415. <CLSIDLIST>
  5416. <CLSID>{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}</CLSID>
  5417. </CLSIDLIST>
  5418. <SUMMARY>FavoriteMan Class BHO</SUMMARY>
  5419. <DEFAULTINSTALLPATHLIST>
  5420. </DEFAULTINSTALLPATHLIST>
  5421. <CATEGORY>ADWARE</CATEGORY>
  5422. <CONDITIONLIST>
  5423. </CONDITIONLIST>
  5424. <OPERATOR>AND</OPERATOR>
  5425. <THREATLEVEL>10</THREATLEVEL>
  5426. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5427. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5428. </PROCESSDESCRIPTOR>
  5429. <PROCESSDESCRIPTOR>
  5430. <ID>526</ID>
  5431. <PROCESSLIST>
  5432. <PROCESS>*</PROCESS>
  5433. <PROCESS>(WEBREBATES_CDT_INSTALLSILENT.EXE)</PROCESS>
  5434. </PROCESSLIST>
  5435. <CLSIDLIST>
  5436. </CLSIDLIST>
  5437. <SUMMARY>WebRebates Silent Installer</SUMMARY>
  5438. <DEFAULTINSTALLPATHLIST>
  5439. </DEFAULTINSTALLPATHLIST>
  5440. <CATEGORY>ADWARE</CATEGORY>
  5441. <CONDITIONLIST>
  5442. <CONDITION>MD5=2b95da7faf63a18e29f94cf716bb171b</CONDITION>
  5443. </CONDITIONLIST>
  5444. <OPERATOR>AND</OPERATOR>
  5445. <THREATLEVEL>10</THREATLEVEL>
  5446. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5447. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5448. </PROCESSDESCRIPTOR>
  5449. <PROCESSDESCRIPTOR>
  5450. <ID>527</ID>
  5451. <PROCESSLIST>
  5452. <PROCESS>WINADTOOLS.EXE</PROCESS>
  5453. </PROCESSLIST>
  5454. <CLSIDLIST>
  5455. </CLSIDLIST>
  5456. <SUMMARY>Windows Ad Tools</SUMMARY>
  5457. <DEFAULTINSTALLPATHLIST>
  5458. </DEFAULTINSTALLPATHLIST>
  5459. <CATEGORY>ADWARE</CATEGORY>
  5460. <CONDITIONLIST>
  5461. </CONDITIONLIST>
  5462. <OPERATOR>AND</OPERATOR>
  5463. <THREATLEVEL>10</THREATLEVEL>
  5464. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5465. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5466. </PROCESSDESCRIPTOR>
  5467. <PROCESSDESCRIPTOR>
  5468. <ID>530</ID>
  5469. <PROCESSLIST>
  5470. <PROCESS>*</PROCESS>
  5471. <PROCESS>NEM220.DLL</PROCESS>
  5472. </PROCESSLIST>
  5473. <CLSIDLIST>
  5474. <CLSID>{00000010-6F7D-442C-93E3-4A4827C2E4C8}</CLSID>
  5475. </CLSIDLIST>
  5476. <SUMMARY>Adware.Avenue Media/Internet Optimizer.BHO</SUMMARY>
  5477. <DEFAULTINSTALLPATHLIST>
  5478. </DEFAULTINSTALLPATHLIST>
  5479. <CATEGORY>ADWARE</CATEGORY>
  5480. <CONDITIONLIST>
  5481. </CONDITIONLIST>
  5482. <OPERATOR>AND</OPERATOR>
  5483. <THREATLEVEL>10</THREATLEVEL>
  5484. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5485. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5486. </PROCESSDESCRIPTOR>
  5487. <PROCESSDESCRIPTOR>
  5488. <ID>529</ID>
  5489. <PROCESSLIST>
  5490. <PROCESS>WINRATCHET.EXE</PROCESS>
  5491. </PROCESSLIST>
  5492. <CLSIDLIST>
  5493. </CLSIDLIST>
  5494. <SUMMARY>Windows Ad Tools</SUMMARY>
  5495. <DEFAULTINSTALLPATHLIST>
  5496. </DEFAULTINSTALLPATHLIST>
  5497. <CATEGORY>ADWARE</CATEGORY>
  5498. <CONDITIONLIST>
  5499. </CONDITIONLIST>
  5500. <OPERATOR>AND</OPERATOR>
  5501. <THREATLEVEL>10</THREATLEVEL>
  5502. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5503. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5504. </PROCESSDESCRIPTOR>
  5505. <PROCESSDESCRIPTOR>
  5506. <ID>531</ID>
  5507. <PROCESSLIST>
  5508. <PROCESS>CXTPLS.EXE</PROCESS>
  5509. </PROCESSLIST>
  5510. <CLSIDLIST>
  5511. </CLSIDLIST>
  5512. <SUMMARY>Adware.Apropos Media/CxtPls.Process</SUMMARY>
  5513. <DEFAULTINSTALLPATHLIST>
  5514. </DEFAULTINSTALLPATHLIST>
  5515. <CATEGORY>ADWARE</CATEGORY>
  5516. <CONDITIONLIST>
  5517. <CONDITION>COMPANYNAME~Apropos</CONDITION>
  5518. </CONDITIONLIST>
  5519. <OPERATOR>AND</OPERATOR>
  5520. <THREATLEVEL>10</THREATLEVEL>
  5521. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5522. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5523. </PROCESSDESCRIPTOR>
  5524. <PROCESSDESCRIPTOR>
  5525. <ID>532</ID>
  5526. <PROCESSLIST>
  5527. <PROCESS>*</PROCESS>
  5528. <PROCESS>(AUTOUPDATE.EXE)</PROCESS>
  5529. </PROCESSLIST>
  5530. <CLSIDLIST>
  5531. </CLSIDLIST>
  5532. <SUMMARY>Adware.Autoupdate.Process</SUMMARY>
  5533. <DEFAULTINSTALLPATHLIST>
  5534. </DEFAULTINSTALLPATHLIST>
  5535. <CATEGORY>ADWARE</CATEGORY>
  5536. <CONDITIONLIST>
  5537. <CONDITION>MD5=0b491a091f3ca5a6ae78b106c16a8d31</CONDITION>
  5538. </CONDITIONLIST>
  5539. <OPERATOR>AND</OPERATOR>
  5540. <THREATLEVEL>10</THREATLEVEL>
  5541. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5542. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5543. </PROCESSDESCRIPTOR>
  5544. <PROCESSDESCRIPTOR>
  5545. <ID>534</ID>
  5546. <PROCESSLIST>
  5547. <PROCESS>*</PROCESS>
  5548. <PROCESS>(BCPC_C.EXE)</PROCESS>
  5549. </PROCESSLIST>
  5550. <CLSIDLIST>
  5551. </CLSIDLIST>
  5552. <SUMMARY>BCPC_C.EXE</SUMMARY>
  5553. <DEFAULTINSTALLPATHLIST>
  5554. </DEFAULTINSTALLPATHLIST>
  5555. <CATEGORY>ADWARE</CATEGORY>
  5556. <CONDITIONLIST>
  5557. <CONDITION>MD5=d4661870a11fd8575fe4d0e973b04f4b</CONDITION>
  5558. </CONDITIONLIST>
  5559. <OPERATOR>AND</OPERATOR>
  5560. <THREATLEVEL>10</THREATLEVEL>
  5561. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5562. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5563. </PROCESSDESCRIPTOR>
  5564. <PROCESSDESCRIPTOR>
  5565. <ID>535</ID>
  5566. <PROCESSLIST>
  5567. <PROCESS>*</PROCESS>
  5568. <PROCESS>(BCRE.EXE)</PROCESS>
  5569. </PROCESSLIST>
  5570. <CLSIDLIST>
  5571. </CLSIDLIST>
  5572. <SUMMARY>BCRE.EXE</SUMMARY>
  5573. <DEFAULTINSTALLPATHLIST>
  5574. </DEFAULTINSTALLPATHLIST>
  5575. <CATEGORY>ADWARE</CATEGORY>
  5576. <CONDITIONLIST>
  5577. <CONDITION>MD5=a8307eccf24ec132edb8cbb586370922</CONDITION>
  5578. </CONDITIONLIST>
  5579. <OPERATOR>AND</OPERATOR>
  5580. <THREATLEVEL>10</THREATLEVEL>
  5581. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5582. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5583. </PROCESSDESCRIPTOR>
  5584. <PROCESSDESCRIPTOR>
  5585. <ID>536</ID>
  5586. <PROCESSLIST>
  5587. <PROCESS>*</PROCESS>
  5588. <PROCESS>(BCRE_INST.EXE)</PROCESS>
  5589. </PROCESSLIST>
  5590. <CLSIDLIST>
  5591. </CLSIDLIST>
  5592. <SUMMARY>BCRE_INST.EXE</SUMMARY>
  5593. <DEFAULTINSTALLPATHLIST>
  5594. </DEFAULTINSTALLPATHLIST>
  5595. <CATEGORY>ADWARE</CATEGORY>
  5596. <CONDITIONLIST>
  5597. <CONDITION>MD5=a37ea93e41fd898bdc288ffffe72d0f0</CONDITION>
  5598. </CONDITIONLIST>
  5599. <OPERATOR>AND</OPERATOR>
  5600. <THREATLEVEL>10</THREATLEVEL>
  5601. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5602. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5603. </PROCESSDESCRIPTOR>
  5604. <PROCESSDESCRIPTOR>
  5605. <ID>537</ID>
  5606. <PROCESSLIST>
  5607. <PROCESS>*</PROCESS>
  5608. <PROCESS>(XCLEAN.EXE)</PROCESS>
  5609. </PROCESSLIST>
  5610. <CLSIDLIST>
  5611. </CLSIDLIST>
  5612. <SUMMARY>XCLEAN.EXE</SUMMARY>
  5613. <DEFAULTINSTALLPATHLIST>
  5614. </DEFAULTINSTALLPATHLIST>
  5615. <CATEGORY>ADWARE</CATEGORY>
  5616. <CONDITIONLIST>
  5617. <CONDITION>MD5=0c61c43704a14dbdd806dfe5326c4cd5</CONDITION>
  5618. </CONDITIONLIST>
  5619. <OPERATOR>AND</OPERATOR>
  5620. <THREATLEVEL>10</THREATLEVEL>
  5621. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5622. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5623. </PROCESSDESCRIPTOR>
  5624. <PROCESSDESCRIPTOR>
  5625. <ID>538</ID>
  5626. <PROCESSLIST>
  5627. <PROCESS>*</PROCESS>
  5628. <PROCESS>(XCPY1.EXE)</PROCESS>
  5629. </PROCESSLIST>
  5630. <CLSIDLIST>
  5631. </CLSIDLIST>
  5632. <SUMMARY>XCPY1.EXE</SUMMARY>
  5633. <DEFAULTINSTALLPATHLIST>
  5634. </DEFAULTINSTALLPATHLIST>
  5635. <CATEGORY>ADWARE</CATEGORY>
  5636. <CONDITIONLIST>
  5637. <CONDITION>MD5=040ca770ed6ef612885c6b14d883c352</CONDITION>
  5638. </CONDITIONLIST>
  5639. <OPERATOR>AND</OPERATOR>
  5640. <THREATLEVEL>10</THREATLEVEL>
  5641. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5642. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5643. </PROCESSDESCRIPTOR>
  5644. <PROCESSDESCRIPTOR>
  5645. <ID>539</ID>
  5646. <PROCESSLIST>
  5647. <PROCESS>*</PROCESS>
  5648. <PROCESS>XML.DLL</PROCESS>
  5649. </PROCESSLIST>
  5650. <CLSIDLIST>
  5651. <CLSID>{7CD20E91-1F31-41da-8379-479EA31DF969}</CLSID>
  5652. </CLSIDLIST>
  5653. <SUMMARY>Flash Enhancer BHO</SUMMARY>
  5654. <DEFAULTINSTALLPATHLIST>
  5655. </DEFAULTINSTALLPATHLIST>
  5656. <CATEGORY>ADWARE</CATEGORY>
  5657. <CONDITIONLIST>
  5658. </CONDITIONLIST>
  5659. <OPERATOR>AND</OPERATOR>
  5660. <THREATLEVEL>10</THREATLEVEL>
  5661. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5662. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5663. </PROCESSDESCRIPTOR>
  5664. <PROCESSDESCRIPTOR>
  5665. <ID>540</ID>
  5666. <PROCESSLIST>
  5667. <PROCESS>*</PROCESS>
  5668. <PROCESS>CXTPLS.DLL</PROCESS>
  5669. </PROCESSLIST>
  5670. <CLSIDLIST>
  5671. <CLSID>{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}</CLSID>
  5672. <CLSID>{016235BE-59D4-4CEB-ADD5-E2378282A1D9}</CLSID>
  5673. </CLSIDLIST>
  5674. <SUMMARY>Adware.Apropos Media/CxtPls.BHO</SUMMARY>
  5675. <DEFAULTINSTALLPATHLIST>
  5676. </DEFAULTINSTALLPATHLIST>
  5677. <CATEGORY>ADWARE</CATEGORY>
  5678. <CONDITIONLIST>
  5679. </CONDITIONLIST>
  5680. <OPERATOR>AND</OPERATOR>
  5681. <THREATLEVEL>10</THREATLEVEL>
  5682. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5683. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5684. </PROCESSDESCRIPTOR>
  5685. <PROCESSDESCRIPTOR>
  5686. <ID>541</ID>
  5687. <PROCESSLIST>
  5688. <PROCESS>*</PROCESS>
  5689. <PROCESS>(EXPLORER.EXE)</PROCESS>
  5690. </PROCESSLIST>
  5691. <CLSIDLIST>
  5692. </CLSIDLIST>
  5693. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  5694. <DEFAULTINSTALLPATHLIST>
  5695. </DEFAULTINSTALLPATHLIST>
  5696. <CATEGORY>ADWARE</CATEGORY>
  5697. <CONDITIONLIST>
  5698. <CONDITION>MD5=0c95b47e34657b50197651b3fd5ba722</CONDITION>
  5699. </CONDITIONLIST>
  5700. <OPERATOR>AND</OPERATOR>
  5701. <THREATLEVEL>10</THREATLEVEL>
  5702. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5703. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5704. </PROCESSDESCRIPTOR>
  5705. <PROCESSDESCRIPTOR>
  5706. <ID>542</ID>
  5707. <PROCESSLIST>
  5708. <PROCESS>*</PROCESS>
  5709. <PROCESS>(WINUPDT.EXE)</PROCESS>
  5710. </PROCESSLIST>
  5711. <CLSIDLIST>
  5712. </CLSIDLIST>
  5713. <SUMMARY>Worm.WINUPDT</SUMMARY>
  5714. <DEFAULTINSTALLPATHLIST>
  5715. </DEFAULTINSTALLPATHLIST>
  5716. <CATEGORY>ADWARE</CATEGORY>
  5717. <CONDITIONLIST>
  5718. <CONDITION>MD5=318a05beec571a4bc297b9456cc37089</CONDITION>
  5719. <CONDITION>MD5=B6DBD6CBBFD55F036576D7CDAEE6436D</CONDITION>
  5720. </CONDITIONLIST>
  5721. <OPERATOR>OR</OPERATOR>
  5722. <THREATLEVEL>10</THREATLEVEL>
  5723. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5724. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5725. </PROCESSDESCRIPTOR>
  5726. <PROCESSDESCRIPTOR>
  5727. <ID>543</ID>
  5728. <PROCESSLIST>
  5729. <PROCESS>*</PROCESS>
  5730. <PROCESS>(WINUPDTL.EXE)</PROCESS>
  5731. </PROCESSLIST>
  5732. <CLSIDLIST>
  5733. </CLSIDLIST>
  5734. <SUMMARY>Adware.Second Thought.Process</SUMMARY>
  5735. <DEFAULTINSTALLPATHLIST>
  5736. </DEFAULTINSTALLPATHLIST>
  5737. <CATEGORY>ADWARE</CATEGORY>
  5738. <CONDITIONLIST>
  5739. <CONDITION>MD5=c82d1497868bc659e3844fe92d6a8c6e</CONDITION>
  5740. </CONDITIONLIST>
  5741. <OPERATOR>AND</OPERATOR>
  5742. <THREATLEVEL>10</THREATLEVEL>
  5743. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5744. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5745. </PROCESSDESCRIPTOR>
  5746. <PROCESSDESCRIPTOR>
  5747. <ID>544</ID>
  5748. <PROCESSLIST>
  5749. <PROCESS>TBSSAVER.SCR</PROCESS>
  5750. </PROCESSLIST>
  5751. <CLSIDLIST>
  5752. </CLSIDLIST>
  5753. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Process</SUMMARY>
  5754. <DEFAULTINSTALLPATHLIST>
  5755. </DEFAULTINSTALLPATHLIST>
  5756. <CATEGORY>SPYWARE</CATEGORY>
  5757. <CONDITIONLIST>
  5758. <CONDITION>FILEDESCRIPTION~WebSearch</CONDITION>
  5759. </CONDITIONLIST>
  5760. <OPERATOR>AND</OPERATOR>
  5761. <THREATLEVEL>10</THREATLEVEL>
  5762. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5763. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5764. </PROCESSDESCRIPTOR>
  5765. <PROCESSDESCRIPTOR>
  5766. <ID>545</ID>
  5767. <PROCESSLIST>
  5768. <PROCESS>*</PROCESS>
  5769. <PROCESS>(FOUQCOB.EXE)</PROCESS>
  5770. </PROCESSLIST>
  5771. <CLSIDLIST>
  5772. </CLSIDLIST>
  5773. <SUMMARY>FOUQCOB.EXE</SUMMARY>
  5774. <DEFAULTINSTALLPATHLIST>
  5775. </DEFAULTINSTALLPATHLIST>
  5776. <CATEGORY>ADWARE</CATEGORY>
  5777. <CONDITIONLIST>
  5778. <CONDITION>MD5=959705073906328706fca7c77b6aca5c</CONDITION>
  5779. </CONDITIONLIST>
  5780. <OPERATOR>AND</OPERATOR>
  5781. <THREATLEVEL>10</THREATLEVEL>
  5782. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5783. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5784. </PROCESSDESCRIPTOR>
  5785. <PROCESSDESCRIPTOR>
  5786. <ID>546</ID>
  5787. <PROCESSLIST>
  5788. <PROCESS>*</PROCESS>
  5789. <PROCESS>WSEM302.DLL</PROCESS>
  5790. <PROCESS>WSEM303.DLL</PROCESS>
  5791. </PROCESSLIST>
  5792. <CLSIDLIST>
  5793. <CLSID>{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}</CLSID>
  5794. </CLSIDLIST>
  5795. <SUMMARY>BHObj Class BHO</SUMMARY>
  5796. <DEFAULTINSTALLPATHLIST>
  5797. </DEFAULTINSTALLPATHLIST>
  5798. <CATEGORY>ADWARE</CATEGORY>
  5799. <CONDITIONLIST>
  5800. </CONDITIONLIST>
  5801. <OPERATOR>AND</OPERATOR>
  5802. <THREATLEVEL>10</THREATLEVEL>
  5803. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5804. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5805. </PROCESSDESCRIPTOR>
  5806. <PROCESSDESCRIPTOR>
  5807. <ID>547</ID>
  5808. <PROCESSLIST>
  5809. <PROCESS>*</PROCESS>
  5810. <PROCESS>(BAP.EXE)</PROCESS>
  5811. </PROCESSLIST>
  5812. <CLSIDLIST>
  5813. </CLSIDLIST>
  5814. <SUMMARY>BAP.EXE</SUMMARY>
  5815. <DEFAULTINSTALLPATHLIST>
  5816. </DEFAULTINSTALLPATHLIST>
  5817. <CATEGORY>ADWARE</CATEGORY>
  5818. <CONDITIONLIST>
  5819. <CONDITION>MD5=77fbabfa1f68464f34dbc1dc89799ed5</CONDITION>
  5820. </CONDITIONLIST>
  5821. <OPERATOR>AND</OPERATOR>
  5822. <THREATLEVEL>10</THREATLEVEL>
  5823. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5824. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5825. </PROCESSDESCRIPTOR>
  5826. <PROCESSDESCRIPTOR>
  5827. <ID>548</ID>
  5828. <PROCESSLIST>
  5829. <PROCESS>*</PROCESS>
  5830. <PROCESS>(MSMC.EXE)</PROCESS>
  5831. </PROCESSLIST>
  5832. <CLSIDLIST>
  5833. </CLSIDLIST>
  5834. <SUMMARY>MSMC.EXE</SUMMARY>
  5835. <DEFAULTINSTALLPATHLIST>
  5836. </DEFAULTINSTALLPATHLIST>
  5837. <CATEGORY>ADWARE</CATEGORY>
  5838. <CONDITIONLIST>
  5839. <CONDITION>MD5=7a7d8d99f8d4895dfba409b1e3fad844</CONDITION>
  5840. </CONDITIONLIST>
  5841. <OPERATOR>AND</OPERATOR>
  5842. <THREATLEVEL>10</THREATLEVEL>
  5843. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5844. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5845. </PROCESSDESCRIPTOR>
  5846. <PROCESSDESCRIPTOR>
  5847. <ID>549</ID>
  5848. <PROCESSLIST>
  5849. <PROCESS>*</PROCESS>
  5850. <PROCESS>(CHKDSK.EXE)</PROCESS>
  5851. </PROCESSLIST>
  5852. <CLSIDLIST>
  5853. </CLSIDLIST>
  5854. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  5855. <DEFAULTINSTALLPATHLIST>
  5856. </DEFAULTINSTALLPATHLIST>
  5857. <CATEGORY>ADWARE</CATEGORY>
  5858. <CONDITIONLIST>
  5859. <CONDITION>MD5=a5252b830eee61ecf4cc198bbfe95ce9</CONDITION>
  5860. </CONDITIONLIST>
  5861. <OPERATOR>AND</OPERATOR>
  5862. <THREATLEVEL>10</THREATLEVEL>
  5863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5865. </PROCESSDESCRIPTOR>
  5866. <PROCESSDESCRIPTOR>
  5867. <ID>550</ID>
  5868. <PROCESSLIST>
  5869. <PROCESS>*</PROCESS>
  5870. <PROCESS>(BUNDLE.EXE)</PROCESS>
  5871. </PROCESSLIST>
  5872. <CLSIDLIST>
  5873. </CLSIDLIST>
  5874. <SUMMARY>BUNDLE.EXE</SUMMARY>
  5875. <DEFAULTINSTALLPATHLIST>
  5876. </DEFAULTINSTALLPATHLIST>
  5877. <CATEGORY>ADWARE</CATEGORY>
  5878. <CONDITIONLIST>
  5879. <CONDITION>MD5=4a12f5cc77436d6286b04dc38c167b23</CONDITION>
  5880. </CONDITIONLIST>
  5881. <OPERATOR>AND</OPERATOR>
  5882. <THREATLEVEL>10</THREATLEVEL>
  5883. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5884. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5885. </PROCESSDESCRIPTOR>
  5886. <PROCESSDESCRIPTOR>
  5887. <ID>551</ID>
  5888. <PROCESSLIST>
  5889. <PROCESS>*</PROCESS>
  5890. <PROCESS>(SAHAGENT-RAZORMEDIA1001.EXE)</PROCESS>
  5891. </PROCESSLIST>
  5892. <CLSIDLIST>
  5893. </CLSIDLIST>
  5894. <SUMMARY>SAHAGENT-RAZORMEDIA1001.EXE</SUMMARY>
  5895. <DEFAULTINSTALLPATHLIST>
  5896. </DEFAULTINSTALLPATHLIST>
  5897. <CATEGORY>ADWARE</CATEGORY>
  5898. <CONDITIONLIST>
  5899. <CONDITION>MD5=d206cd15341d331b4ed28ae3ec18931e</CONDITION>
  5900. </CONDITIONLIST>
  5901. <OPERATOR>AND</OPERATOR>
  5902. <THREATLEVEL>10</THREATLEVEL>
  5903. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5904. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5905. </PROCESSDESCRIPTOR>
  5906. <PROCESSDESCRIPTOR>
  5907. <ID>553</ID>
  5908. <PROCESSLIST>
  5909. <PROCESS>EBATESMOEMONEYMAKER.EXE</PROCESS>
  5910. <PROCESS>EBATESMOEMONEYMAKER0.EXE</PROCESS>
  5911. <PROCESS>EBATESMOEMONEYMAKER1.EXE</PROCESS>
  5912. </PROCESSLIST>
  5913. <CLSIDLIST>
  5914. </CLSIDLIST>
  5915. <SUMMARY>Ebates Moe Money Maker Processes</SUMMARY>
  5916. <DEFAULTINSTALLPATHLIST>
  5917. </DEFAULTINSTALLPATHLIST>
  5918. <CATEGORY>ADWARE</CATEGORY>
  5919. <CONDITIONLIST>
  5920. </CONDITIONLIST>
  5921. <OPERATOR>AND</OPERATOR>
  5922. <THREATLEVEL>10</THREATLEVEL>
  5923. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5924. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5925. </PROCESSDESCRIPTOR>
  5926. <PROCESSDESCRIPTOR>
  5927. <ID>554</ID>
  5928. <PROCESSLIST>
  5929. <PROCESS>*</PROCESS>
  5930. <PROCESS>(DISP350.EXE)</PROCESS>
  5931. </PROCESSLIST>
  5932. <CLSIDLIST>
  5933. </CLSIDLIST>
  5934. <SUMMARY>Ebates Moe Money Maker</SUMMARY>
  5935. <DEFAULTINSTALLPATHLIST>
  5936. </DEFAULTINSTALLPATHLIST>
  5937. <CATEGORY>ADWARE</CATEGORY>
  5938. <CONDITIONLIST>
  5939. <CONDITION>MD5=544a232da8062f34a3809de09413aea9</CONDITION>
  5940. </CONDITIONLIST>
  5941. <OPERATOR>AND</OPERATOR>
  5942. <THREATLEVEL>10</THREATLEVEL>
  5943. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5944. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5945. </PROCESSDESCRIPTOR>
  5946. <PROCESSDESCRIPTOR>
  5947. <ID>555</ID>
  5948. <PROCESSLIST>
  5949. <PROCESS>*</PROCESS>
  5950. <PROCESS>(EBMM.EXE)</PROCESS>
  5951. </PROCESSLIST>
  5952. <CLSIDLIST>
  5953. </CLSIDLIST>
  5954. <SUMMARY>Ebates Moe Money Maker</SUMMARY>
  5955. <DEFAULTINSTALLPATHLIST>
  5956. </DEFAULTINSTALLPATHLIST>
  5957. <CATEGORY>ADWARE</CATEGORY>
  5958. <CONDITIONLIST>
  5959. <CONDITION>MD5=eeaafca92d0610a143b8bf80151c226a</CONDITION>
  5960. </CONDITIONLIST>
  5961. <OPERATOR>AND</OPERATOR>
  5962. <THREATLEVEL>10</THREATLEVEL>
  5963. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5964. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5965. </PROCESSDESCRIPTOR>
  5966. <PROCESSDESCRIPTOR>
  5967. <ID>557</ID>
  5968. <PROCESSLIST>
  5969. <PROCESS>*</PROCESS>
  5970. <PROCESS>(FILUI2.EXE)</PROCESS>
  5971. </PROCESSLIST>
  5972. <CLSIDLIST>
  5973. </CLSIDLIST>
  5974. <SUMMARY>FILUI2.EXE</SUMMARY>
  5975. <DEFAULTINSTALLPATHLIST>
  5976. </DEFAULTINSTALLPATHLIST>
  5977. <CATEGORY>ADWARE</CATEGORY>
  5978. <CONDITIONLIST>
  5979. <CONDITION>MD5=c9043f2e1692a47de11233d819122f58</CONDITION>
  5980. </CONDITIONLIST>
  5981. <OPERATOR>AND</OPERATOR>
  5982. <THREATLEVEL>10</THREATLEVEL>
  5983. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  5984. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  5985. </PROCESSDESCRIPTOR>
  5986. <PROCESSDESCRIPTOR>
  5987. <ID>558</ID>
  5988. <PROCESSLIST>
  5989. <PROCESS>*</PROCESS>
  5990. <PROCESS>(FLDOREE.EXE)</PROCESS>
  5991. </PROCESSLIST>
  5992. <CLSIDLIST>
  5993. </CLSIDLIST>
  5994. <SUMMARY>FLDOREE.EXE</SUMMARY>
  5995. <DEFAULTINSTALLPATHLIST>
  5996. </DEFAULTINSTALLPATHLIST>
  5997. <CATEGORY>ADWARE</CATEGORY>
  5998. <CONDITIONLIST>
  5999. <CONDITION>MD5=919bec862559f68275e21c7760c5ce50</CONDITION>
  6000. </CONDITIONLIST>
  6001. <OPERATOR>AND</OPERATOR>
  6002. <THREATLEVEL>10</THREATLEVEL>
  6003. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6004. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6005. </PROCESSDESCRIPTOR>
  6006. <PROCESSDESCRIPTOR>
  6007. <ID>559</ID>
  6008. <PROCESSLIST>
  6009. <PROCESS>*</PROCESS>
  6010. <PROCESS>MULTIMPP.DLL</PROCESS>
  6011. </PROCESSLIST>
  6012. <CLSIDLIST>
  6013. <CLSID>{002EB272-2590-4693-B166-FBD5D9B6FEA6}</CLSID>
  6014. </CLSIDLIST>
  6015. <SUMMARY>MultiMPPObj Class BHO</SUMMARY>
  6016. <DEFAULTINSTALLPATHLIST>
  6017. </DEFAULTINSTALLPATHLIST>
  6018. <CATEGORY>ADWARE</CATEGORY>
  6019. <CONDITIONLIST>
  6020. </CONDITIONLIST>
  6021. <OPERATOR>AND</OPERATOR>
  6022. <THREATLEVEL>10</THREATLEVEL>
  6023. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6024. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6025. </PROCESSDESCRIPTOR>
  6026. <PROCESSDESCRIPTOR>
  6027. <ID>560</ID>
  6028. <PROCESSLIST>
  6029. <PROCESS>RXTOOLBAR.EXE</PROCESS>
  6030. </PROCESSLIST>
  6031. <CLSIDLIST>
  6032. </CLSIDLIST>
  6033. <SUMMARY>RX Toolbar Installer</SUMMARY>
  6034. <DEFAULTINSTALLPATHLIST>
  6035. </DEFAULTINSTALLPATHLIST>
  6036. <CATEGORY>ADWARE</CATEGORY>
  6037. <CONDITIONLIST>
  6038. </CONDITIONLIST>
  6039. <OPERATOR>AND</OPERATOR>
  6040. <THREATLEVEL>10</THREATLEVEL>
  6041. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6042. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6043. </PROCESSDESCRIPTOR>
  6044. <PROCESSDESCRIPTOR>
  6045. <ID>561</ID>
  6046. <PROCESSLIST>
  6047. <PROCESS>*</PROCESS>
  6048. <PROCESS>RXTOOLBAR.DLL</PROCESS>
  6049. </PROCESSLIST>
  6050. <CLSIDLIST>
  6051. <CLSID>{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}</CLSID>
  6052. </CLSIDLIST>
  6053. <SUMMARY>RX Toolbar</SUMMARY>
  6054. <DEFAULTINSTALLPATHLIST>
  6055. </DEFAULTINSTALLPATHLIST>
  6056. <CATEGORY>ADWARE</CATEGORY>
  6057. <CONDITIONLIST>
  6058. </CONDITIONLIST>
  6059. <OPERATOR>AND</OPERATOR>
  6060. <THREATLEVEL>10</THREATLEVEL>
  6061. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6062. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6063. </PROCESSDESCRIPTOR>
  6064. <PROCESSDESCRIPTOR>
  6065. <ID>562</ID>
  6066. <PROCESSLIST>
  6067. <PROCESS>TVMUPDATER.EXE</PROCESS>
  6068. </PROCESSLIST>
  6069. <CLSIDLIST>
  6070. </CLSIDLIST>
  6071. <SUMMARY>TV Media Updater</SUMMARY>
  6072. <DEFAULTINSTALLPATHLIST>
  6073. </DEFAULTINSTALLPATHLIST>
  6074. <CATEGORY>ADWARE</CATEGORY>
  6075. <CONDITIONLIST>
  6076. </CONDITIONLIST>
  6077. <OPERATOR>AND</OPERATOR>
  6078. <THREATLEVEL>10</THREATLEVEL>
  6079. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6080. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6081. </PROCESSDESCRIPTOR>
  6082. <PROCESSDESCRIPTOR>
  6083. <ID>563</ID>
  6084. <PROCESSLIST>
  6085. <PROCESS>*</PROCESS>
  6086. <PROCESS>(MSA.TMP)</PROCESS>
  6087. </PROCESSLIST>
  6088. <CLSIDLIST>
  6089. </CLSIDLIST>
  6090. <SUMMARY>MSA.TMP</SUMMARY>
  6091. <DEFAULTINSTALLPATHLIST>
  6092. </DEFAULTINSTALLPATHLIST>
  6093. <CATEGORY>ADWARE</CATEGORY>
  6094. <CONDITIONLIST>
  6095. <CONDITION>MD5=97f89d6e9cdb8ecab8a17724a70678e7</CONDITION>
  6096. </CONDITIONLIST>
  6097. <OPERATOR>AND</OPERATOR>
  6098. <THREATLEVEL>10</THREATLEVEL>
  6099. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6100. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6101. </PROCESSDESCRIPTOR>
  6102. <PROCESSDESCRIPTOR>
  6103. <ID>564</ID>
  6104. <PROCESSLIST>
  6105. <PROCESS>*</PROCESS>
  6106. <PROCESS>DEALHLPR.DLL</PROCESS>
  6107. </PROCESSLIST>
  6108. <CLSIDLIST>
  6109. <CLSID>{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}</CLSID>
  6110. </CLSIDLIST>
  6111. <SUMMARY>DealHelper BHO</SUMMARY>
  6112. <DEFAULTINSTALLPATHLIST>
  6113. </DEFAULTINSTALLPATHLIST>
  6114. <CATEGORY>ADWARE</CATEGORY>
  6115. <CONDITIONLIST>
  6116. </CONDITIONLIST>
  6117. <OPERATOR>AND</OPERATOR>
  6118. <THREATLEVEL>10</THREATLEVEL>
  6119. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6120. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6121. </PROCESSDESCRIPTOR>
  6122. <PROCESSDESCRIPTOR>
  6123. <ID>565</ID>
  6124. <PROCESSLIST>
  6125. <PROCESS>*</PROCESS>
  6126. <PROCESS>OEMJISEARCHPLUS.DLL</PROCESS>
  6127. <PROCESS>OEMJIPLS.DLL</PROCESS>
  6128. </PROCESSLIST>
  6129. <CLSIDLIST>
  6130. <CLSID>{D240DC29-C093-4388-B71F-A7103C796B0C}</CLSID>
  6131. </CLSIDLIST>
  6132. <SUMMARY>IEFriendly Class BHO</SUMMARY>
  6133. <DEFAULTINSTALLPATHLIST>
  6134. </DEFAULTINSTALLPATHLIST>
  6135. <CATEGORY>APPLICATION</CATEGORY>
  6136. <CONDITIONLIST>
  6137. </CONDITIONLIST>
  6138. <OPERATOR>AND</OPERATOR>
  6139. <THREATLEVEL>3</THREATLEVEL>
  6140. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  6141. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  6142. </PROCESSDESCRIPTOR>
  6143. <PROCESSDESCRIPTOR>
  6144. <ID>566</ID>
  6145. <PROCESSLIST>
  6146. <PROCESS>*</PROCESS>
  6147. <PROCESS>PBHELPER.DLL</PROCESS>
  6148. </PROCESSLIST>
  6149. <CLSIDLIST>
  6150. <CLSID>{4115122B-85FF-4DD3-9515-F075BEDE5EB5}</CLSID>
  6151. </CLSIDLIST>
  6152. <SUMMARY>PBlockadeHelper Class BHO</SUMMARY>
  6153. <DEFAULTINSTALLPATHLIST>
  6154. </DEFAULTINSTALLPATHLIST>
  6155. <CATEGORY>APPLICATION</CATEGORY>
  6156. <CONDITIONLIST>
  6157. </CONDITIONLIST>
  6158. <OPERATOR>AND</OPERATOR>
  6159. <THREATLEVEL>3</THREATLEVEL>
  6160. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  6161. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  6162. </PROCESSDESCRIPTOR>
  6163. <PROCESSDESCRIPTOR>
  6164. <ID>567</ID>
  6165. <PROCESSLIST>
  6166. <PROCESS>*</PROCESS>
  6167. <PROCESS>OEMJISEARCH.DLL</PROCESS>
  6168. <PROCESS>OEMJISRC.DLL</PROCESS>
  6169. </PROCESSLIST>
  6170. <CLSIDLIST>
  6171. <CLSID>{804DB5C7-31E6-4885-850A-F1941B58A4C7}</CLSID>
  6172. </CLSIDLIST>
  6173. <SUMMARY>Oemji Toolbar</SUMMARY>
  6174. <DEFAULTINSTALLPATHLIST>
  6175. </DEFAULTINSTALLPATHLIST>
  6176. <CATEGORY>APPLICATION</CATEGORY>
  6177. <CONDITIONLIST>
  6178. </CONDITIONLIST>
  6179. <OPERATOR>AND</OPERATOR>
  6180. <THREATLEVEL>3</THREATLEVEL>
  6181. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  6182. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  6183. </PROCESSDESCRIPTOR>
  6184. <PROCESSDESCRIPTOR>
  6185. <ID>568</ID>
  6186. <PROCESSLIST>
  6187. <PROCESS>OEMJIPOPUPBLOCKER.EXE</PROCESS>
  6188. </PROCESSLIST>
  6189. <CLSIDLIST>
  6190. </CLSIDLIST>
  6191. <SUMMARY>Oemji Popup Blocker Process</SUMMARY>
  6192. <DEFAULTINSTALLPATHLIST>
  6193. </DEFAULTINSTALLPATHLIST>
  6194. <CATEGORY>APPLICATION</CATEGORY>
  6195. <CONDITIONLIST>
  6196. </CONDITIONLIST>
  6197. <OPERATOR>AND</OPERATOR>
  6198. <THREATLEVEL>3</THREATLEVEL>
  6199. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  6200. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  6201. </PROCESSDESCRIPTOR>
  6202. <PROCESSDESCRIPTOR>
  6203. <ID>569</ID>
  6204. <PROCESSLIST>
  6205. <PROCESS>*</PROCESS>
  6206. <PROCESS>ELITES~1.DLL</PROCESS>
  6207. </PROCESSLIST>
  6208. <CLSIDLIST>
  6209. <CLSID>{ED103D9F-3070-4580-AB1E-E5C179C1AE41}</CLSID>
  6210. </CLSIDLIST>
  6211. <SUMMARY>BHO Class (Elite Toolbar) BHO</SUMMARY>
  6212. <DEFAULTINSTALLPATHLIST>
  6213. </DEFAULTINSTALLPATHLIST>
  6214. <CATEGORY>ADWARE</CATEGORY>
  6215. <CONDITIONLIST>
  6216. </CONDITIONLIST>
  6217. <OPERATOR>AND</OPERATOR>
  6218. <THREATLEVEL>10</THREATLEVEL>
  6219. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6220. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6221. </PROCESSDESCRIPTOR>
  6222. <PROCESSDESCRIPTOR>
  6223. <ID>570</ID>
  6224. <PROCESSLIST>
  6225. <PROCESS>*</PROCESS>
  6226. <PROCESS>ELITETOOLBAR VERSION 53.DLL</PROCESS>
  6227. </PROCESSLIST>
  6228. <CLSIDLIST>
  6229. <CLSID>{28CAEFF3-0F18-4036-B504-51D73BD81ABC}</CLSID>
  6230. </CLSIDLIST>
  6231. <SUMMARY>EliteBar BHO</SUMMARY>
  6232. <DEFAULTINSTALLPATHLIST>
  6233. </DEFAULTINSTALLPATHLIST>
  6234. <CATEGORY>ADWARE</CATEGORY>
  6235. <CONDITIONLIST>
  6236. </CONDITIONLIST>
  6237. <OPERATOR>AND</OPERATOR>
  6238. <THREATLEVEL>10</THREATLEVEL>
  6239. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6240. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6241. </PROCESSDESCRIPTOR>
  6242. <PROCESSDESCRIPTOR>
  6243. <ID>571</ID>
  6244. <PROCESSLIST>
  6245. <PROCESS>*</PROCESS>
  6246. <PROCESS>ELITETOOLBAR VERSION 53.DLL</PROCESS>
  6247. </PROCESSLIST>
  6248. <CLSIDLIST>
  6249. <CLSID>{825CF5BD-8862-4430-B771-0C15C5CA8DEF}</CLSID>
  6250. </CLSIDLIST>
  6251. <SUMMARY>EliteBar IE Toolbar</SUMMARY>
  6252. <DEFAULTINSTALLPATHLIST>
  6253. </DEFAULTINSTALLPATHLIST>
  6254. <CATEGORY>ADWARE</CATEGORY>
  6255. <CONDITIONLIST>
  6256. </CONDITIONLIST>
  6257. <OPERATOR>AND</OPERATOR>
  6258. <THREATLEVEL>10</THREATLEVEL>
  6259. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6260. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6261. </PROCESSDESCRIPTOR>
  6262. <PROCESSDESCRIPTOR>
  6263. <ID>572</ID>
  6264. <PROCESSLIST>
  6265. <PROCESS>*</PROCESS>
  6266. <PROCESS>HYPERBARSS3.DLL</PROCESS>
  6267. </PROCESSLIST>
  6268. <CLSIDLIST>
  6269. <CLSID>*</CLSID>
  6270. <CLSID>{C4CD839C-45F0-41FB-9E95-F045E59E3954}</CLSID>
  6271. <CLSID>{5424EF59-CC3A-4D06-873B-0991D635D52B}</CLSID>
  6272. <CLSID>{88466531-D118-435C-B5F9-F4A7688FFB28}</CLSID>
  6273. <CLSID>{CA06E493-B768-41B2-A325-E941C8AAD377}</CLSID>
  6274. <CLSID>{97AAEA65-E99D-4488-9E1D-3AE0985C273A}</CLSID>
  6275. <CLSID>{AA7E619E-1DFE-4125-8DD2-68E867E9EDAB}</CLSID>
  6276. </CLSIDLIST>
  6277. <SUMMARY>HyperSearchHook URL Search Hook</SUMMARY>
  6278. <DEFAULTINSTALLPATHLIST>
  6279. </DEFAULTINSTALLPATHLIST>
  6280. <CATEGORY>ADWARE</CATEGORY>
  6281. <CONDITIONLIST>
  6282. <CONDITION>MD5=99819BE463BE94E633B2F6F3CCA8BFF6</CONDITION>
  6283. </CONDITIONLIST>
  6284. <OPERATOR>AND</OPERATOR>
  6285. <THREATLEVEL>10</THREATLEVEL>
  6286. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6287. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6288. </PROCESSDESCRIPTOR>
  6289. <PROCESSDESCRIPTOR>
  6290. <ID>573</ID>
  6291. <PROCESSLIST>
  6292. <PROCESS>WININIT32.EXE</PROCESS>
  6293. </PROCESSLIST>
  6294. <CLSIDLIST>
  6295. </CLSIDLIST>
  6296. <SUMMARY>Xabot Worm Component</SUMMARY>
  6297. <DEFAULTINSTALLPATHLIST>
  6298. </DEFAULTINSTALLPATHLIST>
  6299. <CATEGORY>WORM</CATEGORY>
  6300. <CONDITIONLIST>
  6301. </CONDITIONLIST>
  6302. <OPERATOR>AND</OPERATOR>
  6303. <THREATLEVEL>10</THREATLEVEL>
  6304. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6305. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6306. </PROCESSDESCRIPTOR>
  6307. <PROCESSDESCRIPTOR>
  6308. <ID>574</ID>
  6309. <PROCESSLIST>
  6310. <PROCESS>WINBAS12.EXE</PROCESS>
  6311. </PROCESSLIST>
  6312. <CLSIDLIST>
  6313. </CLSIDLIST>
  6314. <SUMMARY>CoolWebSearch Component</SUMMARY>
  6315. <DEFAULTINSTALLPATHLIST>
  6316. </DEFAULTINSTALLPATHLIST>
  6317. <CATEGORY>ADWARE</CATEGORY>
  6318. <CONDITIONLIST>
  6319. </CONDITIONLIST>
  6320. <OPERATOR>AND</OPERATOR>
  6321. <THREATLEVEL>10</THREATLEVEL>
  6322. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6323. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6324. </PROCESSDESCRIPTOR>
  6325. <PROCESSDESCRIPTOR>
  6326. <ID>575</ID>
  6327. <PROCESSLIST>
  6328. <PROCESS>*</PROCESS>
  6329. <PROCESS>QWYI.DLL</PROCESS>
  6330. </PROCESSLIST>
  6331. <CLSIDLIST>
  6332. <CLSID>{38DD640D-9044-0AE5-D503-64550AFA734D}</CLSID>
  6333. </CLSIDLIST>
  6334. <SUMMARY>Unknown BHO (QWYI.DLL)</SUMMARY>
  6335. <DEFAULTINSTALLPATHLIST>
  6336. </DEFAULTINSTALLPATHLIST>
  6337. <CATEGORY>ADWARE</CATEGORY>
  6338. <CONDITIONLIST>
  6339. </CONDITIONLIST>
  6340. <OPERATOR>AND</OPERATOR>
  6341. <THREATLEVEL>10</THREATLEVEL>
  6342. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6343. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6344. </PROCESSDESCRIPTOR>
  6345. <PROCESSDESCRIPTOR>
  6346. <ID>576</ID>
  6347. <PROCESSLIST>
  6348. <PROCESS>SP2CTR.EXE</PROCESS>
  6349. </PROCESSLIST>
  6350. <CLSIDLIST>
  6351. </CLSIDLIST>
  6352. <SUMMARY>Dluca-M Trojan Component</SUMMARY>
  6353. <DEFAULTINSTALLPATHLIST>
  6354. </DEFAULTINSTALLPATHLIST>
  6355. <CATEGORY>TROJAN</CATEGORY>
  6356. <CONDITIONLIST>
  6357. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  6358. </CONDITIONLIST>
  6359. <OPERATOR>AND</OPERATOR>
  6360. <THREATLEVEL>10</THREATLEVEL>
  6361. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6362. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6363. </PROCESSDESCRIPTOR>
  6364. <PROCESSDESCRIPTOR>
  6365. <ID>577</ID>
  6366. <PROCESSLIST>
  6367. <PROCESS>GLWJMGEB.EXE</PROCESS>
  6368. </PROCESSLIST>
  6369. <CLSIDLIST>
  6370. </CLSIDLIST>
  6371. <SUMMARY>Qsearch Component</SUMMARY>
  6372. <DEFAULTINSTALLPATHLIST>
  6373. </DEFAULTINSTALLPATHLIST>
  6374. <CATEGORY>ADWARE</CATEGORY>
  6375. <CONDITIONLIST>
  6376. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  6377. </CONDITIONLIST>
  6378. <OPERATOR>AND</OPERATOR>
  6379. <THREATLEVEL>10</THREATLEVEL>
  6380. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6381. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6382. </PROCESSDESCRIPTOR>
  6383. <PROCESSDESCRIPTOR>
  6384. <ID>578</ID>
  6385. <PROCESSLIST>
  6386. <PROCESS>*</PROCESS>
  6387. <PROCESS>SEARCH3.DLL</PROCESS>
  6388. </PROCESSLIST>
  6389. <CLSIDLIST>
  6390. <CLSID>{4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D}</CLSID>
  6391. </CLSIDLIST>
  6392. <SUMMARY>Search Bar BHO</SUMMARY>
  6393. <DEFAULTINSTALLPATHLIST>
  6394. </DEFAULTINSTALLPATHLIST>
  6395. <CATEGORY>ADWARE</CATEGORY>
  6396. <CONDITIONLIST>
  6397. </CONDITIONLIST>
  6398. <OPERATOR>AND</OPERATOR>
  6399. <THREATLEVEL>10</THREATLEVEL>
  6400. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6401. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6402. </PROCESSDESCRIPTOR>
  6403. <PROCESSDESCRIPTOR>
  6404. <ID>579</ID>
  6405. <PROCESSLIST>
  6406. <PROCESS>*</PROCESS>
  6407. <PROCESS>HELPER100.DLL</PROCESS>
  6408. </PROCESSLIST>
  6409. <CLSIDLIST>
  6410. <CLSID>{017C20C1-F86F-11D8-9B25-000ACD002AE3}</CLSID>
  6411. </CLSIDLIST>
  6412. <SUMMARY>Unknown BHO (HELPER100.DLL)</SUMMARY>
  6413. <DEFAULTINSTALLPATHLIST>
  6414. </DEFAULTINSTALLPATHLIST>
  6415. <CATEGORY>ADWARE</CATEGORY>
  6416. <CONDITIONLIST>
  6417. </CONDITIONLIST>
  6418. <OPERATOR>AND</OPERATOR>
  6419. <THREATLEVEL>10</THREATLEVEL>
  6420. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6421. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6422. </PROCESSDESCRIPTOR>
  6423. <PROCESSDESCRIPTOR>
  6424. <ID>580</ID>
  6425. <PROCESSLIST>
  6426. <PROCESS>*</PROCESS>
  6427. <PROCESS>S4BAR.DLL</PROCESS>
  6428. </PROCESSLIST>
  6429. <CLSIDLIST>
  6430. <CLSID>{014DA6C1-189F-421a-88CD-07CFE51CFF10}</CLSID>
  6431. </CLSIDLIST>
  6432. <SUMMARY>My Search BHO</SUMMARY>
  6433. <DEFAULTINSTALLPATHLIST>
  6434. </DEFAULTINSTALLPATHLIST>
  6435. <CATEGORY>ADWARE</CATEGORY>
  6436. <CONDITIONLIST>
  6437. </CONDITIONLIST>
  6438. <OPERATOR>AND</OPERATOR>
  6439. <THREATLEVEL>10</THREATLEVEL>
  6440. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6441. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6442. </PROCESSDESCRIPTOR>
  6443. <PROCESSDESCRIPTOR>
  6444. <ID>581</ID>
  6445. <PROCESSLIST>
  6446. <PROCESS>*</PROCESS>
  6447. <PROCESS>S4BAR.DLL</PROCESS>
  6448. </PROCESSLIST>
  6449. <CLSIDLIST>
  6450. <CLSID>{014DA6C9-189F-421a-88CD-07CFE51CFF10}</CLSID>
  6451. </CLSIDLIST>
  6452. <SUMMARY>My Search Toolbar</SUMMARY>
  6453. <DEFAULTINSTALLPATHLIST>
  6454. </DEFAULTINSTALLPATHLIST>
  6455. <CATEGORY>ADWARE</CATEGORY>
  6456. <CONDITIONLIST>
  6457. </CONDITIONLIST>
  6458. <OPERATOR>AND</OPERATOR>
  6459. <THREATLEVEL>10</THREATLEVEL>
  6460. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6461. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6462. </PROCESSDESCRIPTOR>
  6463. <PROCESSDESCRIPTOR>
  6464. <ID>582</ID>
  6465. <PROCESSLIST>
  6466. <PROCESS>*</PROCESS>
  6467. </PROCESSLIST>
  6468. <CLSIDLIST>
  6469. </CLSIDLIST>
  6470. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  6471. <DEFAULTINSTALLPATHLIST>
  6472. </DEFAULTINSTALLPATHLIST>
  6473. <CATEGORY>ADWARE</CATEGORY>
  6474. <CONDITIONLIST>
  6475. <CONDITION>INTERNALNAME~VirtualBouncer</CONDITION>
  6476. </CONDITIONLIST>
  6477. <OPERATOR>AND</OPERATOR>
  6478. <THREATLEVEL>10</THREATLEVEL>
  6479. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6480. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6481. </PROCESSDESCRIPTOR>
  6482. <PROCESSDESCRIPTOR>
  6483. <ID>583</ID>
  6484. <PROCESSLIST>
  6485. <PROCESS>*</PROCESS>
  6486. </PROCESSLIST>
  6487. <CLSIDLIST>
  6488. </CLSIDLIST>
  6489. <SUMMARY>Adware.Spyware Labs/AdDestroyer.Process</SUMMARY>
  6490. <DEFAULTINSTALLPATHLIST>
  6491. </DEFAULTINSTALLPATHLIST>
  6492. <CATEGORY>ADWARE</CATEGORY>
  6493. <CONDITIONLIST>
  6494. <CONDITION>INTERNALNAME~AdDestroyer</CONDITION>
  6495. </CONDITIONLIST>
  6496. <OPERATOR>AND</OPERATOR>
  6497. <THREATLEVEL>10</THREATLEVEL>
  6498. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6499. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6500. </PROCESSDESCRIPTOR>
  6501. <PROCESSDESCRIPTOR>
  6502. <ID>584</ID>
  6503. <PROCESSLIST>
  6504. <PROCESS>NSIAC.EXE</PROCESS>
  6505. </PROCESSLIST>
  6506. <CLSIDLIST>
  6507. </CLSIDLIST>
  6508. <SUMMARY>Qsearch Component</SUMMARY>
  6509. <DEFAULTINSTALLPATHLIST>
  6510. </DEFAULTINSTALLPATHLIST>
  6511. <CATEGORY>ADWARE</CATEGORY>
  6512. <CONDITIONLIST>
  6513. <CONDITION>FILELOCATION~TEMP</CONDITION>
  6514. </CONDITIONLIST>
  6515. <OPERATOR>AND</OPERATOR>
  6516. <THREATLEVEL>10</THREATLEVEL>
  6517. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6518. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6519. </PROCESSDESCRIPTOR>
  6520. <PROCESSDESCRIPTOR>
  6521. <ID>585</ID>
  6522. <PROCESSLIST>
  6523. <PROCESS>*</PROCESS>
  6524. <PROCESS>(ANTISPY.EXE)</PROCESS>
  6525. </PROCESSLIST>
  6526. <CLSIDLIST>
  6527. </CLSIDLIST>
  6528. <SUMMARY>ANTISPY.EXE</SUMMARY>
  6529. <DEFAULTINSTALLPATHLIST>
  6530. </DEFAULTINSTALLPATHLIST>
  6531. <CATEGORY>ADWARE</CATEGORY>
  6532. <CONDITIONLIST>
  6533. <CONDITION>MD5=e7f4f0c86667266177ebd11b6c75672e</CONDITION>
  6534. </CONDITIONLIST>
  6535. <OPERATOR>AND</OPERATOR>
  6536. <THREATLEVEL>10</THREATLEVEL>
  6537. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6538. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6539. </PROCESSDESCRIPTOR>
  6540. <PROCESSDESCRIPTOR>
  6541. <ID>586</ID>
  6542. <PROCESSLIST>
  6543. <PROCESS>PRJTECT.EXE</PROCESS>
  6544. <PROCESS>PRRTECT.EXE</PROCESS>
  6545. <PROCESS>PRLTECT.EXE</PROCESS>
  6546. <PROCESS>PRVTECT.EXE</PROCESS>
  6547. <PROCESS>PRSTECT.EXE</PROCESS>
  6548. </PROCESSLIST>
  6549. <CLSIDLIST>
  6550. </CLSIDLIST>
  6551. <SUMMARY>PR*TECT.EXE</SUMMARY>
  6552. <DEFAULTINSTALLPATHLIST>
  6553. </DEFAULTINSTALLPATHLIST>
  6554. <CATEGORY>SPYWARE</CATEGORY>
  6555. <CONDITIONLIST>
  6556. <CONDITION>FILELOCATION~SYSTEM</CONDITION>
  6557. </CONDITIONLIST>
  6558. <OPERATOR>AND</OPERATOR>
  6559. <THREATLEVEL>10</THREATLEVEL>
  6560. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6561. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6562. </PROCESSDESCRIPTOR>
  6563. <PROCESSDESCRIPTOR>
  6564. <ID>587</ID>
  6565. <PROCESSLIST>
  6566. <PROCESS>*</PROCESS>
  6567. <PROCESS>(DSKFI1.EXE)</PROCESS>
  6568. </PROCESSLIST>
  6569. <CLSIDLIST>
  6570. </CLSIDLIST>
  6571. <SUMMARY>DSKFI1.EXE</SUMMARY>
  6572. <DEFAULTINSTALLPATHLIST>
  6573. </DEFAULTINSTALLPATHLIST>
  6574. <CATEGORY>ADWARE</CATEGORY>
  6575. <CONDITIONLIST>
  6576. <CONDITION>MD5=8f34e0f26c1cc2604ba3029aa8a37eab</CONDITION>
  6577. </CONDITIONLIST>
  6578. <OPERATOR>AND</OPERATOR>
  6579. <THREATLEVEL>10</THREATLEVEL>
  6580. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6581. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6582. </PROCESSDESCRIPTOR>
  6583. <PROCESSDESCRIPTOR>
  6584. <ID>588</ID>
  6585. <PROCESSLIST>
  6586. <PROCESS>*</PROCESS>
  6587. <PROCESS>(DSQROPS.EXE)</PROCESS>
  6588. </PROCESSLIST>
  6589. <CLSIDLIST>
  6590. </CLSIDLIST>
  6591. <SUMMARY>DSQROPS.EXE</SUMMARY>
  6592. <DEFAULTINSTALLPATHLIST>
  6593. </DEFAULTINSTALLPATHLIST>
  6594. <CATEGORY>ADWARE</CATEGORY>
  6595. <CONDITIONLIST>
  6596. <CONDITION>MD5=3c15d82c3b5fad6692626388206cac45</CONDITION>
  6597. </CONDITIONLIST>
  6598. <OPERATOR>AND</OPERATOR>
  6599. <THREATLEVEL>10</THREATLEVEL>
  6600. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6601. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6602. </PROCESSDESCRIPTOR>
  6603. <PROCESSDESCRIPTOR>
  6604. <ID>589</ID>
  6605. <PROCESSLIST>
  6606. <PROCESS>*</PROCESS>
  6607. <PROCESS>EJGBLB.DLL</PROCESS>
  6608. </PROCESSLIST>
  6609. <CLSIDLIST>
  6610. <CLSID>{A4BE7BBA-EB30-4D73-A9B8-E6DBBC241537}</CLSID>
  6611. </CLSIDLIST>
  6612. <SUMMARY>Unknown BHO (EJGBLB.DLL)</SUMMARY>
  6613. <DEFAULTINSTALLPATHLIST>
  6614. </DEFAULTINSTALLPATHLIST>
  6615. <CATEGORY>ADWARE</CATEGORY>
  6616. <CONDITIONLIST>
  6617. </CONDITIONLIST>
  6618. <OPERATOR>AND</OPERATOR>
  6619. <THREATLEVEL>10</THREATLEVEL>
  6620. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6621. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6622. </PROCESSDESCRIPTOR>
  6623. <PROCESSDESCRIPTOR>
  6624. <ID>590</ID>
  6625. <PROCESSLIST>
  6626. <PROCESS>*</PROCESS>
  6627. <PROCESS>SBCLE028.DLL</PROCESS>
  6628. </PROCESSLIST>
  6629. <CLSIDLIST>
  6630. <CLSID>{D714A94F-123A-45CC-8F03-040BCAF82AD6}</CLSID>
  6631. </CLSIDLIST>
  6632. <SUMMARY>Unknown BHO (SBCLE028.DLL)</SUMMARY>
  6633. <DEFAULTINSTALLPATHLIST>
  6634. </DEFAULTINSTALLPATHLIST>
  6635. <CATEGORY>ADWARE</CATEGORY>
  6636. <CONDITIONLIST>
  6637. </CONDITIONLIST>
  6638. <OPERATOR>AND</OPERATOR>
  6639. <THREATLEVEL>10</THREATLEVEL>
  6640. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6641. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6642. </PROCESSDESCRIPTOR>
  6643. <PROCESSDESCRIPTOR>
  6644. <ID>591</ID>
  6645. <PROCESSLIST>
  6646. <PROCESS>*</PROCESS>
  6647. <PROCESS>MWSSRCAS.DLL</PROCESS>
  6648. </PROCESSLIST>
  6649. <CLSIDLIST>
  6650. <CLSID>{00A6FAF6-072E-44CF-8957-5838F569A31D}</CLSID>
  6651. </CLSIDLIST>
  6652. <SUMMARY>Adware.MyWebSearch.URL Search Hook</SUMMARY>
  6653. <DEFAULTINSTALLPATHLIST>
  6654. </DEFAULTINSTALLPATHLIST>
  6655. <CATEGORY>ADWARE</CATEGORY>
  6656. <CONDITIONLIST>
  6657. </CONDITIONLIST>
  6658. <OPERATOR>AND</OPERATOR>
  6659. <THREATLEVEL>10</THREATLEVEL>
  6660. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6661. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6662. </PROCESSDESCRIPTOR>
  6663. <PROCESSDESCRIPTOR>
  6664. <ID>592</ID>
  6665. <PROCESSLIST>
  6666. <PROCESS>*</PROCESS>
  6667. <PROCESS>14302.DLL</PROCESS>
  6668. </PROCESSLIST>
  6669. <CLSIDLIST>
  6670. <CLSID>{941CA48C-3984-4E7D-AAF8-8755ED76EB50}</CLSID>
  6671. </CLSIDLIST>
  6672. <SUMMARY>ngsh33.clsIS BHO</SUMMARY>
  6673. <DEFAULTINSTALLPATHLIST>
  6674. </DEFAULTINSTALLPATHLIST>
  6675. <CATEGORY>ADWARE</CATEGORY>
  6676. <CONDITIONLIST>
  6677. </CONDITIONLIST>
  6678. <OPERATOR>AND</OPERATOR>
  6679. <THREATLEVEL>10</THREATLEVEL>
  6680. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6681. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6682. </PROCESSDESCRIPTOR>
  6683. <PROCESSDESCRIPTOR>
  6684. <ID>593</ID>
  6685. <PROCESSLIST>
  6686. <PROCESS>*</PROCESS>
  6687. <PROCESS>SFG412B.DLL</PROCESS>
  6688. </PROCESSLIST>
  6689. <CLSIDLIST>
  6690. <CLSID>{83B3E0C1-DEF1-4df5-A3F5-92D10B7A396A}</CLSID>
  6691. </CLSIDLIST>
  6692. <SUMMARY>SafeGuardProtect Object BHO</SUMMARY>
  6693. <DEFAULTINSTALLPATHLIST>
  6694. </DEFAULTINSTALLPATHLIST>
  6695. <CATEGORY>ADWARE</CATEGORY>
  6696. <CONDITIONLIST>
  6697. </CONDITIONLIST>
  6698. <OPERATOR>AND</OPERATOR>
  6699. <THREATLEVEL>10</THREATLEVEL>
  6700. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6701. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6702. </PROCESSDESCRIPTOR>
  6703. <PROCESSDESCRIPTOR>
  6704. <ID>594</ID>
  6705. <PROCESSLIST>
  6706. <PROCESS>*</PROCESS>
  6707. <PROCESS>POPUPANDSPYWAREADBLOCKER.DLL</PROCESS>
  6708. </PROCESSLIST>
  6709. <CLSIDLIST>
  6710. <CLSID>{313ED77C-8A0C-4CCA-9594-B1F095F2A7B3}</CLSID>
  6711. </CLSIDLIST>
  6712. <SUMMARY>PopupandSpywareAdBlocker.Class1 BHO</SUMMARY>
  6713. <DEFAULTINSTALLPATHLIST>
  6714. </DEFAULTINSTALLPATHLIST>
  6715. <CATEGORY>ADWARE</CATEGORY>
  6716. <CONDITIONLIST>
  6717. </CONDITIONLIST>
  6718. <OPERATOR>AND</OPERATOR>
  6719. <THREATLEVEL>10</THREATLEVEL>
  6720. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6721. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6722. </PROCESSDESCRIPTOR>
  6723. <PROCESSDESCRIPTOR>
  6724. <ID>595</ID>
  6725. <PROCESSLIST>
  6726. <PROCESS>ADPROT.EXE</PROCESS>
  6727. </PROCESSLIST>
  6728. <CLSIDLIST>
  6729. </CLSIDLIST>
  6730. <SUMMARY>ADPROT.EXE</SUMMARY>
  6731. <DEFAULTINSTALLPATHLIST>
  6732. </DEFAULTINSTALLPATHLIST>
  6733. <CATEGORY>ADWARE</CATEGORY>
  6734. <CONDITIONLIST>
  6735. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  6736. </CONDITIONLIST>
  6737. <OPERATOR>AND</OPERATOR>
  6738. <THREATLEVEL>10</THREATLEVEL>
  6739. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6740. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6741. </PROCESSDESCRIPTOR>
  6742. <PROCESSDESCRIPTOR>
  6743. <ID>596</ID>
  6744. <PROCESSLIST>
  6745. <PROCESS>14302.EXE</PROCESS>
  6746. </PROCESSLIST>
  6747. <CLSIDLIST>
  6748. </CLSIDLIST>
  6749. <SUMMARY>14302.EXE</SUMMARY>
  6750. <DEFAULTINSTALLPATHLIST>
  6751. </DEFAULTINSTALLPATHLIST>
  6752. <CATEGORY>ADWARE</CATEGORY>
  6753. <CONDITIONLIST>
  6754. <CONDITION>FILELOCATION~SYSTEM32</CONDITION>
  6755. </CONDITIONLIST>
  6756. <OPERATOR>AND</OPERATOR>
  6757. <THREATLEVEL>10</THREATLEVEL>
  6758. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6759. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6760. </PROCESSDESCRIPTOR>
  6761. <PROCESSDESCRIPTOR>
  6762. <ID>597</ID>
  6763. <PROCESSLIST>
  6764. <PROCESS>*</PROCESS>
  6765. <PROCESS>9Q5TL.DLL</PROCESS>
  6766. </PROCESSLIST>
  6767. <CLSIDLIST>
  6768. <CLSID>{A78860C8-EE1A-46DF-A97F-E3E6D433E80B}</CLSID>
  6769. </CLSIDLIST>
  6770. <SUMMARY>Unknown BHO (9Q5TL.DLL)</SUMMARY>
  6771. <DEFAULTINSTALLPATHLIST>
  6772. </DEFAULTINSTALLPATHLIST>
  6773. <CATEGORY>ADWARE</CATEGORY>
  6774. <CONDITIONLIST>
  6775. </CONDITIONLIST>
  6776. <OPERATOR>AND</OPERATOR>
  6777. <THREATLEVEL>10</THREATLEVEL>
  6778. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6779. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6780. </PROCESSDESCRIPTOR>
  6781. <PROCESSDESCRIPTOR>
  6782. <ID>598</ID>
  6783. <PROCESSLIST>
  6784. <PROCESS>WINTASKAD.EXE</PROCESS>
  6785. </PROCESSLIST>
  6786. <CLSIDLIST>
  6787. </CLSIDLIST>
  6788. <SUMMARY>Windows TaskAd WINTASKAD.EXE</SUMMARY>
  6789. <DEFAULTINSTALLPATHLIST>
  6790. </DEFAULTINSTALLPATHLIST>
  6791. <CATEGORY>ADWARE</CATEGORY>
  6792. <CONDITIONLIST>
  6793. <CONDITION>FILELOCATION~TASKAD</CONDITION>
  6794. </CONDITIONLIST>
  6795. <OPERATOR>AND</OPERATOR>
  6796. <THREATLEVEL>10</THREATLEVEL>
  6797. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6798. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6799. </PROCESSDESCRIPTOR>
  6800. <PROCESSDESCRIPTOR>
  6801. <ID>599</ID>
  6802. <PROCESSLIST>
  6803. <PROCESS>WINSCHED.EXE</PROCESS>
  6804. </PROCESSLIST>
  6805. <CLSIDLIST>
  6806. </CLSIDLIST>
  6807. <SUMMARY>Windows TaskAd WINSCHED.EXE</SUMMARY>
  6808. <DEFAULTINSTALLPATHLIST>
  6809. </DEFAULTINSTALLPATHLIST>
  6810. <CATEGORY>ADWARE</CATEGORY>
  6811. <CONDITIONLIST>
  6812. <CONDITION>FILELOCATION~TASKAD</CONDITION>
  6813. </CONDITIONLIST>
  6814. <OPERATOR>AND</OPERATOR>
  6815. <THREATLEVEL>10</THREATLEVEL>
  6816. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6817. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6818. </PROCESSDESCRIPTOR>
  6819. <PROCESSDESCRIPTOR>
  6820. <ID>600</ID>
  6821. <PROCESSLIST>
  6822. <PROCESS>*</PROCESS>
  6823. <PROCESS>(2UL.EXE)</PROCESS>
  6824. </PROCESSLIST>
  6825. <CLSIDLIST>
  6826. </CLSIDLIST>
  6827. <SUMMARY>2UL.EXE</SUMMARY>
  6828. <DEFAULTINSTALLPATHLIST>
  6829. </DEFAULTINSTALLPATHLIST>
  6830. <CATEGORY>ADWARE</CATEGORY>
  6831. <CONDITIONLIST>
  6832. <CONDITION>MD5=e70e89f89021fd3330194cd90c891309</CONDITION>
  6833. </CONDITIONLIST>
  6834. <OPERATOR>AND</OPERATOR>
  6835. <THREATLEVEL>10</THREATLEVEL>
  6836. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6837. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6838. </PROCESSDESCRIPTOR>
  6839. <PROCESSDESCRIPTOR>
  6840. <ID>602</ID>
  6841. <PROCESSLIST>
  6842. <PROCESS>*</PROCESS>
  6843. <PROCESS>SETUP.DLL</PROCESS>
  6844. </PROCESSLIST>
  6845. <CLSIDLIST>
  6846. <CLSID>{2E65A557-173C-4DE9-860B-28FC5CACA542}</CLSID>
  6847. </CLSIDLIST>
  6848. <SUMMARY>Setup.Setup1 BHO</SUMMARY>
  6849. <DEFAULTINSTALLPATHLIST>
  6850. </DEFAULTINSTALLPATHLIST>
  6851. <CATEGORY>ADWARE</CATEGORY>
  6852. <CONDITIONLIST>
  6853. </CONDITIONLIST>
  6854. <OPERATOR>AND</OPERATOR>
  6855. <THREATLEVEL>10</THREATLEVEL>
  6856. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6857. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6858. </PROCESSDESCRIPTOR>
  6859. <PROCESSDESCRIPTOR>
  6860. <ID>603</ID>
  6861. <PROCESSLIST>
  6862. <PROCESS>*</PROCESS>
  6863. <PROCESS>STLBDIST.DLL</PROCESS>
  6864. </PROCESSLIST>
  6865. <CLSIDLIST>
  6866. <CLSID>{2CF0B992-5EEB-4143-99C0-5297EF71F443}</CLSID>
  6867. </CLSIDLIST>
  6868. <SUMMARY>Search Toolbar BHO Object BHO</SUMMARY>
  6869. <DEFAULTINSTALLPATHLIST>
  6870. </DEFAULTINSTALLPATHLIST>
  6871. <CATEGORY>ADWARE</CATEGORY>
  6872. <CONDITIONLIST>
  6873. </CONDITIONLIST>
  6874. <OPERATOR>AND</OPERATOR>
  6875. <THREATLEVEL>10</THREATLEVEL>
  6876. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6877. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6878. </PROCESSDESCRIPTOR>
  6879. <PROCESSDESCRIPTOR>
  6880. <ID>604</ID>
  6881. <PROCESSLIST>
  6882. <PROCESS>*</PROCESS>
  6883. <PROCESS>IPSYSDRV32.DLL</PROCESS>
  6884. </PROCESSLIST>
  6885. <CLSIDLIST>
  6886. <CLSID>{13F90341-AD79-4A9F-9B57-0234675670D6}</CLSID>
  6887. </CLSIDLIST>
  6888. <SUMMARY>IPSysDrv32 Class BHO</SUMMARY>
  6889. <DEFAULTINSTALLPATHLIST>
  6890. </DEFAULTINSTALLPATHLIST>
  6891. <CATEGORY>ADWARE</CATEGORY>
  6892. <CONDITIONLIST>
  6893. </CONDITIONLIST>
  6894. <OPERATOR>AND</OPERATOR>
  6895. <THREATLEVEL>10</THREATLEVEL>
  6896. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6897. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6898. </PROCESSDESCRIPTOR>
  6899. <PROCESSDESCRIPTOR>
  6900. <ID>605</ID>
  6901. <PROCESSLIST>
  6902. <PROCESS>*</PROCESS>
  6903. <PROCESS>INETP60.DLL</PROCESS>
  6904. </PROCESSLIST>
  6905. <CLSIDLIST>
  6906. <CLSID>{087173EF-9829-4F49-8340-A524177D3F60}</CLSID>
  6907. </CLSIDLIST>
  6908. <SUMMARY>CBho404 Object BHO</SUMMARY>
  6909. <DEFAULTINSTALLPATHLIST>
  6910. </DEFAULTINSTALLPATHLIST>
  6911. <CATEGORY>ADWARE</CATEGORY>
  6912. <CONDITIONLIST>
  6913. </CONDITIONLIST>
  6914. <OPERATOR>AND</OPERATOR>
  6915. <THREATLEVEL>10</THREATLEVEL>
  6916. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6917. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6918. </PROCESSDESCRIPTOR>
  6919. <PROCESSDESCRIPTOR>
  6920. <ID>606</ID>
  6921. <PROCESSLIST>
  6922. <PROCESS>*</PROCESS>
  6923. <PROCESS>STLBDIST.DLL</PROCESS>
  6924. </PROCESSLIST>
  6925. <CLSIDLIST>
  6926. <CLSID>{2CF0B992-5EEB-4143-99C0-5297EF71F444}</CLSID>
  6927. </CLSIDLIST>
  6928. <SUMMARY>Search/BrowserAid Toolbar</SUMMARY>
  6929. <DEFAULTINSTALLPATHLIST>
  6930. </DEFAULTINSTALLPATHLIST>
  6931. <CATEGORY>ADWARE</CATEGORY>
  6932. <CONDITIONLIST>
  6933. </CONDITIONLIST>
  6934. <OPERATOR>AND</OPERATOR>
  6935. <THREATLEVEL>10</THREATLEVEL>
  6936. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6937. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6938. </PROCESSDESCRIPTOR>
  6939. <PROCESSDESCRIPTOR>
  6940. <ID>607</ID>
  6941. <PROCESSLIST>
  6942. <PROCESS>*</PROCESS>
  6943. <PROCESS>SDKRH.DLL</PROCESS>
  6944. </PROCESSLIST>
  6945. <CLSIDLIST>
  6946. <CLSID>{A97C0AE7-B4EF-5E62-D831-7DD175E72CE4}</CLSID>
  6947. </CLSIDLIST>
  6948. <SUMMARY>Unknown BHO/URL Search Hook (SDKRH.DLL)</SUMMARY>
  6949. <DEFAULTINSTALLPATHLIST>
  6950. </DEFAULTINSTALLPATHLIST>
  6951. <CATEGORY>ADWARE</CATEGORY>
  6952. <CONDITIONLIST>
  6953. </CONDITIONLIST>
  6954. <OPERATOR>AND</OPERATOR>
  6955. <THREATLEVEL>10</THREATLEVEL>
  6956. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6957. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6958. </PROCESSDESCRIPTOR>
  6959. <PROCESSDESCRIPTOR>
  6960. <ID>608</ID>
  6961. <PROCESSLIST>
  6962. <PROCESS>*</PROCESS>
  6963. <PROCESS>(TARA.EXE)</PROCESS>
  6964. </PROCESSLIST>
  6965. <CLSIDLIST>
  6966. </CLSIDLIST>
  6967. <SUMMARY>TARA.EXE</SUMMARY>
  6968. <DEFAULTINSTALLPATHLIST>
  6969. </DEFAULTINSTALLPATHLIST>
  6970. <CATEGORY>ADWARE</CATEGORY>
  6971. <CONDITIONLIST>
  6972. <CONDITION>MD5=fe5e0fcb755b65e8ce9a1f8b5119ee37</CONDITION>
  6973. </CONDITIONLIST>
  6974. <OPERATOR>AND</OPERATOR>
  6975. <THREATLEVEL>10</THREATLEVEL>
  6976. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6977. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6978. </PROCESSDESCRIPTOR>
  6979. <PROCESSDESCRIPTOR>
  6980. <ID>609</ID>
  6981. <PROCESSLIST>
  6982. <PROCESS>*</PROCESS>
  6983. <PROCESS>(CHKNTFS.EXE)</PROCESS>
  6984. </PROCESSLIST>
  6985. <CLSIDLIST>
  6986. </CLSIDLIST>
  6987. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  6988. <DEFAULTINSTALLPATHLIST>
  6989. </DEFAULTINSTALLPATHLIST>
  6990. <CATEGORY>ADWARE</CATEGORY>
  6991. <CONDITIONLIST>
  6992. <CONDITION>MD5=e04be7a975ec5ae8f2962e967c2b7c9b</CONDITION>
  6993. </CONDITIONLIST>
  6994. <OPERATOR>AND</OPERATOR>
  6995. <THREATLEVEL>10</THREATLEVEL>
  6996. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  6997. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  6998. </PROCESSDESCRIPTOR>
  6999. <PROCESSDESCRIPTOR>
  7000. <ID>610</ID>
  7001. <PROCESSLIST>
  7002. <PROCESS>*</PROCESS>
  7003. <PROCESS>LMF32V.DLL</PROCESS>
  7004. </PROCESSLIST>
  7005. <CLSIDLIST>
  7006. <CLSID>{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD}</CLSID>
  7007. </CLSIDLIST>
  7008. <SUMMARY>Unknown BHO (LMF32V.DLL)</SUMMARY>
  7009. <DEFAULTINSTALLPATHLIST>
  7010. </DEFAULTINSTALLPATHLIST>
  7011. <CATEGORY>ADWARE</CATEGORY>
  7012. <CONDITIONLIST>
  7013. </CONDITIONLIST>
  7014. <OPERATOR>AND</OPERATOR>
  7015. <THREATLEVEL>10</THREATLEVEL>
  7016. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7017. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7018. </PROCESSDESCRIPTOR>
  7019. <PROCESSDESCRIPTOR>
  7020. <ID>611</ID>
  7021. <PROCESSLIST>
  7022. <PROCESS>*</PROCESS>
  7023. <PROCESS>YEFTAHV.DLL</PROCESS>
  7024. </PROCESSLIST>
  7025. <CLSIDLIST>
  7026. <CLSID>{7F4A6895-8A7B-DBDC-0A31-FECACFD5CBED}</CLSID>
  7027. </CLSIDLIST>
  7028. <SUMMARY>Unknown BHO (YEFTAHV.DLL)</SUMMARY>
  7029. <DEFAULTINSTALLPATHLIST>
  7030. </DEFAULTINSTALLPATHLIST>
  7031. <CATEGORY>ADWARE</CATEGORY>
  7032. <CONDITIONLIST>
  7033. </CONDITIONLIST>
  7034. <OPERATOR>AND</OPERATOR>
  7035. <THREATLEVEL>10</THREATLEVEL>
  7036. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7037. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7038. </PROCESSDESCRIPTOR>
  7039. <PROCESSDESCRIPTOR>
  7040. <ID>612</ID>
  7041. <PROCESSLIST>
  7042. <PROCESS>*</PROCESS>
  7043. <PROCESS>SEARCH.DLL</PROCESS>
  7044. </PROCESSLIST>
  7045. <CLSIDLIST>
  7046. <CLSID>{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}</CLSID>
  7047. </CLSIDLIST>
  7048. <SUMMARY>Adware.WhenU.BHO</SUMMARY>
  7049. <DEFAULTINSTALLPATHLIST>
  7050. </DEFAULTINSTALLPATHLIST>
  7051. <CATEGORY>ADWARE</CATEGORY>
  7052. <CONDITIONLIST>
  7053. </CONDITIONLIST>
  7054. <OPERATOR>AND</OPERATOR>
  7055. <THREATLEVEL>10</THREATLEVEL>
  7056. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7057. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7058. </PROCESSDESCRIPTOR>
  7059. <PROCESSDESCRIPTOR>
  7060. <ID>613</ID>
  7061. <PROCESSLIST>
  7062. <PROCESS>*</PROCESS>
  7063. <PROCESS>(SFSOETK.EXE)</PROCESS>
  7064. </PROCESSLIST>
  7065. <CLSIDLIST>
  7066. </CLSIDLIST>
  7067. <SUMMARY>SFSOETK.EXE</SUMMARY>
  7068. <DEFAULTINSTALLPATHLIST>
  7069. </DEFAULTINSTALLPATHLIST>
  7070. <CATEGORY>ADWARE</CATEGORY>
  7071. <CONDITIONLIST>
  7072. <CONDITION>MD5=299fc046646e2aa0280206d3ab1ad0cd</CONDITION>
  7073. </CONDITIONLIST>
  7074. <OPERATOR>AND</OPERATOR>
  7075. <THREATLEVEL>10</THREATLEVEL>
  7076. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7077. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7078. </PROCESSDESCRIPTOR>
  7079. <PROCESSDESCRIPTOR>
  7080. <ID>614</ID>
  7081. <PROCESSLIST>
  7082. <PROCESS>RUNDLL32.EXE</PROCESS>
  7083. </PROCESSLIST>
  7084. <CLSIDLIST>
  7085. </CLSIDLIST>
  7086. <SUMMARY>Unknown rundll32 Adware</SUMMARY>
  7087. <DEFAULTINSTALLPATHLIST>
  7088. </DEFAULTINSTALLPATHLIST>
  7089. <CATEGORY>ADWARE</CATEGORY>
  7090. <CONDITIONLIST>
  7091. <CONDITION>COMMANDLINE~.tmp</CONDITION>
  7092. <CONDITION>COMMANDLINE~UMonitor</CONDITION>
  7093. <CONDITION>COMMANDLINE~,</CONDITION>
  7094. </CONDITIONLIST>
  7095. <OPERATOR>AND</OPERATOR>
  7096. <THREATLEVEL>10</THREATLEVEL>
  7097. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7098. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7099. </PROCESSDESCRIPTOR>
  7100. <PROCESSDESCRIPTOR>
  7101. <ID>615</ID>
  7102. <PROCESSLIST>
  7103. <PROCESS>*</PROCESS>
  7104. <PROCESS>(BUNDLEOUTER.EXE)</PROCESS>
  7105. </PROCESSLIST>
  7106. <CLSIDLIST>
  7107. </CLSIDLIST>
  7108. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  7109. <DEFAULTINSTALLPATHLIST>
  7110. </DEFAULTINSTALLPATHLIST>
  7111. <CATEGORY>ADWARE</CATEGORY>
  7112. <CONDITIONLIST>
  7113. <CONDITION>MD5=ffab79c74e1f2213b1bab11714ebeb04</CONDITION>
  7114. </CONDITIONLIST>
  7115. <OPERATOR>AND</OPERATOR>
  7116. <THREATLEVEL>10</THREATLEVEL>
  7117. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7118. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7119. </PROCESSDESCRIPTOR>
  7120. <PROCESSDESCRIPTOR>
  7121. <ID>616</ID>
  7122. <PROCESSLIST>
  7123. <PROCESS>*</PROCESS>
  7124. <PROCESS>(BW2.EXE)</PROCESS>
  7125. </PROCESSLIST>
  7126. <CLSIDLIST>
  7127. </CLSIDLIST>
  7128. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  7129. <DEFAULTINSTALLPATHLIST>
  7130. </DEFAULTINSTALLPATHLIST>
  7131. <CATEGORY>ADWARE</CATEGORY>
  7132. <CONDITIONLIST>
  7133. <CONDITION>MD5=7398423bd4395f00c6a85775d46d826c</CONDITION>
  7134. </CONDITIONLIST>
  7135. <OPERATOR>AND</OPERATOR>
  7136. <THREATLEVEL>10</THREATLEVEL>
  7137. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7138. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7139. </PROCESSDESCRIPTOR>
  7140. <PROCESSDESCRIPTOR>
  7141. <ID>617</ID>
  7142. <PROCESSLIST>
  7143. <PROCESS>*</PROCESS>
  7144. <PROCESS>(WRAPPEROUTER.EXE)</PROCESS>
  7145. </PROCESSLIST>
  7146. <CLSIDLIST>
  7147. </CLSIDLIST>
  7148. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  7149. <DEFAULTINSTALLPATHLIST>
  7150. </DEFAULTINSTALLPATHLIST>
  7151. <CATEGORY>ADWARE</CATEGORY>
  7152. <CONDITIONLIST>
  7153. <CONDITION>MD5=3efba5c539632c6e719b6b712f476170</CONDITION>
  7154. </CONDITIONLIST>
  7155. <OPERATOR>AND</OPERATOR>
  7156. <THREATLEVEL>10</THREATLEVEL>
  7157. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7158. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7159. </PROCESSDESCRIPTOR>
  7160. <PROCESSDESCRIPTOR>
  7161. <ID>619</ID>
  7162. <PROCESSLIST>
  7163. <PROCESS>SQUERYCCONTROL32.EXE</PROCESS>
  7164. <PROCESS>SQUERYCLIENT32.EXE</PROCESS>
  7165. </PROCESSLIST>
  7166. <CLSIDLIST>
  7167. </CLSIDLIST>
  7168. <SUMMARY>SQuery</SUMMARY>
  7169. <DEFAULTINSTALLPATHLIST>
  7170. </DEFAULTINSTALLPATHLIST>
  7171. <CATEGORY>ADWARE</CATEGORY>
  7172. <CONDITIONLIST>
  7173. </CONDITIONLIST>
  7174. <OPERATOR>AND</OPERATOR>
  7175. <THREATLEVEL>10</THREATLEVEL>
  7176. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7177. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7178. </PROCESSDESCRIPTOR>
  7179. <PROCESSDESCRIPTOR>
  7180. <ID>620</ID>
  7181. <PROCESSLIST>
  7182. <PROCESS>ADWARE-UPDATE.EXE</PROCESS>
  7183. </PROCESSLIST>
  7184. <CLSIDLIST>
  7185. </CLSIDLIST>
  7186. <SUMMARY>ADWARE-UPDATE.EXE</SUMMARY>
  7187. <DEFAULTINSTALLPATHLIST>
  7188. </DEFAULTINSTALLPATHLIST>
  7189. <CATEGORY>ADWARE</CATEGORY>
  7190. <CONDITIONLIST>
  7191. </CONDITIONLIST>
  7192. <OPERATOR>AND</OPERATOR>
  7193. <THREATLEVEL>10</THREATLEVEL>
  7194. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7195. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7196. </PROCESSDESCRIPTOR>
  7197. <PROCESSDESCRIPTOR>
  7198. <ID>621</ID>
  7199. <PROCESSLIST>
  7200. <PROCESS>*</PROCESS>
  7201. <PROCESS>ADROAR.DLL</PROCESS>
  7202. </PROCESSLIST>
  7203. <CLSIDLIST>
  7204. <CLSID>{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}</CLSID>
  7205. </CLSIDLIST>
  7206. <SUMMARY>AdRoar Module Toolbar</SUMMARY>
  7207. <DEFAULTINSTALLPATHLIST>
  7208. </DEFAULTINSTALLPATHLIST>
  7209. <CATEGORY>ADWARE</CATEGORY>
  7210. <CONDITIONLIST>
  7211. </CONDITIONLIST>
  7212. <OPERATOR>AND</OPERATOR>
  7213. <THREATLEVEL>10</THREATLEVEL>
  7214. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7215. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7216. </PROCESSDESCRIPTOR>
  7217. <PROCESSDESCRIPTOR>
  7218. <ID>622</ID>
  7219. <PROCESSLIST>
  7220. <PROCESS>*</PROCESS>
  7221. <PROCESS>TIRSRQPW.DLL</PROCESS>
  7222. </PROCESSLIST>
  7223. <CLSIDLIST>
  7224. <CLSID>{C6031D0E-F86C-7214-F80D-26187AB53AF4}</CLSID>
  7225. </CLSIDLIST>
  7226. <SUMMARY>Unknown Toolbar (TIRSRQPW.DLL)</SUMMARY>
  7227. <DEFAULTINSTALLPATHLIST>
  7228. </DEFAULTINSTALLPATHLIST>
  7229. <CATEGORY>ADWARE</CATEGORY>
  7230. <CONDITIONLIST>
  7231. </CONDITIONLIST>
  7232. <OPERATOR>AND</OPERATOR>
  7233. <THREATLEVEL>10</THREATLEVEL>
  7234. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7235. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7236. </PROCESSDESCRIPTOR>
  7237. <PROCESSDESCRIPTOR>
  7238. <ID>623</ID>
  7239. <PROCESSLIST>
  7240. <PROCESS>*</PROCESS>
  7241. <PROCESS>(DMLSC.EXE)</PROCESS>
  7242. </PROCESSLIST>
  7243. <CLSIDLIST>
  7244. </CLSIDLIST>
  7245. <SUMMARY>DMLSC.EXE</SUMMARY>
  7246. <DEFAULTINSTALLPATHLIST>
  7247. </DEFAULTINSTALLPATHLIST>
  7248. <CATEGORY>ADWARE</CATEGORY>
  7249. <CONDITIONLIST>
  7250. <CONDITION>MD5=344b6198103aa903bc7e176d67b68500</CONDITION>
  7251. </CONDITIONLIST>
  7252. <OPERATOR>AND</OPERATOR>
  7253. <THREATLEVEL>10</THREATLEVEL>
  7254. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7255. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7256. </PROCESSDESCRIPTOR>
  7257. <PROCESSDESCRIPTOR>
  7258. <ID>624</ID>
  7259. <PROCESSLIST>
  7260. <PROCESS>*</PROCESS>
  7261. <PROCESS>(NTOCATQ.EXE)</PROCESS>
  7262. </PROCESSLIST>
  7263. <CLSIDLIST>
  7264. </CLSIDLIST>
  7265. <SUMMARY>NTOCATQ.EXE</SUMMARY>
  7266. <DEFAULTINSTALLPATHLIST>
  7267. </DEFAULTINSTALLPATHLIST>
  7268. <CATEGORY>ADWARE</CATEGORY>
  7269. <CONDITIONLIST>
  7270. <CONDITION>MD5=c11e5605b09aa7e06a9658f2a0f31872</CONDITION>
  7271. </CONDITIONLIST>
  7272. <OPERATOR>AND</OPERATOR>
  7273. <THREATLEVEL>10</THREATLEVEL>
  7274. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7275. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7276. </PROCESSDESCRIPTOR>
  7277. <PROCESSDESCRIPTOR>
  7278. <ID>625</ID>
  7279. <PROCESSLIST>
  7280. <PROCESS>*</PROCESS>
  7281. <PROCESS>(WAST2.EXE)</PROCESS>
  7282. </PROCESSLIST>
  7283. <CLSIDLIST>
  7284. </CLSIDLIST>
  7285. <SUMMARY>WAST2.EXE</SUMMARY>
  7286. <DEFAULTINSTALLPATHLIST>
  7287. </DEFAULTINSTALLPATHLIST>
  7288. <CATEGORY>ADWARE</CATEGORY>
  7289. <CONDITIONLIST>
  7290. <CONDITION>MD5=3d66650a33753f94c82f2b28c8b16afc</CONDITION>
  7291. </CONDITIONLIST>
  7292. <OPERATOR>AND</OPERATOR>
  7293. <THREATLEVEL>10</THREATLEVEL>
  7294. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7295. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7296. </PROCESSDESCRIPTOR>
  7297. <PROCESSDESCRIPTOR>
  7298. <ID>626</ID>
  7299. <PROCESSLIST>
  7300. <PROCESS>*</PROCESS>
  7301. <PROCESS>(MTWISYU.EXE)</PROCESS>
  7302. </PROCESSLIST>
  7303. <CLSIDLIST>
  7304. </CLSIDLIST>
  7305. <SUMMARY>MTWISYU.EXE</SUMMARY>
  7306. <DEFAULTINSTALLPATHLIST>
  7307. </DEFAULTINSTALLPATHLIST>
  7308. <CATEGORY>ADWARE</CATEGORY>
  7309. <CONDITIONLIST>
  7310. <CONDITION>MD5=59577508d29c4568d46c7865d2d2236d</CONDITION>
  7311. </CONDITIONLIST>
  7312. <OPERATOR>AND</OPERATOR>
  7313. <THREATLEVEL>10</THREATLEVEL>
  7314. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7315. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7316. </PROCESSDESCRIPTOR>
  7317. <PROCESSDESCRIPTOR>
  7318. <ID>627</ID>
  7319. <PROCESSLIST>
  7320. <PROCESS>*</PROCESS>
  7321. <PROCESS>(TARA.EXE)</PROCESS>
  7322. </PROCESSLIST>
  7323. <CLSIDLIST>
  7324. </CLSIDLIST>
  7325. <SUMMARY>TARA.EXE</SUMMARY>
  7326. <DEFAULTINSTALLPATHLIST>
  7327. </DEFAULTINSTALLPATHLIST>
  7328. <CATEGORY>ADWARE</CATEGORY>
  7329. <CONDITIONLIST>
  7330. <CONDITION>MD5=6d58a7358802ae0d9984a01419dd2103</CONDITION>
  7331. </CONDITIONLIST>
  7332. <OPERATOR>AND</OPERATOR>
  7333. <THREATLEVEL>10</THREATLEVEL>
  7334. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7335. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7336. </PROCESSDESCRIPTOR>
  7337. <PROCESSDESCRIPTOR>
  7338. <ID>628</ID>
  7339. <PROCESSLIST>
  7340. <PROCESS>*</PROCESS>
  7341. <PROCESS>(CTXAD.EXE)</PROCESS>
  7342. </PROCESSLIST>
  7343. <CLSIDLIST>
  7344. </CLSIDLIST>
  7345. <SUMMARY>CTXAD.EXE</SUMMARY>
  7346. <DEFAULTINSTALLPATHLIST>
  7347. </DEFAULTINSTALLPATHLIST>
  7348. <CATEGORY>ADWARE</CATEGORY>
  7349. <CONDITIONLIST>
  7350. <CONDITION>MD5=821dcea702566f2c87ff8c2e9a8c3f63</CONDITION>
  7351. </CONDITIONLIST>
  7352. <OPERATOR>AND</OPERATOR>
  7353. <THREATLEVEL>10</THREATLEVEL>
  7354. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7355. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7356. </PROCESSDESCRIPTOR>
  7357. <PROCESSDESCRIPTOR>
  7358. <ID>629</ID>
  7359. <PROCESSLIST>
  7360. <PROCESS>*</PROCESS>
  7361. <PROCESS>QIMOQSOS.DLL</PROCESS>
  7362. </PROCESSLIST>
  7363. <CLSIDLIST>
  7364. <CLSID>{8FA2998E-266A-7B98-1B22-5FF07CCE3BB2}</CLSID>
  7365. </CLSIDLIST>
  7366. <SUMMARY>Unknown BHO (QIMOQSOS.DLL)</SUMMARY>
  7367. <DEFAULTINSTALLPATHLIST>
  7368. </DEFAULTINSTALLPATHLIST>
  7369. <CATEGORY>ADWARE</CATEGORY>
  7370. <CONDITIONLIST>
  7371. </CONDITIONLIST>
  7372. <OPERATOR>AND</OPERATOR>
  7373. <THREATLEVEL>10</THREATLEVEL>
  7374. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7375. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7376. </PROCESSDESCRIPTOR>
  7377. <PROCESSDESCRIPTOR>
  7378. <ID>630</ID>
  7379. <PROCESSLIST>
  7380. <PROCESS>*</PROCESS>
  7381. <PROCESS>(TASKMGR.EXE)</PROCESS>
  7382. </PROCESSLIST>
  7383. <CLSIDLIST>
  7384. </CLSIDLIST>
  7385. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  7386. <DEFAULTINSTALLPATHLIST>
  7387. </DEFAULTINSTALLPATHLIST>
  7388. <CATEGORY>ADWARE</CATEGORY>
  7389. <CONDITIONLIST>
  7390. <CONDITION>MD5=38fa47a243f6e6f37e9ab06fd6f742b5</CONDITION>
  7391. </CONDITIONLIST>
  7392. <OPERATOR>AND</OPERATOR>
  7393. <THREATLEVEL>10</THREATLEVEL>
  7394. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7395. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7396. </PROCESSDESCRIPTOR>
  7397. <PROCESSDESCRIPTOR>
  7398. <ID>631</ID>
  7399. <PROCESSLIST>
  7400. <PROCESS>*</PROCESS>
  7401. <PROCESS>(SSK.EXE)</PROCESS>
  7402. </PROCESSLIST>
  7403. <CLSIDLIST>
  7404. </CLSIDLIST>
  7405. <SUMMARY>SurfSideKick 2 Process</SUMMARY>
  7406. <DEFAULTINSTALLPATHLIST>
  7407. </DEFAULTINSTALLPATHLIST>
  7408. <CATEGORY>ADWARE</CATEGORY>
  7409. <CONDITIONLIST>
  7410. <CONDITION>MD5=ebf1d7346705845b6cc20d47baeb022a</CONDITION>
  7411. </CONDITIONLIST>
  7412. <OPERATOR>AND</OPERATOR>
  7413. <THREATLEVEL>10</THREATLEVEL>
  7414. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7415. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7416. </PROCESSDESCRIPTOR>
  7417. <PROCESSDESCRIPTOR>
  7418. <ID>632</ID>
  7419. <PROCESSLIST>
  7420. <PROCESS>ARUPDATE.EXE</PROCESS>
  7421. </PROCESSLIST>
  7422. <CLSIDLIST>
  7423. </CLSIDLIST>
  7424. <SUMMARY>AdRoar Updater</SUMMARY>
  7425. <DEFAULTINSTALLPATHLIST>
  7426. </DEFAULTINSTALLPATHLIST>
  7427. <CATEGORY>ADWARE</CATEGORY>
  7428. <CONDITIONLIST>
  7429. <CONDITION>COMPANYNAME~Ad Roar</CONDITION>
  7430. </CONDITIONLIST>
  7431. <OPERATOR>AND</OPERATOR>
  7432. <THREATLEVEL>10</THREATLEVEL>
  7433. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7434. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7435. </PROCESSDESCRIPTOR>
  7436. <PROCESSDESCRIPTOR>
  7437. <ID>633</ID>
  7438. <PROCESSLIST>
  7439. <PROCESS>*</PROCESS>
  7440. <PROCESS>(LOGONUI.EXE)</PROCESS>
  7441. </PROCESSLIST>
  7442. <CLSIDLIST>
  7443. </CLSIDLIST>
  7444. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  7445. <DEFAULTINSTALLPATHLIST>
  7446. </DEFAULTINSTALLPATHLIST>
  7447. <CATEGORY>ADWARE</CATEGORY>
  7448. <CONDITIONLIST>
  7449. <CONDITION>MD5=b0a21e366827e22350d76d8a153bdc1b</CONDITION>
  7450. </CONDITIONLIST>
  7451. <OPERATOR>AND</OPERATOR>
  7452. <THREATLEVEL>10</THREATLEVEL>
  7453. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7454. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7455. </PROCESSDESCRIPTOR>
  7456. <PROCESSDESCRIPTOR>
  7457. <ID>634</ID>
  7458. <PROCESSLIST>
  7459. <PROCESS>*</PROCESS>
  7460. <PROCESS>(OWYYW.EXE)</PROCESS>
  7461. </PROCESSLIST>
  7462. <CLSIDLIST>
  7463. </CLSIDLIST>
  7464. <SUMMARY>OWYYW.EXE</SUMMARY>
  7465. <DEFAULTINSTALLPATHLIST>
  7466. </DEFAULTINSTALLPATHLIST>
  7467. <CATEGORY>ADWARE</CATEGORY>
  7468. <CONDITIONLIST>
  7469. <CONDITION>MD5=299fc046646e2aa0280206d3ab1ad0cd</CONDITION>
  7470. </CONDITIONLIST>
  7471. <OPERATOR>AND</OPERATOR>
  7472. <THREATLEVEL>10</THREATLEVEL>
  7473. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7474. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7475. </PROCESSDESCRIPTOR>
  7476. <PROCESSDESCRIPTOR>
  7477. <ID>635</ID>
  7478. <PROCESSLIST>
  7479. <PROCESS>BUNDLE.EXE</PROCESS>
  7480. </PROCESSLIST>
  7481. <CLSIDLIST>
  7482. </CLSIDLIST>
  7483. <SUMMARY>Bundle Install</SUMMARY>
  7484. <DEFAULTINSTALLPATHLIST>
  7485. </DEFAULTINSTALLPATHLIST>
  7486. <CATEGORY>ADWARE</CATEGORY>
  7487. <CONDITIONLIST>
  7488. <CONDITION>INTERNALNAME~install</CONDITION>
  7489. <CONDITION>PRODUCTNAME~install</CONDITION>
  7490. <CONDITION>FILELOCATION~temp</CONDITION>
  7491. </CONDITIONLIST>
  7492. <OPERATOR>AND</OPERATOR>
  7493. <THREATLEVEL>10</THREATLEVEL>
  7494. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7495. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7496. </PROCESSDESCRIPTOR>
  7497. <PROCESSDESCRIPTOR>
  7498. <ID>636</ID>
  7499. <PROCESSLIST>
  7500. <PROCESS>*</PROCESS>
  7501. <PROCESS>(SAHAGENT-RAZORMEDIA1002.EXE)</PROCESS>
  7502. </PROCESSLIST>
  7503. <CLSIDLIST>
  7504. </CLSIDLIST>
  7505. <SUMMARY>SAHAGENT-RAZORMEDIA1002.EXE</SUMMARY>
  7506. <DEFAULTINSTALLPATHLIST>
  7507. </DEFAULTINSTALLPATHLIST>
  7508. <CATEGORY>ADWARE</CATEGORY>
  7509. <CONDITIONLIST>
  7510. <CONDITION>MD5=ae158da9c09accbd83b1d1d0ab790504</CONDITION>
  7511. </CONDITIONLIST>
  7512. <OPERATOR>AND</OPERATOR>
  7513. <THREATLEVEL>10</THREATLEVEL>
  7514. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7515. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7516. </PROCESSDESCRIPTOR>
  7517. <PROCESSDESCRIPTOR>
  7518. <ID>637</ID>
  7519. <PROCESSLIST>
  7520. <PROCESS>*</PROCESS>
  7521. <PROCESS>(NCASEP~1.EXE)</PROCESS>
  7522. </PROCESSLIST>
  7523. <CLSIDLIST>
  7524. </CLSIDLIST>
  7525. <SUMMARY>n-CASE Process</SUMMARY>
  7526. <DEFAULTINSTALLPATHLIST>
  7527. </DEFAULTINSTALLPATHLIST>
  7528. <CATEGORY>ADWARE</CATEGORY>
  7529. <CONDITIONLIST>
  7530. <CONDITION>MD5=5c3d1c02455e35822fbb5942c748dec1</CONDITION>
  7531. </CONDITIONLIST>
  7532. <OPERATOR>AND</OPERATOR>
  7533. <THREATLEVEL>10</THREATLEVEL>
  7534. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7535. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7536. </PROCESSDESCRIPTOR>
  7537. <PROCESSDESCRIPTOR>
  7538. <ID>638</ID>
  7539. <PROCESSLIST>
  7540. <PROCESS>WINCTLAD.EXE</PROCESS>
  7541. </PROCESSLIST>
  7542. <CLSIDLIST>
  7543. </CLSIDLIST>
  7544. <SUMMARY>WINCTLAD.EXE</SUMMARY>
  7545. <DEFAULTINSTALLPATHLIST>
  7546. </DEFAULTINSTALLPATHLIST>
  7547. <CATEGORY>ADWARE</CATEGORY>
  7548. <CONDITIONLIST>
  7549. <CONDITION>FILELOCATION~ControlAd</CONDITION>
  7550. </CONDITIONLIST>
  7551. <OPERATOR>AND</OPERATOR>
  7552. <THREATLEVEL>10</THREATLEVEL>
  7553. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7554. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7555. </PROCESSDESCRIPTOR>
  7556. <PROCESSDESCRIPTOR>
  7557. <ID>639</ID>
  7558. <PROCESSLIST>
  7559. <PROCESS>WINCTLADALT.EXE</PROCESS>
  7560. </PROCESSLIST>
  7561. <CLSIDLIST>
  7562. </CLSIDLIST>
  7563. <SUMMARY>WINCTLADALT.EXE</SUMMARY>
  7564. <DEFAULTINSTALLPATHLIST>
  7565. </DEFAULTINSTALLPATHLIST>
  7566. <CATEGORY>ADWARE</CATEGORY>
  7567. <CONDITIONLIST>
  7568. <CONDITION>FILELOCATION~ControlAd</CONDITION>
  7569. </CONDITIONLIST>
  7570. <OPERATOR>AND</OPERATOR>
  7571. <THREATLEVEL>10</THREATLEVEL>
  7572. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7573. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7574. </PROCESSDESCRIPTOR>
  7575. <PROCESSDESCRIPTOR>
  7576. <ID>641</ID>
  7577. <PROCESSLIST>
  7578. <PROCESS>*</PROCESS>
  7579. </PROCESSLIST>
  7580. <CLSIDLIST>
  7581. </CLSIDLIST>
  7582. <SUMMARY>TargetSaver, Inc. Process</SUMMARY>
  7583. <DEFAULTINSTALLPATHLIST>
  7584. </DEFAULTINSTALLPATHLIST>
  7585. <CATEGORY>ADWARE</CATEGORY>
  7586. <CONDITIONLIST>
  7587. <CONDITION>COMPANYNAME~TargetSaver, Inc.</CONDITION>
  7588. </CONDITIONLIST>
  7589. <OPERATOR>AND</OPERATOR>
  7590. <THREATLEVEL>10</THREATLEVEL>
  7591. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7592. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7593. </PROCESSDESCRIPTOR>
  7594. <PROCESSDESCRIPTOR>
  7595. <ID>642</ID>
  7596. <PROCESSLIST>
  7597. <PROCESS>*</PROCESS>
  7598. <PROCESS>(TS2.EXE)</PROCESS>
  7599. </PROCESSLIST>
  7600. <CLSIDLIST>
  7601. </CLSIDLIST>
  7602. <SUMMARY>TS2.EXE</SUMMARY>
  7603. <DEFAULTINSTALLPATHLIST>
  7604. </DEFAULTINSTALLPATHLIST>
  7605. <CATEGORY>ADWARE</CATEGORY>
  7606. <CONDITIONLIST>
  7607. <CONDITION>MD5=7dd0809d0704ad54eee6b1f87f313250</CONDITION>
  7608. </CONDITIONLIST>
  7609. <OPERATOR>AND</OPERATOR>
  7610. <THREATLEVEL>10</THREATLEVEL>
  7611. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7612. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7613. </PROCESSDESCRIPTOR>
  7614. <PROCESSDESCRIPTOR>
  7615. <ID>643</ID>
  7616. <PROCESSLIST>
  7617. <PROCESS>*</PROCESS>
  7618. <PROCESS>(TSM2.EXE)</PROCESS>
  7619. </PROCESSLIST>
  7620. <CLSIDLIST>
  7621. </CLSIDLIST>
  7622. <SUMMARY>TSM2.EXE</SUMMARY>
  7623. <DEFAULTINSTALLPATHLIST>
  7624. </DEFAULTINSTALLPATHLIST>
  7625. <CATEGORY>ADWARE</CATEGORY>
  7626. <CONDITIONLIST>
  7627. <CONDITION>MD5=f9cbbdf62b43931463008b1433283893</CONDITION>
  7628. </CONDITIONLIST>
  7629. <OPERATOR>AND</OPERATOR>
  7630. <THREATLEVEL>10</THREATLEVEL>
  7631. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7632. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7633. </PROCESSDESCRIPTOR>
  7634. <PROCESSDESCRIPTOR>
  7635. <ID>644</ID>
  7636. <PROCESSLIST>
  7637. <PROCESS>*</PROCESS>
  7638. <PROCESS>(TSL.EXE)</PROCESS>
  7639. </PROCESSLIST>
  7640. <CLSIDLIST>
  7641. </CLSIDLIST>
  7642. <SUMMARY>TSL.EXE</SUMMARY>
  7643. <DEFAULTINSTALLPATHLIST>
  7644. </DEFAULTINSTALLPATHLIST>
  7645. <CATEGORY>ADWARE</CATEGORY>
  7646. <CONDITIONLIST>
  7647. <CONDITION>MD5=6ed0b6ac55757b4e62fbc469c636e7b5</CONDITION>
  7648. <CONDITION>MD5=207D13B63A094CB5BE21193423B48152</CONDITION>
  7649. </CONDITIONLIST>
  7650. <OPERATOR>OR</OPERATOR>
  7651. <THREATLEVEL>10</THREATLEVEL>
  7652. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7653. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7654. </PROCESSDESCRIPTOR>
  7655. <PROCESSDESCRIPTOR>
  7656. <ID>645</ID>
  7657. <PROCESSLIST>
  7658. <PROCESS>*</PROCESS>
  7659. <PROCESS>SEARCH~1.DLL</PROCESS>
  7660. </PROCESSLIST>
  7661. <CLSIDLIST>
  7662. <CLSID>{1D7E3B41-23CE-469B-BE1B-A64B877923E1}</CLSID>
  7663. </CLSIDLIST>
  7664. <SUMMARY>Unknown BHO (SEARCH~1.DLL)</SUMMARY>
  7665. <DEFAULTINSTALLPATHLIST>
  7666. </DEFAULTINSTALLPATHLIST>
  7667. <CATEGORY>ADWARE</CATEGORY>
  7668. <CONDITIONLIST>
  7669. </CONDITIONLIST>
  7670. <OPERATOR>AND</OPERATOR>
  7671. <THREATLEVEL>10</THREATLEVEL>
  7672. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7673. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7674. </PROCESSDESCRIPTOR>
  7675. <PROCESSDESCRIPTOR>
  7676. <ID>646</ID>
  7677. <PROCESSLIST>
  7678. <PROCESS>BNDLWR_BUNDLE.EXE</PROCESS>
  7679. </PROCESSLIST>
  7680. <CLSIDLIST>
  7681. </CLSIDLIST>
  7682. <SUMMARY>BNDLWR_BUNDLE.EXE</SUMMARY>
  7683. <DEFAULTINSTALLPATHLIST>
  7684. </DEFAULTINSTALLPATHLIST>
  7685. <CATEGORY>ADWARE</CATEGORY>
  7686. <CONDITIONLIST>
  7687. <CONDITION>COMPANYNAME~eAcceleration</CONDITION>
  7688. </CONDITIONLIST>
  7689. <OPERATOR>AND</OPERATOR>
  7690. <THREATLEVEL>10</THREATLEVEL>
  7691. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7692. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7693. </PROCESSDESCRIPTOR>
  7694. <PROCESSDESCRIPTOR>
  7695. <ID>647</ID>
  7696. <PROCESSLIST>
  7697. <PROCESS>*</PROCESS>
  7698. <PROCESS>PXELRU.DAT</PROCESS>
  7699. </PROCESSLIST>
  7700. <CLSIDLIST>
  7701. <CLSID>{8109AF33-6949-4833-8881-43DCC232B7B2}</CLSID>
  7702. </CLSIDLIST>
  7703. <SUMMARY>CATLEvents Object BHO</SUMMARY>
  7704. <DEFAULTINSTALLPATHLIST>
  7705. </DEFAULTINSTALLPATHLIST>
  7706. <CATEGORY>ADWARE</CATEGORY>
  7707. <CONDITIONLIST>
  7708. </CONDITIONLIST>
  7709. <OPERATOR>AND</OPERATOR>
  7710. <THREATLEVEL>10</THREATLEVEL>
  7711. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7712. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7713. </PROCESSDESCRIPTOR>
  7714. <PROCESSDESCRIPTOR>
  7715. <ID>648</ID>
  7716. <PROCESSLIST>
  7717. <PROCESS>*</PROCESS>
  7718. <PROCESS>RUNDLL16.DLL</PROCESS>
  7719. </PROCESSLIST>
  7720. <CLSIDLIST>
  7721. <CLSID>{80672997-D58C-4190-9843-C6C61AF8FE97}</CLSID>
  7722. </CLSIDLIST>
  7723. <SUMMARY>IAdvertisementBHO Class BHO</SUMMARY>
  7724. <DEFAULTINSTALLPATHLIST>
  7725. </DEFAULTINSTALLPATHLIST>
  7726. <CATEGORY>ADWARE</CATEGORY>
  7727. <CONDITIONLIST>
  7728. </CONDITIONLIST>
  7729. <OPERATOR>AND</OPERATOR>
  7730. <THREATLEVEL>10</THREATLEVEL>
  7731. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7732. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7733. </PROCESSDESCRIPTOR>
  7734. <PROCESSDESCRIPTOR>
  7735. <ID>649</ID>
  7736. <PROCESSLIST>
  7737. <PROCESS>*</PROCESS>
  7738. <PROCESS>ODJ.DLL</PROCESS>
  7739. </PROCESSLIST>
  7740. <CLSIDLIST>
  7741. <CLSID>{6D8D420F-E73C-1BF0-DB22-61550FDD281B}</CLSID>
  7742. </CLSIDLIST>
  7743. <SUMMARY>Unknown BHO (ODJ.DLL)</SUMMARY>
  7744. <DEFAULTINSTALLPATHLIST>
  7745. </DEFAULTINSTALLPATHLIST>
  7746. <CATEGORY>ADWARE</CATEGORY>
  7747. <CONDITIONLIST>
  7748. </CONDITIONLIST>
  7749. <OPERATOR>AND</OPERATOR>
  7750. <THREATLEVEL>10</THREATLEVEL>
  7751. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7752. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7753. </PROCESSDESCRIPTOR>
  7754. <PROCESSDESCRIPTOR>
  7755. <ID>650</ID>
  7756. <PROCESSLIST>
  7757. <PROCESS>*</PROCESS>
  7758. <PROCESS>GSIM.DLL</PROCESS>
  7759. </PROCESSLIST>
  7760. <CLSIDLIST>
  7761. <CLSID>{4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D}</CLSID>
  7762. </CLSIDLIST>
  7763. <SUMMARY>GSIM BHO</SUMMARY>
  7764. <DEFAULTINSTALLPATHLIST>
  7765. </DEFAULTINSTALLPATHLIST>
  7766. <CATEGORY>ADWARE</CATEGORY>
  7767. <CONDITIONLIST>
  7768. </CONDITIONLIST>
  7769. <OPERATOR>AND</OPERATOR>
  7770. <THREATLEVEL>10</THREATLEVEL>
  7771. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7772. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7773. </PROCESSDESCRIPTOR>
  7774. <PROCESSDESCRIPTOR>
  7775. <ID>651</ID>
  7776. <PROCESSLIST>
  7777. <PROCESS>*</PROCESS>
  7778. <PROCESS>STLB2.DLL</PROCESS>
  7779. </PROCESSLIST>
  7780. <CLSIDLIST>
  7781. <CLSID>{12EE7A5E-0674-42f9-A76A-000000004D00}</CLSID>
  7782. </CLSIDLIST>
  7783. <SUMMARY>SearchToolbarBHOObject BHO</SUMMARY>
  7784. <DEFAULTINSTALLPATHLIST>
  7785. </DEFAULTINSTALLPATHLIST>
  7786. <CATEGORY>ADWARE</CATEGORY>
  7787. <CONDITIONLIST>
  7788. </CONDITIONLIST>
  7789. <OPERATOR>AND</OPERATOR>
  7790. <THREATLEVEL>10</THREATLEVEL>
  7791. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7792. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7793. </PROCESSDESCRIPTOR>
  7794. <PROCESSDESCRIPTOR>
  7795. <ID>652</ID>
  7796. <PROCESSLIST>
  7797. <PROCESS>*</PROCESS>
  7798. <PROCESS>WINHOT32.DLL</PROCESS>
  7799. </PROCESSLIST>
  7800. <CLSIDLIST>
  7801. <CLSID>{086CEFD5-A88D-4981-8915-D51F04360ED1}</CLSID>
  7802. <CLSID>{8B224779-3B0E-4FEA-8AE1-B66C20DD840F}</CLSID>
  7803. </CLSIDLIST>
  7804. <SUMMARY>ohb Class BHO</SUMMARY>
  7805. <DEFAULTINSTALLPATHLIST>
  7806. </DEFAULTINSTALLPATHLIST>
  7807. <CATEGORY>ADWARE</CATEGORY>
  7808. <CONDITIONLIST>
  7809. </CONDITIONLIST>
  7810. <OPERATOR>AND</OPERATOR>
  7811. <THREATLEVEL>10</THREATLEVEL>
  7812. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7813. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7814. </PROCESSDESCRIPTOR>
  7815. <PROCESSDESCRIPTOR>
  7816. <ID>653</ID>
  7817. <PROCESSLIST>
  7818. <PROCESS>*</PROCESS>
  7819. <PROCESS>PERFECTNAVBHO.DLL</PROCESS>
  7820. </PROCESSLIST>
  7821. <CLSIDLIST>
  7822. <CLSID>{00D6A7E7-4A97-456f-848A-3B75BF7554D7}</CLSID>
  7823. </CLSIDLIST>
  7824. <SUMMARY>PerfectNavBHO Class BHO</SUMMARY>
  7825. <DEFAULTINSTALLPATHLIST>
  7826. </DEFAULTINSTALLPATHLIST>
  7827. <CATEGORY>ADWARE</CATEGORY>
  7828. <CONDITIONLIST>
  7829. </CONDITIONLIST>
  7830. <OPERATOR>AND</OPERATOR>
  7831. <THREATLEVEL>10</THREATLEVEL>
  7832. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7833. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7834. </PROCESSDESCRIPTOR>
  7835. <PROCESSDESCRIPTOR>
  7836. <ID>654</ID>
  7837. <PROCESSLIST>
  7838. <PROCESS>*</PROCESS>
  7839. <PROCESS>SEP.DLL</PROCESS>
  7840. </PROCESSLIST>
  7841. <CLSIDLIST>
  7842. <CLSID>{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}</CLSID>
  7843. </CLSIDLIST>
  7844. <SUMMARY>Band Class BHO/Toolbar (SideSearch)</SUMMARY>
  7845. <DEFAULTINSTALLPATHLIST>
  7846. </DEFAULTINSTALLPATHLIST>
  7847. <CATEGORY>ADWARE</CATEGORY>
  7848. <CONDITIONLIST>
  7849. </CONDITIONLIST>
  7850. <OPERATOR>AND</OPERATOR>
  7851. <THREATLEVEL>10</THREATLEVEL>
  7852. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7853. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7854. </PROCESSDESCRIPTOR>
  7855. <PROCESSDESCRIPTOR>
  7856. <ID>655</ID>
  7857. <PROCESSLIST>
  7858. <PROCESS>*</PROCESS>
  7859. <PROCESS>STLB2.DLL</PROCESS>
  7860. </PROCESSLIST>
  7861. <CLSIDLIST>
  7862. <CLSID>{12EE7A5E-0674-42f9-A76B-000000004D00}</CLSID>
  7863. </CLSIDLIST>
  7864. <SUMMARY>Search Explorer Bar/Toolbar</SUMMARY>
  7865. <DEFAULTINSTALLPATHLIST>
  7866. </DEFAULTINSTALLPATHLIST>
  7867. <CATEGORY>ADWARE</CATEGORY>
  7868. <CONDITIONLIST>
  7869. </CONDITIONLIST>
  7870. <OPERATOR>AND</OPERATOR>
  7871. <THREATLEVEL>10</THREATLEVEL>
  7872. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7873. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7874. </PROCESSDESCRIPTOR>
  7875. <PROCESSDESCRIPTOR>
  7876. <ID>656</ID>
  7877. <PROCESSLIST>
  7878. <PROCESS>*</PROCESS>
  7879. <PROCESS>DNSPROXY.DLL</PROCESS>
  7880. </PROCESSLIST>
  7881. <CLSIDLIST>
  7882. <CLSID>{06594350-D723-11D8-9669-0800200C9A66}</CLSID>
  7883. <CLSID>{FF4E2C50-BCF3-47CF-952A-A512F5B5D0E8}</CLSID>
  7884. </CLSIDLIST>
  7885. <SUMMARY>DNSProxy Module BHO - StickyPops.com</SUMMARY>
  7886. <DEFAULTINSTALLPATHLIST>
  7887. </DEFAULTINSTALLPATHLIST>
  7888. <CATEGORY>ADWARE</CATEGORY>
  7889. <CONDITIONLIST>
  7890. </CONDITIONLIST>
  7891. <OPERATOR>AND</OPERATOR>
  7892. <THREATLEVEL>10</THREATLEVEL>
  7893. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7894. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7895. </PROCESSDESCRIPTOR>
  7896. <PROCESSDESCRIPTOR>
  7897. <ID>657</ID>
  7898. <PROCESSLIST>
  7899. <PROCESS>*</PROCESS>
  7900. <PROCESS>SIKERNEL.DLL</PROCESS>
  7901. </PROCESSLIST>
  7902. <CLSIDLIST>
  7903. <CLSID>{0140DF95-9128-4053-AE72-F43F0CFCA062}</CLSID>
  7904. </CLSIDLIST>
  7905. <SUMMARY>SIKERNEL.DLL BHO</SUMMARY>
  7906. <DEFAULTINSTALLPATHLIST>
  7907. </DEFAULTINSTALLPATHLIST>
  7908. <CATEGORY>ADWARE</CATEGORY>
  7909. <CONDITIONLIST>
  7910. </CONDITIONLIST>
  7911. <OPERATOR>AND</OPERATOR>
  7912. <THREATLEVEL>10</THREATLEVEL>
  7913. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7914. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7915. </PROCESSDESCRIPTOR>
  7916. <PROCESSDESCRIPTOR>
  7917. <ID>658</ID>
  7918. <PROCESSLIST>
  7919. <PROCESS>*</PROCESS>
  7920. <PROCESS>UEQCNBB.DLL</PROCESS>
  7921. </PROCESSLIST>
  7922. <CLSIDLIST>
  7923. <CLSID>{1F893F2C-B46D-01B2-8253-60557CF02A6B}</CLSID>
  7924. </CLSIDLIST>
  7925. <SUMMARY>Unknown BHO (UEQCNBB.DLL)</SUMMARY>
  7926. <DEFAULTINSTALLPATHLIST>
  7927. </DEFAULTINSTALLPATHLIST>
  7928. <CATEGORY>ADWARE</CATEGORY>
  7929. <CONDITIONLIST>
  7930. </CONDITIONLIST>
  7931. <OPERATOR>AND</OPERATOR>
  7932. <THREATLEVEL>10</THREATLEVEL>
  7933. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7934. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7935. </PROCESSDESCRIPTOR>
  7936. <PROCESSDESCRIPTOR>
  7937. <ID>659</ID>
  7938. <PROCESSLIST>
  7939. <PROCESS>*</PROCESS>
  7940. <PROCESS>FGDK.DLL</PROCESS>
  7941. </PROCESSLIST>
  7942. <CLSIDLIST>
  7943. <CLSID>{40D93524-EA38-51BE-D502-60557CF2733D}</CLSID>
  7944. </CLSIDLIST>
  7945. <SUMMARY>Unknown BHO (FGDK.DLL)</SUMMARY>
  7946. <DEFAULTINSTALLPATHLIST>
  7947. </DEFAULTINSTALLPATHLIST>
  7948. <CATEGORY>ADWARE</CATEGORY>
  7949. <CONDITIONLIST>
  7950. </CONDITIONLIST>
  7951. <OPERATOR>AND</OPERATOR>
  7952. <THREATLEVEL>10</THREATLEVEL>
  7953. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7954. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7955. </PROCESSDESCRIPTOR>
  7956. <PROCESSDESCRIPTOR>
  7957. <ID>660</ID>
  7958. <PROCESSLIST>
  7959. <PROCESS>*</PROCESS>
  7960. <PROCESS>FCAJIF.DLL</PROCESS>
  7961. </PROCESSLIST>
  7962. <CLSIDLIST>
  7963. <CLSID>{0D70F311-3511-4918-9B0E-05F12D72A8B1}</CLSID>
  7964. </CLSIDLIST>
  7965. <SUMMARY>Unknown BHO (FCAJIF.DLL)</SUMMARY>
  7966. <DEFAULTINSTALLPATHLIST>
  7967. </DEFAULTINSTALLPATHLIST>
  7968. <CATEGORY>ADWARE</CATEGORY>
  7969. <CONDITIONLIST>
  7970. </CONDITIONLIST>
  7971. <OPERATOR>AND</OPERATOR>
  7972. <THREATLEVEL>10</THREATLEVEL>
  7973. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7974. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7975. </PROCESSDESCRIPTOR>
  7976. <PROCESSDESCRIPTOR>
  7977. <ID>661</ID>
  7978. <PROCESSLIST>
  7979. <PROCESS>*</PROCESS>
  7980. <PROCESS>(VWRIKU.EXE)</PROCESS>
  7981. </PROCESSLIST>
  7982. <CLSIDLIST>
  7983. </CLSIDLIST>
  7984. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  7985. <DEFAULTINSTALLPATHLIST>
  7986. </DEFAULTINSTALLPATHLIST>
  7987. <CATEGORY>ADWARE</CATEGORY>
  7988. <CONDITIONLIST>
  7989. <CONDITION>MD5=61cfa0ded5666d451158c6f9a9a75854</CONDITION>
  7990. </CONDITIONLIST>
  7991. <OPERATOR>AND</OPERATOR>
  7992. <THREATLEVEL>10</THREATLEVEL>
  7993. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  7994. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  7995. </PROCESSDESCRIPTOR>
  7996. <PROCESSDESCRIPTOR>
  7997. <ID>662</ID>
  7998. <PROCESSLIST>
  7999. <PROCESS>*</PROCESS>
  8000. <PROCESS>_SUPERBAR.DLL</PROCESS>
  8001. </PROCESSLIST>
  8002. <CLSIDLIST>
  8003. <CLSID>{136A9D1D-1F4B-43D4-8359-6F2382449255}</CLSID>
  8004. </CLSIDLIST>
  8005. <SUMMARY>Adware.SuperBar.BHO</SUMMARY>
  8006. <DEFAULTINSTALLPATHLIST>
  8007. </DEFAULTINSTALLPATHLIST>
  8008. <CATEGORY>ADWARE</CATEGORY>
  8009. <CONDITIONLIST>
  8010. </CONDITIONLIST>
  8011. <OPERATOR>AND</OPERATOR>
  8012. <THREATLEVEL>10</THREATLEVEL>
  8013. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8014. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8015. </PROCESSDESCRIPTOR>
  8016. <PROCESSDESCRIPTOR>
  8017. <ID>663</ID>
  8018. <PROCESSLIST>
  8019. <PROCESS>*</PROCESS>
  8020. <PROCESS>(MZLDMD.EXE)</PROCESS>
  8021. </PROCESSLIST>
  8022. <CLSIDLIST>
  8023. </CLSIDLIST>
  8024. <SUMMARY>MZLDMD.EXE</SUMMARY>
  8025. <DEFAULTINSTALLPATHLIST>
  8026. </DEFAULTINSTALLPATHLIST>
  8027. <CATEGORY>ADWARE</CATEGORY>
  8028. <CONDITIONLIST>
  8029. <CONDITION>MD5=ae0febc55105501a84e13e70e2bc1d14</CONDITION>
  8030. </CONDITIONLIST>
  8031. <OPERATOR>AND</OPERATOR>
  8032. <THREATLEVEL>10</THREATLEVEL>
  8033. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8034. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8035. </PROCESSDESCRIPTOR>
  8036. <PROCESSDESCRIPTOR>
  8037. <ID>664</ID>
  8038. <PROCESSLIST>
  8039. <PROCESS>*</PROCESS>
  8040. <PROCESS>(EVSEYNQS.EXE)</PROCESS>
  8041. </PROCESSLIST>
  8042. <CLSIDLIST>
  8043. </CLSIDLIST>
  8044. <SUMMARY>EVSEYNQS.EXE</SUMMARY>
  8045. <DEFAULTINSTALLPATHLIST>
  8046. </DEFAULTINSTALLPATHLIST>
  8047. <CATEGORY>ADWARE</CATEGORY>
  8048. <CONDITIONLIST>
  8049. <CONDITION>MD5=6abc803c8be2a3f5c827285df0ed45d5</CONDITION>
  8050. </CONDITIONLIST>
  8051. <OPERATOR>AND</OPERATOR>
  8052. <THREATLEVEL>10</THREATLEVEL>
  8053. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8054. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8055. </PROCESSDESCRIPTOR>
  8056. <PROCESSDESCRIPTOR>
  8057. <ID>665</ID>
  8058. <PROCESSLIST>
  8059. <PROCESS>*</PROCESS>
  8060. <PROCESS>(SLTE.EXE)</PROCESS>
  8061. </PROCESSLIST>
  8062. <CLSIDLIST>
  8063. </CLSIDLIST>
  8064. <SUMMARY>SLTE.EXE</SUMMARY>
  8065. <DEFAULTINSTALLPATHLIST>
  8066. </DEFAULTINSTALLPATHLIST>
  8067. <CATEGORY>ADWARE</CATEGORY>
  8068. <CONDITIONLIST>
  8069. <CONDITION>MD5=e1cf3c39d84778c2ebf86ad1e52d5d30</CONDITION>
  8070. </CONDITIONLIST>
  8071. <OPERATOR>AND</OPERATOR>
  8072. <THREATLEVEL>10</THREATLEVEL>
  8073. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8074. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8075. </PROCESSDESCRIPTOR>
  8076. <PROCESSDESCRIPTOR>
  8077. <ID>666</ID>
  8078. <PROCESSLIST>
  8079. <PROCESS>*</PROCESS>
  8080. <PROCESS>LXYIYLED.DLL</PROCESS>
  8081. </PROCESSLIST>
  8082. <CLSIDLIST>
  8083. <CLSID>{57D25058-A0CD-FF9F-9FC9-0DBB75BE0036}</CLSID>
  8084. </CLSIDLIST>
  8085. <SUMMARY>Unknown BHO (LXYIYLED.DLL)</SUMMARY>
  8086. <DEFAULTINSTALLPATHLIST>
  8087. </DEFAULTINSTALLPATHLIST>
  8088. <CATEGORY>ADWARE</CATEGORY>
  8089. <CONDITIONLIST>
  8090. </CONDITIONLIST>
  8091. <OPERATOR>AND</OPERATOR>
  8092. <THREATLEVEL>10</THREATLEVEL>
  8093. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8094. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8095. </PROCESSDESCRIPTOR>
  8096. <PROCESSDESCRIPTOR>
  8097. <ID>667</ID>
  8098. <PROCESSLIST>
  8099. <PROCESS>*</PROCESS>
  8100. <PROCESS>EZISTMNG.DLL</PROCESS>
  8101. </PROCESSLIST>
  8102. <CLSIDLIST>
  8103. <CLSID>{0813429C-FA2F-FEFC-0A46-FBCACFD79E9D}</CLSID>
  8104. </CLSIDLIST>
  8105. <SUMMARY>Unknown BHO (EZISTMNG.DLL)</SUMMARY>
  8106. <DEFAULTINSTALLPATHLIST>
  8107. </DEFAULTINSTALLPATHLIST>
  8108. <CATEGORY>ADWARE</CATEGORY>
  8109. <CONDITIONLIST>
  8110. </CONDITIONLIST>
  8111. <OPERATOR>AND</OPERATOR>
  8112. <THREATLEVEL>10</THREATLEVEL>
  8113. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8114. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8115. </PROCESSDESCRIPTOR>
  8116. <PROCESSDESCRIPTOR>
  8117. <ID>668</ID>
  8118. <PROCESSLIST>
  8119. <PROCESS>*</PROCESS>
  8120. <PROCESS>ESYN.DLL</PROCESS>
  8121. </PROCESSLIST>
  8122. <CLSIDLIST>
  8123. <CLSID>{CC378B83-9577-44D0-B4F8-0DD965E176FC}</CLSID>
  8124. </CLSIDLIST>
  8125. <SUMMARY>ESyndicate BHO</SUMMARY>
  8126. <DEFAULTINSTALLPATHLIST>
  8127. </DEFAULTINSTALLPATHLIST>
  8128. <CATEGORY>ADWARE</CATEGORY>
  8129. <CONDITIONLIST>
  8130. </CONDITIONLIST>
  8131. <OPERATOR>AND</OPERATOR>
  8132. <THREATLEVEL>10</THREATLEVEL>
  8133. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8134. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8135. </PROCESSDESCRIPTOR>
  8136. <PROCESSDESCRIPTOR>
  8137. <ID>669</ID>
  8138. <PROCESSLIST>
  8139. <PROCESS>*</PROCESS>
  8140. <PROCESS>SFG_0C64.DLL</PROCESS>
  8141. <PROCESS>SFG_7B82.DLL</PROCESS>
  8142. </PROCESSLIST>
  8143. <CLSIDLIST>
  8144. <CLSID>{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}</CLSID>
  8145. </CLSIDLIST>
  8146. <SUMMARY>SafeGuardProtect Object BHO</SUMMARY>
  8147. <DEFAULTINSTALLPATHLIST>
  8148. </DEFAULTINSTALLPATHLIST>
  8149. <CATEGORY>ADWARE</CATEGORY>
  8150. <CONDITIONLIST>
  8151. </CONDITIONLIST>
  8152. <OPERATOR>AND</OPERATOR>
  8153. <THREATLEVEL>10</THREATLEVEL>
  8154. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8155. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8156. </PROCESSDESCRIPTOR>
  8157. <PROCESSDESCRIPTOR>
  8158. <ID>670</ID>
  8159. <PROCESSLIST>
  8160. <PROCESS>*</PROCESS>
  8161. <PROCESS>LOCATORS.DLL</PROCESS>
  8162. </PROCESSLIST>
  8163. <CLSIDLIST>
  8164. <CLSID>{E720B458-B65A-438C-9FF3-B1DF65D7DB3E}</CLSID>
  8165. </CLSIDLIST>
  8166. <SUMMARY>Locators Toolbar</SUMMARY>
  8167. <DEFAULTINSTALLPATHLIST>
  8168. </DEFAULTINSTALLPATHLIST>
  8169. <CATEGORY>ADWARE</CATEGORY>
  8170. <CONDITIONLIST>
  8171. </CONDITIONLIST>
  8172. <OPERATOR>AND</OPERATOR>
  8173. <THREATLEVEL>10</THREATLEVEL>
  8174. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8175. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8176. </PROCESSDESCRIPTOR>
  8177. <PROCESSDESCRIPTOR>
  8178. <ID>671</ID>
  8179. <PROCESSLIST>
  8180. <PROCESS>*</PROCESS>
  8181. <PROCESS>1.02.05.DLL</PROCESS>
  8182. </PROCESSLIST>
  8183. <CLSIDLIST>
  8184. <CLSID>{5321E378-FFAD-4999-8C62-03CA8155F0B3}</CLSID>
  8185. </CLSIDLIST>
  8186. <SUMMARY>CoolWebSearch BHO</SUMMARY>
  8187. <DEFAULTINSTALLPATHLIST>
  8188. </DEFAULTINSTALLPATHLIST>
  8189. <CATEGORY>ADWARE</CATEGORY>
  8190. <CONDITIONLIST>
  8191. </CONDITIONLIST>
  8192. <OPERATOR>AND</OPERATOR>
  8193. <THREATLEVEL>10</THREATLEVEL>
  8194. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8195. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8196. </PROCESSDESCRIPTOR>
  8197. <PROCESSDESCRIPTOR>
  8198. <ID>672</ID>
  8199. <PROCESSLIST>
  8200. <PROCESS>*</PROCESS>
  8201. <PROCESS>(EXPLORER.EXE)</PROCESS>
  8202. </PROCESSLIST>
  8203. <CLSIDLIST>
  8204. </CLSIDLIST>
  8205. <SUMMARY>Bogus MS EXPLORER.EXE</SUMMARY>
  8206. <DEFAULTINSTALLPATHLIST>
  8207. </DEFAULTINSTALLPATHLIST>
  8208. <CATEGORY>ADWARE</CATEGORY>
  8209. <CONDITIONLIST>
  8210. <CONDITION>MD5=922829fff074f620606047fd227a9ad3</CONDITION>
  8211. </CONDITIONLIST>
  8212. <OPERATOR>AND</OPERATOR>
  8213. <THREATLEVEL>10</THREATLEVEL>
  8214. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8215. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8216. </PROCESSDESCRIPTOR>
  8217. <PROCESSDESCRIPTOR>
  8218. <ID>673</ID>
  8219. <PROCESSLIST>
  8220. <PROCESS>*</PROCESS>
  8221. <PROCESS>(EXPLORER.EXE)</PROCESS>
  8222. </PROCESSLIST>
  8223. <CLSIDLIST>
  8224. </CLSIDLIST>
  8225. <SUMMARY>EXPLORER.EXE Trojan</SUMMARY>
  8226. <DEFAULTINSTALLPATHLIST>
  8227. </DEFAULTINSTALLPATHLIST>
  8228. <CATEGORY>ADWARE</CATEGORY>
  8229. <CONDITIONLIST>
  8230. <CONDITION>MD5=35b2980034652904e18f453ea5f152db</CONDITION>
  8231. </CONDITIONLIST>
  8232. <OPERATOR>AND</OPERATOR>
  8233. <THREATLEVEL>10</THREATLEVEL>
  8234. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8235. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8236. </PROCESSDESCRIPTOR>
  8237. <PROCESSDESCRIPTOR>
  8238. <ID>674</ID>
  8239. <PROCESSLIST>
  8240. <PROCESS>*</PROCESS>
  8241. <PROCESS>(SERVICES.EXE)</PROCESS>
  8242. </PROCESSLIST>
  8243. <CLSIDLIST>
  8244. </CLSIDLIST>
  8245. <SUMMARY>SERVICES.EXE Trojan</SUMMARY>
  8246. <DEFAULTINSTALLPATHLIST>
  8247. </DEFAULTINSTALLPATHLIST>
  8248. <CATEGORY>ADWARE</CATEGORY>
  8249. <CONDITIONLIST>
  8250. <CONDITION>MD5=0f5650588b927f68f444e4d414a0b695</CONDITION>
  8251. </CONDITIONLIST>
  8252. <OPERATOR>AND</OPERATOR>
  8253. <THREATLEVEL>10</THREATLEVEL>
  8254. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8255. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8256. </PROCESSDESCRIPTOR>
  8257. <PROCESSDESCRIPTOR>
  8258. <ID>675</ID>
  8259. <PROCESSLIST>
  8260. <PROCESS>*</PROCESS>
  8261. <PROCESS>(RVICES~1.EXE)</PROCESS>
  8262. </PROCESSLIST>
  8263. <CLSIDLIST>
  8264. </CLSIDLIST>
  8265. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  8266. <DEFAULTINSTALLPATHLIST>
  8267. </DEFAULTINSTALLPATHLIST>
  8268. <CATEGORY>ADWARE</CATEGORY>
  8269. <CONDITIONLIST>
  8270. <CONDITION>MD5=abb67b1a48f74deaa76b5771426266a9</CONDITION>
  8271. </CONDITIONLIST>
  8272. <OPERATOR>AND</OPERATOR>
  8273. <THREATLEVEL>10</THREATLEVEL>
  8274. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8275. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8276. </PROCESSDESCRIPTOR>
  8277. <PROCESSDESCRIPTOR>
  8278. <ID>676</ID>
  8279. <PROCESSLIST>
  8280. <PROCESS>*</PROCESS>
  8281. <PROCESS>IECUST.DLL</PROCESS>
  8282. </PROCESSLIST>
  8283. <CLSIDLIST>
  8284. <CLSID>{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}</CLSID>
  8285. </CLSIDLIST>
  8286. <SUMMARY>FreshBar Toolbar</SUMMARY>
  8287. <DEFAULTINSTALLPATHLIST>
  8288. </DEFAULTINSTALLPATHLIST>
  8289. <CATEGORY>ADWARE</CATEGORY>
  8290. <CONDITIONLIST>
  8291. </CONDITIONLIST>
  8292. <OPERATOR>AND</OPERATOR>
  8293. <THREATLEVEL>10</THREATLEVEL>
  8294. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8295. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8296. </PROCESSDESCRIPTOR>
  8297. <PROCESSDESCRIPTOR>
  8298. <ID>677</ID>
  8299. <PROCESSLIST>
  8300. <PROCESS>*</PROCESS>
  8301. <PROCESS>LOPTCON.DLL</PROCESS>
  8302. </PROCESSLIST>
  8303. <CLSIDLIST>
  8304. <CLSID>{D63F74E4-9487-A743-1E22-F8BC2BA6A8A4}</CLSID>
  8305. </CLSIDLIST>
  8306. <SUMMARY>Unknown URL Search Hook</SUMMARY>
  8307. <DEFAULTINSTALLPATHLIST>
  8308. </DEFAULTINSTALLPATHLIST>
  8309. <CATEGORY>ADWARE</CATEGORY>
  8310. <CONDITIONLIST>
  8311. </CONDITIONLIST>
  8312. <OPERATOR>AND</OPERATOR>
  8313. <THREATLEVEL>10</THREATLEVEL>
  8314. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8315. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8316. </PROCESSDESCRIPTOR>
  8317. <PROCESSDESCRIPTOR>
  8318. <ID>678</ID>
  8319. <PROCESSLIST>
  8320. <PROCESS>*</PROCESS>
  8321. <PROCESS>SERVERSIDE.DLL</PROCESS>
  8322. </PROCESSLIST>
  8323. <CLSIDLIST>
  8324. <CLSID>{7FC56022-4EDA-472E-8830-7CA92CCBD025}</CLSID>
  8325. </CLSIDLIST>
  8326. <SUMMARY>ServerSide BHO</SUMMARY>
  8327. <DEFAULTINSTALLPATHLIST>
  8328. </DEFAULTINSTALLPATHLIST>
  8329. <CATEGORY>ADWARE</CATEGORY>
  8330. <CONDITIONLIST>
  8331. </CONDITIONLIST>
  8332. <OPERATOR>AND</OPERATOR>
  8333. <THREATLEVEL>10</THREATLEVEL>
  8334. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8335. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8336. </PROCESSDESCRIPTOR>
  8337. <PROCESSDESCRIPTOR>
  8338. <ID>679</ID>
  8339. <PROCESSLIST>
  8340. <PROCESS>*</PROCESS>
  8341. <PROCESS>RCPIE.DLL</PROCESS>
  8342. </PROCESSLIST>
  8343. <CLSIDLIST>
  8344. <CLSID>{DB263009-466A-44C0-AFF6-C652204B3111}</CLSID>
  8345. <CLSID>{6FF570CD-6E3C-4C88-A4D9-72E6F4C0A021}</CLSID>
  8346. </CLSIDLIST>
  8347. <SUMMARY>Unknown BHO (RCPIE.DLL)</SUMMARY>
  8348. <DEFAULTINSTALLPATHLIST>
  8349. </DEFAULTINSTALLPATHLIST>
  8350. <CATEGORY>ADWARE</CATEGORY>
  8351. <CONDITIONLIST>
  8352. </CONDITIONLIST>
  8353. <OPERATOR>AND</OPERATOR>
  8354. <THREATLEVEL>10</THREATLEVEL>
  8355. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8356. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8357. </PROCESSDESCRIPTOR>
  8358. <PROCESSDESCRIPTOR>
  8359. <ID>680</ID>
  8360. <PROCESSLIST>
  8361. <PROCESS>*</PROCESS>
  8362. <PROCESS>(302.EXE)</PROCESS>
  8363. </PROCESSLIST>
  8364. <CLSIDLIST>
  8365. </CLSIDLIST>
  8366. <SUMMARY>302.EXE</SUMMARY>
  8367. <DEFAULTINSTALLPATHLIST>
  8368. </DEFAULTINSTALLPATHLIST>
  8369. <CATEGORY>ADWARE</CATEGORY>
  8370. <CONDITIONLIST>
  8371. <CONDITION>MD5=9fe3959956a8f73170f84fd883faed0a</CONDITION>
  8372. </CONDITIONLIST>
  8373. <OPERATOR>AND</OPERATOR>
  8374. <THREATLEVEL>10</THREATLEVEL>
  8375. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8376. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8377. </PROCESSDESCRIPTOR>
  8378. <PROCESSDESCRIPTOR>
  8379. <ID>681</ID>
  8380. <PROCESSLIST>
  8381. <PROCESS>*</PROCESS>
  8382. <PROCESS>(GETDNS.EXE)</PROCESS>
  8383. </PROCESSLIST>
  8384. <CLSIDLIST>
  8385. </CLSIDLIST>
  8386. <SUMMARY>GETDNS.EXE</SUMMARY>
  8387. <DEFAULTINSTALLPATHLIST>
  8388. </DEFAULTINSTALLPATHLIST>
  8389. <CATEGORY>ADWARE</CATEGORY>
  8390. <CONDITIONLIST>
  8391. <CONDITION>MD5=9d06dcd8165ff16f8a28bdcb94f7ba69</CONDITION>
  8392. </CONDITIONLIST>
  8393. <OPERATOR>AND</OPERATOR>
  8394. <THREATLEVEL>10</THREATLEVEL>
  8395. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8396. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8397. </PROCESSDESCRIPTOR>
  8398. <PROCESSDESCRIPTOR>
  8399. <ID>682</ID>
  8400. <PROCESSLIST>
  8401. <PROCESS>*</PROCESS>
  8402. <PROCESS>(PINGNET.EXE)</PROCESS>
  8403. </PROCESSLIST>
  8404. <CLSIDLIST>
  8405. </CLSIDLIST>
  8406. <SUMMARY>PINGNET.EXE</SUMMARY>
  8407. <DEFAULTINSTALLPATHLIST>
  8408. </DEFAULTINSTALLPATHLIST>
  8409. <CATEGORY>ADWARE</CATEGORY>
  8410. <CONDITIONLIST>
  8411. <CONDITION>MD5=379f19bdbdb89b0d7590d17b422dcb0a</CONDITION>
  8412. </CONDITIONLIST>
  8413. <OPERATOR>AND</OPERATOR>
  8414. <THREATLEVEL>10</THREATLEVEL>
  8415. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8416. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8417. </PROCESSDESCRIPTOR>
  8418. <PROCESSDESCRIPTOR>
  8419. <ID>683</ID>
  8420. <PROCESSLIST>
  8421. <PROCESS>*</PROCESS>
  8422. <PROCESS>(ODCFG.EXE)</PROCESS>
  8423. </PROCESSLIST>
  8424. <CLSIDLIST>
  8425. </CLSIDLIST>
  8426. <SUMMARY>ODCFG.EXE</SUMMARY>
  8427. <DEFAULTINSTALLPATHLIST>
  8428. </DEFAULTINSTALLPATHLIST>
  8429. <CATEGORY>ADWARE</CATEGORY>
  8430. <CONDITIONLIST>
  8431. <CONDITION>MD5=1d5a68bbcf19dd61099ceeb1dd0ad0c2</CONDITION>
  8432. </CONDITIONLIST>
  8433. <OPERATOR>AND</OPERATOR>
  8434. <THREATLEVEL>10</THREATLEVEL>
  8435. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8436. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8437. </PROCESSDESCRIPTOR>
  8438. <PROCESSDESCRIPTOR>
  8439. <ID>684</ID>
  8440. <PROCESSLIST>
  8441. <PROCESS>*</PROCESS>
  8442. <PROCESS>INSTAFIN.DLL</PROCESS>
  8443. </PROCESSLIST>
  8444. <CLSIDLIST>
  8445. <CLSID>{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}</CLSID>
  8446. </CLSIDLIST>
  8447. <SUMMARY>InstaFinder BHO</SUMMARY>
  8448. <DEFAULTINSTALLPATHLIST>
  8449. </DEFAULTINSTALLPATHLIST>
  8450. <CATEGORY>ADWARE</CATEGORY>
  8451. <CONDITIONLIST>
  8452. </CONDITIONLIST>
  8453. <OPERATOR>AND</OPERATOR>
  8454. <THREATLEVEL>10</THREATLEVEL>
  8455. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8456. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8457. </PROCESSDESCRIPTOR>
  8458. <PROCESSDESCRIPTOR>
  8459. <ID>689</ID>
  8460. <PROCESSLIST>
  8461. <PROCESS>*</PROCESS>
  8462. <PROCESS>(GJJ1YE.EXE)</PROCESS>
  8463. </PROCESSLIST>
  8464. <CLSIDLIST>
  8465. </CLSIDLIST>
  8466. <SUMMARY>GJJ1YE.EXE</SUMMARY>
  8467. <DEFAULTINSTALLPATHLIST>
  8468. </DEFAULTINSTALLPATHLIST>
  8469. <CATEGORY>ADWARE</CATEGORY>
  8470. <CONDITIONLIST>
  8471. <CONDITION>MD5=cc1573eea9bf5464fd90ee2aa0195944</CONDITION>
  8472. </CONDITIONLIST>
  8473. <OPERATOR>AND</OPERATOR>
  8474. <THREATLEVEL>10</THREATLEVEL>
  8475. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8476. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8477. </PROCESSDESCRIPTOR>
  8478. <PROCESSDESCRIPTOR>
  8479. <ID>690</ID>
  8480. <PROCESSLIST>
  8481. <PROCESS>*</PROCESS>
  8482. <PROCESS>(10MINSITE.EXE)</PROCESS>
  8483. </PROCESSLIST>
  8484. <CLSIDLIST>
  8485. </CLSIDLIST>
  8486. <SUMMARY>10MINSITE.EXE</SUMMARY>
  8487. <DEFAULTINSTALLPATHLIST>
  8488. </DEFAULTINSTALLPATHLIST>
  8489. <CATEGORY>ADWARE</CATEGORY>
  8490. <CONDITIONLIST>
  8491. <CONDITION>MD5=f4f6b059fb8daa6fce1654f004504a1d</CONDITION>
  8492. </CONDITIONLIST>
  8493. <OPERATOR>AND</OPERATOR>
  8494. <THREATLEVEL>10</THREATLEVEL>
  8495. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8496. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8497. </PROCESSDESCRIPTOR>
  8498. <PROCESSDESCRIPTOR>
  8499. <ID>691</ID>
  8500. <PROCESSLIST>
  8501. <PROCESS>*</PROCESS>
  8502. <PROCESS>(BW2.EXE)</PROCESS>
  8503. </PROCESSLIST>
  8504. <CLSIDLIST>
  8505. </CLSIDLIST>
  8506. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  8507. <DEFAULTINSTALLPATHLIST>
  8508. </DEFAULTINSTALLPATHLIST>
  8509. <CATEGORY>ADWARE</CATEGORY>
  8510. <CONDITIONLIST>
  8511. <CONDITION>MD5=56ca3c622ba84b6aab0286629eb0ef12</CONDITION>
  8512. </CONDITIONLIST>
  8513. <OPERATOR>AND</OPERATOR>
  8514. <THREATLEVEL>10</THREATLEVEL>
  8515. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8516. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8517. </PROCESSDESCRIPTOR>
  8518. <PROCESSDESCRIPTOR>
  8519. <ID>692</ID>
  8520. <PROCESSLIST>
  8521. <PROCESS>*</PROCESS>
  8522. <PROCESS>(SETUP_INCRED_6.EXE)</PROCESS>
  8523. </PROCESSLIST>
  8524. <CLSIDLIST>
  8525. </CLSIDLIST>
  8526. <SUMMARY>Adware.IncrediFind.Installer</SUMMARY>
  8527. <DEFAULTINSTALLPATHLIST>
  8528. </DEFAULTINSTALLPATHLIST>
  8529. <CATEGORY>ADWARE</CATEGORY>
  8530. <CONDITIONLIST>
  8531. <CONDITION>MD5=bf8a832eb8028240b417a12cf25cc2d1</CONDITION>
  8532. </CONDITIONLIST>
  8533. <OPERATOR>AND</OPERATOR>
  8534. <THREATLEVEL>10</THREATLEVEL>
  8535. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8536. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8537. </PROCESSDESCRIPTOR>
  8538. <PROCESSDESCRIPTOR>
  8539. <ID>693</ID>
  8540. <PROCESSLIST>
  8541. <PROCESS>*</PROCESS>
  8542. <PROCESS>(TIPB.EXE)</PROCESS>
  8543. </PROCESSLIST>
  8544. <CLSIDLIST>
  8545. </CLSIDLIST>
  8546. <SUMMARY>Adware.IncrediFind.Process</SUMMARY>
  8547. <DEFAULTINSTALLPATHLIST>
  8548. </DEFAULTINSTALLPATHLIST>
  8549. <CATEGORY>ADWARE</CATEGORY>
  8550. <CONDITIONLIST>
  8551. <CONDITION>MD5=a1396f473eb29f86e0edd0f8f25f4db9</CONDITION>
  8552. </CONDITIONLIST>
  8553. <OPERATOR>AND</OPERATOR>
  8554. <THREATLEVEL>10</THREATLEVEL>
  8555. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8556. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8557. </PROCESSDESCRIPTOR>
  8558. <PROCESSDESCRIPTOR>
  8559. <ID>694</ID>
  8560. <PROCESSLIST>
  8561. <PROCESS>*</PROCESS>
  8562. <PROCESS>(BUNDLE~1.EXE)</PROCESS>
  8563. </PROCESSLIST>
  8564. <CLSIDLIST>
  8565. </CLSIDLIST>
  8566. <SUMMARY>Adware.Spyware Labs.Installer</SUMMARY>
  8567. <DEFAULTINSTALLPATHLIST>
  8568. </DEFAULTINSTALLPATHLIST>
  8569. <CATEGORY>ADWARE</CATEGORY>
  8570. <CONDITIONLIST>
  8571. <CONDITION>MD5=8030c49a7b522c11cf12b9171d872055</CONDITION>
  8572. </CONDITIONLIST>
  8573. <OPERATOR>AND</OPERATOR>
  8574. <THREATLEVEL>10</THREATLEVEL>
  8575. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8576. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8577. </PROCESSDESCRIPTOR>
  8578. <PROCESSDESCRIPTOR>
  8579. <ID>695</ID>
  8580. <PROCESSLIST>
  8581. <PROCESS>*</PROCESS>
  8582. <PROCESS>(GLB2E.TMP)</PROCESS>
  8583. </PROCESSLIST>
  8584. <CLSIDLIST>
  8585. </CLSIDLIST>
  8586. <SUMMARY>Adware.Spyware Labs.Installer</SUMMARY>
  8587. <DEFAULTINSTALLPATHLIST>
  8588. </DEFAULTINSTALLPATHLIST>
  8589. <CATEGORY>ADWARE</CATEGORY>
  8590. <CONDITIONLIST>
  8591. <CONDITION>MD5=11f4fce437e9f567b9df81b5f520c08e</CONDITION>
  8592. </CONDITIONLIST>
  8593. <OPERATOR>AND</OPERATOR>
  8594. <THREATLEVEL>10</THREATLEVEL>
  8595. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8596. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8597. </PROCESSDESCRIPTOR>
  8598. <PROCESSDESCRIPTOR>
  8599. <ID>696</ID>
  8600. <PROCESSLIST>
  8601. <PROCESS>*</PROCESS>
  8602. <PROCESS>(WRAPPEROUTER.EXE)</PROCESS>
  8603. </PROCESSLIST>
  8604. <CLSIDLIST>
  8605. </CLSIDLIST>
  8606. <SUMMARY>Adware.Spyware Labs.Installer</SUMMARY>
  8607. <DEFAULTINSTALLPATHLIST>
  8608. </DEFAULTINSTALLPATHLIST>
  8609. <CATEGORY>ADWARE</CATEGORY>
  8610. <CONDITIONLIST>
  8611. <CONDITION>MD5=7252339ab94c12d904be6c37ce229833</CONDITION>
  8612. </CONDITIONLIST>
  8613. <OPERATOR>AND</OPERATOR>
  8614. <THREATLEVEL>10</THREATLEVEL>
  8615. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8616. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8617. </PROCESSDESCRIPTOR>
  8618. <PROCESSDESCRIPTOR>
  8619. <ID>697</ID>
  8620. <PROCESSLIST>
  8621. <PROCESS>*</PROCESS>
  8622. <PROCESS>(GLB27.TMP)</PROCESS>
  8623. </PROCESSLIST>
  8624. <CLSIDLIST>
  8625. </CLSIDLIST>
  8626. <SUMMARY>Adware.Spyware Labs.Installer</SUMMARY>
  8627. <DEFAULTINSTALLPATHLIST>
  8628. </DEFAULTINSTALLPATHLIST>
  8629. <CATEGORY>ADWARE</CATEGORY>
  8630. <CONDITIONLIST>
  8631. <CONDITION>MD5=ce01f4844442a4368339bdedbad4880d</CONDITION>
  8632. </CONDITIONLIST>
  8633. <OPERATOR>AND</OPERATOR>
  8634. <THREATLEVEL>10</THREATLEVEL>
  8635. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8636. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8637. </PROCESSDESCRIPTOR>
  8638. <PROCESSDESCRIPTOR>
  8639. <ID>698</ID>
  8640. <PROCESSLIST>
  8641. <PROCESS>*</PROCESS>
  8642. </PROCESSLIST>
  8643. <CLSIDLIST>
  8644. </CLSIDLIST>
  8645. <SUMMARY>Adware.Spyware Labs.Installer</SUMMARY>
  8646. <DEFAULTINSTALLPATHLIST>
  8647. </DEFAULTINSTALLPATHLIST>
  8648. <CATEGORY>ADWARE</CATEGORY>
  8649. <CONDITIONLIST>
  8650. <CONDITION>FILEDESCRIPTION~Ad Destroyer and Virtual Bouncer</CONDITION>
  8651. </CONDITIONLIST>
  8652. <OPERATOR>AND</OPERATOR>
  8653. <THREATLEVEL>10</THREATLEVEL>
  8654. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8655. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8656. </PROCESSDESCRIPTOR>
  8657. <PROCESSDESCRIPTOR>
  8658. <ID>699</ID>
  8659. <PROCESSLIST>
  8660. <PROCESS>*</PROCESS>
  8661. <PROCESS>(TEMP5343.EXE)</PROCESS>
  8662. </PROCESSLIST>
  8663. <CLSIDLIST>
  8664. </CLSIDLIST>
  8665. <SUMMARY>TEMP5343.EXE</SUMMARY>
  8666. <DEFAULTINSTALLPATHLIST>
  8667. </DEFAULTINSTALLPATHLIST>
  8668. <CATEGORY>ADWARE</CATEGORY>
  8669. <CONDITIONLIST>
  8670. <CONDITION>MD5=2c8ed7c49e6342fa684c088831e50cc4</CONDITION>
  8671. </CONDITIONLIST>
  8672. <OPERATOR>AND</OPERATOR>
  8673. <THREATLEVEL>10</THREATLEVEL>
  8674. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8675. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8676. </PROCESSDESCRIPTOR>
  8677. <PROCESSDESCRIPTOR>
  8678. <ID>700</ID>
  8679. <PROCESSLIST>
  8680. <PROCESS>*</PROCESS>
  8681. <PROCESS>(PROT.EXE)</PROCESS>
  8682. <PROCESS>(PROTAS.EXE)</PROCESS>
  8683. <PROCESS>(KALVLFH32.EXE)</PROCESS>
  8684. <PROCESS>(KALVTEO32.EXE)</PROCESS>
  8685. </PROCESSLIST>
  8686. <CLSIDLIST>
  8687. </CLSIDLIST>
  8688. <SUMMARY>PROT.EXE</SUMMARY>
  8689. <DEFAULTINSTALLPATHLIST>
  8690. </DEFAULTINSTALLPATHLIST>
  8691. <CATEGORY>ADWARE</CATEGORY>
  8692. <CONDITIONLIST>
  8693. <CONDITION>MD5=5c7c95ddcf329435332cdb859ca659ac</CONDITION>
  8694. </CONDITIONLIST>
  8695. <OPERATOR>AND</OPERATOR>
  8696. <THREATLEVEL>10</THREATLEVEL>
  8697. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8698. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8699. </PROCESSDESCRIPTOR>
  8700. <PROCESSDESCRIPTOR>
  8701. <ID>701</ID>
  8702. <PROCESSLIST>
  8703. <PROCESS>*</PROCESS>
  8704. <PROCESS>(SIDEBDD.EXE)</PROCESS>
  8705. </PROCESSLIST>
  8706. <CLSIDLIST>
  8707. </CLSIDLIST>
  8708. <SUMMARY>SIDEBDD.EXE</SUMMARY>
  8709. <DEFAULTINSTALLPATHLIST>
  8710. </DEFAULTINSTALLPATHLIST>
  8711. <CATEGORY>ADWARE</CATEGORY>
  8712. <CONDITIONLIST>
  8713. <CONDITION>MD5=133329fa670554e10a6a4a7ccb6d18e4</CONDITION>
  8714. </CONDITIONLIST>
  8715. <OPERATOR>AND</OPERATOR>
  8716. <THREATLEVEL>10</THREATLEVEL>
  8717. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8718. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8719. </PROCESSDESCRIPTOR>
  8720. <PROCESSDESCRIPTOR>
  8721. <ID>702</ID>
  8722. <PROCESSLIST>
  8723. <PROCESS>*</PROCESS>
  8724. <PROCESS>(MS29.TMP)</PROCESS>
  8725. </PROCESSLIST>
  8726. <CLSIDLIST>
  8727. </CLSIDLIST>
  8728. <SUMMARY>MS29.TMP</SUMMARY>
  8729. <DEFAULTINSTALLPATHLIST>
  8730. </DEFAULTINSTALLPATHLIST>
  8731. <CATEGORY>ADWARE</CATEGORY>
  8732. <CONDITIONLIST>
  8733. <CONDITION>MD5=bd52da3497274dd1bc4bae40bdced21d</CONDITION>
  8734. </CONDITIONLIST>
  8735. <OPERATOR>AND</OPERATOR>
  8736. <THREATLEVEL>10</THREATLEVEL>
  8737. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8738. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8739. </PROCESSDESCRIPTOR>
  8740. <PROCESSDESCRIPTOR>
  8741. <ID>703</ID>
  8742. <PROCESSLIST>
  8743. <PROCESS>*</PROCESS>
  8744. <PROCESS>(CSH4TB.EXE)</PROCESS>
  8745. </PROCESSLIST>
  8746. <CLSIDLIST>
  8747. </CLSIDLIST>
  8748. <SUMMARY>CSH4TB.EXE</SUMMARY>
  8749. <DEFAULTINSTALLPATHLIST>
  8750. </DEFAULTINSTALLPATHLIST>
  8751. <CATEGORY>ADWARE</CATEGORY>
  8752. <CONDITIONLIST>
  8753. <CONDITION>MD5=9eba667157b036330b38b253529bd812</CONDITION>
  8754. </CONDITIONLIST>
  8755. <OPERATOR>AND</OPERATOR>
  8756. <THREATLEVEL>10</THREATLEVEL>
  8757. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8758. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8759. </PROCESSDESCRIPTOR>
  8760. <PROCESSDESCRIPTOR>
  8761. <ID>704</ID>
  8762. <PROCESSLIST>
  8763. <PROCESS>*</PROCESS>
  8764. <PROCESS>MSKCEO.DLL</PROCESS>
  8765. </PROCESSLIST>
  8766. <CLSIDLIST>
  8767. <CLSID>{00A0A40C-F432-4C59-BA11-B25D142C7AB7}</CLSID>
  8768. </CLSIDLIST>
  8769. <SUMMARY>ClientMan BHO</SUMMARY>
  8770. <DEFAULTINSTALLPATHLIST>
  8771. </DEFAULTINSTALLPATHLIST>
  8772. <CATEGORY>ADWARE</CATEGORY>
  8773. <CONDITIONLIST>
  8774. </CONDITIONLIST>
  8775. <OPERATOR>AND</OPERATOR>
  8776. <THREATLEVEL>10</THREATLEVEL>
  8777. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8778. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8779. </PROCESSDESCRIPTOR>
  8780. <PROCESSDESCRIPTOR>
  8781. <ID>705</ID>
  8782. <PROCESSLIST>
  8783. <PROCESS>*</PROCESS>
  8784. <PROCESS>MSKHHE.DLL</PROCESS>
  8785. </PROCESSLIST>
  8786. <CLSIDLIST>
  8787. <CLSID>{0982868C-47F0-4EFB-A664-C7B0B1015808}</CLSID>
  8788. </CLSIDLIST>
  8789. <SUMMARY>ClientMan BHO</SUMMARY>
  8790. <DEFAULTINSTALLPATHLIST>
  8791. </DEFAULTINSTALLPATHLIST>
  8792. <CATEGORY>ADWARE</CATEGORY>
  8793. <CONDITIONLIST>
  8794. </CONDITIONLIST>
  8795. <OPERATOR>AND</OPERATOR>
  8796. <THREATLEVEL>10</THREATLEVEL>
  8797. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8798. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8799. </PROCESSDESCRIPTOR>
  8800. <PROCESSDESCRIPTOR>
  8801. <ID>706</ID>
  8802. <PROCESSLIST>
  8803. <PROCESS>*</PROCESS>
  8804. <PROCESS>MSEGGO.GIF</PROCESS>
  8805. </PROCESSLIST>
  8806. <CLSIDLIST>
  8807. <CLSID>{25F7FA20-3FC3-11D7-B487-00D05990014C}</CLSID>
  8808. </CLSIDLIST>
  8809. <SUMMARY>ClientMan BHO</SUMMARY>
  8810. <DEFAULTINSTALLPATHLIST>
  8811. </DEFAULTINSTALLPATHLIST>
  8812. <CATEGORY>ADWARE</CATEGORY>
  8813. <CONDITIONLIST>
  8814. </CONDITIONLIST>
  8815. <OPERATOR>AND</OPERATOR>
  8816. <THREATLEVEL>10</THREATLEVEL>
  8817. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8818. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8819. </PROCESSDESCRIPTOR>
  8820. <PROCESSDESCRIPTOR>
  8821. <ID>707</ID>
  8822. <PROCESSLIST>
  8823. <PROCESS>*</PROCESS>
  8824. <PROCESS>MSJFBL.DLL</PROCESS>
  8825. </PROCESSLIST>
  8826. <CLSIDLIST>
  8827. <CLSID>{94927A13-4AAA-476A-989D-392456427688}</CLSID>
  8828. </CLSIDLIST>
  8829. <SUMMARY>ClientMan BHO</SUMMARY>
  8830. <DEFAULTINSTALLPATHLIST>
  8831. </DEFAULTINSTALLPATHLIST>
  8832. <CATEGORY>ADWARE</CATEGORY>
  8833. <CONDITIONLIST>
  8834. </CONDITIONLIST>
  8835. <OPERATOR>AND</OPERATOR>
  8836. <THREATLEVEL>10</THREATLEVEL>
  8837. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8838. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8839. </PROCESSDESCRIPTOR>
  8840. <PROCESSDESCRIPTOR>
  8841. <ID>708</ID>
  8842. <PROCESSLIST>
  8843. <PROCESS>*</PROCESS>
  8844. <PROCESS>MSFAOL.DLL</PROCESS>
  8845. </PROCESSLIST>
  8846. <CLSIDLIST>
  8847. <CLSID>{CC916B4B-BE44-4026-A19D-8C74BBD23361}</CLSID>
  8848. </CLSIDLIST>
  8849. <SUMMARY>ClientMan BHO</SUMMARY>
  8850. <DEFAULTINSTALLPATHLIST>
  8851. </DEFAULTINSTALLPATHLIST>
  8852. <CATEGORY>ADWARE</CATEGORY>
  8853. <CONDITIONLIST>
  8854. </CONDITIONLIST>
  8855. <OPERATOR>AND</OPERATOR>
  8856. <THREATLEVEL>10</THREATLEVEL>
  8857. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8858. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8859. </PROCESSDESCRIPTOR>
  8860. <PROCESSDESCRIPTOR>
  8861. <ID>709</ID>
  8862. <PROCESSLIST>
  8863. <PROCESS>*</PROCESS>
  8864. <PROCESS>MSNKMI.DLL</PROCESS>
  8865. </PROCESSLIST>
  8866. <CLSIDLIST>
  8867. <CLSID>{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}</CLSID>
  8868. </CLSIDLIST>
  8869. <SUMMARY>ClientMan BHO</SUMMARY>
  8870. <DEFAULTINSTALLPATHLIST>
  8871. </DEFAULTINSTALLPATHLIST>
  8872. <CATEGORY>ADWARE</CATEGORY>
  8873. <CONDITIONLIST>
  8874. </CONDITIONLIST>
  8875. <OPERATOR>AND</OPERATOR>
  8876. <THREATLEVEL>10</THREATLEVEL>
  8877. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8878. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8879. </PROCESSDESCRIPTOR>
  8880. <PROCESSDESCRIPTOR>
  8881. <ID>710</ID>
  8882. <PROCESSLIST>
  8883. <PROCESS>*</PROCESS>
  8884. <PROCESS>(C_INST_1006.EXE)</PROCESS>
  8885. </PROCESSLIST>
  8886. <CLSIDLIST>
  8887. </CLSIDLIST>
  8888. <SUMMARY>C_INST_1006.EXE</SUMMARY>
  8889. <DEFAULTINSTALLPATHLIST>
  8890. </DEFAULTINSTALLPATHLIST>
  8891. <CATEGORY>ADWARE</CATEGORY>
  8892. <CONDITIONLIST>
  8893. <CONDITION>MD5=c38f635af036d4347a8c325db6995b7f</CONDITION>
  8894. </CONDITIONLIST>
  8895. <OPERATOR>AND</OPERATOR>
  8896. <THREATLEVEL>10</THREATLEVEL>
  8897. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8898. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8899. </PROCESSDESCRIPTOR>
  8900. <PROCESSDESCRIPTOR>
  8901. <ID>711</ID>
  8902. <PROCESSLIST>
  8903. <PROCESS>SSK.EXE</PROCESS>
  8904. </PROCESSLIST>
  8905. <CLSIDLIST>
  8906. </CLSIDLIST>
  8907. <SUMMARY>SurfSideKick 2 Process</SUMMARY>
  8908. <DEFAULTINSTALLPATHLIST>
  8909. </DEFAULTINSTALLPATHLIST>
  8910. <CATEGORY>ADWARE</CATEGORY>
  8911. <CONDITIONLIST>
  8912. <CONDITION>FILELOCATION~SurfSideKick</CONDITION>
  8913. </CONDITIONLIST>
  8914. <OPERATOR>AND</OPERATOR>
  8915. <THREATLEVEL>10</THREATLEVEL>
  8916. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8917. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8918. </PROCESSDESCRIPTOR>
  8919. <PROCESSDESCRIPTOR>
  8920. <ID>712</ID>
  8921. <PROCESSLIST>
  8922. <PROCESS>SSKUPDATER.EXE</PROCESS>
  8923. </PROCESSLIST>
  8924. <CLSIDLIST>
  8925. </CLSIDLIST>
  8926. <SUMMARY>SurfSideKick 2 Updater</SUMMARY>
  8927. <DEFAULTINSTALLPATHLIST>
  8928. </DEFAULTINSTALLPATHLIST>
  8929. <CATEGORY>ADWARE</CATEGORY>
  8930. <CONDITIONLIST>
  8931. <CONDITION>FILELOCATION~Temp</CONDITION>
  8932. </CONDITIONLIST>
  8933. <OPERATOR>AND</OPERATOR>
  8934. <THREATLEVEL>10</THREATLEVEL>
  8935. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8936. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8937. </PROCESSDESCRIPTOR>
  8938. <PROCESSDESCRIPTOR>
  8939. <ID>713</ID>
  8940. <PROCESSLIST>
  8941. <PROCESS>WINSERVAD.EXE</PROCESS>
  8942. <PROCESS>WINSERVSUIT.EXE</PROCESS>
  8943. </PROCESSLIST>
  8944. <CLSIDLIST>
  8945. </CLSIDLIST>
  8946. <SUMMARY>WINSERVAD.EXE, WINSERVSUIT.EXE</SUMMARY>
  8947. <DEFAULTINSTALLPATHLIST>
  8948. </DEFAULTINSTALLPATHLIST>
  8949. <CATEGORY>ADWARE</CATEGORY>
  8950. <CONDITIONLIST>
  8951. <CONDITION>FILELOCATION~ServeAd</CONDITION>
  8952. </CONDITIONLIST>
  8953. <OPERATOR>AND</OPERATOR>
  8954. <THREATLEVEL>10</THREATLEVEL>
  8955. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8956. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8957. </PROCESSDESCRIPTOR>
  8958. <PROCESSDESCRIPTOR>
  8959. <ID>714</ID>
  8960. <PROCESSLIST>
  8961. <PROCESS>SAHPACKAGE.EXE</PROCESS>
  8962. <PROCESS>SAHPAC~1.EXE</PROCESS>
  8963. </PROCESSLIST>
  8964. <CLSIDLIST>
  8965. </CLSIDLIST>
  8966. <SUMMARY>SAHPACKAGE.EXE</SUMMARY>
  8967. <DEFAULTINSTALLPATHLIST>
  8968. </DEFAULTINSTALLPATHLIST>
  8969. <CATEGORY>ADWARE</CATEGORY>
  8970. <CONDITIONLIST>
  8971. <CONDITION>FILELOCATION~temp</CONDITION>
  8972. </CONDITIONLIST>
  8973. <OPERATOR>AND</OPERATOR>
  8974. <THREATLEVEL>10</THREATLEVEL>
  8975. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8976. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8977. </PROCESSDESCRIPTOR>
  8978. <PROCESSDESCRIPTOR>
  8979. <ID>715</ID>
  8980. <PROCESSLIST>
  8981. <PROCESS>*</PROCESS>
  8982. <PROCESS>DSKTRF.DLL</PROCESS>
  8983. </PROCESSLIST>
  8984. <CLSIDLIST>
  8985. <CLSID>{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01}</CLSID>
  8986. </CLSIDLIST>
  8987. <SUMMARY>Browser Hijacker.Begin2Search.BHO</SUMMARY>
  8988. <DEFAULTINSTALLPATHLIST>
  8989. </DEFAULTINSTALLPATHLIST>
  8990. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  8991. <CONDITIONLIST>
  8992. </CONDITIONLIST>
  8993. <OPERATOR>AND</OPERATOR>
  8994. <THREATLEVEL>10</THREATLEVEL>
  8995. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  8996. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  8997. </PROCESSDESCRIPTOR>
  8998. <PROCESSDESCRIPTOR>
  8999. <ID>716</ID>
  9000. <PROCESSLIST>
  9001. <PROCESS>*</PROCESS>
  9002. <PROCESS>BTGRAB.DLL</PROCESS>
  9003. </PROCESSLIST>
  9004. <CLSIDLIST>
  9005. <CLSID>{00000000-F09C-02B4-6EC2-AD0300000000}</CLSID>
  9006. </CLSIDLIST>
  9007. <SUMMARY>BTGrab BHO</SUMMARY>
  9008. <DEFAULTINSTALLPATHLIST>
  9009. </DEFAULTINSTALLPATHLIST>
  9010. <CATEGORY>ADWARE</CATEGORY>
  9011. <CONDITIONLIST>
  9012. </CONDITIONLIST>
  9013. <OPERATOR>AND</OPERATOR>
  9014. <THREATLEVEL>10</THREATLEVEL>
  9015. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9016. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9017. </PROCESSDESCRIPTOR>
  9018. <PROCESSDESCRIPTOR>
  9019. <ID>717</ID>
  9020. <PROCESSLIST>
  9021. <PROCESS>*</PROCESS>
  9022. <PROCESS>(EC.TMP)</PROCESS>
  9023. </PROCESSLIST>
  9024. <CLSIDLIST>
  9025. </CLSIDLIST>
  9026. <SUMMARY>EC.TMP</SUMMARY>
  9027. <DEFAULTINSTALLPATHLIST>
  9028. </DEFAULTINSTALLPATHLIST>
  9029. <CATEGORY>ADWARE</CATEGORY>
  9030. <CONDITIONLIST>
  9031. <CONDITION>MD5=9a64892a4e0715cffbeb769cbd8159e5</CONDITION>
  9032. </CONDITIONLIST>
  9033. <OPERATOR>AND</OPERATOR>
  9034. <THREATLEVEL>10</THREATLEVEL>
  9035. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9036. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9037. </PROCESSDESCRIPTOR>
  9038. <PROCESSDESCRIPTOR>
  9039. <ID>718</ID>
  9040. <PROCESSLIST>
  9041. <PROCESS>*</PROCESS>
  9042. <PROCESS>IEXPLORR11.DLL</PROCESS>
  9043. <PROCESS>IEXPLORR22.DLL</PROCESS>
  9044. </PROCESSLIST>
  9045. <CLSIDLIST>
  9046. <CLSID>{BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A}</CLSID>
  9047. <CLSID>{39AF31DD-EAFC-45EA-A56C-385B52E25CC0}</CLSID>
  9048. </CLSIDLIST>
  9049. <SUMMARY>Iexplorr BHO</SUMMARY>
  9050. <DEFAULTINSTALLPATHLIST>
  9051. </DEFAULTINSTALLPATHLIST>
  9052. <CATEGORY>ADWARE</CATEGORY>
  9053. <CONDITIONLIST>
  9054. </CONDITIONLIST>
  9055. <OPERATOR>AND</OPERATOR>
  9056. <THREATLEVEL>10</THREATLEVEL>
  9057. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9058. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9059. </PROCESSDESCRIPTOR>
  9060. <PROCESSDESCRIPTOR>
  9061. <ID>719</ID>
  9062. <PROCESSLIST>
  9063. <PROCESS>*</PROCESS>
  9064. <PROCESS>REDIRECTOR.DLL</PROCESS>
  9065. </PROCESSLIST>
  9066. <CLSIDLIST>
  9067. <CLSID>{D48F2E28-68E2-4920-9848-D6E6C7AB3EB7}</CLSID>
  9068. </CLSIDLIST>
  9069. <SUMMARY>Xupiter BHO</SUMMARY>
  9070. <DEFAULTINSTALLPATHLIST>
  9071. </DEFAULTINSTALLPATHLIST>
  9072. <CATEGORY>ADWARE</CATEGORY>
  9073. <CONDITIONLIST>
  9074. </CONDITIONLIST>
  9075. <OPERATOR>AND</OPERATOR>
  9076. <THREATLEVEL>10</THREATLEVEL>
  9077. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9078. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9079. </PROCESSDESCRIPTOR>
  9080. <PROCESSDESCRIPTOR>
  9081. <ID>720</ID>
  9082. <PROCESSLIST>
  9083. <PROCESS>*</PROCESS>
  9084. <PROCESS>TOOLBAR.DLL</PROCESS>
  9085. </PROCESSLIST>
  9086. <CLSIDLIST>
  9087. <CLSID>{702AD576-FDDB-4d0f-9811-A43252064684}</CLSID>
  9088. </CLSIDLIST>
  9089. <SUMMARY>Xupiter Toolbar</SUMMARY>
  9090. <DEFAULTINSTALLPATHLIST>
  9091. </DEFAULTINSTALLPATHLIST>
  9092. <CATEGORY>ADWARE</CATEGORY>
  9093. <CONDITIONLIST>
  9094. </CONDITIONLIST>
  9095. <OPERATOR>AND</OPERATOR>
  9096. <THREATLEVEL>10</THREATLEVEL>
  9097. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9098. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9099. </PROCESSDESCRIPTOR>
  9100. <PROCESSDESCRIPTOR>
  9101. <ID>721</ID>
  9102. <PROCESSLIST>
  9103. <PROCESS>*</PROCESS>
  9104. <PROCESS>IPINSIGT.DLL</PROCESS>
  9105. </PROCESSLIST>
  9106. <CLSIDLIST>
  9107. <CLSID>{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}</CLSID>
  9108. </CLSIDLIST>
  9109. <SUMMARY>IPInsight BHO</SUMMARY>
  9110. <DEFAULTINSTALLPATHLIST>
  9111. </DEFAULTINSTALLPATHLIST>
  9112. <CATEGORY>ADWARE</CATEGORY>
  9113. <CONDITIONLIST>
  9114. </CONDITIONLIST>
  9115. <OPERATOR>AND</OPERATOR>
  9116. <THREATLEVEL>10</THREATLEVEL>
  9117. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9118. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9119. </PROCESSDESCRIPTOR>
  9120. <PROCESSDESCRIPTOR>
  9121. <ID>722</ID>
  9122. <PROCESSLIST>
  9123. <PROCESS>*</PROCESS>
  9124. <PROCESS>STOOLBAR.DLL</PROCESS>
  9125. </PROCESSLIST>
  9126. <CLSIDLIST>
  9127. <CLSID>{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED}</CLSID>
  9128. </CLSIDLIST>
  9129. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).BHO</SUMMARY>
  9130. <DEFAULTINSTALLPATHLIST>
  9131. </DEFAULTINSTALLPATHLIST>
  9132. <CATEGORY>SPYWARE</CATEGORY>
  9133. <CONDITIONLIST>
  9134. </CONDITIONLIST>
  9135. <OPERATOR>AND</OPERATOR>
  9136. <THREATLEVEL>10</THREATLEVEL>
  9137. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9138. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9139. </PROCESSDESCRIPTOR>
  9140. <PROCESSDESCRIPTOR>
  9141. <ID>723</ID>
  9142. <PROCESSLIST>
  9143. <PROCESS>*</PROCESS>
  9144. <PROCESS>HTTPER.DLL</PROCESS>
  9145. </PROCESSLIST>
  9146. <CLSIDLIST>
  9147. <CLSID>{A5483501-070C-41DD-AF44-9BD8864B3015}</CLSID>
  9148. </CLSIDLIST>
  9149. <SUMMARY>Httper BHO</SUMMARY>
  9150. <DEFAULTINSTALLPATHLIST>
  9151. </DEFAULTINSTALLPATHLIST>
  9152. <CATEGORY>ADWARE</CATEGORY>
  9153. <CONDITIONLIST>
  9154. </CONDITIONLIST>
  9155. <OPERATOR>AND</OPERATOR>
  9156. <THREATLEVEL>10</THREATLEVEL>
  9157. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9158. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9159. </PROCESSDESCRIPTOR>
  9160. <PROCESSDESCRIPTOR>
  9161. <ID>724</ID>
  9162. <PROCESSLIST>
  9163. <PROCESS>*</PROCESS>
  9164. <PROCESS>ZIPCLIX.DLL</PROCESS>
  9165. </PROCESSLIST>
  9166. <CLSIDLIST>
  9167. <CLSID>{319A68DB-06D0-46DA-9F93-A810D5A70836}</CLSID>
  9168. </CLSIDLIST>
  9169. <SUMMARY>Zipclix Toolbar</SUMMARY>
  9170. <DEFAULTINSTALLPATHLIST>
  9171. </DEFAULTINSTALLPATHLIST>
  9172. <CATEGORY>ADWARE</CATEGORY>
  9173. <CONDITIONLIST>
  9174. </CONDITIONLIST>
  9175. <OPERATOR>AND</OPERATOR>
  9176. <THREATLEVEL>10</THREATLEVEL>
  9177. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9178. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9179. </PROCESSDESCRIPTOR>
  9180. <PROCESSDESCRIPTOR>
  9181. <ID>725</ID>
  9182. <PROCESSLIST>
  9183. <PROCESS>ERRORGUARD.EXE</PROCESS>
  9184. </PROCESSLIST>
  9185. <CLSIDLIST>
  9186. </CLSIDLIST>
  9187. <SUMMARY>Error Guard</SUMMARY>
  9188. <DEFAULTINSTALLPATHLIST>
  9189. </DEFAULTINSTALLPATHLIST>
  9190. <CATEGORY>ADWARE</CATEGORY>
  9191. <CONDITIONLIST>
  9192. <CONDITION>FILELOCATION~ERRORGUARD</CONDITION>
  9193. </CONDITIONLIST>
  9194. <OPERATOR>AND</OPERATOR>
  9195. <THREATLEVEL>10</THREATLEVEL>
  9196. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9197. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9198. </PROCESSDESCRIPTOR>
  9199. <PROCESSDESCRIPTOR>
  9200. <ID>726</ID>
  9201. <PROCESSLIST>
  9202. <PROCESS>*</PROCESS>
  9203. <PROCESS>(SATMAT.EXE)</PROCESS>
  9204. </PROCESSLIST>
  9205. <CLSIDLIST>
  9206. </CLSIDLIST>
  9207. <SUMMARY>Adware.BetterInternet.Process</SUMMARY>
  9208. <DEFAULTINSTALLPATHLIST>
  9209. </DEFAULTINSTALLPATHLIST>
  9210. <CATEGORY>ADWARE</CATEGORY>
  9211. <CONDITIONLIST>
  9212. <CONDITION>FILEDESCRIPTION~abetterinternet</CONDITION>
  9213. </CONDITIONLIST>
  9214. <OPERATOR>AND</OPERATOR>
  9215. <THREATLEVEL>10</THREATLEVEL>
  9216. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9217. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9218. </PROCESSDESCRIPTOR>
  9219. <PROCESSDESCRIPTOR>
  9220. <ID>745</ID>
  9221. <PROCESSLIST>
  9222. <PROCESS>*</PROCESS>
  9223. <PROCESS>NEWDOTNET6_38.DLL</PROCESS>
  9224. </PROCESSLIST>
  9225. <CLSIDLIST>
  9226. <CLSID>{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}</CLSID>
  9227. </CLSIDLIST>
  9228. <SUMMARY>Newdotnet BHO</SUMMARY>
  9229. <DEFAULTINSTALLPATHLIST>
  9230. </DEFAULTINSTALLPATHLIST>
  9231. <CATEGORY>ADWARE</CATEGORY>
  9232. <CONDITIONLIST>
  9233. </CONDITIONLIST>
  9234. <OPERATOR>AND</OPERATOR>
  9235. <THREATLEVEL>10</THREATLEVEL>
  9236. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9237. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9238. </PROCESSDESCRIPTOR>
  9239. <PROCESSDESCRIPTOR>
  9240. <ID>747</ID>
  9241. <PROCESSLIST>
  9242. <PROCESS>*</PROCESS>
  9243. <PROCESS>MYSRCHAS.DLL</PROCESS>
  9244. </PROCESSLIST>
  9245. <CLSIDLIST>
  9246. <CLSID>{3D898C55-74CC-4B7C-B5F1-45913F368388}</CLSID>
  9247. <CLSID>{04079851-5845-4DEA-848C-3ECD647AA554}</CLSID>
  9248. </CLSIDLIST>
  9249. <SUMMARY>My Way Search Assistant BHO</SUMMARY>
  9250. <DEFAULTINSTALLPATHLIST>
  9251. </DEFAULTINSTALLPATHLIST>
  9252. <CATEGORY>APPLICATION</CATEGORY>
  9253. <CONDITIONLIST>
  9254. </CONDITIONLIST>
  9255. <OPERATOR>AND</OPERATOR>
  9256. <THREATLEVEL>3</THREATLEVEL>
  9257. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  9258. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  9259. </PROCESSDESCRIPTOR>
  9260. <PROCESSDESCRIPTOR>
  9261. <ID>748</ID>
  9262. <PROCESSLIST>
  9263. <PROCESS>*</PROCESS>
  9264. <PROCESS>ENHTB.DLL</PROCESS>
  9265. </PROCESSLIST>
  9266. <CLSIDLIST>
  9267. <CLSID>{0007522A-2297-43C1-8EB1-C90B0FF20DA5}</CLSID>
  9268. </CLSIDLIST>
  9269. <SUMMARY>wbho2 Module BHO</SUMMARY>
  9270. <DEFAULTINSTALLPATHLIST>
  9271. </DEFAULTINSTALLPATHLIST>
  9272. <CATEGORY>ADWARE</CATEGORY>
  9273. <CONDITIONLIST>
  9274. </CONDITIONLIST>
  9275. <OPERATOR>AND</OPERATOR>
  9276. <THREATLEVEL>10</THREATLEVEL>
  9277. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9278. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9279. </PROCESSDESCRIPTOR>
  9280. <PROCESSDESCRIPTOR>
  9281. <ID>749</ID>
  9282. <PROCESSLIST>
  9283. <PROCESS>*</PROCESS>
  9284. <PROCESS>(07488.EXE)</PROCESS>
  9285. <PROCESS>(NGPW36.EXE)</PROCESS>
  9286. </PROCESSLIST>
  9287. <CLSIDLIST>
  9288. </CLSIDLIST>
  9289. <SUMMARY>07488.EXE, NGPW36.EXE</SUMMARY>
  9290. <DEFAULTINSTALLPATHLIST>
  9291. </DEFAULTINSTALLPATHLIST>
  9292. <CATEGORY>ADWARE</CATEGORY>
  9293. <CONDITIONLIST>
  9294. <CONDITION>MD5=f7725e19c1fd07963af5ec234ed77202</CONDITION>
  9295. </CONDITIONLIST>
  9296. <OPERATOR>AND</OPERATOR>
  9297. <THREATLEVEL>10</THREATLEVEL>
  9298. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9299. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9300. </PROCESSDESCRIPTOR>
  9301. <PROCESSDESCRIPTOR>
  9302. <ID>750</ID>
  9303. <PROCESSLIST>
  9304. <PROCESS>*</PROCESS>
  9305. <PROCESS>(VKYRCQ.EXE)</PROCESS>
  9306. </PROCESSLIST>
  9307. <CLSIDLIST>
  9308. </CLSIDLIST>
  9309. <SUMMARY>VKYRCQ.EXE</SUMMARY>
  9310. <DEFAULTINSTALLPATHLIST>
  9311. </DEFAULTINSTALLPATHLIST>
  9312. <CATEGORY>ADWARE</CATEGORY>
  9313. <CONDITIONLIST>
  9314. <CONDITION>MD5=f24fe041d3e3344ba056c32d89e3f1d7</CONDITION>
  9315. </CONDITIONLIST>
  9316. <OPERATOR>AND</OPERATOR>
  9317. <THREATLEVEL>10</THREATLEVEL>
  9318. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9319. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9320. </PROCESSDESCRIPTOR>
  9321. <PROCESSDESCRIPTOR>
  9322. <ID>780</ID>
  9323. <PROCESSLIST>
  9324. <PROCESS>*</PROCESS>
  9325. <PROCESS>DOWNLO~1.DLL</PROCESS>
  9326. <PROCESS>DOWNLOADHTML.DLL</PROCESS>
  9327. </PROCESSLIST>
  9328. <CLSIDLIST>
  9329. <CLSID>{51641EF3-8A7A-4D84-8659-B0911E947CC8}</CLSID>
  9330. </CLSIDLIST>
  9331. <SUMMARY>AdBars BHO</SUMMARY>
  9332. <DEFAULTINSTALLPATHLIST>
  9333. </DEFAULTINSTALLPATHLIST>
  9334. <CATEGORY>ADWARE</CATEGORY>
  9335. <CONDITIONLIST>
  9336. </CONDITIONLIST>
  9337. <OPERATOR>AND</OPERATOR>
  9338. <THREATLEVEL>10</THREATLEVEL>
  9339. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9340. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9341. </PROCESSDESCRIPTOR>
  9342. <PROCESSDESCRIPTOR>
  9343. <ID>781</ID>
  9344. <PROCESSLIST>
  9345. <PROCESS>*</PROCESS>
  9346. <PROCESS>KGHOST.DLL</PROCESS>
  9347. </PROCESSLIST>
  9348. <CLSIDLIST>
  9349. <CLSID>{968BC8A3-7660-4B12-B2BF-3334775835E1}</CLSID>
  9350. </CLSIDLIST>
  9351. <SUMMARY>KGInternal Class BHO</SUMMARY>
  9352. <DEFAULTINSTALLPATHLIST>
  9353. </DEFAULTINSTALLPATHLIST>
  9354. <CATEGORY>ADWARE</CATEGORY>
  9355. <CONDITIONLIST>
  9356. </CONDITIONLIST>
  9357. <OPERATOR>AND</OPERATOR>
  9358. <THREATLEVEL>10</THREATLEVEL>
  9359. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9360. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9361. </PROCESSDESCRIPTOR>
  9362. <PROCESSDESCRIPTOR>
  9363. <ID>782</ID>
  9364. <PROCESSLIST>
  9365. <PROCESS>*</PROCESS>
  9366. <PROCESS>SERVERSIDE.DLL</PROCESS>
  9367. </PROCESSLIST>
  9368. <CLSIDLIST>
  9369. <CLSID>{7FC56022-4EDA-472E-8830-7CA92CCBD025}</CLSID>
  9370. </CLSIDLIST>
  9371. <SUMMARY>SSInternal Class BHO</SUMMARY>
  9372. <DEFAULTINSTALLPATHLIST>
  9373. </DEFAULTINSTALLPATHLIST>
  9374. <CATEGORY>ADWARE</CATEGORY>
  9375. <CONDITIONLIST>
  9376. </CONDITIONLIST>
  9377. <OPERATOR>AND</OPERATOR>
  9378. <THREATLEVEL>10</THREATLEVEL>
  9379. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9380. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9381. </PROCESSDESCRIPTOR>
  9382. <PROCESSDESCRIPTOR>
  9383. <ID>783</ID>
  9384. <PROCESSLIST>
  9385. <PROCESS>*</PROCESS>
  9386. <PROCESS>NETGUI~1.DLL</PROCESS>
  9387. </PROCESSLIST>
  9388. <CLSIDLIST>
  9389. <CLSID>{08F46458-D00F-4573-8EB3-A9A9E15503F8}</CLSID>
  9390. <CLSID>{4E7BD74F-2B8D-469E-AB8C-E56FA49CA83A}</CLSID>
  9391. </CLSIDLIST>
  9392. <SUMMARY>Grip Toolbar BHO</SUMMARY>
  9393. <DEFAULTINSTALLPATHLIST>
  9394. </DEFAULTINSTALLPATHLIST>
  9395. <CATEGORY>ADWARE</CATEGORY>
  9396. <CONDITIONLIST>
  9397. </CONDITIONLIST>
  9398. <OPERATOR>AND</OPERATOR>
  9399. <THREATLEVEL>10</THREATLEVEL>
  9400. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9401. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9402. </PROCESSDESCRIPTOR>
  9403. <PROCESSDESCRIPTOR>
  9404. <ID>784</ID>
  9405. <PROCESSLIST>
  9406. <PROCESS>*</PROCESS>
  9407. <PROCESS>HE3BBCFF.DLL</PROCESS>
  9408. </PROCESSLIST>
  9409. <CLSIDLIST>
  9410. <CLSID>{000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09}</CLSID>
  9411. <CLSID>{00000000-167B-41bc-95FF-86A07B14712C}</CLSID>
  9412. </CLSIDLIST>
  9413. <SUMMARY>LZIO BHO</SUMMARY>
  9414. <DEFAULTINSTALLPATHLIST>
  9415. </DEFAULTINSTALLPATHLIST>
  9416. <CATEGORY>ADWARE</CATEGORY>
  9417. <CONDITIONLIST>
  9418. </CONDITIONLIST>
  9419. <OPERATOR>AND</OPERATOR>
  9420. <THREATLEVEL>10</THREATLEVEL>
  9421. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9422. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9423. </PROCESSDESCRIPTOR>
  9424. <PROCESSDESCRIPTOR>
  9425. <ID>785</ID>
  9426. <PROCESSLIST>
  9427. <PROCESS>*</PROCESS>
  9428. <PROCESS>IELCAABE.DLL</PROCESS>
  9429. </PROCESSLIST>
  9430. <CLSIDLIST>
  9431. <CLSID>{00000000-64C4-4a64-9767-895AB4921E41}</CLSID>
  9432. </CLSIDLIST>
  9433. <SUMMARY>LZIO BHO</SUMMARY>
  9434. <DEFAULTINSTALLPATHLIST>
  9435. </DEFAULTINSTALLPATHLIST>
  9436. <CATEGORY>ADWARE</CATEGORY>
  9437. <CONDITIONLIST>
  9438. </CONDITIONLIST>
  9439. <OPERATOR>AND</OPERATOR>
  9440. <THREATLEVEL>10</THREATLEVEL>
  9441. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9442. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9443. </PROCESSDESCRIPTOR>
  9444. <PROCESSDESCRIPTOR>
  9445. <ID>786</ID>
  9446. <PROCESSLIST>
  9447. <PROCESS>*</PROCESS>
  9448. <PROCESS>WMCBAACA.DLL</PROCESS>
  9449. </PROCESSLIST>
  9450. <CLSIDLIST>
  9451. <CLSID>{00000000-2565-4c5b-A455-A74C8A2247AB}</CLSID>
  9452. <CLSID>{00000000-0000-41a3-98CF-00000000168B}</CLSID>
  9453. </CLSIDLIST>
  9454. <SUMMARY>LZIO BHO</SUMMARY>
  9455. <DEFAULTINSTALLPATHLIST>
  9456. </DEFAULTINSTALLPATHLIST>
  9457. <CATEGORY>ADWARE</CATEGORY>
  9458. <CONDITIONLIST>
  9459. </CONDITIONLIST>
  9460. <OPERATOR>AND</OPERATOR>
  9461. <THREATLEVEL>10</THREATLEVEL>
  9462. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9463. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9464. </PROCESSDESCRIPTOR>
  9465. <PROCESSDESCRIPTOR>
  9466. <ID>787</ID>
  9467. <PROCESSLIST>
  9468. <PROCESS>*</PROCESS>
  9469. <PROCESS>ICDDEFFF.DLL</PROCESS>
  9470. </PROCESSLIST>
  9471. <CLSIDLIST>
  9472. <CLSID>{00000000-10D6-4e5f-8F7F-29B32C1C0FC4}</CLSID>
  9473. <CLSID>{00000000-0000-0000-BFA1-D7EE6696B865}</CLSID>
  9474. </CLSIDLIST>
  9475. <SUMMARY>LZIO BHO</SUMMARY>
  9476. <DEFAULTINSTALLPATHLIST>
  9477. </DEFAULTINSTALLPATHLIST>
  9478. <CATEGORY>ADWARE</CATEGORY>
  9479. <CONDITIONLIST>
  9480. </CONDITIONLIST>
  9481. <OPERATOR>AND</OPERATOR>
  9482. <THREATLEVEL>10</THREATLEVEL>
  9483. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9484. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9485. </PROCESSDESCRIPTOR>
  9486. <PROCESSDESCRIPTOR>
  9487. <ID>788</ID>
  9488. <PROCESSLIST>
  9489. <PROCESS>*</PROCESS>
  9490. <PROCESS>GRIPCZ29.DLL</PROCESS>
  9491. </PROCESSLIST>
  9492. <CLSIDLIST>
  9493. <CLSID>{4E7BD74F-2B8D-469E-AB8C-E56FA49CA83A}</CLSID>
  9494. </CLSIDLIST>
  9495. <SUMMARY>Grip Toolbar</SUMMARY>
  9496. <DEFAULTINSTALLPATHLIST>
  9497. </DEFAULTINSTALLPATHLIST>
  9498. <CATEGORY>ADWARE</CATEGORY>
  9499. <CONDITIONLIST>
  9500. </CONDITIONLIST>
  9501. <OPERATOR>AND</OPERATOR>
  9502. <THREATLEVEL>10</THREATLEVEL>
  9503. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9504. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9505. </PROCESSDESCRIPTOR>
  9506. <PROCESSDESCRIPTOR>
  9507. <ID>789</ID>
  9508. <PROCESSLIST>
  9509. <PROCESS>*</PROCESS>
  9510. <PROCESS>(RUNDLL32.EXE)</PROCESS>
  9511. </PROCESSLIST>
  9512. <CLSIDLIST>
  9513. </CLSIDLIST>
  9514. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  9515. <DEFAULTINSTALLPATHLIST>
  9516. </DEFAULTINSTALLPATHLIST>
  9517. <CATEGORY>ADWARE</CATEGORY>
  9518. <CONDITIONLIST>
  9519. <CONDITION>MD5=db27ea68b38e0eb26bec887e1cf99241</CONDITION>
  9520. </CONDITIONLIST>
  9521. <OPERATOR>AND</OPERATOR>
  9522. <THREATLEVEL>10</THREATLEVEL>
  9523. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9524. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9525. </PROCESSDESCRIPTOR>
  9526. <PROCESSDESCRIPTOR>
  9527. <ID>790</ID>
  9528. <PROCESSLIST>
  9529. <PROCESS>*</PROCESS>
  9530. <PROCESS>(ELTNGB.EXE)</PROCESS>
  9531. </PROCESSLIST>
  9532. <CLSIDLIST>
  9533. </CLSIDLIST>
  9534. <SUMMARY>ELTNGB.EXE</SUMMARY>
  9535. <DEFAULTINSTALLPATHLIST>
  9536. </DEFAULTINSTALLPATHLIST>
  9537. <CATEGORY>ADWARE</CATEGORY>
  9538. <CONDITIONLIST>
  9539. <CONDITION>MD5=a3499316302cd7ddc8995bd7d83b86a6</CONDITION>
  9540. </CONDITIONLIST>
  9541. <OPERATOR>AND</OPERATOR>
  9542. <THREATLEVEL>10</THREATLEVEL>
  9543. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9544. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9545. </PROCESSDESCRIPTOR>
  9546. <PROCESSDESCRIPTOR>
  9547. <ID>791</ID>
  9548. <PROCESSLIST>
  9549. <PROCESS>*</PROCESS>
  9550. <PROCESS>(F6H.EXE)</PROCESS>
  9551. </PROCESSLIST>
  9552. <CLSIDLIST>
  9553. </CLSIDLIST>
  9554. <SUMMARY>F6H.EXE</SUMMARY>
  9555. <DEFAULTINSTALLPATHLIST>
  9556. </DEFAULTINSTALLPATHLIST>
  9557. <CATEGORY>ADWARE</CATEGORY>
  9558. <CONDITIONLIST>
  9559. <CONDITION>MD5=5462b399b92acfa174d9a0958ec8210e</CONDITION>
  9560. </CONDITIONLIST>
  9561. <OPERATOR>AND</OPERATOR>
  9562. <THREATLEVEL>10</THREATLEVEL>
  9563. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9564. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9565. </PROCESSDESCRIPTOR>
  9566. <PROCESSDESCRIPTOR>
  9567. <ID>792</ID>
  9568. <PROCESSLIST>
  9569. <PROCESS>*</PROCESS>
  9570. <PROCESS>(AMEE.EXE)</PROCESS>
  9571. </PROCESSLIST>
  9572. <CLSIDLIST>
  9573. </CLSIDLIST>
  9574. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  9575. <DEFAULTINSTALLPATHLIST>
  9576. </DEFAULTINSTALLPATHLIST>
  9577. <CATEGORY>ADWARE</CATEGORY>
  9578. <CONDITIONLIST>
  9579. <CONDITION>MD5=0a944c8b87d4e9f05f7f4d950dc72c41</CONDITION>
  9580. </CONDITIONLIST>
  9581. <OPERATOR>AND</OPERATOR>
  9582. <THREATLEVEL>10</THREATLEVEL>
  9583. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9584. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9585. </PROCESSDESCRIPTOR>
  9586. <PROCESSDESCRIPTOR>
  9587. <ID>793</ID>
  9588. <PROCESSLIST>
  9589. <PROCESS>*</PROCESS>
  9590. <PROCESS>BQP.DLL</PROCESS>
  9591. </PROCESSLIST>
  9592. <CLSIDLIST>
  9593. <CLSID>{B1F0D5D0-6C6F-3F93-3E06-62B35BEE0DC4}</CLSID>
  9594. </CLSIDLIST>
  9595. <SUMMARY>Unknown BHO (BQP.DLL)</SUMMARY>
  9596. <DEFAULTINSTALLPATHLIST>
  9597. </DEFAULTINSTALLPATHLIST>
  9598. <CATEGORY>ADWARE</CATEGORY>
  9599. <CONDITIONLIST>
  9600. </CONDITIONLIST>
  9601. <OPERATOR>AND</OPERATOR>
  9602. <THREATLEVEL>10</THREATLEVEL>
  9603. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9604. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9605. </PROCESSDESCRIPTOR>
  9606. <PROCESSDESCRIPTOR>
  9607. <ID>794</ID>
  9608. <PROCESSLIST>
  9609. <PROCESS>*</PROCESS>
  9610. <PROCESS>MIDADDLE.DLL</PROCESS>
  9611. </PROCESSLIST>
  9612. <CLSIDLIST>
  9613. <CLSID>{e8eaeb34-f7b5-4c55-87ff-720faf53d841}</CLSID>
  9614. </CLSIDLIST>
  9615. <SUMMARY>midADdle BHO</SUMMARY>
  9616. <DEFAULTINSTALLPATHLIST>
  9617. </DEFAULTINSTALLPATHLIST>
  9618. <CATEGORY>ADWARE</CATEGORY>
  9619. <CONDITIONLIST>
  9620. </CONDITIONLIST>
  9621. <OPERATOR>AND</OPERATOR>
  9622. <THREATLEVEL>10</THREATLEVEL>
  9623. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9624. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9625. </PROCESSDESCRIPTOR>
  9626. <PROCESSDESCRIPTOR>
  9627. <ID>803</ID>
  9628. <PROCESSLIST>
  9629. <PROCESS>*</PROCESS>
  9630. <PROCESS>(GCNWFYOF.EXE)</PROCESS>
  9631. </PROCESSLIST>
  9632. <CLSIDLIST>
  9633. </CLSIDLIST>
  9634. <SUMMARY>GCNWFYOF.EXE</SUMMARY>
  9635. <DEFAULTINSTALLPATHLIST>
  9636. </DEFAULTINSTALLPATHLIST>
  9637. <CATEGORY>ADWARE</CATEGORY>
  9638. <CONDITIONLIST>
  9639. <CONDITION>MD5=f34d240781be269e89f9d6243f30ff11</CONDITION>
  9640. </CONDITIONLIST>
  9641. <OPERATOR>AND</OPERATOR>
  9642. <THREATLEVEL>10</THREATLEVEL>
  9643. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9644. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9645. </PROCESSDESCRIPTOR>
  9646. <PROCESSDESCRIPTOR>
  9647. <ID>804</ID>
  9648. <PROCESSLIST>
  9649. <PROCESS>*</PROCESS>
  9650. <PROCESS>(AAAVICA.EXE)</PROCESS>
  9651. </PROCESSLIST>
  9652. <CLSIDLIST>
  9653. </CLSIDLIST>
  9654. <SUMMARY>AAAVICA.EXE</SUMMARY>
  9655. <DEFAULTINSTALLPATHLIST>
  9656. </DEFAULTINSTALLPATHLIST>
  9657. <CATEGORY>ADWARE</CATEGORY>
  9658. <CONDITIONLIST>
  9659. <CONDITION>MD5=6f26f9308d831e2ca04f8b2218bbef60</CONDITION>
  9660. </CONDITIONLIST>
  9661. <OPERATOR>AND</OPERATOR>
  9662. <THREATLEVEL>10</THREATLEVEL>
  9663. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9664. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9665. </PROCESSDESCRIPTOR>
  9666. <PROCESSDESCRIPTOR>
  9667. <ID>811</ID>
  9668. <PROCESSLIST>
  9669. <PROCESS>*</PROCESS>
  9670. <PROCESS>(TSEO.EXE)</PROCESS>
  9671. </PROCESSLIST>
  9672. <CLSIDLIST>
  9673. </CLSIDLIST>
  9674. <SUMMARY>TSEO.EXE</SUMMARY>
  9675. <DEFAULTINSTALLPATHLIST>
  9676. </DEFAULTINSTALLPATHLIST>
  9677. <CATEGORY>ADWARE</CATEGORY>
  9678. <CONDITIONLIST>
  9679. <CONDITION>MD5=a4ac46496a550ad01e4504a1264e8dc4</CONDITION>
  9680. </CONDITIONLIST>
  9681. <OPERATOR>AND</OPERATOR>
  9682. <THREATLEVEL>10</THREATLEVEL>
  9683. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9684. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9685. </PROCESSDESCRIPTOR>
  9686. <PROCESSDESCRIPTOR>
  9687. <ID>821</ID>
  9688. <PROCESSLIST>
  9689. <PROCESS>*</PROCESS>
  9690. <PROCESS>MQSBAR.DLL</PROCESS>
  9691. <PROCESS>MQSSRCAS.DLL</PROCESS>
  9692. </PROCESSLIST>
  9693. <CLSIDLIST>
  9694. <CLSID>{0E677221-E309-4341-81BD-3CC3018BF5B3}</CLSID>
  9695. <CLSID>{04011C11-2F3B-44ed-977C-270CA669C6B2}</CLSID>
  9696. </CLSIDLIST>
  9697. <SUMMARY>MyQuickSearch BHO</SUMMARY>
  9698. <DEFAULTINSTALLPATHLIST>
  9699. </DEFAULTINSTALLPATHLIST>
  9700. <CATEGORY>ADWARE</CATEGORY>
  9701. <CONDITIONLIST>
  9702. </CONDITIONLIST>
  9703. <OPERATOR>AND</OPERATOR>
  9704. <THREATLEVEL>10</THREATLEVEL>
  9705. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9706. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9707. </PROCESSDESCRIPTOR>
  9708. <PROCESSDESCRIPTOR>
  9709. <ID>831</ID>
  9710. <PROCESSLIST>
  9711. <PROCESS>*</PROCESS>
  9712. <PROCESS>SPEER.DLL</PROCESS>
  9713. </PROCESSLIST>
  9714. <CLSIDLIST>
  9715. <CLSID>{00000026-8735-428D-B81F-DD098223B25F}</CLSID>
  9716. </CLSIDLIST>
  9717. <SUMMARY>sPeerObj Class BHO</SUMMARY>
  9718. <DEFAULTINSTALLPATHLIST>
  9719. </DEFAULTINSTALLPATHLIST>
  9720. <CATEGORY>ADWARE</CATEGORY>
  9721. <CONDITIONLIST>
  9722. </CONDITIONLIST>
  9723. <OPERATOR>AND</OPERATOR>
  9724. <THREATLEVEL>10</THREATLEVEL>
  9725. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9726. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9727. </PROCESSDESCRIPTOR>
  9728. <PROCESSDESCRIPTOR>
  9729. <ID>834</ID>
  9730. <PROCESSLIST>
  9731. <PROCESS>*</PROCESS>
  9732. <PROCESS>MQSBAR.DLL</PROCESS>
  9733. </PROCESSLIST>
  9734. <CLSIDLIST>
  9735. <CLSID>{0E677229-E309-4341-81BD-3CC3018BF5B3}</CLSID>
  9736. <CLSID>{82315A18-6CFB-44a7-BDFD-90E36537C252}</CLSID>
  9737. </CLSIDLIST>
  9738. <SUMMARY>MyQuickSearch Toolbar</SUMMARY>
  9739. <DEFAULTINSTALLPATHLIST>
  9740. </DEFAULTINSTALLPATHLIST>
  9741. <CATEGORY>ADWARE</CATEGORY>
  9742. <CONDITIONLIST>
  9743. </CONDITIONLIST>
  9744. <OPERATOR>AND</OPERATOR>
  9745. <THREATLEVEL>10</THREATLEVEL>
  9746. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9747. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9748. </PROCESSDESCRIPTOR>
  9749. <PROCESSDESCRIPTOR>
  9750. <ID>987</ID>
  9751. <PROCESSLIST>
  9752. <PROCESS>*</PROCESS>
  9753. <PROCESS>X0FF.DLL</PROCESS>
  9754. <PROCESS>X2FF.DLL</PROCESS>
  9755. </PROCESSLIST>
  9756. <CLSIDLIST>
  9757. <CLSID>{D319662B-D5BF-4538-ADF3-8D3E36362608}</CLSID>
  9758. <CLSID>{AC109D01-32D6-4EB5-8300-D3C5EBAC7C83}</CLSID>
  9759. </CLSIDLIST>
  9760. <SUMMARY>ClearStream Accelerator BHO</SUMMARY>
  9761. <DEFAULTINSTALLPATHLIST>
  9762. </DEFAULTINSTALLPATHLIST>
  9763. <CATEGORY>ADWARE</CATEGORY>
  9764. <CONDITIONLIST>
  9765. </CONDITIONLIST>
  9766. <OPERATOR>AND</OPERATOR>
  9767. <THREATLEVEL>10</THREATLEVEL>
  9768. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9769. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9770. </PROCESSDESCRIPTOR>
  9771. <PROCESSDESCRIPTOR>
  9772. <ID>988</ID>
  9773. <PROCESSLIST>
  9774. <PROCESS>HOSTAK.EXE</PROCESS>
  9775. </PROCESSLIST>
  9776. <CLSIDLIST>
  9777. </CLSIDLIST>
  9778. <SUMMARY>Hostak</SUMMARY>
  9779. <DEFAULTINSTALLPATHLIST>
  9780. </DEFAULTINSTALLPATHLIST>
  9781. <CATEGORY>ADWARE</CATEGORY>
  9782. <CONDITIONLIST>
  9783. <CONDITION>FILELOCATION~SYSTEM</CONDITION>
  9784. </CONDITIONLIST>
  9785. <OPERATOR>AND</OPERATOR>
  9786. <THREATLEVEL>10</THREATLEVEL>
  9787. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9788. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9789. </PROCESSDESCRIPTOR>
  9790. <PROCESSDESCRIPTOR>
  9791. <ID>989</ID>
  9792. <PROCESSLIST>
  9793. <PROCESS>*</PROCESS>
  9794. <PROCESS>(CD1.EXE)</PROCESS>
  9795. </PROCESSLIST>
  9796. <CLSIDLIST>
  9797. </CLSIDLIST>
  9798. <SUMMARY>CD1.EXE</SUMMARY>
  9799. <DEFAULTINSTALLPATHLIST>
  9800. </DEFAULTINSTALLPATHLIST>
  9801. <CATEGORY>WORM</CATEGORY>
  9802. <CONDITIONLIST>
  9803. <CONDITION>MD5=28c58aef3ca87f3475afee7699212599</CONDITION>
  9804. </CONDITIONLIST>
  9805. <OPERATOR>AND</OPERATOR>
  9806. <THREATLEVEL>10</THREATLEVEL>
  9807. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9808. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9809. </PROCESSDESCRIPTOR>
  9810. <PROCESSDESCRIPTOR>
  9811. <ID>990</ID>
  9812. <PROCESSLIST>
  9813. <PROCESS>*</PROCESS>
  9814. <PROCESS>(B.EXE)</PROCESS>
  9815. </PROCESSLIST>
  9816. <CLSIDLIST>
  9817. </CLSIDLIST>
  9818. <SUMMARY>B.EXE</SUMMARY>
  9819. <DEFAULTINSTALLPATHLIST>
  9820. </DEFAULTINSTALLPATHLIST>
  9821. <CATEGORY>WORM</CATEGORY>
  9822. <CONDITIONLIST>
  9823. <CONDITION>MD5=a3cba9887eae326396c9fe3f699a0077</CONDITION>
  9824. </CONDITIONLIST>
  9825. <OPERATOR>AND</OPERATOR>
  9826. <THREATLEVEL>10</THREATLEVEL>
  9827. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9828. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9829. </PROCESSDESCRIPTOR>
  9830. <PROCESSDESCRIPTOR>
  9831. <ID>991</ID>
  9832. <PROCESSLIST>
  9833. <PROCESS>*</PROCESS>
  9834. <PROCESS>(DKIEKWJAA.EXE)</PROCESS>
  9835. </PROCESSLIST>
  9836. <CLSIDLIST>
  9837. </CLSIDLIST>
  9838. <SUMMARY>DKIEKWJAA.EXE</SUMMARY>
  9839. <DEFAULTINSTALLPATHLIST>
  9840. </DEFAULTINSTALLPATHLIST>
  9841. <CATEGORY>ADWARE</CATEGORY>
  9842. <CONDITIONLIST>
  9843. <CONDITION>MD5=5124637ecf329793b1e69a9a89c6a041</CONDITION>
  9844. </CONDITIONLIST>
  9845. <OPERATOR>AND</OPERATOR>
  9846. <THREATLEVEL>10</THREATLEVEL>
  9847. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9848. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9849. </PROCESSDESCRIPTOR>
  9850. <PROCESSDESCRIPTOR>
  9851. <ID>992</ID>
  9852. <PROCESSLIST>
  9853. <PROCESS>*</PROCESS>
  9854. <PROCESS>(OWO.EXE)</PROCESS>
  9855. </PROCESSLIST>
  9856. <CLSIDLIST>
  9857. </CLSIDLIST>
  9858. <SUMMARY>OWO.EXE</SUMMARY>
  9859. <DEFAULTINSTALLPATHLIST>
  9860. </DEFAULTINSTALLPATHLIST>
  9861. <CATEGORY>ADWARE</CATEGORY>
  9862. <CONDITIONLIST>
  9863. <CONDITION>MD5=f6d03f87c912be45853adef68067caf2</CONDITION>
  9864. </CONDITIONLIST>
  9865. <OPERATOR>AND</OPERATOR>
  9866. <THREATLEVEL>10</THREATLEVEL>
  9867. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9868. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9869. </PROCESSDESCRIPTOR>
  9870. <PROCESSDESCRIPTOR>
  9871. <ID>993</ID>
  9872. <PROCESSLIST>
  9873. <PROCESS>*</PROCESS>
  9874. <PROCESS>(YTMCR.EXE)</PROCESS>
  9875. </PROCESSLIST>
  9876. <CLSIDLIST>
  9877. </CLSIDLIST>
  9878. <SUMMARY>YTMCR.EXE</SUMMARY>
  9879. <DEFAULTINSTALLPATHLIST>
  9880. </DEFAULTINSTALLPATHLIST>
  9881. <CATEGORY>ADWARE</CATEGORY>
  9882. <CONDITIONLIST>
  9883. <CONDITION>MD5=da5aa729df045362e34dd35fade9940a</CONDITION>
  9884. </CONDITIONLIST>
  9885. <OPERATOR>AND</OPERATOR>
  9886. <THREATLEVEL>10</THREATLEVEL>
  9887. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9888. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9889. </PROCESSDESCRIPTOR>
  9890. <PROCESSDESCRIPTOR>
  9891. <ID>994</ID>
  9892. <PROCESSLIST>
  9893. <PROCESS>*</PROCESS>
  9894. <PROCESS>(OBQHZIBI.EXE)</PROCESS>
  9895. </PROCESSLIST>
  9896. <CLSIDLIST>
  9897. </CLSIDLIST>
  9898. <SUMMARY>OBQHZIBI.EXE</SUMMARY>
  9899. <DEFAULTINSTALLPATHLIST>
  9900. </DEFAULTINSTALLPATHLIST>
  9901. <CATEGORY>ADWARE</CATEGORY>
  9902. <CONDITIONLIST>
  9903. <CONDITION>MD5=4645dc4135a64257bb80f6c71466438f</CONDITION>
  9904. </CONDITIONLIST>
  9905. <OPERATOR>AND</OPERATOR>
  9906. <THREATLEVEL>10</THREATLEVEL>
  9907. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9908. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9909. </PROCESSDESCRIPTOR>
  9910. <PROCESSDESCRIPTOR>
  9911. <ID>995</ID>
  9912. <PROCESSLIST>
  9913. <PROCESS>*</PROCESS>
  9914. <PROCESS>XBRRG.DLL</PROCESS>
  9915. <PROCESS>ZNCS.DLL</PROCESS>
  9916. <PROCESS>ANDYAZPST.DLL</PROCESS>
  9917. </PROCESSLIST>
  9918. <CLSIDLIST>
  9919. <CLSID>{9B67FE01-91FF-40DA-BEA5-BE15540B88DF}</CLSID>
  9920. <CLSID>{ACF4BDFC-82ED-4B22-805B-2BFE1C366575}</CLSID>
  9921. <CLSID>{D7521339-2CD0-404D-842F-B68CA74931B2}</CLSID>
  9922. </CLSIDLIST>
  9923. <SUMMARY>Unclassified.JimmyHelp.BHO</SUMMARY>
  9924. <DEFAULTINSTALLPATHLIST>
  9925. </DEFAULTINSTALLPATHLIST>
  9926. <CATEGORY>ADWARE</CATEGORY>
  9927. <CONDITIONLIST>
  9928. </CONDITIONLIST>
  9929. <OPERATOR>AND</OPERATOR>
  9930. <THREATLEVEL>10</THREATLEVEL>
  9931. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9932. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9933. </PROCESSDESCRIPTOR>
  9934. <PROCESSDESCRIPTOR>
  9935. <ID>996</ID>
  9936. <PROCESSLIST>
  9937. <PROCESS>*</PROCESS>
  9938. <PROCESS>(GBFGHVMV.EXE)</PROCESS>
  9939. </PROCESSLIST>
  9940. <CLSIDLIST>
  9941. </CLSIDLIST>
  9942. <SUMMARY>GBFGHVMV.EXE</SUMMARY>
  9943. <DEFAULTINSTALLPATHLIST>
  9944. </DEFAULTINSTALLPATHLIST>
  9945. <CATEGORY>ADWARE</CATEGORY>
  9946. <CONDITIONLIST>
  9947. <CONDITION>MD5=823603ae2568dc09ac8bd3a045b58db4</CONDITION>
  9948. </CONDITIONLIST>
  9949. <OPERATOR>AND</OPERATOR>
  9950. <THREATLEVEL>10</THREATLEVEL>
  9951. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9952. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9953. </PROCESSDESCRIPTOR>
  9954. <PROCESSDESCRIPTOR>
  9955. <ID>997</ID>
  9956. <PROCESSLIST>
  9957. <PROCESS>*</PROCESS>
  9958. <PROCESS>(SVCHOST.EXE)</PROCESS>
  9959. </PROCESSLIST>
  9960. <CLSIDLIST>
  9961. </CLSIDLIST>
  9962. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  9963. <DEFAULTINSTALLPATHLIST>
  9964. </DEFAULTINSTALLPATHLIST>
  9965. <CATEGORY>ADWARE</CATEGORY>
  9966. <CONDITIONLIST>
  9967. <CONDITION>MD5=7c614899662db97c8326a1ed5954e0f8</CONDITION>
  9968. </CONDITIONLIST>
  9969. <OPERATOR>AND</OPERATOR>
  9970. <THREATLEVEL>10</THREATLEVEL>
  9971. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9972. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9973. </PROCESSDESCRIPTOR>
  9974. <PROCESSDESCRIPTOR>
  9975. <ID>998</ID>
  9976. <PROCESSLIST>
  9977. <PROCESS>*</PROCESS>
  9978. <PROCESS>(TARA.EXE)</PROCESS>
  9979. </PROCESSLIST>
  9980. <CLSIDLIST>
  9981. </CLSIDLIST>
  9982. <SUMMARY>TARA.EXE</SUMMARY>
  9983. <DEFAULTINSTALLPATHLIST>
  9984. </DEFAULTINSTALLPATHLIST>
  9985. <CATEGORY>ADWARE</CATEGORY>
  9986. <CONDITIONLIST>
  9987. <CONDITION>MD5=138b7408caaa5f4f6c0a14268f9729b3</CONDITION>
  9988. </CONDITIONLIST>
  9989. <OPERATOR>AND</OPERATOR>
  9990. <THREATLEVEL>10</THREATLEVEL>
  9991. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  9992. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  9993. </PROCESSDESCRIPTOR>
  9994. <PROCESSDESCRIPTOR>
  9995. <ID>999</ID>
  9996. <PROCESSLIST>
  9997. <PROCESS>ADMILLIKEEP.EXE</PROCESS>
  9998. <PROCESS>ADMILLISERV.EXE</PROCESS>
  9999. </PROCESSLIST>
  10000. <CLSIDLIST>
  10001. </CLSIDLIST>
  10002. <SUMMARY>Admilli Components</SUMMARY>
  10003. <DEFAULTINSTALLPATHLIST>
  10004. </DEFAULTINSTALLPATHLIST>
  10005. <CATEGORY>ADWARE</CATEGORY>
  10006. <CONDITIONLIST>
  10007. </CONDITIONLIST>
  10008. <OPERATOR>AND</OPERATOR>
  10009. <THREATLEVEL>10</THREATLEVEL>
  10010. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10011. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10012. </PROCESSDESCRIPTOR>
  10013. <PROCESSDESCRIPTOR>
  10014. <ID>1000</ID>
  10015. <PROCESSLIST>
  10016. <PROCESS>RUNDLL32.EXE</PROCESS>
  10017. </PROCESSLIST>
  10018. <CLSIDLIST>
  10019. </CLSIDLIST>
  10020. <SUMMARY>UMonitor entry point adware</SUMMARY>
  10021. <DEFAULTINSTALLPATHLIST>
  10022. </DEFAULTINSTALLPATHLIST>
  10023. <CATEGORY>ADWARE</CATEGORY>
  10024. <CONDITIONLIST>
  10025. <CONDITION>COMMANDLINE~,UMonitor</CONDITION>
  10026. </CONDITIONLIST>
  10027. <OPERATOR>AND</OPERATOR>
  10028. <THREATLEVEL>10</THREATLEVEL>
  10029. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10030. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10031. </PROCESSDESCRIPTOR>
  10032. <PROCESSDESCRIPTOR>
  10033. <ID>1001</ID>
  10034. <PROCESSLIST>
  10035. <PROCESS>RUNDLL32.EXE</PROCESS>
  10036. </PROCESSLIST>
  10037. <CLSIDLIST>
  10038. </CLSIDLIST>
  10039. <SUMMARY>ak-networks.com (AKCORE.DLL)</SUMMARY>
  10040. <DEFAULTINSTALLPATHLIST>
  10041. </DEFAULTINSTALLPATHLIST>
  10042. <CATEGORY>ADWARE</CATEGORY>
  10043. <CONDITIONLIST>
  10044. <CONDITION>COMMANDLINE~akcore.dll</CONDITION>
  10045. </CONDITIONLIST>
  10046. <OPERATOR>AND</OPERATOR>
  10047. <THREATLEVEL>10</THREATLEVEL>
  10048. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10049. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10050. </PROCESSDESCRIPTOR>
  10051. <PROCESSDESCRIPTOR>
  10052. <ID>1027</ID>
  10053. <PROCESSLIST>
  10054. <PROCESS>*</PROCESS>
  10055. <PROCESS>(WINSPOOL.EXE)</PROCESS>
  10056. </PROCESSLIST>
  10057. <CLSIDLIST>
  10058. </CLSIDLIST>
  10059. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  10060. <DEFAULTINSTALLPATHLIST>
  10061. </DEFAULTINSTALLPATHLIST>
  10062. <CATEGORY>ADWARE</CATEGORY>
  10063. <CONDITIONLIST>
  10064. <CONDITION>MD5=4a4e629a25c77f9d038012405b3730d0</CONDITION>
  10065. </CONDITIONLIST>
  10066. <OPERATOR>AND</OPERATOR>
  10067. <THREATLEVEL>10</THREATLEVEL>
  10068. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10069. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10070. </PROCESSDESCRIPTOR>
  10071. <PROCESSDESCRIPTOR>
  10072. <ID>1028</ID>
  10073. <PROCESSLIST>
  10074. <PROCESS>RUNDLL32.EXE</PROCESS>
  10075. </PROCESSLIST>
  10076. <CLSIDLIST>
  10077. </CLSIDLIST>
  10078. <SUMMARY>ak-networks.com (AKUPD.DLL)</SUMMARY>
  10079. <DEFAULTINSTALLPATHLIST>
  10080. </DEFAULTINSTALLPATHLIST>
  10081. <CATEGORY>ADWARE</CATEGORY>
  10082. <CONDITIONLIST>
  10083. <CONDITION>COMMANDLINE~akupd.dll</CONDITION>
  10084. </CONDITIONLIST>
  10085. <OPERATOR>AND</OPERATOR>
  10086. <THREATLEVEL>10</THREATLEVEL>
  10087. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10088. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10089. </PROCESSDESCRIPTOR>
  10090. <PROCESSDESCRIPTOR>
  10091. <ID>1029</ID>
  10092. <PROCESSLIST>
  10093. <PROCESS>*</PROCESS>
  10094. <PROCESS>(APPSETUP.EXE)</PROCESS>
  10095. </PROCESSLIST>
  10096. <CLSIDLIST>
  10097. </CLSIDLIST>
  10098. <SUMMARY>APPSETUP.EXE</SUMMARY>
  10099. <DEFAULTINSTALLPATHLIST>
  10100. </DEFAULTINSTALLPATHLIST>
  10101. <CATEGORY>ADWARE</CATEGORY>
  10102. <CONDITIONLIST>
  10103. <CONDITION>MD5=ce8bce9536a9ff175e2a092ca3fb5b09</CONDITION>
  10104. </CONDITIONLIST>
  10105. <OPERATOR>AND</OPERATOR>
  10106. <THREATLEVEL>10</THREATLEVEL>
  10107. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10108. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10109. </PROCESSDESCRIPTOR>
  10110. <PROCESSDESCRIPTOR>
  10111. <ID>1030</ID>
  10112. <PROCESSLIST>
  10113. <PROCESS>RUNDLL32.EXE</PROCESS>
  10114. </PROCESSLIST>
  10115. <CLSIDLIST>
  10116. </CLSIDLIST>
  10117. <SUMMARY>ak-networks.com (AKLSP.DLL)</SUMMARY>
  10118. <DEFAULTINSTALLPATHLIST>
  10119. </DEFAULTINSTALLPATHLIST>
  10120. <CATEGORY>ADWARE</CATEGORY>
  10121. <CONDITIONLIST>
  10122. <CONDITION>COMMANDLINE~aklsp.dll</CONDITION>
  10123. </CONDITIONLIST>
  10124. <OPERATOR>AND</OPERATOR>
  10125. <THREATLEVEL>10</THREATLEVEL>
  10126. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10127. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10128. </PROCESSDESCRIPTOR>
  10129. <PROCESSDESCRIPTOR>
  10130. <ID>1031</ID>
  10131. <PROCESSLIST>
  10132. <PROCESS>RUNDLL32.EXE</PROCESS>
  10133. </PROCESSLIST>
  10134. <CLSIDLIST>
  10135. </CLSIDLIST>
  10136. <SUMMARY>ak-networks.com (AKRULES.DLL)</SUMMARY>
  10137. <DEFAULTINSTALLPATHLIST>
  10138. </DEFAULTINSTALLPATHLIST>
  10139. <CATEGORY>ADWARE</CATEGORY>
  10140. <CONDITIONLIST>
  10141. <CONDITION>COMMANDLINE~akrules.dll</CONDITION>
  10142. </CONDITIONLIST>
  10143. <OPERATOR>AND</OPERATOR>
  10144. <THREATLEVEL>10</THREATLEVEL>
  10145. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10146. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10147. </PROCESSDESCRIPTOR>
  10148. <PROCESSDESCRIPTOR>
  10149. <ID>1061</ID>
  10150. <PROCESSLIST>
  10151. <PROCESS>*</PROCESS>
  10152. <PROCESS>(EXPLORER.EXE)</PROCESS>
  10153. </PROCESSLIST>
  10154. <CLSIDLIST>
  10155. </CLSIDLIST>
  10156. <SUMMARY>Bogus MS EXPLORER.EXE</SUMMARY>
  10157. <DEFAULTINSTALLPATHLIST>
  10158. </DEFAULTINSTALLPATHLIST>
  10159. <CATEGORY>ADWARE</CATEGORY>
  10160. <CONDITIONLIST>
  10161. <CONDITION>MD5=722c7df3239779698fc1cdcf2ca7ea89</CONDITION>
  10162. </CONDITIONLIST>
  10163. <OPERATOR>AND</OPERATOR>
  10164. <THREATLEVEL>10</THREATLEVEL>
  10165. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10166. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10167. </PROCESSDESCRIPTOR>
  10168. <PROCESSDESCRIPTOR>
  10169. <ID>1073</ID>
  10170. <PROCESSLIST>
  10171. <PROCESS>*</PROCESS>
  10172. <PROCESS>GREY ISO.EXE</PROCESS>
  10173. <PROCESS>EGGSIDOL.EXE</PROCESS>
  10174. <PROCESS>SIGN MESS.EXE</PROCESS>
  10175. <PROCESS>COOLOOZE.EXE</PROCESS>
  10176. <PROCESS>PROGRAMBALM.EXE</PROCESS>
  10177. <PROCESS>BITS 4.EXE</PROCESS>
  10178. <PROCESS>LOCKSLINK.EXE</PROCESS>
  10179. <PROCESS>DATAREAL.EXE</PROCESS>
  10180. <PROCESS>MESSSTYLE.EXE</PROCESS>
  10181. <PROCESS>GREATAIM.EXE</PROCESS>
  10182. <PROCESS>INTRA DRV.EXE</PROCESS>
  10183. <PROCESS>GREAT EXTRA.EXE</PROCESS>
  10184. <PROCESS>CREATIVE LITE.EXE</PROCESS>
  10185. <PROCESS>ROAM ROAD.EXE</PROCESS>
  10186. <PROCESS>LIST BIAS.EXE</PROCESS>
  10187. <PROCESS>KNOBPLAN.EXE</PROCESS>
  10188. <PROCESS>MAIL UPLOAD.DLL</PROCESS>
  10189. <PROCESS>SETTINGSPLUS.EXE</PROCESS>
  10190. <PROCESS>MEAL OPEN.EXE</PROCESS>
  10191. <PROCESS>BALM JUNK.EXE</PROCESS>
  10192. <PROCESS>NAME FIRST.EXE</PROCESS>
  10193. <PROCESS>DATA LOVE.EXE</PROCESS>
  10194. <PROCESS>ARMYWARN.EXE</PROCESS>
  10195. <PROCESS>BOWS AMEN.EXE</PROCESS>
  10196. <PROCESS>AMEN FRAG.EXE</PROCESS>
  10197. <PROCESS>SOFTWARE MEOW.EXE</PROCESS>
  10198. <PROCESS>DRAW PLATFORM.EXE</PROCESS>
  10199. <PROCESS>ONLINE PART.EXE</PROCESS>
  10200. <PROCESS>ANTIEACH.EXE</PROCESS>
  10201. <PROCESS>BARBPILE.EXE</PROCESS>
  10202. <PROCESS>DEADMETA.EXE</PROCESS>
  10203. <PROCESS>MODE AXIS.EXE</PROCESS>
  10204. <PROCESS>DOWNLOADSKIP.EXE</PROCESS>
  10205. <PROCESS>01 BORE.EXE</PROCESS>
  10206. <PROCESS>BIRD32.EXE</PROCESS>
  10207. <PROCESS>COMPHECK.EXE</PROCESS>
  10208. <PROCESS>CASHMEAL.EXE</PROCESS>
  10209. <PROCESS>BIAS BARB.EXE</PROCESS>
  10210. <PROCESS>FREE FIVE.EXE</PROCESS>
  10211. <PROCESS>COPY OKAY.EXE</PROCESS>
  10212. <PROCESS>DENT ITCH.EXE</PROCESS>
  10213. <PROCESS>01MATH.EXE</PROCESS>
  10214. <PROCESS>KEEPDEAF.EXE</PROCESS>
  10215. <PROCESS>AUDIOBIND.EXE</PROCESS>
  10216. <PROCESS>NAMEPOP.EXE</PROCESS>
  10217. <PROCESS>PEAKGLUE.EXE</PROCESS>
  10218. <PROCESS>DENT CAST.EXE</PROCESS>
  10219. <PROCESS>OKAYITCH.EXE</PROCESS>
  10220. <PROCESS>LICENSE SIZE.EXE</PROCESS>
  10221. <PROCESS>LISTWAVE.EXE</PROCESS>
  10222. <PROCESS>LOAD BOOB.EXE</PROCESS>
  10223. <PROCESS>MESSHOPE.EXE</PROCESS>
  10224. <PROCESS>INTRAADMIN.EXE</PROCESS>
  10225. <PROCESS>THIRD BLAH.EXE</PROCESS>
  10226. <PROCESS>CASHRECT.EXE</PROCESS>
  10227. <PROCESS>BIRD FIVE.EXE</PROCESS>
  10228. <PROCESS>TYPE WAY.EXE</PROCESS>
  10229. <PROCESS>OOZETWO.EXE</PROCESS>
  10230. <PROCESS>4LOCKS.EXE</PROCESS>
  10231. <PROCESS>4 ACTIVE.EXE</PROCESS>
  10232. <PROCESS>BIASLICENSE.EXE</PROCESS>
  10233. <PROCESS>BIBBLEH.EXE</PROCESS>
  10234. <PROCESS>BLAH WAVE.EXE</PROCESS>
  10235. <PROCESS>BOOK VC.EXE</PROCESS>
  10236. <PROCESS>BROWSE TEAM.EXE</PROCESS>
  10237. <PROCESS>CAMP INTERNET.EXE</PROCESS>
  10238. <PROCESS>CITY BASE.EXE</PROCESS>
  10239. <PROCESS>CITY COOL.EXE</PROCESS>
  10240. <PROCESS>CITY TEAM.EXE</PROCESS>
  10241. <PROCESS>CLOCKJOY.EXE</PROCESS>
  10242. <PROCESS>COOL 2.EXE</PROCESS>
  10243. <PROCESS>COPYMANAGER.EXE</PROCESS>
  10244. <PROCESS>DART GLUE.EXE</PROCESS>
  10245. <PROCESS>DEAF32.EXE</PROCESS>
  10246. <PROCESS>DEFY BAT.EXE</PROCESS>
  10247. <PROCESS>DOG EGGS.EXE</PROCESS>
  10248. <PROCESS>DRAW BASH.EXE</PROCESS>
  10249. <PROCESS>DRVLIVE.EXE</PROCESS>
  10250. <PROCESS>DVD CITY.EXE</PROCESS>
  10251. <PROCESS>EGGS MORE.EXE</PROCESS>
  10252. <PROCESS>ERRORSPAM.EXE</PROCESS>
  10253. <PROCESS>FASTFOUR.EXE</PROCESS>
  10254. <PROCESS>FIRST JUGS.EXE</PROCESS>
  10255. <PROCESS>FIVEACID.EXE</PROCESS>
  10256. <PROCESS>SKIP PLAN.EXE</PROCESS>
  10257. <PROCESS>BORE BUILD.EXE</PROCESS>
  10258. <PROCESS>FORD TRAY.EXE</PROCESS>
  10259. <PROCESS>FREE LONG.EXE</PROCESS>
  10260. <PROCESS>GPL NURB.EXE</PROCESS>
  10261. <PROCESS>GREYHIDE.EXE</PROCESS>
  10262. <PROCESS>GRID MAGS.EXE</PROCESS>
  10263. <PROCESS>GRID WINDOW.EXE</PROCESS>
  10264. <PROCESS>IDLEANTI.EXE</PROCESS>
  10265. <PROCESS>ITCH BODY.EXE</PROCESS>
  10266. <PROCESS>ITCHNOUN.EXE</PROCESS>
  10267. <PROCESS>MEDIACLOCK.EXE</PROCESS>
  10268. <PROCESS>OKAY DART.EXE</PROCESS>
  10269. <PROCESS>MEDIA SHOW.EXE</PROCESS>
  10270. <PROCESS>TIMESAFE.EXE</PROCESS>
  10271. <PROCESS>EXIT HTM.EXE</PROCESS>
  10272. <PROCESS>FLAW UPLOAD.EXE</PROCESS>
  10273. <PROCESS>GREAT BALL.EXE</PROCESS>
  10274. <PROCESS>BIASGLOBAL.EXE</PROCESS>
  10275. <PROCESS>LINKTEST.EXE</PROCESS>
  10276. <PROCESS>BROWSE CASH.EXE</PROCESS>
  10277. <PROCESS>4 HECK.EXE</PROCESS>
  10278. <PROCESS>REFSTORE.EXE</PROCESS>
  10279. <PROCESS>ABOUT DEAF.EXE</PROCESS>
  10280. <PROCESS>BAT ACID.EXE</PROCESS>
  10281. <PROCESS>INTRA ERROR.EXE</PROCESS>
  10282. <PROCESS>SUPPORT BASH.EXE</PROCESS>
  10283. <PROCESS>AIM OPTION.EXE</PROCESS>
  10284. <PROCESS>CRYPTDLCG.DLL</PROCESS>
  10285. <PROCESS>TRAY ROAD.EXE</PROCESS>
  10286. <PROCESS>GRIDBOLT.EXE</PROCESS>
  10287. <PROCESS>GRID BIND.EXE</PROCESS>
  10288. <PROCESS>GRAMBIB.EXE</PROCESS>
  10289. <PROCESS>VC SAFE.EXE</PROCESS>
  10290. <PROCESS>NEWTRAY.EXE</PROCESS>
  10291. <PROCESS>ACTIVEBAIT.EXE</PROCESS>
  10292. <PROCESS>CAMPHOPE.EXE</PROCESS>
  10293. <PROCESS>DARTPOLL.EXE</PROCESS>
  10294. <PROCESS>ACTIVE RECT.EXE</PROCESS>
  10295. <PROCESS>FIRST FOUR.EXE</PROCESS>
  10296. <PROCESS>ONLINE MATH.EXE</PROCESS>
  10297. <PROCESS>LESS DEFAULT.EXE</PROCESS>
  10298. <PROCESS>SHOW ACE.EXE</PROCESS>
  10299. <PROCESS>KEEP DOG.EXE</PROCESS>
  10300. <PROCESS>BARBJUNK.EXE</PROCESS>
  10301. </PROCESSLIST>
  10302. <CLSIDLIST>
  10303. <CLSID>{80D86BC0-C393-A405-D9C1-B821C95589C9}</CLSID>
  10304. <CLSID>{0AE1A61E-B26C-F7A8-4E6D-659486115F7E}</CLSID>
  10305. <CLSID>{6EDD829D-E0CB-E13C-BC93-5674A0080ECF}</CLSID>
  10306. <CLSID>{E0152A3D-4520-D5F4-0220-B367324C5572}</CLSID>
  10307. <CLSID>{1110E7DB-F4D6-A566-AAA3-2B402E2D8FCA}</CLSID>
  10308. <CLSID>{D54694A4-EEAC-9B8A-E6A5-E795068FC855}</CLSID>
  10309. <CLSID>{A89BB706-7E6E-6B1F-E5DB-94C70BF04059}</CLSID>
  10310. <CLSID>{1CF8B8BE-E3B9-56DE-1F6A-1E04AA88652B}</CLSID>
  10311. <CLSID>{1A8618A7-351F-7445-76FE-062EB06C4519}</CLSID>
  10312. <CLSID>{4145ED01-A8C1-701D-20C7-1DC874B9DDD5}</CLSID>
  10313. <CLSID>{9DE052B9-BD4B-561C-7BDE-2F8146866A03}</CLSID>
  10314. <CLSID>{9739C85A-FCB0-8702-70CD-FC0581C57331}</CLSID>
  10315. <CLSID>{6F7CDEE1-EB51-EA0F-3625-8D7DC2107F9D}</CLSID>
  10316. <CLSID>{60212D4C-55A5-7A17-2653-F5A7F80AF83B}</CLSID>
  10317. <CLSID>{9BE5B5E5-9DED-3548-DC05-872A2A5EDBEE}</CLSID>
  10318. <CLSID>{1EE61FBE-4E29-30FD-8429-FDEAC48CD272}</CLSID>
  10319. <CLSID>{3E0B9D4B-48A8-E9C6-1419-39B515BE751C}</CLSID>
  10320. <CLSID>{24C3C7CA-F370-8C26-CC61-93603E85FFD5}</CLSID>
  10321. <CLSID>{20D375DE-4664-040E-1280-0666279205B6}</CLSID>
  10322. <CLSID>{B16FEA72-86E5-ADCD-E142-BF6ED481C270}</CLSID>
  10323. <CLSID>{94DEA2AF-55B5-CB69-0D6E-FA5CF343415D}</CLSID>
  10324. <CLSID>{5D6F65F0-D622-3D45-2D7B-CDBA8199CC6E}</CLSID>
  10325. <CLSID>{F3E8A594-8AF8-B202-B4D4-3E658BF85B05}</CLSID>
  10326. <CLSID>{6A7239AC-64A4-AC16-35DF-96087FD53CD9}</CLSID>
  10327. <CLSID>{B43B67E0-A691-81C7-A846-90937A3CA55A}</CLSID>
  10328. <CLSID>{DC22DE78-0DE4-F158-1736-4B485576FABE}</CLSID>
  10329. <CLSID>{F7A3D361-48FD-0BE4-31EB-A804409FB5D0}</CLSID>
  10330. <CLSID>{3B50A387-656E-F8BF-710E-70DB6D8F6FF6}</CLSID>
  10331. <CLSID>{BFA80735-95F9-0E84-21BD-7D64C298CA45}</CLSID>
  10332. <CLSID>{5796D2BA-CC2E-5FFC-5212-127922A52A74}</CLSID>
  10333. <CLSID>{80E8CEBA-553E-F82C-8ED6-5BC74C9F025E}</CLSID>
  10334. <CLSID>{06CFDA73-9F94-18F2-9E59-C8C2661DCE98}</CLSID>
  10335. <CLSID>{E3FDF4C0-D234-6A7A-F040-4E2C0661EE7F}</CLSID>
  10336. <CLSID>{D33FFAF3-099D-6BA1-6987-9FAB37CF5E7F}</CLSID>
  10337. <CLSID>{E3F598FB-BB74-BB4D-9D07-1146E78AB92C}</CLSID>
  10338. <CLSID>{A7EF35B2-D41F-5EAB-9949-C94D1FE0A719}</CLSID>
  10339. <CLSID>{E018625B-F2A4-CA17-AADD-DE40D80459D4}</CLSID>
  10340. <CLSID>{164101C4-04C4-142B-9111-BA9BA04E418F}</CLSID>
  10341. <CLSID>{774C3D6B-A96A-AD6C-34D0-AEF416C1039B}</CLSID>
  10342. <CLSID>{0DC8EEAF-2287-B130-FDE7-93E488DF722C}</CLSID>
  10343. <CLSID>{03313C4A-2D88-C00D-C356-9407AB7541EC}</CLSID>
  10344. <CLSID>{FEF7C71A-D2E7-B0B0-0ADB-0CD57DCFE6F8}</CLSID>
  10345. <CLSID>{DCF9EF90-DB3F-1258-F2E0-F751CD48121A}</CLSID>
  10346. <CLSID>{791E0B10-A45F-920D-AAA1-23D212F0B6F0}</CLSID>
  10347. <CLSID>{D2A01AEB-A4B7-5E2B-DE83-A19C292D3490}</CLSID>
  10348. <CLSID>{4F0AECD4-8D50-7A92-D05B-0909E89D67AC}</CLSID>
  10349. <CLSID>{E8FABDCD-AB23-0A21-D16B-EDB3A9EF84FA}</CLSID>
  10350. <CLSID>{8093FE44-6F17-FEBF-F841-1063EB58664D}</CLSID>
  10351. <CLSID>{7F3DF6D2-F075-3E40-EC25-6534D0BC17A1}</CLSID>
  10352. <CLSID>{24FE0374-6DAB-3A18-BA1C-7ED214698F6D}</CLSID>
  10353. <CLSID>{AB19C479-6ADB-1497-51BE-B8E10E013E01}</CLSID>
  10354. <CLSID>{6A51749B-FB89-142E-267A-68406354B916}</CLSID>
  10355. <CLSID>{6075DDA7-EC77-9D3B-D6B7-55E749F1F0CF}</CLSID>
  10356. <CLSID>{3BB62801-71A9-9963-808E-4E018D246803}</CLSID>
  10357. <CLSID>{D0C080ED-F93F-7724-2C6D-631395DFE366}</CLSID>
  10358. <CLSID>{26723C03-FB50-17CB-35F3-DF4A8AC99388}</CLSID>
  10359. <CLSID>{04C0E57D-76C3-DA8E-1318-F8756547DFB0}</CLSID>
  10360. <CLSID>{7F8CB6F3-879C-BE70-6944-735C438F4CEA}</CLSID>
  10361. <CLSID>{06AA4E09-0CA8-E2FC-8D23-5F4C16100088}</CLSID>
  10362. <CLSID>{613DCFC1-EE57-2987-7C43-B2C678B5BD87}</CLSID>
  10363. <CLSID>{1FA0A5EF-4BBB-72B5-B1E1-D657AC61D817}</CLSID>
  10364. <CLSID>{AF1982F3-1161-D5B6-7FE3-D686971B1758}</CLSID>
  10365. <CLSID>{B3D8AE77-061D-8307-7E5D-66E0092F74A8}</CLSID>
  10366. <CLSID>{E81B5BD1-9BC3-875F-2864-7D06CDFAEC64}</CLSID>
  10367. <CLSID>{C920F0AE-1BBD-8FE1-8F7A-BEE56D10BC37}</CLSID>
  10368. <CLSID>{0F9997E3-E7F6-3CFF-A985-D26A849FFA65}</CLSID>
  10369. <CLSID>{AAE42396-70A3-D8F2-389D-77C771B431F9}</CLSID>
  10370. <CLSID>{48F4A7C1-E0D6-1B0D-B35E-D93BE7361B61}</CLSID>
  10371. <CLSID>{C78150A4-747D-4E11-F07A-82FFA455B929}</CLSID>
  10372. <CLSID>{86B5DDF4-9DC9-E2C4-BC7C-F805C04AA031}</CLSID>
  10373. <CLSID>{66E98A3E-30B0-D5B7-31DB-EF35B9D63C1C}</CLSID>
  10374. <CLSID>{24B643CF-48C3-207A-CBF7-3BB19D686B17}</CLSID>
  10375. <CLSID>{3D7056C9-343D-B9AD-73AD-FB71CC469AC9}</CLSID>
  10376. <CLSID>{672E86CC-B742-F9BA-0123-3D97935F2AB0}</CLSID>
  10377. <CLSID>{BD723295-6FD8-4EDD-C89D-FCCFBF876A32}</CLSID>
  10378. <CLSID>{807150EE-29D5-D253-0332-A6335794F519}</CLSID>
  10379. <CLSID>{DBB2A548-B40B-D60B-550B-BDD593416DD5}</CLSID>
  10380. <CLSID>{C3A071ED-CEC5-12C9-F880-7714D2D85651}</CLSID>
  10381. <CLSID>{EED8EBDC-24BE-68EB-5FBD-CA5993135B14}</CLSID>
  10382. <CLSID>{42113D05-F3F7-C971-6311-6C7B79FE985B}</CLSID>
  10383. <CLSID>{BB0EEA07-0E19-F2E8-733F-B1E08BB70CE1}</CLSID>
  10384. <CLSID>{7465A5E9-71F0-F8AA-38E9-55C83D904B46}</CLSID>
  10385. <CLSID>{5B989A20-F3AB-12B9-535E-45B0E28BB52B}</CLSID>
  10386. <CLSID>{3A219E3B-31F3-515D-4687-BDF4C21F9105}</CLSID>
  10387. <CLSID>{61E26B9D-AC2D-5505-10BE-A61206CA09C9}</CLSID>
  10388. <CLSID>{EDB96B1B-FCC6-0C97-D1A8-2F70C3840419}</CLSID>
  10389. <CLSID>{4A80D87F-D2DF-EB77-B3DC-9B44D81B4269}</CLSID>
  10390. <CLSID>{92086129-0CED-5AF6-3AD0-0B530FB6566B}</CLSID>
  10391. <CLSID>{1BD24045-B6E4-0111-0915-E8339B403BF9}</CLSID>
  10392. <CLSID>{AB1DEDC2-ED1A-2FC1-E04A-6D7AFBE6E75E}</CLSID>
  10393. <CLSID>{0E3D5D3E-F5F2-297B-6B46-59E49D978874}</CLSID>
  10394. <CLSID>{E305F398-BED6-1BF7-ABBE-9342141C0CDF}</CLSID>
  10395. <CLSID>{B8C6063E-2308-1FAF-FD87-88A4D0C99413}</CLSID>
  10396. <CLSID>{A0081F37-A095-0B49-91CD-EF5FE8EC42AD}</CLSID>
  10397. <CLSID>{C1DAA4A4-136A-634B-6A68-9B45A40B9F26}</CLSID>
  10398. <CLSID>{B3FC7CCB-69DA-C58E-ABE8-F1B8845A63C7}</CLSID>
  10399. <CLSID>{1169E893-4367-6E73-29C3-F1498D237BB0}</CLSID>
  10400. <CLSID>{45CD1281-5C16-39DB-55FC-361053F3A60C}</CLSID>
  10401. <CLSID>{55263654-7323-42F1-25A3-3F9DB22CF055}</CLSID>
  10402. <CLSID>{6E377F7B-9F73-58EB-EAC2-62DBA72B2668}</CLSID>
  10403. <CLSID>{AA2781A0-1718-E6A6-6D20-485C5EBD0621}</CLSID>
  10404. <CLSID>{D106256F-6E04-E755-4BBB-089CF59D23FB}</CLSID>
  10405. <CLSID>{708CAA54-9631-EA2E-6C26-C691980BA8E8}</CLSID>
  10406. <CLSID>{757FC12B-CC6D-0663-5152-DE9B8C984221}</CLSID>
  10407. <CLSID>{D527329F-30C1-7E8E-486E-1CDB7639A95D}</CLSID>
  10408. <CLSID>{BFE37C09-837E-8800-2FC0-89B9E867CB74}</CLSID>
  10409. <CLSID>{3DEA8E1B-7333-3C38-CFC8-AF860E64A6D9}</CLSID>
  10410. <CLSID>{94F88260-2B7B-AF41-5CCE-B9EE8A8D66FF}</CLSID>
  10411. <CLSID>{B67227D9-AD1F-5F47-B1BD-ADF8FEEBC8FA}</CLSID>
  10412. <CLSID>{A1E2C02F-CADA-B5D5-71E6-C54C8D144DD5}</CLSID>
  10413. <CLSID>{B6253C12-DD6B-0E7A-C7FD-ED75D3184927}</CLSID>
  10414. <CLSID>{16A0187C-80D1-C1A8-519F-DB77B6B6DD55}</CLSID>
  10415. <CLSID>{5FFD6C0D-5F66-F2F5-EECB-EE493CA9E540}</CLSID>
  10416. <CLSID>{757526CA-BE5D-8248-67DF-BAD28346BF6B}</CLSID>
  10417. <CLSID>{3A0C5D74-A3F1-7493-BF9C-7C64D05283BE}</CLSID>
  10418. <CLSID>{E28E8336-B340-FA11-88C2-F0B1039192B3}</CLSID>
  10419. <CLSID>{B94D7690-2E9E-FE49-DEFB-EB57C7440A7F}</CLSID>
  10420. <CLSID>{5E61504A-1FBD-D45E-03F7-B5107152B28F}</CLSID>
  10421. <CLSID>{5702DD37-4A0E-C54F-4624-93F0672EDECA}</CLSID>
  10422. <CLSID>{D62510E4-4174-A2F9-7F51-FA37D47797EC}</CLSID>
  10423. <CLSID>{9386A64E-F92F-C8C7-558B-D952B72832EA}</CLSID>
  10424. <CLSID>{8DC6084A-A278-4321-A75B-C26A902FC414}</CLSID>
  10425. <CLSID>{A7E64158-614E-C9C1-5BDC-1C5D300EC5F5}</CLSID>
  10426. <CLSID>{6A38CE8D-AA5F-E41E-6AFD-CF70A2DDD761}</CLSID>
  10427. <CLSID>{31FB3B2B-3781-E046-3CC4-D49666084FAD}</CLSID>
  10428. <CLSID>{217EF8FF-FEC2-4D14-2637-2314F82F3419}</CLSID>
  10429. <CLSID>{2FE800D9-0B41-D389-AEF2-8B6E2E6368B1}</CLSID>
  10430. <CLSID>{2133536A-BD02-C684-850B-EB694834CF8B}</CLSID>
  10431. <CLSID>{6C99D30F-31D9-18BC-4AD8-BFBB3572273D}</CLSID>
  10432. <CLSID>{124BB45B-D75B-6014-3F78-24C2867056AE}</CLSID>
  10433. <CLSID>{848B5B81-C0D2-0F84-5B85-32914FDAD678}</CLSID>
  10434. <CLSID>{DE8AB01F-0C4F-6D9D-5498-8B536A9A4B6B}</CLSID>
  10435. <CLSID>{854945B9-9191-69C5-02A1-90B5AE4FD3A7}</CLSID>
  10436. <CLSID>{C3AB8038-1CD5-46C6-0732-4690F23DAE88}</CLSID>
  10437. <CLSID>{91D6F41C-3499-C806-356B-4A301E9B3171}</CLSID>
  10438. <CLSID>{D1CE5C5A-FBA3-A6A4-F5A1-E0D73FE43145}</CLSID>
  10439. <CLSID>{7527181B-52D0-31A5-F4F1-B792F158FE5B}</CLSID>
  10440. <CLSID>{0B7CFBA7-387C-EB7D-C6BE-9B7FB2B431B4}</CLSID>
  10441. <CLSID>{B55A274E-762D-75CC-711B-DE31526CF198}</CLSID>
  10442. <CLSID>{309DA5DB-7456-A67F-3C5A-A8EE4B814AC8}</CLSID>
  10443. <CLSID>{C7F2F8D3-B506-CFF6-073C-DD5997A617A5}</CLSID>
  10444. </CLSIDLIST>
  10445. <SUMMARY>Adware.Lop.BHO</SUMMARY>
  10446. <DEFAULTINSTALLPATHLIST>
  10447. </DEFAULTINSTALLPATHLIST>
  10448. <CATEGORY>ADWARE</CATEGORY>
  10449. <CONDITIONLIST>
  10450. </CONDITIONLIST>
  10451. <OPERATOR>AND</OPERATOR>
  10452. <THREATLEVEL>10</THREATLEVEL>
  10453. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10454. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10455. </PROCESSDESCRIPTOR>
  10456. <PROCESSDESCRIPTOR>
  10457. <ID>1074</ID>
  10458. <PROCESSLIST>
  10459. <PROCESS>*</PROCESS>
  10460. <PROCESS>(BYTE INFO.EXE)</PROCESS>
  10461. </PROCESSLIST>
  10462. <CLSIDLIST>
  10463. </CLSIDLIST>
  10464. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10465. <DEFAULTINSTALLPATHLIST>
  10466. </DEFAULTINSTALLPATHLIST>
  10467. <CATEGORY>ADWARE</CATEGORY>
  10468. <CONDITIONLIST>
  10469. <CONDITION>MD5=e7822adc283a8936c60370fe7909670e</CONDITION>
  10470. </CONDITIONLIST>
  10471. <OPERATOR>AND</OPERATOR>
  10472. <THREATLEVEL>10</THREATLEVEL>
  10473. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10474. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10475. </PROCESSDESCRIPTOR>
  10476. <PROCESSDESCRIPTOR>
  10477. <ID>1077</ID>
  10478. <PROCESSLIST>
  10479. <PROCESS>*</PROCESS>
  10480. <PROCESS>JFLJ.DLL</PROCESS>
  10481. </PROCESSLIST>
  10482. <CLSIDLIST>
  10483. <CLSID>{86DE3D06-3589-4157-847B-88330C217AFA}</CLSID>
  10484. </CLSIDLIST>
  10485. <SUMMARY>Unknown BHO (JFLJ.DLL)</SUMMARY>
  10486. <DEFAULTINSTALLPATHLIST>
  10487. </DEFAULTINSTALLPATHLIST>
  10488. <CATEGORY>ADWARE</CATEGORY>
  10489. <CONDITIONLIST>
  10490. </CONDITIONLIST>
  10491. <OPERATOR>AND</OPERATOR>
  10492. <THREATLEVEL>10</THREATLEVEL>
  10493. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10494. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10495. </PROCESSDESCRIPTOR>
  10496. <PROCESSDESCRIPTOR>
  10497. <ID>1078</ID>
  10498. <PROCESSLIST>
  10499. <PROCESS>*</PROCESS>
  10500. <PROCESS>MSZ{.DLL</PROCESS>
  10501. </PROCESSLIST>
  10502. <CLSIDLIST>
  10503. <CLSID>{8E7BE188-29A1-40CF-ABF2-9B2E0E28A374}</CLSID>
  10504. </CLSIDLIST>
  10505. <SUMMARY>Unknown BHO (MSZ{.DLL)</SUMMARY>
  10506. <DEFAULTINSTALLPATHLIST>
  10507. </DEFAULTINSTALLPATHLIST>
  10508. <CATEGORY>ADWARE</CATEGORY>
  10509. <CONDITIONLIST>
  10510. </CONDITIONLIST>
  10511. <OPERATOR>AND</OPERATOR>
  10512. <THREATLEVEL>10</THREATLEVEL>
  10513. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10514. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10515. </PROCESSDESCRIPTOR>
  10516. <PROCESSDESCRIPTOR>
  10517. <ID>1079</ID>
  10518. <PROCESSLIST>
  10519. <PROCESS>*</PROCESS>
  10520. <PROCESS>(302.EXE)</PROCESS>
  10521. </PROCESSLIST>
  10522. <CLSIDLIST>
  10523. </CLSIDLIST>
  10524. <SUMMARY>302.EXE</SUMMARY>
  10525. <DEFAULTINSTALLPATHLIST>
  10526. </DEFAULTINSTALLPATHLIST>
  10527. <CATEGORY>ADWARE</CATEGORY>
  10528. <CONDITIONLIST>
  10529. <CONDITION>MD5=77d24642c055e6097b5095a62b22382c</CONDITION>
  10530. <CONDITION>MD5=8DC7A533A845F36064A337E4B1FE2455</CONDITION>
  10531. </CONDITIONLIST>
  10532. <OPERATOR>OR</OPERATOR>
  10533. <THREATLEVEL>10</THREATLEVEL>
  10534. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10535. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10536. </PROCESSDESCRIPTOR>
  10537. <PROCESSDESCRIPTOR>
  10538. <ID>1080</ID>
  10539. <PROCESSLIST>
  10540. <PROCESS>NLSFUNCS.EXE</PROCESS>
  10541. </PROCESSLIST>
  10542. <CLSIDLIST>
  10543. </CLSIDLIST>
  10544. <SUMMARY>NLSFUNCS.EXE</SUMMARY>
  10545. <DEFAULTINSTALLPATHLIST>
  10546. </DEFAULTINSTALLPATHLIST>
  10547. <CATEGORY>ADWARE</CATEGORY>
  10548. <CONDITIONLIST>
  10549. <CONDITION>FILELOCATION~system32</CONDITION>
  10550. </CONDITIONLIST>
  10551. <OPERATOR>AND</OPERATOR>
  10552. <THREATLEVEL>10</THREATLEVEL>
  10553. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10554. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10555. </PROCESSDESCRIPTOR>
  10556. <PROCESSDESCRIPTOR>
  10557. <ID>1081</ID>
  10558. <PROCESSLIST>
  10559. <PROCESS>OPENCONF.EXE</PROCESS>
  10560. </PROCESSLIST>
  10561. <CLSIDLIST>
  10562. </CLSIDLIST>
  10563. <SUMMARY>OPENCONF.EXE</SUMMARY>
  10564. <DEFAULTINSTALLPATHLIST>
  10565. </DEFAULTINSTALLPATHLIST>
  10566. <CATEGORY>ADWARE</CATEGORY>
  10567. <CONDITIONLIST>
  10568. <CONDITION>FILELOCATION~system32</CONDITION>
  10569. </CONDITIONLIST>
  10570. <OPERATOR>AND</OPERATOR>
  10571. <THREATLEVEL>10</THREATLEVEL>
  10572. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10573. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10574. </PROCESSDESCRIPTOR>
  10575. <PROCESSDESCRIPTOR>
  10576. <ID>1132</ID>
  10577. <PROCESSLIST>
  10578. <PROCESS>*</PROCESS>
  10579. <PROCESS>(FUNK THE.EXE)</PROCESS>
  10580. <PROCESS>(QDWNPKTD.EXE)</PROCESS>
  10581. </PROCESSLIST>
  10582. <CLSIDLIST>
  10583. </CLSIDLIST>
  10584. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10585. <DEFAULTINSTALLPATHLIST>
  10586. </DEFAULTINSTALLPATHLIST>
  10587. <CATEGORY>ADWARE</CATEGORY>
  10588. <CONDITIONLIST>
  10589. <CONDITION>MD5=d3742a85243f05545333e8ae6c99e0ab</CONDITION>
  10590. </CONDITIONLIST>
  10591. <OPERATOR>AND</OPERATOR>
  10592. <THREATLEVEL>10</THREATLEVEL>
  10593. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10594. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10595. </PROCESSDESCRIPTOR>
  10596. <PROCESSDESCRIPTOR>
  10597. <ID>1133</ID>
  10598. <PROCESSLIST>
  10599. <PROCESS>*</PROCESS>
  10600. <PROCESS>(OPTION LINK DEAF.EXE)</PROCESS>
  10601. </PROCESSLIST>
  10602. <CLSIDLIST>
  10603. </CLSIDLIST>
  10604. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10605. <DEFAULTINSTALLPATHLIST>
  10606. </DEFAULTINSTALLPATHLIST>
  10607. <CATEGORY>ADWARE</CATEGORY>
  10608. <CONDITIONLIST>
  10609. <CONDITION>MD5=40d0a6049c134403d5b7ea9cd40a53ab</CONDITION>
  10610. </CONDITIONLIST>
  10611. <OPERATOR>AND</OPERATOR>
  10612. <THREATLEVEL>10</THREATLEVEL>
  10613. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10614. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10615. </PROCESSDESCRIPTOR>
  10616. <PROCESSDESCRIPTOR>
  10617. <ID>1134</ID>
  10618. <PROCESSLIST>
  10619. <PROCESS>*</PROCESS>
  10620. <PROCESS>(KJYHEASG.EXE)</PROCESS>
  10621. </PROCESSLIST>
  10622. <CLSIDLIST>
  10623. </CLSIDLIST>
  10624. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10625. <DEFAULTINSTALLPATHLIST>
  10626. </DEFAULTINSTALLPATHLIST>
  10627. <CATEGORY>ADWARE</CATEGORY>
  10628. <CONDITIONLIST>
  10629. <CONDITION>MD5=82b06b5bdcb55099b799e9cfeca16322</CONDITION>
  10630. </CONDITIONLIST>
  10631. <OPERATOR>AND</OPERATOR>
  10632. <THREATLEVEL>10</THREATLEVEL>
  10633. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10634. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10635. </PROCESSDESCRIPTOR>
  10636. <PROCESSDESCRIPTOR>
  10637. <ID>1169</ID>
  10638. <PROCESSLIST>
  10639. <PROCESS>*</PROCESS>
  10640. <PROCESS>(WAYYYQ.EXE)</PROCESS>
  10641. </PROCESSLIST>
  10642. <CLSIDLIST>
  10643. </CLSIDLIST>
  10644. <SUMMARY>WAYYYQ.EXE</SUMMARY>
  10645. <DEFAULTINSTALLPATHLIST>
  10646. </DEFAULTINSTALLPATHLIST>
  10647. <CATEGORY>ADWARE</CATEGORY>
  10648. <CONDITIONLIST>
  10649. <CONDITION>MD5=dbcfc9cbc43dbeefaa5ab576467fd186</CONDITION>
  10650. </CONDITIONLIST>
  10651. <OPERATOR>AND</OPERATOR>
  10652. <THREATLEVEL>10</THREATLEVEL>
  10653. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10654. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10655. </PROCESSDESCRIPTOR>
  10656. <PROCESSDESCRIPTOR>
  10657. <ID>1170</ID>
  10658. <PROCESSLIST>
  10659. <PROCESS>*</PROCESS>
  10660. <PROCESS>(OPTION LINK DEAF.EXE)</PROCESS>
  10661. </PROCESSLIST>
  10662. <CLSIDLIST>
  10663. </CLSIDLIST>
  10664. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10665. <DEFAULTINSTALLPATHLIST>
  10666. </DEFAULTINSTALLPATHLIST>
  10667. <CATEGORY>ADWARE</CATEGORY>
  10668. <CONDITIONLIST>
  10669. <CONDITION>MD5=109b71a6f978260b771c6f0344326a99</CONDITION>
  10670. </CONDITIONLIST>
  10671. <OPERATOR>AND</OPERATOR>
  10672. <THREATLEVEL>10</THREATLEVEL>
  10673. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10674. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10675. </PROCESSDESCRIPTOR>
  10676. <PROCESSDESCRIPTOR>
  10677. <ID>1171</ID>
  10678. <PROCESSLIST>
  10679. <PROCESS>*</PROCESS>
  10680. <PROCESS>(ANTE IDLE.EXE)</PROCESS>
  10681. </PROCESSLIST>
  10682. <CLSIDLIST>
  10683. </CLSIDLIST>
  10684. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10685. <DEFAULTINSTALLPATHLIST>
  10686. </DEFAULTINSTALLPATHLIST>
  10687. <CATEGORY>ADWARE</CATEGORY>
  10688. <CONDITIONLIST>
  10689. <CONDITION>MD5=b70a89a7d3ab992b398999ce9424a4dd</CONDITION>
  10690. </CONDITIONLIST>
  10691. <OPERATOR>AND</OPERATOR>
  10692. <THREATLEVEL>10</THREATLEVEL>
  10693. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10694. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10695. </PROCESSDESCRIPTOR>
  10696. <PROCESSDESCRIPTOR>
  10697. <ID>1172</ID>
  10698. <PROCESSLIST>
  10699. <PROCESS>*</PROCESS>
  10700. <PROCESS>(SURFAX~1.EXE)</PROCESS>
  10701. <PROCESS>(LUWZTYIJ.EXE)</PROCESS>
  10702. </PROCESSLIST>
  10703. <CLSIDLIST>
  10704. </CLSIDLIST>
  10705. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10706. <DEFAULTINSTALLPATHLIST>
  10707. </DEFAULTINSTALLPATHLIST>
  10708. <CATEGORY>ADWARE</CATEGORY>
  10709. <CONDITIONLIST>
  10710. <CONDITION>MD5=850a7e50be74f2ae0bdef4c41d949604</CONDITION>
  10711. </CONDITIONLIST>
  10712. <OPERATOR>AND</OPERATOR>
  10713. <THREATLEVEL>10</THREATLEVEL>
  10714. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10715. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10716. </PROCESSDESCRIPTOR>
  10717. <PROCESSDESCRIPTOR>
  10718. <ID>1173</ID>
  10719. <PROCESSLIST>
  10720. <PROCESS>*</PROCESS>
  10721. <PROCESS>(BIS2.EXE)</PROCESS>
  10722. </PROCESSLIST>
  10723. <CLSIDLIST>
  10724. </CLSIDLIST>
  10725. <SUMMARY>Adware.Lop.Process</SUMMARY>
  10726. <DEFAULTINSTALLPATHLIST>
  10727. </DEFAULTINSTALLPATHLIST>
  10728. <CATEGORY>ADWARE</CATEGORY>
  10729. <CONDITIONLIST>
  10730. <CONDITION>MD5=945937c0c93af47f6ccd34eb2edb60ca</CONDITION>
  10731. </CONDITIONLIST>
  10732. <OPERATOR>AND</OPERATOR>
  10733. <THREATLEVEL>10</THREATLEVEL>
  10734. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10735. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10736. </PROCESSDESCRIPTOR>
  10737. <PROCESSDESCRIPTOR>
  10738. <ID>1174</ID>
  10739. <PROCESSLIST>
  10740. <PROCESS>SETUP.EXE</PROCESS>
  10741. </PROCESSLIST>
  10742. <CLSIDLIST>
  10743. </CLSIDLIST>
  10744. <SUMMARY>Adware.Lop.Installer</SUMMARY>
  10745. <DEFAULTINSTALLPATHLIST>
  10746. </DEFAULTINSTALLPATHLIST>
  10747. <CATEGORY>ADWARE</CATEGORY>
  10748. <CONDITIONLIST>
  10749. <CONDITION>FILELOCATION~c2media</CONDITION>
  10750. </CONDITIONLIST>
  10751. <OPERATOR>AND</OPERATOR>
  10752. <THREATLEVEL>10</THREATLEVEL>
  10753. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10754. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10755. </PROCESSDESCRIPTOR>
  10756. <PROCESSDESCRIPTOR>
  10757. <ID>1175</ID>
  10758. <PROCESSLIST>
  10759. <PROCESS>MCSMSS.EXE</PROCESS>
  10760. </PROCESSLIST>
  10761. <CLSIDLIST>
  10762. </CLSIDLIST>
  10763. <SUMMARY>MCSMSS.EXE HTTP Trojan</SUMMARY>
  10764. <DEFAULTINSTALLPATHLIST>
  10765. </DEFAULTINSTALLPATHLIST>
  10766. <CATEGORY>TROJAN</CATEGORY>
  10767. <CONDITIONLIST>
  10768. <CONDITION>FILELOCATION~system32</CONDITION>
  10769. </CONDITIONLIST>
  10770. <OPERATOR>AND</OPERATOR>
  10771. <THREATLEVEL>10</THREATLEVEL>
  10772. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10773. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10774. </PROCESSDESCRIPTOR>
  10775. <PROCESSDESCRIPTOR>
  10776. <ID>1176</ID>
  10777. <PROCESSLIST>
  10778. <PROCESS>*</PROCESS>
  10779. <PROCESS>(VVJCF.EXE)</PROCESS>
  10780. </PROCESSLIST>
  10781. <CLSIDLIST>
  10782. </CLSIDLIST>
  10783. <SUMMARY>VVJCF.EXE</SUMMARY>
  10784. <DEFAULTINSTALLPATHLIST>
  10785. </DEFAULTINSTALLPATHLIST>
  10786. <CATEGORY>ADWARE</CATEGORY>
  10787. <CONDITIONLIST>
  10788. <CONDITION>MD5=535275aa4e2500702bddb1f2377e1764</CONDITION>
  10789. </CONDITIONLIST>
  10790. <OPERATOR>AND</OPERATOR>
  10791. <THREATLEVEL>10</THREATLEVEL>
  10792. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10793. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10794. </PROCESSDESCRIPTOR>
  10795. <PROCESSDESCRIPTOR>
  10796. <ID>1253</ID>
  10797. <PROCESSLIST>
  10798. <PROCESS>*</PROCESS>
  10799. <PROCESS>LKHI.DLL</PROCESS>
  10800. </PROCESSLIST>
  10801. <CLSIDLIST>
  10802. <CLSID>{7D6C6229-EAB7-47E2-8289-64A367D85D7C}</CLSID>
  10803. </CLSIDLIST>
  10804. <SUMMARY>Unknown BHO (LKHI.DLL)</SUMMARY>
  10805. <DEFAULTINSTALLPATHLIST>
  10806. </DEFAULTINSTALLPATHLIST>
  10807. <CATEGORY>ADWARE</CATEGORY>
  10808. <CONDITIONLIST>
  10809. </CONDITIONLIST>
  10810. <OPERATOR>AND</OPERATOR>
  10811. <THREATLEVEL>10</THREATLEVEL>
  10812. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10813. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10814. </PROCESSDESCRIPTOR>
  10815. <PROCESSDESCRIPTOR>
  10816. <ID>1260</ID>
  10817. <PROCESSLIST>
  10818. <PROCESS>*</PROCESS>
  10819. <PROCESS>KW9OBKRL6I.DLL</PROCESS>
  10820. </PROCESSLIST>
  10821. <CLSIDLIST>
  10822. <CLSID>{CE7C3CF0-4B15-11D1-ABED-709549C10020}</CLSID>
  10823. </CLSIDLIST>
  10824. <SUMMARY>IEHlprObj Class BHO</SUMMARY>
  10825. <DEFAULTINSTALLPATHLIST>
  10826. </DEFAULTINSTALLPATHLIST>
  10827. <CATEGORY>ADWARE</CATEGORY>
  10828. <CONDITIONLIST>
  10829. </CONDITIONLIST>
  10830. <OPERATOR>AND</OPERATOR>
  10831. <THREATLEVEL>10</THREATLEVEL>
  10832. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10833. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10834. </PROCESSDESCRIPTOR>
  10835. <PROCESSDESCRIPTOR>
  10836. <ID>1261</ID>
  10837. <PROCESSLIST>
  10838. <PROCESS>*</PROCESS>
  10839. <PROCESS>WINS32T.DLL</PROCESS>
  10840. </PROCESSLIST>
  10841. <CLSIDLIST>
  10842. <CLSID>{FDE3577A-6254-181C-4E11-339E4F746BD3}</CLSID>
  10843. </CLSIDLIST>
  10844. <SUMMARY>MailTo Class URL Search Hook</SUMMARY>
  10845. <DEFAULTINSTALLPATHLIST>
  10846. </DEFAULTINSTALLPATHLIST>
  10847. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  10848. <CONDITIONLIST>
  10849. </CONDITIONLIST>
  10850. <OPERATOR>AND</OPERATOR>
  10851. <THREATLEVEL>10</THREATLEVEL>
  10852. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10853. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10854. </PROCESSDESCRIPTOR>
  10855. <PROCESSDESCRIPTOR>
  10856. <ID>1262</ID>
  10857. <PROCESSLIST>
  10858. <PROCESS>SCANDS32.EXE</PROCESS>
  10859. </PROCESSLIST>
  10860. <CLSIDLIST>
  10861. </CLSIDLIST>
  10862. <SUMMARY>SCANDS32.EXE</SUMMARY>
  10863. <DEFAULTINSTALLPATHLIST>
  10864. </DEFAULTINSTALLPATHLIST>
  10865. <CATEGORY>ADWARE</CATEGORY>
  10866. <CONDITIONLIST>
  10867. <CONDITION>FILELOCATION~win</CONDITION>
  10868. </CONDITIONLIST>
  10869. <OPERATOR>AND</OPERATOR>
  10870. <THREATLEVEL>10</THREATLEVEL>
  10871. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10872. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10873. </PROCESSDESCRIPTOR>
  10874. <PROCESSDESCRIPTOR>
  10875. <ID>1263</ID>
  10876. <PROCESSLIST>
  10877. <PROCESS>HBHOSTIE.DLL</PROCESS>
  10878. </PROCESSLIST>
  10879. <CLSIDLIST>
  10880. <CLSID>{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}</CLSID>
  10881. <CLSID>{B195B3B3-8A05-11D3-97A4-0004ACA6948E}</CLSID>
  10882. <CLSID>{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}</CLSID>
  10883. </CLSIDLIST>
  10884. <SUMMARY>Adware.HotBar.Explorer Bar</SUMMARY>
  10885. <DEFAULTINSTALLPATHLIST>
  10886. </DEFAULTINSTALLPATHLIST>
  10887. <CATEGORY>ADWARE</CATEGORY>
  10888. <CONDITIONLIST>
  10889. </CONDITIONLIST>
  10890. <OPERATOR>AND</OPERATOR>
  10891. <THREATLEVEL>10</THREATLEVEL>
  10892. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  10893. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  10894. </PROCESSDESCRIPTOR>
  10895. <PROCESSDESCRIPTOR>
  10896. <ID>1264</ID>
  10897. <PROCESSLIST>
  10898. <PROCESS>*</PROCESS>
  10899. <PROCESS>(XHRMY.EXE)</PROCESS>
  10900. </PROCESSLIST>
  10901. <CLSIDLIST>
  10902. </CLSIDLIST>
  10903. <SUMMARY>XHRMY.EXE</SUMMARY>
  10904. <DEFAULTINSTALLPATHLIST>
  10905. </DEFAULTINSTALLPATHLIST>
  10906. <CATEGORY>ADWARE</CATEGORY>
  10907. <CONDITIONLIST>
  10908. <CONDITION>MD5=e58e15f7301e37924ba29d5a20a4c058</CONDITION>
  10909. </CONDITIONLIST>
  10910. <OPERATOR>AND</OPERATOR>
  10911. <THREATLEVEL>10</THREATLEVEL>
  10912. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10913. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10914. </PROCESSDESCRIPTOR>
  10915. <PROCESSDESCRIPTOR>
  10916. <ID>1281</ID>
  10917. <PROCESSLIST>
  10918. <PROCESS>*</PROCESS>
  10919. <PROCESS>WEBDIR.DLL</PROCESS>
  10920. </PROCESSLIST>
  10921. <CLSIDLIST>
  10922. <CLSID>{C003C49F-53E4-4A72-B7D6-0B2B9997392F}</CLSID>
  10923. </CLSIDLIST>
  10924. <SUMMARY>WEBDIR.DLL BHO</SUMMARY>
  10925. <DEFAULTINSTALLPATHLIST>
  10926. </DEFAULTINSTALLPATHLIST>
  10927. <CATEGORY>ADWARE</CATEGORY>
  10928. <CONDITIONLIST>
  10929. </CONDITIONLIST>
  10930. <OPERATOR>AND</OPERATOR>
  10931. <THREATLEVEL>10</THREATLEVEL>
  10932. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10933. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10934. </PROCESSDESCRIPTOR>
  10935. <PROCESSDESCRIPTOR>
  10936. <ID>1280</ID>
  10937. <PROCESSLIST>
  10938. <PROCESS>*</PROCESS>
  10939. <PROCESS>IETLBASS32.DLL</PROCESS>
  10940. <PROCESS>SEHLP.DLL</PROCESS>
  10941. </PROCESSLIST>
  10942. <CLSIDLIST>
  10943. <CLSID>{4C1B116F-2860-46DB-8E6C-B4BFC4DFD683}</CLSID>
  10944. <CLSID>{3BA765C2-08DB-4fe2-9279-311CA10D582A}</CLSID>
  10945. </CLSIDLIST>
  10946. <SUMMARY>AnalyzeIE Module BHO</SUMMARY>
  10947. <DEFAULTINSTALLPATHLIST>
  10948. </DEFAULTINSTALLPATHLIST>
  10949. <CATEGORY>ADWARE</CATEGORY>
  10950. <CONDITIONLIST>
  10951. </CONDITIONLIST>
  10952. <OPERATOR>AND</OPERATOR>
  10953. <THREATLEVEL>10</THREATLEVEL>
  10954. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10955. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10956. </PROCESSDESCRIPTOR>
  10957. <PROCESSDESCRIPTOR>
  10958. <ID>1282</ID>
  10959. <PROCESSLIST>
  10960. <PROCESS>LBBHO.DLL</PROCESS>
  10961. </PROCESSLIST>
  10962. <CLSIDLIST>
  10963. <CLSID>*</CLSID>
  10964. </CLSIDLIST>
  10965. <SUMMARY>LBBHO.DLL BHO</SUMMARY>
  10966. <DEFAULTINSTALLPATHLIST>
  10967. </DEFAULTINSTALLPATHLIST>
  10968. <CATEGORY>ADWARE</CATEGORY>
  10969. <CONDITIONLIST>
  10970. </CONDITIONLIST>
  10971. <OPERATOR>AND</OPERATOR>
  10972. <THREATLEVEL>10</THREATLEVEL>
  10973. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10974. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10975. </PROCESSDESCRIPTOR>
  10976. <PROCESSDESCRIPTOR>
  10977. <ID>1283</ID>
  10978. <PROCESSLIST>
  10979. <PROCESS>*</PROCESS>
  10980. <PROCESS>SMRTSHPR.DLL</PROCESS>
  10981. </PROCESSLIST>
  10982. <CLSIDLIST>
  10983. <CLSID>{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}</CLSID>
  10984. <CLSID>{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}</CLSID>
  10985. </CLSIDLIST>
  10986. <SUMMARY>Adware.HotBar/ShopperReports.BHO</SUMMARY>
  10987. <DEFAULTINSTALLPATHLIST>
  10988. </DEFAULTINSTALLPATHLIST>
  10989. <CATEGORY>ADWARE</CATEGORY>
  10990. <CONDITIONLIST>
  10991. </CONDITIONLIST>
  10992. <OPERATOR>AND</OPERATOR>
  10993. <THREATLEVEL>10</THREATLEVEL>
  10994. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  10995. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  10996. </PROCESSDESCRIPTOR>
  10997. <PROCESSDESCRIPTOR>
  10998. <ID>1285</ID>
  10999. <PROCESSLIST>
  11000. <PROCESS>SUPLOADS.EXE</PROCESS>
  11001. </PROCESSLIST>
  11002. <CLSIDLIST>
  11003. </CLSIDLIST>
  11004. <SUMMARY>Suploads/Trin Downloader</SUMMARY>
  11005. <DEFAULTINSTALLPATHLIST>
  11006. </DEFAULTINSTALLPATHLIST>
  11007. <CATEGORY>ADWARE</CATEGORY>
  11008. <CONDITIONLIST>
  11009. </CONDITIONLIST>
  11010. <OPERATOR>AND</OPERATOR>
  11011. <THREATLEVEL>10</THREATLEVEL>
  11012. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11013. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11014. </PROCESSDESCRIPTOR>
  11015. <PROCESSDESCRIPTOR>
  11016. <ID>1303</ID>
  11017. <PROCESSLIST>
  11018. <PROCESS>*</PROCESS>
  11019. <PROCESS>FKAN.DLL</PROCESS>
  11020. </PROCESSLIST>
  11021. <CLSIDLIST>
  11022. <CLSID>{F933FAA4-30B1-4B32-9FE0-46C25FE627F4}</CLSID>
  11023. </CLSIDLIST>
  11024. <SUMMARY>Unknown BHO (FKAN.DLL)</SUMMARY>
  11025. <DEFAULTINSTALLPATHLIST>
  11026. </DEFAULTINSTALLPATHLIST>
  11027. <CATEGORY>ADWARE</CATEGORY>
  11028. <CONDITIONLIST>
  11029. </CONDITIONLIST>
  11030. <OPERATOR>AND</OPERATOR>
  11031. <THREATLEVEL>10</THREATLEVEL>
  11032. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11033. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11034. </PROCESSDESCRIPTOR>
  11035. <PROCESSDESCRIPTOR>
  11036. <ID>1323</ID>
  11037. <PROCESSLIST>
  11038. <PROCESS>BUDDY.EXE</PROCESS>
  11039. </PROCESSLIST>
  11040. <CLSIDLIST>
  11041. </CLSIDLIST>
  11042. <SUMMARY>BUDDY.EXE</SUMMARY>
  11043. <DEFAULTINSTALLPATHLIST>
  11044. </DEFAULTINSTALLPATHLIST>
  11045. <CATEGORY>ADWARE</CATEGORY>
  11046. <CONDITIONLIST>
  11047. <CONDITION>COMPANYNAME~Direct Revenue</CONDITION>
  11048. </CONDITIONLIST>
  11049. <OPERATOR>AND</OPERATOR>
  11050. <THREATLEVEL>10</THREATLEVEL>
  11051. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11052. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11053. </PROCESSDESCRIPTOR>
  11054. <PROCESSDESCRIPTOR>
  11055. <ID>1329</ID>
  11056. <PROCESSLIST>
  11057. <PROCESS>*</PROCESS>
  11058. <PROCESS>(OQSZXN.EXE)</PROCESS>
  11059. </PROCESSLIST>
  11060. <CLSIDLIST>
  11061. </CLSIDLIST>
  11062. <SUMMARY>OQSZXN.EXE</SUMMARY>
  11063. <DEFAULTINSTALLPATHLIST>
  11064. </DEFAULTINSTALLPATHLIST>
  11065. <CATEGORY>ADWARE</CATEGORY>
  11066. <CONDITIONLIST>
  11067. <CONDITION>MD5=5f758aad9a59235bbc9f2517801c359d</CONDITION>
  11068. </CONDITIONLIST>
  11069. <OPERATOR>AND</OPERATOR>
  11070. <THREATLEVEL>10</THREATLEVEL>
  11071. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11072. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11073. </PROCESSDESCRIPTOR>
  11074. <PROCESSDESCRIPTOR>
  11075. <ID>1331</ID>
  11076. <PROCESSLIST>
  11077. <PROCESS>*</PROCESS>
  11078. <PROCESS>(BODYELSE.EXE)</PROCESS>
  11079. </PROCESSLIST>
  11080. <CLSIDLIST>
  11081. </CLSIDLIST>
  11082. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11083. <DEFAULTINSTALLPATHLIST>
  11084. </DEFAULTINSTALLPATHLIST>
  11085. <CATEGORY>ADWARE</CATEGORY>
  11086. <CONDITIONLIST>
  11087. <CONDITION>MD5=4f8866ab2fec2a30404590949b2d7c79</CONDITION>
  11088. </CONDITIONLIST>
  11089. <OPERATOR>AND</OPERATOR>
  11090. <THREATLEVEL>10</THREATLEVEL>
  11091. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11092. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11093. </PROCESSDESCRIPTOR>
  11094. <PROCESSDESCRIPTOR>
  11095. <ID>1332</ID>
  11096. <PROCESSLIST>
  11097. <PROCESS>*</PROCESS>
  11098. <PROCESS>(TEST BOWS ONCE.EXE)</PROCESS>
  11099. </PROCESSLIST>
  11100. <CLSIDLIST>
  11101. </CLSIDLIST>
  11102. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11103. <DEFAULTINSTALLPATHLIST>
  11104. </DEFAULTINSTALLPATHLIST>
  11105. <CATEGORY>ADWARE</CATEGORY>
  11106. <CONDITIONLIST>
  11107. <CONDITION>MD5=1df14d12e18b2af34344a73ec522bda5</CONDITION>
  11108. </CONDITIONLIST>
  11109. <OPERATOR>AND</OPERATOR>
  11110. <THREATLEVEL>10</THREATLEVEL>
  11111. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11112. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11113. </PROCESSDESCRIPTOR>
  11114. <PROCESSDESCRIPTOR>
  11115. <ID>1333</ID>
  11116. <PROCESSLIST>
  11117. <PROCESS>*</PROCESS>
  11118. <PROCESS>(THEVGA.EXE)</PROCESS>
  11119. </PROCESSLIST>
  11120. <CLSIDLIST>
  11121. </CLSIDLIST>
  11122. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11123. <DEFAULTINSTALLPATHLIST>
  11124. </DEFAULTINSTALLPATHLIST>
  11125. <CATEGORY>ADWARE</CATEGORY>
  11126. <CONDITIONLIST>
  11127. <CONDITION>MD5=6bbef457685169aff634edc8c909f9da</CONDITION>
  11128. </CONDITIONLIST>
  11129. <OPERATOR>AND</OPERATOR>
  11130. <THREATLEVEL>10</THREATLEVEL>
  11131. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11132. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11133. </PROCESSDESCRIPTOR>
  11134. <PROCESSDESCRIPTOR>
  11135. <ID>1335</ID>
  11136. <PROCESSLIST>
  11137. <PROCESS>*</PROCESS>
  11138. <PROCESS>(MULTIEXIT.EXE)</PROCESS>
  11139. </PROCESSLIST>
  11140. <CLSIDLIST>
  11141. </CLSIDLIST>
  11142. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11143. <DEFAULTINSTALLPATHLIST>
  11144. </DEFAULTINSTALLPATHLIST>
  11145. <CATEGORY>ADWARE</CATEGORY>
  11146. <CONDITIONLIST>
  11147. <CONDITION>MD5=3cea07a9197bf68f42118058725a0f4f</CONDITION>
  11148. </CONDITIONLIST>
  11149. <OPERATOR>AND</OPERATOR>
  11150. <THREATLEVEL>10</THREATLEVEL>
  11151. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11152. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11153. </PROCESSDESCRIPTOR>
  11154. <PROCESSDESCRIPTOR>
  11155. <ID>1339</ID>
  11156. <PROCESSLIST>
  11157. <PROCESS>LOOUD.EXE</PROCESS>
  11158. <PROCESS>UN1OAD.EXE</PROCESS>
  11159. </PROCESSLIST>
  11160. <CLSIDLIST>
  11161. </CLSIDLIST>
  11162. <SUMMARY>Win SSV Virus</SUMMARY>
  11163. <DEFAULTINSTALLPATHLIST>
  11164. </DEFAULTINSTALLPATHLIST>
  11165. <CATEGORY>VIRUS</CATEGORY>
  11166. <CONDITIONLIST>
  11167. </CONDITIONLIST>
  11168. <OPERATOR>AND</OPERATOR>
  11169. <THREATLEVEL>10</THREATLEVEL>
  11170. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11171. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11172. </PROCESSDESCRIPTOR>
  11173. <PROCESSDESCRIPTOR>
  11174. <ID>1344</ID>
  11175. <PROCESSLIST>
  11176. <PROCESS>*</PROCESS>
  11177. <PROCESS>(PSQWIZPK.EXE)</PROCESS>
  11178. </PROCESSLIST>
  11179. <CLSIDLIST>
  11180. </CLSIDLIST>
  11181. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11182. <DEFAULTINSTALLPATHLIST>
  11183. </DEFAULTINSTALLPATHLIST>
  11184. <CATEGORY>ADWARE</CATEGORY>
  11185. <CONDITIONLIST>
  11186. <CONDITION>MD5=6bbef457685169aff634edc8c909f9da</CONDITION>
  11187. </CONDITIONLIST>
  11188. <OPERATOR>AND</OPERATOR>
  11189. <THREATLEVEL>10</THREATLEVEL>
  11190. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11191. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11192. </PROCESSDESCRIPTOR>
  11193. <PROCESSDESCRIPTOR>
  11194. <ID>1351</ID>
  11195. <PROCESSLIST>
  11196. <PROCESS>*</PROCESS>
  11197. <PROCESS>ELITESIDEBAR VERSION 8.DLL</PROCESS>
  11198. </PROCESSLIST>
  11199. <CLSIDLIST>
  11200. <CLSID>{BE8D0059-D24D-4919-B76F-99F4A2203647}</CLSID>
  11201. </CLSIDLIST>
  11202. <SUMMARY>Elite SideBar Explorer Bar</SUMMARY>
  11203. <DEFAULTINSTALLPATHLIST>
  11204. </DEFAULTINSTALLPATHLIST>
  11205. <CATEGORY>ADWARE</CATEGORY>
  11206. <CONDITIONLIST>
  11207. </CONDITIONLIST>
  11208. <OPERATOR>AND</OPERATOR>
  11209. <THREATLEVEL>10</THREATLEVEL>
  11210. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11211. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11212. </PROCESSDESCRIPTOR>
  11213. <PROCESSDESCRIPTOR>
  11214. <ID>1360</ID>
  11215. <PROCESSLIST>
  11216. <PROCESS>*</PROCESS>
  11217. <PROCESS>_SUPERBAR.DLL</PROCESS>
  11218. <PROCESS>SUPERBAR.DLL</PROCESS>
  11219. </PROCESSLIST>
  11220. <CLSIDLIST>
  11221. <CLSID>{C53AA48A-AD2B-473B-B1C8-63FE5C2D39CA}</CLSID>
  11222. <CLSID>{23D464EE-9CCC-4ABE-B289-848042A9BD6C}</CLSID>
  11223. <CLSID>{41B1E420-62B8-4622-AFDD-568329D7BF18}</CLSID>
  11224. <CLSID>{6C41218D-4F8E-46E0-B478-6A8A807EDCB2}</CLSID>
  11225. <CLSID>{579B4F0C-BBE7-4F17-AD98-EB6D2E3B7EA0}</CLSID>
  11226. <CLSID>{AB66367A-0822-4204-A5DB-A255C24E5BC1}</CLSID>
  11227. <CLSID>{65557742-ABE3-4659-8049-5C6C7A3EA2E3}</CLSID>
  11228. </CLSIDLIST>
  11229. <SUMMARY>Adware.SuperBar.Toolbar</SUMMARY>
  11230. <DEFAULTINSTALLPATHLIST>
  11231. </DEFAULTINSTALLPATHLIST>
  11232. <CATEGORY>ADWARE</CATEGORY>
  11233. <CONDITIONLIST>
  11234. </CONDITIONLIST>
  11235. <OPERATOR>AND</OPERATOR>
  11236. <THREATLEVEL>10</THREATLEVEL>
  11237. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11238. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11239. </PROCESSDESCRIPTOR>
  11240. <PROCESSDESCRIPTOR>
  11241. <ID>1367</ID>
  11242. <PROCESSLIST>
  11243. <PROCESS>*</PROCESS>
  11244. <PROCESS>(ADMIN VC.EXE)</PROCESS>
  11245. <PROCESS>(ADMINV~1.EXE)</PROCESS>
  11246. </PROCESSLIST>
  11247. <CLSIDLIST>
  11248. </CLSIDLIST>
  11249. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11250. <DEFAULTINSTALLPATHLIST>
  11251. </DEFAULTINSTALLPATHLIST>
  11252. <CATEGORY>ADWARE</CATEGORY>
  11253. <CONDITIONLIST>
  11254. <CONDITION>MD5=94a90ba71417dca1b1ef96f1fb191f9a</CONDITION>
  11255. </CONDITIONLIST>
  11256. <OPERATOR>AND</OPERATOR>
  11257. <THREATLEVEL>10</THREATLEVEL>
  11258. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11259. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11260. </PROCESSDESCRIPTOR>
  11261. <PROCESSDESCRIPTOR>
  11262. <ID>1368</ID>
  11263. <PROCESSLIST>
  11264. <PROCESS>*</PROCESS>
  11265. <PROCESS>(MP3CITYGPL.EXE)</PROCESS>
  11266. </PROCESSLIST>
  11267. <CLSIDLIST>
  11268. </CLSIDLIST>
  11269. <SUMMARY>Adware.Lop.Process</SUMMARY>
  11270. <DEFAULTINSTALLPATHLIST>
  11271. </DEFAULTINSTALLPATHLIST>
  11272. <CATEGORY>ADWARE</CATEGORY>
  11273. <CONDITIONLIST>
  11274. <CONDITION>MD5=57edf83a8d34606995248fd92270105f</CONDITION>
  11275. </CONDITIONLIST>
  11276. <OPERATOR>AND</OPERATOR>
  11277. <THREATLEVEL>10</THREATLEVEL>
  11278. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11279. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11280. </PROCESSDESCRIPTOR>
  11281. <PROCESSDESCRIPTOR>
  11282. <ID>1382</ID>
  11283. <PROCESSLIST>
  11284. <PROCESS>*</PROCESS>
  11285. <PROCESS>(KALVRVU32.EXE)</PROCESS>
  11286. </PROCESSLIST>
  11287. <CLSIDLIST>
  11288. </CLSIDLIST>
  11289. <SUMMARY>Kalvsys (KALVRVU32.EXE)</SUMMARY>
  11290. <DEFAULTINSTALLPATHLIST>
  11291. </DEFAULTINSTALLPATHLIST>
  11292. <CATEGORY>ADWARE</CATEGORY>
  11293. <CONDITIONLIST>
  11294. <CONDITION>MD5=dd7f32d8545bc0aa60c456b6730d6700</CONDITION>
  11295. </CONDITIONLIST>
  11296. <OPERATOR>AND</OPERATOR>
  11297. <THREATLEVEL>10</THREATLEVEL>
  11298. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11299. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11300. </PROCESSDESCRIPTOR>
  11301. <PROCESSDESCRIPTOR>
  11302. <ID>1467</ID>
  11303. <PROCESSLIST>
  11304. <PROCESS>MMUPS.EXE</PROCESS>
  11305. </PROCESSLIST>
  11306. <CLSIDLIST>
  11307. </CLSIDLIST>
  11308. <SUMMARY>Mmups/Trin Downloader</SUMMARY>
  11309. <DEFAULTINSTALLPATHLIST>
  11310. </DEFAULTINSTALLPATHLIST>
  11311. <CATEGORY>ADWARE</CATEGORY>
  11312. <CONDITIONLIST>
  11313. <CONDITION>COMPANYNAME~trin</CONDITION>
  11314. </CONDITIONLIST>
  11315. <OPERATOR>AND</OPERATOR>
  11316. <THREATLEVEL>10</THREATLEVEL>
  11317. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11318. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11319. </PROCESSDESCRIPTOR>
  11320. <PROCESSDESCRIPTOR>
  11321. <ID>1471</ID>
  11322. <PROCESSLIST>
  11323. <PROCESS>*</PROCESS>
  11324. <PROCESS>(9A718.EXE)</PROCESS>
  11325. <PROCESS>(E76A7.EXE)</PROCESS>
  11326. </PROCESSLIST>
  11327. <CLSIDLIST>
  11328. </CLSIDLIST>
  11329. <SUMMARY>Random name adware process</SUMMARY>
  11330. <DEFAULTINSTALLPATHLIST>
  11331. </DEFAULTINSTALLPATHLIST>
  11332. <CATEGORY>ADWARE</CATEGORY>
  11333. <CONDITIONLIST>
  11334. <CONDITION>MD5=474cad8bd8ddd1b88c24b2e152cd0ded</CONDITION>
  11335. </CONDITIONLIST>
  11336. <OPERATOR>AND</OPERATOR>
  11337. <THREATLEVEL>10</THREATLEVEL>
  11338. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11339. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11340. </PROCESSDESCRIPTOR>
  11341. <PROCESSDESCRIPTOR>
  11342. <ID>1472</ID>
  11343. <PROCESSLIST>
  11344. <PROCESS>*</PROCESS>
  11345. <PROCESS>(QHSR.EXE)</PROCESS>
  11346. </PROCESSLIST>
  11347. <CLSIDLIST>
  11348. </CLSIDLIST>
  11349. <SUMMARY>Random name adware process</SUMMARY>
  11350. <DEFAULTINSTALLPATHLIST>
  11351. </DEFAULTINSTALLPATHLIST>
  11352. <CATEGORY>ADWARE</CATEGORY>
  11353. <CONDITIONLIST>
  11354. <CONDITION>MD5=22efea56e1c5c005603abc511eb77756</CONDITION>
  11355. </CONDITIONLIST>
  11356. <OPERATOR>AND</OPERATOR>
  11357. <THREATLEVEL>10</THREATLEVEL>
  11358. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11359. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11360. </PROCESSDESCRIPTOR>
  11361. <PROCESSDESCRIPTOR>
  11362. <ID>1480</ID>
  11363. <PROCESSLIST>
  11364. <PROCESS>MMWORK.EXE</PROCESS>
  11365. </PROCESSLIST>
  11366. <CLSIDLIST>
  11367. </CLSIDLIST>
  11368. <SUMMARY>Media-Motor Installer/Process</SUMMARY>
  11369. <DEFAULTINSTALLPATHLIST>
  11370. </DEFAULTINSTALLPATHLIST>
  11371. <CATEGORY>ADWARE</CATEGORY>
  11372. <CONDITIONLIST>
  11373. <CONDITION>COMPANYNAME~df</CONDITION>
  11374. </CONDITIONLIST>
  11375. <OPERATOR>AND</OPERATOR>
  11376. <THREATLEVEL>10</THREATLEVEL>
  11377. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11378. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11379. </PROCESSDESCRIPTOR>
  11380. <PROCESSDESCRIPTOR>
  11381. <ID>1487</ID>
  11382. <PROCESSLIST>
  11383. <PROCESS>*</PROCESS>
  11384. <PROCESS>(SPOOLSV.EXE)</PROCESS>
  11385. <PROCESS>(OOLSV~1.EXE)</PROCESS>
  11386. </PROCESSLIST>
  11387. <CLSIDLIST>
  11388. </CLSIDLIST>
  11389. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  11390. <DEFAULTINSTALLPATHLIST>
  11391. </DEFAULTINSTALLPATHLIST>
  11392. <CATEGORY>ADWARE</CATEGORY>
  11393. <CONDITIONLIST>
  11394. <CONDITION>MD5=3d43bc669b328f8e6e1e3c4ae0aa0630</CONDITION>
  11395. </CONDITIONLIST>
  11396. <OPERATOR>AND</OPERATOR>
  11397. <THREATLEVEL>10</THREATLEVEL>
  11398. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11399. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11400. </PROCESSDESCRIPTOR>
  11401. <PROCESSDESCRIPTOR>
  11402. <ID>1488</ID>
  11403. <PROCESSLIST>
  11404. <PROCESS>*</PROCESS>
  11405. <PROCESS>FXT.DLL</PROCESS>
  11406. </PROCESSLIST>
  11407. <CLSIDLIST>
  11408. <CLSID>{3180A9B6-4720-1ED3-0233-3D3658EBFC93}</CLSID>
  11409. </CLSIDLIST>
  11410. <SUMMARY>Unknown BHO (FXT.DLL)</SUMMARY>
  11411. <DEFAULTINSTALLPATHLIST>
  11412. </DEFAULTINSTALLPATHLIST>
  11413. <CATEGORY>ADWARE</CATEGORY>
  11414. <CONDITIONLIST>
  11415. </CONDITIONLIST>
  11416. <OPERATOR>AND</OPERATOR>
  11417. <THREATLEVEL>10</THREATLEVEL>
  11418. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11419. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11420. </PROCESSDESCRIPTOR>
  11421. <PROCESSDESCRIPTOR>
  11422. <ID>1489</ID>
  11423. <PROCESSLIST>
  11424. <PROCESS>*</PROCESS>
  11425. <PROCESS>(APEV.EXE)</PROCESS>
  11426. </PROCESSLIST>
  11427. <CLSIDLIST>
  11428. </CLSIDLIST>
  11429. <SUMMARY>Web Offer Module</SUMMARY>
  11430. <DEFAULTINSTALLPATHLIST>
  11431. </DEFAULTINSTALLPATHLIST>
  11432. <CATEGORY>ADWARE</CATEGORY>
  11433. <CONDITIONLIST>
  11434. <CONDITION>FILEDESCRIPTION~Web Offer</CONDITION>
  11435. </CONDITIONLIST>
  11436. <OPERATOR>AND</OPERATOR>
  11437. <THREATLEVEL>10</THREATLEVEL>
  11438. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11439. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11440. </PROCESSDESCRIPTOR>
  11441. <PROCESSDESCRIPTOR>
  11442. <ID>1490</ID>
  11443. <PROCESSLIST>
  11444. <PROCESS>*</PROCESS>
  11445. <PROCESS>(NIUT.EXE)</PROCESS>
  11446. </PROCESSLIST>
  11447. <CLSIDLIST>
  11448. </CLSIDLIST>
  11449. <SUMMARY>Random name adware process</SUMMARY>
  11450. <DEFAULTINSTALLPATHLIST>
  11451. </DEFAULTINSTALLPATHLIST>
  11452. <CATEGORY>ADWARE</CATEGORY>
  11453. <CONDITIONLIST>
  11454. <CONDITION>MD5=d068ef434338431622fa387eaa2681d7</CONDITION>
  11455. </CONDITIONLIST>
  11456. <OPERATOR>AND</OPERATOR>
  11457. <THREATLEVEL>10</THREATLEVEL>
  11458. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11459. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11460. </PROCESSDESCRIPTOR>
  11461. <PROCESSDESCRIPTOR>
  11462. <ID>1547</ID>
  11463. <PROCESSLIST>
  11464. <PROCESS>*</PROCESS>
  11465. <PROCESS>TOOLBAR.DLL</PROCESS>
  11466. </PROCESSLIST>
  11467. <CLSIDLIST>
  11468. <CLSID>{12F02779-6D88-4958-8AD3-83C12D86ADC7}</CLSID>
  11469. </CLSIDLIST>
  11470. <SUMMARY>411Ferret Toolbar</SUMMARY>
  11471. <DEFAULTINSTALLPATHLIST>
  11472. </DEFAULTINSTALLPATHLIST>
  11473. <CATEGORY>ADWARE</CATEGORY>
  11474. <CONDITIONLIST>
  11475. </CONDITIONLIST>
  11476. <OPERATOR>AND</OPERATOR>
  11477. <THREATLEVEL>10</THREATLEVEL>
  11478. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11479. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11480. </PROCESSDESCRIPTOR>
  11481. <PROCESSDESCRIPTOR>
  11482. <ID>1551</ID>
  11483. <PROCESSLIST>
  11484. <PROCESS>WEBCPR0.EXE</PROCESS>
  11485. <PROCESS>WEBCPR1.EXE</PROCESS>
  11486. <PROCESS>WCPRI.EXE</PROCESS>
  11487. <PROCESS>WRGRCI.EXE</PROCESS>
  11488. </PROCESSLIST>
  11489. <CLSIDLIST>
  11490. </CLSIDLIST>
  11491. <SUMMARY>Web_Cpr (WebRebates) Adware</SUMMARY>
  11492. <DEFAULTINSTALLPATHLIST>
  11493. </DEFAULTINSTALLPATHLIST>
  11494. <CATEGORY>ADWARE</CATEGORY>
  11495. <CONDITIONLIST>
  11496. </CONDITIONLIST>
  11497. <OPERATOR>AND</OPERATOR>
  11498. <THREATLEVEL>10</THREATLEVEL>
  11499. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11500. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11501. </PROCESSDESCRIPTOR>
  11502. <PROCESSDESCRIPTOR>
  11503. <ID>1560</ID>
  11504. <PROCESSLIST>
  11505. <PROCESS>WSXSVC.EXE</PROCESS>
  11506. </PROCESSLIST>
  11507. <CLSIDLIST>
  11508. </CLSIDLIST>
  11509. <SUMMARY>Adware.DelFin Project.Process</SUMMARY>
  11510. <DEFAULTINSTALLPATHLIST>
  11511. </DEFAULTINSTALLPATHLIST>
  11512. <CATEGORY>ADWARE</CATEGORY>
  11513. <CONDITIONLIST>
  11514. <CONDITION>FILELOCATION~wsxsvc</CONDITION>
  11515. </CONDITIONLIST>
  11516. <OPERATOR>AND</OPERATOR>
  11517. <THREATLEVEL>10</THREATLEVEL>
  11518. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11519. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11520. </PROCESSDESCRIPTOR>
  11521. <PROCESSDESCRIPTOR>
  11522. <ID>1561</ID>
  11523. <PROCESSLIST>
  11524. <PROCESS>VMSS.EXE</PROCESS>
  11525. </PROCESSLIST>
  11526. <CLSIDLIST>
  11527. </CLSIDLIST>
  11528. <SUMMARY>Adware.DelFin Project.Process</SUMMARY>
  11529. <DEFAULTINSTALLPATHLIST>
  11530. </DEFAULTINSTALLPATHLIST>
  11531. <CATEGORY>ADWARE</CATEGORY>
  11532. <CONDITIONLIST>
  11533. <CONDITION>FILELOCATION~vmss</CONDITION>
  11534. </CONDITIONLIST>
  11535. <OPERATOR>AND</OPERATOR>
  11536. <THREATLEVEL>10</THREATLEVEL>
  11537. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11538. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11539. </PROCESSDESCRIPTOR>
  11540. <PROCESSDESCRIPTOR>
  11541. <ID>1562</ID>
  11542. <PROCESSLIST>
  11543. <PROCESS>*</PROCESS>
  11544. <PROCESS>SAVINGSHOUND.DLL</PROCESS>
  11545. <PROCESS>SAVING~1.DLL</PROCESS>
  11546. </PROCESSLIST>
  11547. <CLSIDLIST>
  11548. <CLSID>{325338F0-AED0-45f6-A0DA-B5B09E6A07ED}</CLSID>
  11549. </CLSIDLIST>
  11550. <SUMMARY>SavingsHound BHO</SUMMARY>
  11551. <DEFAULTINSTALLPATHLIST>
  11552. </DEFAULTINSTALLPATHLIST>
  11553. <CATEGORY>ADWARE</CATEGORY>
  11554. <CONDITIONLIST>
  11555. </CONDITIONLIST>
  11556. <OPERATOR>AND</OPERATOR>
  11557. <THREATLEVEL>10</THREATLEVEL>
  11558. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11559. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11560. </PROCESSDESCRIPTOR>
  11561. <PROCESSDESCRIPTOR>
  11562. <ID>1563</ID>
  11563. <PROCESSLIST>
  11564. <PROCESS>*</PROCESS>
  11565. <PROCESS>(CDOFO.EXE)</PROCESS>
  11566. </PROCESSLIST>
  11567. <CLSIDLIST>
  11568. </CLSIDLIST>
  11569. <SUMMARY>CDOFO.EXE</SUMMARY>
  11570. <DEFAULTINSTALLPATHLIST>
  11571. </DEFAULTINSTALLPATHLIST>
  11572. <CATEGORY>ADWARE</CATEGORY>
  11573. <CONDITIONLIST>
  11574. <CONDITION>MD5=c30b8281c4172fdad9658d2b024ff132</CONDITION>
  11575. </CONDITIONLIST>
  11576. <OPERATOR>AND</OPERATOR>
  11577. <THREATLEVEL>10</THREATLEVEL>
  11578. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11579. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11580. </PROCESSDESCRIPTOR>
  11581. <PROCESSDESCRIPTOR>
  11582. <ID>1564</ID>
  11583. <PROCESSLIST>
  11584. <PROCESS>*</PROCESS>
  11585. <PROCESS>(CIPTPKI.EXE)</PROCESS>
  11586. </PROCESSLIST>
  11587. <CLSIDLIST>
  11588. </CLSIDLIST>
  11589. <SUMMARY>CIPTPKI.EXE</SUMMARY>
  11590. <DEFAULTINSTALLPATHLIST>
  11591. </DEFAULTINSTALLPATHLIST>
  11592. <CATEGORY>ADWARE</CATEGORY>
  11593. <CONDITIONLIST>
  11594. <CONDITION>MD5=843bb3fd07018f3a720987b0856c6cf6</CONDITION>
  11595. </CONDITIONLIST>
  11596. <OPERATOR>AND</OPERATOR>
  11597. <THREATLEVEL>10</THREATLEVEL>
  11598. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11599. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11600. </PROCESSDESCRIPTOR>
  11601. <PROCESSDESCRIPTOR>
  11602. <ID>1565</ID>
  11603. <PROCESSLIST>
  11604. <PROCESS>*</PROCESS>
  11605. <PROCESS>(27.EXE)</PROCESS>
  11606. </PROCESSLIST>
  11607. <CLSIDLIST>
  11608. </CLSIDLIST>
  11609. <SUMMARY>27.EXE</SUMMARY>
  11610. <DEFAULTINSTALLPATHLIST>
  11611. </DEFAULTINSTALLPATHLIST>
  11612. <CATEGORY>ADWARE</CATEGORY>
  11613. <CONDITIONLIST>
  11614. <CONDITION>MD5=fbfc24dd3730d7f95d392ff00e77aea7</CONDITION>
  11615. </CONDITIONLIST>
  11616. <OPERATOR>AND</OPERATOR>
  11617. <THREATLEVEL>10</THREATLEVEL>
  11618. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11619. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11620. </PROCESSDESCRIPTOR>
  11621. <PROCESSDESCRIPTOR>
  11622. <ID>1566</ID>
  11623. <PROCESSLIST>
  11624. <PROCESS>*</PROCESS>
  11625. <PROCESS>(BPT.EXE)</PROCESS>
  11626. </PROCESSLIST>
  11627. <CLSIDLIST>
  11628. </CLSIDLIST>
  11629. <SUMMARY>Adware.BroadcastPC.Process</SUMMARY>
  11630. <DEFAULTINSTALLPATHLIST>
  11631. </DEFAULTINSTALLPATHLIST>
  11632. <CATEGORY>ADWARE</CATEGORY>
  11633. <CONDITIONLIST>
  11634. <CONDITION>MD5=ac429a4718a041a42f3f7d1978694192</CONDITION>
  11635. </CONDITIONLIST>
  11636. <OPERATOR>AND</OPERATOR>
  11637. <THREATLEVEL>10</THREATLEVEL>
  11638. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11639. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11640. </PROCESSDESCRIPTOR>
  11641. <PROCESSDESCRIPTOR>
  11642. <ID>1581</ID>
  11643. <PROCESSLIST>
  11644. <PROCESS>*</PROCESS>
  11645. <PROCESS>CERES.DLL</PROCESS>
  11646. </PROCESSLIST>
  11647. <CLSIDLIST>
  11648. <CLSID>{00000049-8F91-4D9C-9573-F016E7626484}</CLSID>
  11649. </CLSIDLIST>
  11650. <SUMMARY>Adware.BetterInternet.BHO</SUMMARY>
  11651. <DEFAULTINSTALLPATHLIST>
  11652. </DEFAULTINSTALLPATHLIST>
  11653. <CATEGORY>ADWARE</CATEGORY>
  11654. <CONDITIONLIST>
  11655. </CONDITIONLIST>
  11656. <OPERATOR>AND</OPERATOR>
  11657. <THREATLEVEL>10</THREATLEVEL>
  11658. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11659. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11660. </PROCESSDESCRIPTOR>
  11661. <PROCESSDESCRIPTOR>
  11662. <ID>1582</ID>
  11663. <PROCESSLIST>
  11664. <PROCESS>*</PROCESS>
  11665. <PROCESS>QUESTMOD.DLL</PROCESS>
  11666. </PROCESSLIST>
  11667. <CLSIDLIST>
  11668. <CLSID>{7B55BB05-0B4D-44fd-81A6-B136188F5DEB}</CLSID>
  11669. </CLSIDLIST>
  11670. <SUMMARY>Adware.Sa BHO</SUMMARY>
  11671. <DEFAULTINSTALLPATHLIST>
  11672. </DEFAULTINSTALLPATHLIST>
  11673. <CATEGORY>ADWARE</CATEGORY>
  11674. <CONDITIONLIST>
  11675. </CONDITIONLIST>
  11676. <OPERATOR>AND</OPERATOR>
  11677. <THREATLEVEL>10</THREATLEVEL>
  11678. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11679. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11680. </PROCESSDESCRIPTOR>
  11681. <PROCESSDESCRIPTOR>
  11682. <ID>1583</ID>
  11683. <PROCESSLIST>
  11684. <PROCESS>BUDDY.EXE</PROCESS>
  11685. </PROCESSLIST>
  11686. <CLSIDLIST>
  11687. </CLSIDLIST>
  11688. <SUMMARY>BUDDY.EXE</SUMMARY>
  11689. <DEFAULTINSTALLPATHLIST>
  11690. </DEFAULTINSTALLPATHLIST>
  11691. <CATEGORY>ADWARE</CATEGORY>
  11692. <CONDITIONLIST>
  11693. <CONDITION>COMMANDLINE~Ceres</CONDITION>
  11694. </CONDITIONLIST>
  11695. <OPERATOR>AND</OPERATOR>
  11696. <THREATLEVEL>10</THREATLEVEL>
  11697. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11698. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11699. </PROCESSDESCRIPTOR>
  11700. <PROCESSDESCRIPTOR>
  11701. <ID>1584</ID>
  11702. <PROCESSLIST>
  11703. <PROCESS>BMULALME.EXE</PROCESS>
  11704. </PROCESSLIST>
  11705. <CLSIDLIST>
  11706. </CLSIDLIST>
  11707. <SUMMARY>BMULALME.EXE</SUMMARY>
  11708. <DEFAULTINSTALLPATHLIST>
  11709. </DEFAULTINSTALLPATHLIST>
  11710. <CATEGORY>ADWARE</CATEGORY>
  11711. <CONDITIONLIST>
  11712. <CONDITION>FILELOCATION~System32</CONDITION>
  11713. </CONDITIONLIST>
  11714. <OPERATOR>AND</OPERATOR>
  11715. <THREATLEVEL>10</THREATLEVEL>
  11716. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11717. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11718. </PROCESSDESCRIPTOR>
  11719. <PROCESSDESCRIPTOR>
  11720. <ID>1585</ID>
  11721. <PROCESSLIST>
  11722. <PROCESS>*</PROCESS>
  11723. <PROCESS>(MSHTA.EXE)</PROCESS>
  11724. <PROCESS>(MHTA~1.EXE)</PROCESS>
  11725. </PROCESSLIST>
  11726. <CLSIDLIST>
  11727. </CLSIDLIST>
  11728. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  11729. <DEFAULTINSTALLPATHLIST>
  11730. </DEFAULTINSTALLPATHLIST>
  11731. <CATEGORY>ADWARE</CATEGORY>
  11732. <CONDITIONLIST>
  11733. <CONDITION>MD5=ce46039fc89d7c4a355789cb0e5aa9c5</CONDITION>
  11734. </CONDITIONLIST>
  11735. <OPERATOR>AND</OPERATOR>
  11736. <THREATLEVEL>10</THREATLEVEL>
  11737. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11738. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11739. </PROCESSDESCRIPTOR>
  11740. <PROCESSDESCRIPTOR>
  11741. <ID>1586</ID>
  11742. <PROCESSLIST>
  11743. <PROCESS>*</PROCESS>
  11744. <PROCESS>MIKSID.DAT</PROCESS>
  11745. </PROCESSLIST>
  11746. <CLSIDLIST>
  11747. <CLSID>{60112085-E1CE-4e0e-823A-EBB1AD98804C}</CLSID>
  11748. </CLSIDLIST>
  11749. <SUMMARY>VMHook.dll BHO</SUMMARY>
  11750. <DEFAULTINSTALLPATHLIST>
  11751. </DEFAULTINSTALLPATHLIST>
  11752. <CATEGORY>ADWARE</CATEGORY>
  11753. <CONDITIONLIST>
  11754. </CONDITIONLIST>
  11755. <OPERATOR>AND</OPERATOR>
  11756. <THREATLEVEL>10</THREATLEVEL>
  11757. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11758. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11759. </PROCESSDESCRIPTOR>
  11760. <PROCESSDESCRIPTOR>
  11761. <ID>1587</ID>
  11762. <PROCESSLIST>
  11763. <PROCESS>*</PROCESS>
  11764. <PROCESS>ZSERV.DLL</PROCESS>
  11765. </PROCESSLIST>
  11766. <CLSIDLIST>
  11767. <CLSID>{00000000-C1EC-0345-6EC2-4D0300000000}</CLSID>
  11768. </CLSIDLIST>
  11769. <SUMMARY>ZSERV.DLL BHO</SUMMARY>
  11770. <DEFAULTINSTALLPATHLIST>
  11771. </DEFAULTINSTALLPATHLIST>
  11772. <CATEGORY>ADWARE</CATEGORY>
  11773. <CONDITIONLIST>
  11774. </CONDITIONLIST>
  11775. <OPERATOR>AND</OPERATOR>
  11776. <THREATLEVEL>10</THREATLEVEL>
  11777. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11778. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11779. </PROCESSDESCRIPTOR>
  11780. <PROCESSDESCRIPTOR>
  11781. <ID>1590</ID>
  11782. <PROCESSLIST>
  11783. <PROCESS>WJVIEW.EXE</PROCESS>
  11784. </PROCESSLIST>
  11785. <CLSIDLIST>
  11786. </CLSIDLIST>
  11787. <SUMMARY>EbatesMoeMoneyMaker</SUMMARY>
  11788. <DEFAULTINSTALLPATHLIST>
  11789. </DEFAULTINSTALLPATHLIST>
  11790. <CATEGORY>ADWARE</CATEGORY>
  11791. <CONDITIONLIST>
  11792. <CONDITION>COMMANDLINE~EbatesMoeMoneyMaker</CONDITION>
  11793. </CONDITIONLIST>
  11794. <OPERATOR>AND</OPERATOR>
  11795. <THREATLEVEL>10</THREATLEVEL>
  11796. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11797. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11798. </PROCESSDESCRIPTOR>
  11799. <PROCESSDESCRIPTOR>
  11800. <ID>1591</ID>
  11801. <PROCESSLIST>
  11802. <PROCESS>*</PROCESS>
  11803. <PROCESS>(SVCHEST.EXE)</PROCESS>
  11804. </PROCESSLIST>
  11805. <CLSIDLIST>
  11806. </CLSIDLIST>
  11807. <SUMMARY>SVCHEST.EXE</SUMMARY>
  11808. <DEFAULTINSTALLPATHLIST>
  11809. </DEFAULTINSTALLPATHLIST>
  11810. <CATEGORY>ADWARE</CATEGORY>
  11811. <CONDITIONLIST>
  11812. <CONDITION>MD5=204e849b57cf229dc3ac6e5e8b3c72aa</CONDITION>
  11813. </CONDITIONLIST>
  11814. <OPERATOR>AND</OPERATOR>
  11815. <THREATLEVEL>10</THREATLEVEL>
  11816. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11817. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11818. </PROCESSDESCRIPTOR>
  11819. <PROCESSDESCRIPTOR>
  11820. <ID>1592</ID>
  11821. <PROCESSLIST>
  11822. <PROCESS>*</PROCESS>
  11823. <PROCESS>(GXGR.EXE)</PROCESS>
  11824. </PROCESSLIST>
  11825. <CLSIDLIST>
  11826. </CLSIDLIST>
  11827. <SUMMARY>GXGR.EXE</SUMMARY>
  11828. <DEFAULTINSTALLPATHLIST>
  11829. </DEFAULTINSTALLPATHLIST>
  11830. <CATEGORY>ADWARE</CATEGORY>
  11831. <CONDITIONLIST>
  11832. <CONDITION>MD5=e9b955382b9a6f32d3566752eaa4838d</CONDITION>
  11833. </CONDITIONLIST>
  11834. <OPERATOR>AND</OPERATOR>
  11835. <THREATLEVEL>10</THREATLEVEL>
  11836. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11837. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11838. </PROCESSDESCRIPTOR>
  11839. <PROCESSDESCRIPTOR>
  11840. <ID>1593</ID>
  11841. <PROCESSLIST>
  11842. <PROCESS>*</PROCESS>
  11843. <PROCESS>(DKL49.EXE)</PROCESS>
  11844. </PROCESSLIST>
  11845. <CLSIDLIST>
  11846. </CLSIDLIST>
  11847. <SUMMARY>DKL49.EXE</SUMMARY>
  11848. <DEFAULTINSTALLPATHLIST>
  11849. </DEFAULTINSTALLPATHLIST>
  11850. <CATEGORY>ADWARE</CATEGORY>
  11851. <CONDITIONLIST>
  11852. <CONDITION>MD5=6457f8fc0ca474d90c851df79223afec</CONDITION>
  11853. </CONDITIONLIST>
  11854. <OPERATOR>AND</OPERATOR>
  11855. <THREATLEVEL>10</THREATLEVEL>
  11856. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11857. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11858. </PROCESSDESCRIPTOR>
  11859. <PROCESSDESCRIPTOR>
  11860. <ID>1594</ID>
  11861. <PROCESSLIST>
  11862. <PROCESS>*</PROCESS>
  11863. <PROCESS>(WINSPOOL.EXE)</PROCESS>
  11864. <PROCESS>(WNSPOO~1.EXE)</PROCESS>
  11865. </PROCESSLIST>
  11866. <CLSIDLIST>
  11867. </CLSIDLIST>
  11868. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  11869. <DEFAULTINSTALLPATHLIST>
  11870. </DEFAULTINSTALLPATHLIST>
  11871. <CATEGORY>ADWARE</CATEGORY>
  11872. <CONDITIONLIST>
  11873. <CONDITION>MD5=253c3938eeb6e8bfe0475368d751e72d</CONDITION>
  11874. <CONDITION>MD5=51A509EB0149F6564BF49F10CBF4BCF6</CONDITION>
  11875. </CONDITIONLIST>
  11876. <OPERATOR>OR</OPERATOR>
  11877. <THREATLEVEL>10</THREATLEVEL>
  11878. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11879. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11880. </PROCESSDESCRIPTOR>
  11881. <PROCESSDESCRIPTOR>
  11882. <ID>1595</ID>
  11883. <PROCESSLIST>
  11884. <PROCESS>*</PROCESS>
  11885. <PROCESS>WER1316.DLL</PROCESS>
  11886. </PROCESSLIST>
  11887. <CLSIDLIST>
  11888. <CLSID>{CF021F40-3E14-23A5-CBA2-717765721316}</CLSID>
  11889. </CLSIDLIST>
  11890. <SUMMARY>WER1316.DLL BHO</SUMMARY>
  11891. <DEFAULTINSTALLPATHLIST>
  11892. </DEFAULTINSTALLPATHLIST>
  11893. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  11894. <CONDITIONLIST>
  11895. </CONDITIONLIST>
  11896. <OPERATOR>AND</OPERATOR>
  11897. <THREATLEVEL>10</THREATLEVEL>
  11898. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11899. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11900. </PROCESSDESCRIPTOR>
  11901. <PROCESSDESCRIPTOR>
  11902. <ID>1596</ID>
  11903. <PROCESSLIST>
  11904. <PROCESS>*</PROCESS>
  11905. <PROCESS>KAQIA.DLL</PROCESS>
  11906. <PROCESS>JFUISW.DLL</PROCESS>
  11907. <PROCESS>OODLG.DLL</PROCESS>
  11908. <PROCESS>RTGLAXHL.DLL</PROCESS>
  11909. <PROCESS>JDYJSTES.DLL</PROCESS>
  11910. <PROCESS>HZNJEL.DLL</PROCESS>
  11911. </PROCESSLIST>
  11912. <CLSIDLIST>
  11913. <CLSID>*</CLSID>
  11914. <CLSID>{6B5FB33F-C0A0-4347-8AB1-E5C68E4F990C}</CLSID>
  11915. <CLSID>{40BB637E-6BEE-49B1-84DF-12B39C751F5E}</CLSID>
  11916. <CLSID>{697EFCEB-EC81-4581-B999-457A8D0604DC}</CLSID>
  11917. <CLSID>{537C36F7-B119-4308-BCC3-92A5F8FCB564}</CLSID>
  11918. <CLSID>{E1448633-546F-497A-9AB3-90653C10B26A}</CLSID>
  11919. <CLSID>{7B4971B7-9F19-4069-9D96-D0275CD548AA}</CLSID>
  11920. </CLSIDLIST>
  11921. <SUMMARY>Unclassified.tc Module.BHO</SUMMARY>
  11922. <DEFAULTINSTALLPATHLIST>
  11923. </DEFAULTINSTALLPATHLIST>
  11924. <CATEGORY>ADWARE</CATEGORY>
  11925. <CONDITIONLIST>
  11926. <CONDITION>FILELOCATION~system</CONDITION>
  11927. <CONDITION>PRODUCTNAME~tc Module</CONDITION>
  11928. </CONDITIONLIST>
  11929. <OPERATOR>AND</OPERATOR>
  11930. <THREATLEVEL>10</THREATLEVEL>
  11931. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11932. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11933. </PROCESSDESCRIPTOR>
  11934. <PROCESSDESCRIPTOR>
  11935. <ID>1597</ID>
  11936. <PROCESSLIST>
  11937. <PROCESS>*</PROCESS>
  11938. <PROCESS>QZTAXP.DLL</PROCESS>
  11939. </PROCESSLIST>
  11940. <CLSIDLIST>
  11941. <CLSID>{1FA3310B-9217-50CE-8003-64550DF47F45}</CLSID>
  11942. </CLSIDLIST>
  11943. <SUMMARY>Unknown BHO (QZTAXP.DLL)</SUMMARY>
  11944. <DEFAULTINSTALLPATHLIST>
  11945. </DEFAULTINSTALLPATHLIST>
  11946. <CATEGORY>ADWARE</CATEGORY>
  11947. <CONDITIONLIST>
  11948. </CONDITIONLIST>
  11949. <OPERATOR>AND</OPERATOR>
  11950. <THREATLEVEL>10</THREATLEVEL>
  11951. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11952. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11953. </PROCESSDESCRIPTOR>
  11954. <PROCESSDESCRIPTOR>
  11955. <ID>1598</ID>
  11956. <PROCESSLIST>
  11957. <PROCESS>*</PROCESS>
  11958. <PROCESS>WNIM.DLL</PROCESS>
  11959. </PROCESSLIST>
  11960. <CLSIDLIST>
  11961. <CLSID>{B72F75B8-93F3-429D-B13E-660B206D897A}</CLSID>
  11962. </CLSIDLIST>
  11963. <SUMMARY>Troj/StartPa-DW BHO</SUMMARY>
  11964. <DEFAULTINSTALLPATHLIST>
  11965. </DEFAULTINSTALLPATHLIST>
  11966. <CATEGORY>TROJAN</CATEGORY>
  11967. <CONDITIONLIST>
  11968. </CONDITIONLIST>
  11969. <OPERATOR>AND</OPERATOR>
  11970. <THREATLEVEL>10</THREATLEVEL>
  11971. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11972. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11973. </PROCESSDESCRIPTOR>
  11974. <PROCESSDESCRIPTOR>
  11975. <ID>1599</ID>
  11976. <PROCESSLIST>
  11977. <PROCESS>*</PROCESS>
  11978. <PROCESS>SDKXM.DLL</PROCESS>
  11979. </PROCESSLIST>
  11980. <CLSIDLIST>
  11981. <CLSID>{F491568F-994F-64FF-02BF-6D4779D6ED11}</CLSID>
  11982. </CLSIDLIST>
  11983. <SUMMARY>Unknown BHO (SDKXM.DLL)</SUMMARY>
  11984. <DEFAULTINSTALLPATHLIST>
  11985. </DEFAULTINSTALLPATHLIST>
  11986. <CATEGORY>ADWARE</CATEGORY>
  11987. <CONDITIONLIST>
  11988. </CONDITIONLIST>
  11989. <OPERATOR>AND</OPERATOR>
  11990. <THREATLEVEL>10</THREATLEVEL>
  11991. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  11992. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  11993. </PROCESSDESCRIPTOR>
  11994. <PROCESSDESCRIPTOR>
  11995. <ID>1600</ID>
  11996. <PROCESSLIST>
  11997. <PROCESS>*</PROCESS>
  11998. <PROCESS>GXHIK.DLL</PROCESS>
  11999. </PROCESSLIST>
  12000. <CLSIDLIST>
  12001. <CLSID>{7EDDF4A3-2BCF-4269-8706-DD25C1761934}</CLSID>
  12002. </CLSIDLIST>
  12003. <SUMMARY>Unknown BHO (GXHIK.DLL)</SUMMARY>
  12004. <DEFAULTINSTALLPATHLIST>
  12005. </DEFAULTINSTALLPATHLIST>
  12006. <CATEGORY>ADWARE</CATEGORY>
  12007. <CONDITIONLIST>
  12008. </CONDITIONLIST>
  12009. <OPERATOR>AND</OPERATOR>
  12010. <THREATLEVEL>10</THREATLEVEL>
  12011. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12012. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12013. </PROCESSDESCRIPTOR>
  12014. <PROCESSDESCRIPTOR>
  12015. <ID>1601</ID>
  12016. <PROCESSLIST>
  12017. <PROCESS>*</PROCESS>
  12018. <PROCESS>(OPEN LIES.EXE)</PROCESS>
  12019. </PROCESSLIST>
  12020. <CLSIDLIST>
  12021. </CLSIDLIST>
  12022. <SUMMARY>Adware.Lop.Process</SUMMARY>
  12023. <DEFAULTINSTALLPATHLIST>
  12024. </DEFAULTINSTALLPATHLIST>
  12025. <CATEGORY>ADWARE</CATEGORY>
  12026. <CONDITIONLIST>
  12027. <CONDITION>MD5=7ac46305b8f6070b63b848b0d9064864</CONDITION>
  12028. </CONDITIONLIST>
  12029. <OPERATOR>AND</OPERATOR>
  12030. <THREATLEVEL>10</THREATLEVEL>
  12031. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12032. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12033. </PROCESSDESCRIPTOR>
  12034. <PROCESSDESCRIPTOR>
  12035. <ID>1602</ID>
  12036. <PROCESSLIST>
  12037. <PROCESS>*</PROCESS>
  12038. <PROCESS>GWSS.DLL</PROCESS>
  12039. </PROCESSLIST>
  12040. <CLSIDLIST>
  12041. <CLSID>{F0C08B30-BA30-4FEB-924B-2E250CF0697D}</CLSID>
  12042. </CLSIDLIST>
  12043. <SUMMARY>Browser Hijacker.Begin2Search.BHO</SUMMARY>
  12044. <DEFAULTINSTALLPATHLIST>
  12045. </DEFAULTINSTALLPATHLIST>
  12046. <CATEGORY>ADWARE</CATEGORY>
  12047. <CONDITIONLIST>
  12048. </CONDITIONLIST>
  12049. <OPERATOR>AND</OPERATOR>
  12050. <THREATLEVEL>10</THREATLEVEL>
  12051. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12052. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12053. </PROCESSDESCRIPTOR>
  12054. <PROCESSDESCRIPTOR>
  12055. <ID>1603</ID>
  12056. <PROCESSLIST>
  12057. <PROCESS>*</PROCESS>
  12058. <PROCESS>(LMU.EXE)</PROCESS>
  12059. </PROCESSLIST>
  12060. <CLSIDLIST>
  12061. </CLSIDLIST>
  12062. <SUMMARY>LMU.EXE</SUMMARY>
  12063. <DEFAULTINSTALLPATHLIST>
  12064. </DEFAULTINSTALLPATHLIST>
  12065. <CATEGORY>ADWARE</CATEGORY>
  12066. <CONDITIONLIST>
  12067. <CONDITION>MD5=9ffb14082685fd5d0613d6f032eba8c5</CONDITION>
  12068. </CONDITIONLIST>
  12069. <OPERATOR>AND</OPERATOR>
  12070. <THREATLEVEL>10</THREATLEVEL>
  12071. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12072. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12073. </PROCESSDESCRIPTOR>
  12074. <PROCESSDESCRIPTOR>
  12075. <ID>1604</ID>
  12076. <PROCESSLIST>
  12077. <PROCESS>*</PROCESS>
  12078. <PROCESS>REPLACESEARCH.DLL</PROCESS>
  12079. </PROCESSLIST>
  12080. <CLSIDLIST>
  12081. <CLSID>{832BEBED-C3DA-4534-A2C2-B2FFF220C820}</CLSID>
  12082. </CLSIDLIST>
  12083. <SUMMARY>replaceSearch Module BHO</SUMMARY>
  12084. <DEFAULTINSTALLPATHLIST>
  12085. </DEFAULTINSTALLPATHLIST>
  12086. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  12087. <CONDITIONLIST>
  12088. </CONDITIONLIST>
  12089. <OPERATOR>AND</OPERATOR>
  12090. <THREATLEVEL>10</THREATLEVEL>
  12091. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12092. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12093. </PROCESSDESCRIPTOR>
  12094. <PROCESSDESCRIPTOR>
  12095. <ID>1605</ID>
  12096. <PROCESSLIST>
  12097. <PROCESS>*</PROCESS>
  12098. <PROCESS>(SYSFIT.EXE)</PROCESS>
  12099. </PROCESSLIST>
  12100. <CLSIDLIST>
  12101. </CLSIDLIST>
  12102. <SUMMARY>SYSFIT.EXE</SUMMARY>
  12103. <DEFAULTINSTALLPATHLIST>
  12104. </DEFAULTINSTALLPATHLIST>
  12105. <CATEGORY>ADWARE</CATEGORY>
  12106. <CONDITIONLIST>
  12107. <CONDITION>MD5=f804aa7ed7d06ebddbe83505c52ae950</CONDITION>
  12108. </CONDITIONLIST>
  12109. <OPERATOR>AND</OPERATOR>
  12110. <THREATLEVEL>10</THREATLEVEL>
  12111. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12112. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12113. </PROCESSDESCRIPTOR>
  12114. <PROCESSDESCRIPTOR>
  12115. <ID>1606</ID>
  12116. <PROCESSLIST>
  12117. <PROCESS>*</PROCESS>
  12118. <PROCESS>NHELPER.DLL</PROCESS>
  12119. </PROCESSLIST>
  12120. <CLSIDLIST>
  12121. <CLSID>{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}</CLSID>
  12122. </CLSIDLIST>
  12123. <SUMMARY>NavExcel/NavHelper BHO</SUMMARY>
  12124. <DEFAULTINSTALLPATHLIST>
  12125. </DEFAULTINSTALLPATHLIST>
  12126. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  12127. <CONDITIONLIST>
  12128. </CONDITIONLIST>
  12129. <OPERATOR>AND</OPERATOR>
  12130. <THREATLEVEL>10</THREATLEVEL>
  12131. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12132. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12133. </PROCESSDESCRIPTOR>
  12134. <PROCESSDESCRIPTOR>
  12135. <ID>1607</ID>
  12136. <PROCESSLIST>
  12137. <PROCESS>DR_S.EXE</PROCESS>
  12138. </PROCESSLIST>
  12139. <CLSIDLIST>
  12140. </CLSIDLIST>
  12141. <SUMMARY>DR_S.EXE</SUMMARY>
  12142. <DEFAULTINSTALLPATHLIST>
  12143. </DEFAULTINSTALLPATHLIST>
  12144. <CATEGORY>ADWARE</CATEGORY>
  12145. <CONDITIONLIST>
  12146. <CONDITION>FILELOCATION~DR_S</CONDITION>
  12147. </CONDITIONLIST>
  12148. <OPERATOR>AND</OPERATOR>
  12149. <THREATLEVEL>10</THREATLEVEL>
  12150. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12151. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12152. </PROCESSDESCRIPTOR>
  12153. <PROCESSDESCRIPTOR>
  12154. <ID>1608</ID>
  12155. <PROCESSLIST>
  12156. <PROCESS>SYSSFITB.EXE</PROCESS>
  12157. </PROCESSLIST>
  12158. <CLSIDLIST>
  12159. </CLSIDLIST>
  12160. <SUMMARY>SYSSFITB.EXE</SUMMARY>
  12161. <DEFAULTINSTALLPATHLIST>
  12162. </DEFAULTINSTALLPATHLIST>
  12163. <CATEGORY>ADWARE</CATEGORY>
  12164. <CONDITIONLIST>
  12165. </CONDITIONLIST>
  12166. <OPERATOR>AND</OPERATOR>
  12167. <THREATLEVEL>10</THREATLEVEL>
  12168. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12169. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12170. </PROCESSDESCRIPTOR>
  12171. <PROCESSDESCRIPTOR>
  12172. <ID>1609</ID>
  12173. <PROCESSLIST>
  12174. <PROCESS>*</PROCESS>
  12175. <PROCESS>(FNDGQN.EXE)</PROCESS>
  12176. </PROCESSLIST>
  12177. <CLSIDLIST>
  12178. </CLSIDLIST>
  12179. <SUMMARY>FNDGQN.EXE</SUMMARY>
  12180. <DEFAULTINSTALLPATHLIST>
  12181. </DEFAULTINSTALLPATHLIST>
  12182. <CATEGORY>ADWARE</CATEGORY>
  12183. <CONDITIONLIST>
  12184. <CONDITION>MD5=57f1a80fd17e42806762fbad45628c33</CONDITION>
  12185. </CONDITIONLIST>
  12186. <OPERATOR>AND</OPERATOR>
  12187. <THREATLEVEL>10</THREATLEVEL>
  12188. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12189. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12190. </PROCESSDESCRIPTOR>
  12191. <PROCESSDESCRIPTOR>
  12192. <ID>1610</ID>
  12193. <PROCESSLIST>
  12194. <PROCESS>NAVEXCELBAR.DLL</PROCESS>
  12195. </PROCESSLIST>
  12196. <CLSIDLIST>
  12197. <CLSID>*</CLSID>
  12198. <CLSID>{5AA06644-BC46-4220-A460-47A6EB47C96D}</CLSID>
  12199. <CLSID>{D80C4E21-C346-4E21-8E64-20746AA20AEB}</CLSID>
  12200. </CLSIDLIST>
  12201. <SUMMARY>NavExcel/NavHelper Adware Toolbar and Browser Helper Object</SUMMARY>
  12202. <DEFAULTINSTALLPATHLIST>
  12203. </DEFAULTINSTALLPATHLIST>
  12204. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  12205. <CONDITIONLIST>
  12206. </CONDITIONLIST>
  12207. <OPERATOR>AND</OPERATOR>
  12208. <THREATLEVEL>10</THREATLEVEL>
  12209. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12210. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12211. </PROCESSDESCRIPTOR>
  12212. <PROCESSDESCRIPTOR>
  12213. <ID>1611</ID>
  12214. <PROCESSLIST>
  12215. <PROCESS>VIEWBAR.DLL</PROCESS>
  12216. </PROCESSLIST>
  12217. <CLSIDLIST>
  12218. <CLSID>{F8AD5AA5-D966-4667-9DAF-2561D68B2012}</CLSID>
  12219. </CLSIDLIST>
  12220. <SUMMARY>Viewpoint Toolbar</SUMMARY>
  12221. <DEFAULTINSTALLPATHLIST>
  12222. </DEFAULTINSTALLPATHLIST>
  12223. <CATEGORY>ADWARE</CATEGORY>
  12224. <CONDITIONLIST>
  12225. </CONDITIONLIST>
  12226. <OPERATOR>AND</OPERATOR>
  12227. <THREATLEVEL>3</THREATLEVEL>
  12228. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  12229. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  12230. </PROCESSDESCRIPTOR>
  12231. <PROCESSDESCRIPTOR>
  12232. <ID>1612</ID>
  12233. <PROCESSLIST>
  12234. <PROCESS>*</PROCESS>
  12235. <PROCESS>(PYMDRB.EXE)</PROCESS>
  12236. </PROCESSLIST>
  12237. <CLSIDLIST>
  12238. </CLSIDLIST>
  12239. <SUMMARY>PYMDRB.EXE</SUMMARY>
  12240. <DEFAULTINSTALLPATHLIST>
  12241. </DEFAULTINSTALLPATHLIST>
  12242. <CATEGORY>ADWARE</CATEGORY>
  12243. <CONDITIONLIST>
  12244. <CONDITION>MD5=57f1a80fd17e42806762fbad45628c33</CONDITION>
  12245. </CONDITIONLIST>
  12246. <OPERATOR>AND</OPERATOR>
  12247. <THREATLEVEL>10</THREATLEVEL>
  12248. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12249. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12250. </PROCESSDESCRIPTOR>
  12251. <PROCESSDESCRIPTOR>
  12252. <ID>1613</ID>
  12253. <PROCESSLIST>
  12254. <PROCESS>*</PROCESS>
  12255. <PROCESS>EBPPW.DLL</PROCESS>
  12256. <PROCESS>HEWFO.DLL</PROCESS>
  12257. </PROCESSLIST>
  12258. <CLSIDLIST>
  12259. <CLSID>{733023F8-D55A-4917-A880-F53240E54D03}</CLSID>
  12260. <CLSID>{0EB39889-F9CF-41EB-AB7A-0C3D38302BF3}</CLSID>
  12261. </CLSIDLIST>
  12262. <SUMMARY>SWin32 Module BHO</SUMMARY>
  12263. <DEFAULTINSTALLPATHLIST>
  12264. </DEFAULTINSTALLPATHLIST>
  12265. <CATEGORY>ADWARE</CATEGORY>
  12266. <CONDITIONLIST>
  12267. </CONDITIONLIST>
  12268. <OPERATOR>AND</OPERATOR>
  12269. <THREATLEVEL>10</THREATLEVEL>
  12270. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12271. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12272. </PROCESSDESCRIPTOR>
  12273. <PROCESSDESCRIPTOR>
  12274. <ID>1614</ID>
  12275. <PROCESSLIST>
  12276. <PROCESS>CSAOLLDR.EXE</PROCESS>
  12277. </PROCESSLIST>
  12278. <CLSIDLIST>
  12279. </CLSIDLIST>
  12280. <SUMMARY>Adware.ClearSearch.Process</SUMMARY>
  12281. <DEFAULTINSTALLPATHLIST>
  12282. </DEFAULTINSTALLPATHLIST>
  12283. <CATEGORY>ADWARE</CATEGORY>
  12284. <CONDITIONLIST>
  12285. </CONDITIONLIST>
  12286. <OPERATOR>AND</OPERATOR>
  12287. <THREATLEVEL>10</THREATLEVEL>
  12288. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12289. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12290. </PROCESSDESCRIPTOR>
  12291. <PROCESSDESCRIPTOR>
  12292. <ID>1639</ID>
  12293. <PROCESSLIST>
  12294. <PROCESS>*</PROCESS>
  12295. <PROCESS>EBPPW.DLL</PROCESS>
  12296. <PROCESS>HEWFO.DLL</PROCESS>
  12297. <PROCESS>YFTXK.DLL</PROCESS>
  12298. </PROCESSLIST>
  12299. <CLSIDLIST>
  12300. <CLSID>{733023F8-D55A-4917-A880-F53240E54D03}</CLSID>
  12301. <CLSID>{0EB39889-F9CF-41EB-AB7A-0C3D38302BF3}</CLSID>
  12302. <CLSID>{D96C3EA3-9B85-412E-9D7C-79B19A2D1118}</CLSID>
  12303. </CLSIDLIST>
  12304. <SUMMARY>SWin32 Module BHO</SUMMARY>
  12305. <DEFAULTINSTALLPATHLIST>
  12306. </DEFAULTINSTALLPATHLIST>
  12307. <CATEGORY>ADWARE</CATEGORY>
  12308. <CONDITIONLIST>
  12309. </CONDITIONLIST>
  12310. <OPERATOR>AND</OPERATOR>
  12311. <THREATLEVEL>10</THREATLEVEL>
  12312. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12313. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12314. </PROCESSDESCRIPTOR>
  12315. <PROCESSDESCRIPTOR>
  12316. <ID>1712</ID>
  12317. <PROCESSLIST>
  12318. <PROCESS>SYSCFG16.EXE</PROCESS>
  12319. </PROCESSLIST>
  12320. <CLSIDLIST>
  12321. </CLSIDLIST>
  12322. <SUMMARY>SYSCFG16.EXE</SUMMARY>
  12323. <DEFAULTINSTALLPATHLIST>
  12324. </DEFAULTINSTALLPATHLIST>
  12325. <CATEGORY>TROJAN</CATEGORY>
  12326. <CONDITIONLIST>
  12327. </CONDITIONLIST>
  12328. <OPERATOR>AND</OPERATOR>
  12329. <THREATLEVEL>10</THREATLEVEL>
  12330. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12331. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12332. </PROCESSDESCRIPTOR>
  12333. <PROCESSDESCRIPTOR>
  12334. <ID>1718</ID>
  12335. <PROCESSLIST>
  12336. <PROCESS>WINDSYST32.EXE</PROCESS>
  12337. </PROCESSLIST>
  12338. <CLSIDLIST>
  12339. </CLSIDLIST>
  12340. <SUMMARY>WINDSYST32.EXE</SUMMARY>
  12341. <DEFAULTINSTALLPATHLIST>
  12342. </DEFAULTINSTALLPATHLIST>
  12343. <CATEGORY>VIRUS</CATEGORY>
  12344. <CONDITIONLIST>
  12345. <CONDITION>FILELOCATION~system32</CONDITION>
  12346. </CONDITIONLIST>
  12347. <OPERATOR>AND</OPERATOR>
  12348. <THREATLEVEL>10</THREATLEVEL>
  12349. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12350. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12351. </PROCESSDESCRIPTOR>
  12352. <PROCESSDESCRIPTOR>
  12353. <ID>1719</ID>
  12354. <PROCESSLIST>
  12355. <PROCESS>SECURENET.EXE</PROCESS>
  12356. </PROCESSLIST>
  12357. <CLSIDLIST>
  12358. </CLSIDLIST>
  12359. <SUMMARY>SECURENET.EXE</SUMMARY>
  12360. <DEFAULTINSTALLPATHLIST>
  12361. </DEFAULTINSTALLPATHLIST>
  12362. <CATEGORY>TROJAN</CATEGORY>
  12363. <CONDITIONLIST>
  12364. <CONDITION>FILELOCATION~system32</CONDITION>
  12365. </CONDITIONLIST>
  12366. <OPERATOR>AND</OPERATOR>
  12367. <THREATLEVEL>10</THREATLEVEL>
  12368. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12369. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12370. </PROCESSDESCRIPTOR>
  12371. <PROCESSDESCRIPTOR>
  12372. <ID>1720</ID>
  12373. <PROCESSLIST>
  12374. <PROCESS>*</PROCESS>
  12375. <PROCESS>CNSHOOK.DLL</PROCESS>
  12376. </PROCESSLIST>
  12377. <CLSIDLIST>
  12378. <CLSID>{D157330A-9EF3-49F8-9A67-4141AC41ADD4}</CLSID>
  12379. </CLSIDLIST>
  12380. <SUMMARY>CNS Module BHO</SUMMARY>
  12381. <DEFAULTINSTALLPATHLIST>
  12382. </DEFAULTINSTALLPATHLIST>
  12383. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  12384. <CONDITIONLIST>
  12385. </CONDITIONLIST>
  12386. <OPERATOR>AND</OPERATOR>
  12387. <THREATLEVEL>10</THREATLEVEL>
  12388. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12389. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12390. </PROCESSDESCRIPTOR>
  12391. <PROCESSDESCRIPTOR>
  12392. <ID>1728</ID>
  12393. <PROCESSLIST>
  12394. <PROCESS>GATOR.EXE</PROCESS>
  12395. </PROCESSLIST>
  12396. <CLSIDLIST>
  12397. </CLSIDLIST>
  12398. <SUMMARY>Gator Client Application</SUMMARY>
  12399. <DEFAULTINSTALLPATHLIST>
  12400. </DEFAULTINSTALLPATHLIST>
  12401. <CATEGORY>ADWARE</CATEGORY>
  12402. <CONDITIONLIST>
  12403. </CONDITIONLIST>
  12404. <OPERATOR>AND</OPERATOR>
  12405. <THREATLEVEL>5</THREATLEVEL>
  12406. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  12407. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  12408. </PROCESSDESCRIPTOR>
  12409. <PROCESSDESCRIPTOR>
  12410. <ID>1730</ID>
  12411. <PROCESSLIST>
  12412. <PROCESS>NAVAPP.EXE</PROCESS>
  12413. </PROCESSLIST>
  12414. <CLSIDLIST>
  12415. </CLSIDLIST>
  12416. <SUMMARY>NavExcel/NavHelper Application</SUMMARY>
  12417. <DEFAULTINSTALLPATHLIST>
  12418. </DEFAULTINSTALLPATHLIST>
  12419. <CATEGORY>APPLICATION</CATEGORY>
  12420. <CONDITIONLIST>
  12421. <CONDITION>FILELOCATION~NavExcel</CONDITION>
  12422. </CONDITIONLIST>
  12423. <OPERATOR>AND</OPERATOR>
  12424. <THREATLEVEL>10</THREATLEVEL>
  12425. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12426. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12427. </PROCESSDESCRIPTOR>
  12428. <PROCESSDESCRIPTOR>
  12429. <ID>1744</ID>
  12430. <PROCESSLIST>
  12431. <PROCESS>SPNPING.EXE</PROCESS>
  12432. <PROCESS>UNLODCTL.EXE</PROCESS>
  12433. </PROCESSLIST>
  12434. <CLSIDLIST>
  12435. </CLSIDLIST>
  12436. <SUMMARY>Troj/Dloader-FQ</SUMMARY>
  12437. <DEFAULTINSTALLPATHLIST>
  12438. </DEFAULTINSTALLPATHLIST>
  12439. <CATEGORY>TROJAN</CATEGORY>
  12440. <CONDITIONLIST>
  12441. <CONDITION>FILELOCATION~system32</CONDITION>
  12442. </CONDITIONLIST>
  12443. <OPERATOR>AND</OPERATOR>
  12444. <THREATLEVEL>10</THREATLEVEL>
  12445. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12446. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12447. </PROCESSDESCRIPTOR>
  12448. <PROCESSDESCRIPTOR>
  12449. <ID>1745</ID>
  12450. <PROCESSLIST>
  12451. <PROCESS>*</PROCESS>
  12452. <PROCESS>SCANSYS.DLL</PROCESS>
  12453. </PROCESSLIST>
  12454. <CLSIDLIST>
  12455. <CLSID>{B4EABC96-C93D-6C81-AFF4-CAFCB9575CBE}</CLSID>
  12456. </CLSIDLIST>
  12457. <SUMMARY>Unknown URL Search Hook (SCANSYS.DLL)</SUMMARY>
  12458. <DEFAULTINSTALLPATHLIST>
  12459. </DEFAULTINSTALLPATHLIST>
  12460. <CATEGORY>ADWARE</CATEGORY>
  12461. <CONDITIONLIST>
  12462. </CONDITIONLIST>
  12463. <OPERATOR>AND</OPERATOR>
  12464. <THREATLEVEL>10</THREATLEVEL>
  12465. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12466. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12467. </PROCESSDESCRIPTOR>
  12468. <PROCESSDESCRIPTOR>
  12469. <ID>1746</ID>
  12470. <PROCESSLIST>
  12471. <PROCESS>*</PROCESS>
  12472. <PROCESS>MSOP.DLL</PROCESS>
  12473. <PROCESS>MSFG.DLL</PROCESS>
  12474. <PROCESS>MSKL.DLL</PROCESS>
  12475. </PROCESSLIST>
  12476. <CLSIDLIST>
  12477. <CLSID>*</CLSID>
  12478. <CLSID>{D58476F4-161A-4BCD-B4F5-2F9835C5CA8F}</CLSID>
  12479. <CLSID>{218B4ACE-3DDD-48F5-B43E-1F148B99BBD2}</CLSID>
  12480. <CLSID>{7E87C089-80E1-44F1-B6F9-E124EE07940F}</CLSID>
  12481. </CLSIDLIST>
  12482. <SUMMARY>Unknown BHO (MSOP.DLL)</SUMMARY>
  12483. <DEFAULTINSTALLPATHLIST>
  12484. </DEFAULTINSTALLPATHLIST>
  12485. <CATEGORY>ADWARE</CATEGORY>
  12486. <CONDITIONLIST>
  12487. <CONDITION>MD5=6c41347d34f49fe4eb76e7d78c0663f9</CONDITION>
  12488. </CONDITIONLIST>
  12489. <OPERATOR>AND</OPERATOR>
  12490. <THREATLEVEL>10</THREATLEVEL>
  12491. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12492. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12493. </PROCESSDESCRIPTOR>
  12494. <PROCESSDESCRIPTOR>
  12495. <ID>1747</ID>
  12496. <PROCESSLIST>
  12497. <PROCESS>WAREOUT.EXE</PROCESS>
  12498. </PROCESSLIST>
  12499. <CLSIDLIST>
  12500. </CLSIDLIST>
  12501. <SUMMARY>WareOut</SUMMARY>
  12502. <DEFAULTINSTALLPATHLIST>
  12503. </DEFAULTINSTALLPATHLIST>
  12504. <CATEGORY></CATEGORY>
  12505. <CONDITIONLIST>
  12506. <CONDITION>FILELOCATION~WareOut</CONDITION>
  12507. </CONDITIONLIST>
  12508. <OPERATOR>AND</OPERATOR>
  12509. <THREATLEVEL>10</THREATLEVEL>
  12510. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12511. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12512. </PROCESSDESCRIPTOR>
  12513. <PROCESSDESCRIPTOR>
  12514. <ID>1749</ID>
  12515. <PROCESSLIST>
  12516. <PROCESS>*</PROCESS>
  12517. <PROCESS>COIZJ.DLL</PROCESS>
  12518. </PROCESSLIST>
  12519. <CLSIDLIST>
  12520. <CLSID>{57CC50E3-C41E-4B60-B345-BF4CF6927F11}</CLSID>
  12521. </CLSIDLIST>
  12522. <SUMMARY>Unknown BHO (COIZJ.DLL)</SUMMARY>
  12523. <DEFAULTINSTALLPATHLIST>
  12524. </DEFAULTINSTALLPATHLIST>
  12525. <CATEGORY>ADWARE</CATEGORY>
  12526. <CONDITIONLIST>
  12527. </CONDITIONLIST>
  12528. <OPERATOR>AND</OPERATOR>
  12529. <THREATLEVEL>10</THREATLEVEL>
  12530. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12531. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12532. </PROCESSDESCRIPTOR>
  12533. <PROCESSDESCRIPTOR>
  12534. <ID>1795</ID>
  12535. <PROCESSLIST>
  12536. <PROCESS>*</PROCESS>
  12537. <PROCESS>(CHINREF.EXE)</PROCESS>
  12538. <PROCESS>(LISTTR~1.EXE)</PROCESS>
  12539. </PROCESSLIST>
  12540. <CLSIDLIST>
  12541. </CLSIDLIST>
  12542. <SUMMARY>Adware.Lop.Process</SUMMARY>
  12543. <DEFAULTINSTALLPATHLIST>
  12544. </DEFAULTINSTALLPATHLIST>
  12545. <CATEGORY>ADWARE</CATEGORY>
  12546. <CONDITIONLIST>
  12547. <CONDITION>MD5=e2dddbcc8eefe539f613f5ddde481157</CONDITION>
  12548. </CONDITIONLIST>
  12549. <OPERATOR>AND</OPERATOR>
  12550. <THREATLEVEL>10</THREATLEVEL>
  12551. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12552. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12553. </PROCESSDESCRIPTOR>
  12554. <PROCESSDESCRIPTOR>
  12555. <ID>1796</ID>
  12556. <PROCESSLIST>
  12557. <PROCESS>*</PROCESS>
  12558. <PROCESS>(WARNLIESSECT.EXE)</PROCESS>
  12559. </PROCESSLIST>
  12560. <CLSIDLIST>
  12561. </CLSIDLIST>
  12562. <SUMMARY>Adware.Lop.Process</SUMMARY>
  12563. <DEFAULTINSTALLPATHLIST>
  12564. </DEFAULTINSTALLPATHLIST>
  12565. <CATEGORY>ADWARE</CATEGORY>
  12566. <CONDITIONLIST>
  12567. <CONDITION>MD5=07720ba3e2efe3bdd9d4a5cb5f3787ac</CONDITION>
  12568. </CONDITIONLIST>
  12569. <OPERATOR>AND</OPERATOR>
  12570. <THREATLEVEL>10</THREATLEVEL>
  12571. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12572. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12573. </PROCESSDESCRIPTOR>
  12574. <PROCESSDESCRIPTOR>
  12575. <ID>1808</ID>
  12576. <PROCESSLIST>
  12577. <PROCESS>WINADCTL.EXE</PROCESS>
  12578. </PROCESSLIST>
  12579. <CLSIDLIST>
  12580. </CLSIDLIST>
  12581. <SUMMARY>Windows AdControl WINADCTL.EXE</SUMMARY>
  12582. <DEFAULTINSTALLPATHLIST>
  12583. </DEFAULTINSTALLPATHLIST>
  12584. <CATEGORY>ADWARE</CATEGORY>
  12585. <CONDITIONLIST>
  12586. <CONDITION>FILELOCATION~AdControl</CONDITION>
  12587. </CONDITIONLIST>
  12588. <OPERATOR>AND</OPERATOR>
  12589. <THREATLEVEL>10</THREATLEVEL>
  12590. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12591. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12592. </PROCESSDESCRIPTOR>
  12593. <PROCESSDESCRIPTOR>
  12594. <ID>1809</ID>
  12595. <PROCESSLIST>
  12596. <PROCESS>WINADALT.EXE</PROCESS>
  12597. </PROCESSLIST>
  12598. <CLSIDLIST>
  12599. </CLSIDLIST>
  12600. <SUMMARY>Windows AdControl WINADALT.EXE</SUMMARY>
  12601. <DEFAULTINSTALLPATHLIST>
  12602. </DEFAULTINSTALLPATHLIST>
  12603. <CATEGORY>ADWARE</CATEGORY>
  12604. <CONDITIONLIST>
  12605. <CONDITION>FILELOCATION~AdControl</CONDITION>
  12606. </CONDITIONLIST>
  12607. <OPERATOR>AND</OPERATOR>
  12608. <THREATLEVEL>10</THREATLEVEL>
  12609. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12610. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12611. </PROCESSDESCRIPTOR>
  12612. <PROCESSDESCRIPTOR>
  12613. <ID>1810</ID>
  12614. <PROCESSLIST>
  12615. <PROCESS>RUNDLL16.EXE</PROCESS>
  12616. </PROCESSLIST>
  12617. <CLSIDLIST>
  12618. </CLSIDLIST>
  12619. <SUMMARY>RUNDLL16.EXE</SUMMARY>
  12620. <DEFAULTINSTALLPATHLIST>
  12621. </DEFAULTINSTALLPATHLIST>
  12622. <CATEGORY>TROJAN</CATEGORY>
  12623. <CONDITIONLIST>
  12624. </CONDITIONLIST>
  12625. <OPERATOR>AND</OPERATOR>
  12626. <THREATLEVEL>10</THREATLEVEL>
  12627. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12628. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12629. </PROCESSDESCRIPTOR>
  12630. <PROCESSDESCRIPTOR>
  12631. <ID>1811</ID>
  12632. <PROCESSLIST>
  12633. <PROCESS>RUNDLL32.EXE</PROCESS>
  12634. </PROCESSLIST>
  12635. <CLSIDLIST>
  12636. </CLSIDLIST>
  12637. <SUMMARY>STLB2.DLL</SUMMARY>
  12638. <DEFAULTINSTALLPATHLIST>
  12639. </DEFAULTINSTALLPATHLIST>
  12640. <CATEGORY>ADWARE</CATEGORY>
  12641. <CONDITIONLIST>
  12642. <CONDITION>COMMANDLINE~stlb2.dll</CONDITION>
  12643. </CONDITIONLIST>
  12644. <OPERATOR>AND</OPERATOR>
  12645. <THREATLEVEL>10</THREATLEVEL>
  12646. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12647. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12648. </PROCESSDESCRIPTOR>
  12649. <PROCESSDESCRIPTOR>
  12650. <ID>1812</ID>
  12651. <PROCESSLIST>
  12652. <PROCESS>*</PROCESS>
  12653. <PROCESS>FEN.DLL</PROCESS>
  12654. </PROCESSLIST>
  12655. <CLSIDLIST>
  12656. <CLSID>{95795B67-BBAB-47d0-8A9F-069E8242C0E5}</CLSID>
  12657. </CLSIDLIST>
  12658. <SUMMARY>FlashTrack BHO</SUMMARY>
  12659. <DEFAULTINSTALLPATHLIST>
  12660. </DEFAULTINSTALLPATHLIST>
  12661. <CATEGORY>ADWARE</CATEGORY>
  12662. <CONDITIONLIST>
  12663. </CONDITIONLIST>
  12664. <OPERATOR>AND</OPERATOR>
  12665. <THREATLEVEL>10</THREATLEVEL>
  12666. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12667. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12668. </PROCESSDESCRIPTOR>
  12669. <PROCESSDESCRIPTOR>
  12670. <ID>1813</ID>
  12671. <PROCESSLIST>
  12672. <PROCESS>SVHOST32.EXE</PROCESS>
  12673. </PROCESSLIST>
  12674. <CLSIDLIST>
  12675. </CLSIDLIST>
  12676. <SUMMARY>SVHOST32.EXE</SUMMARY>
  12677. <DEFAULTINSTALLPATHLIST>
  12678. </DEFAULTINSTALLPATHLIST>
  12679. <CATEGORY>TROJAN</CATEGORY>
  12680. <CONDITIONLIST>
  12681. </CONDITIONLIST>
  12682. <OPERATOR>AND</OPERATOR>
  12683. <THREATLEVEL>10</THREATLEVEL>
  12684. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12685. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12686. </PROCESSDESCRIPTOR>
  12687. <PROCESSDESCRIPTOR>
  12688. <ID>1828</ID>
  12689. <PROCESSLIST>
  12690. <PROCESS>*</PROCESS>
  12691. <PROCESS>MSEVA.DLL</PROCESS>
  12692. <PROCESS>MSIBX.DLL</PROCESS>
  12693. </PROCESSLIST>
  12694. <CLSIDLIST>
  12695. <CLSID>*</CLSID>
  12696. <CLSID>{AC0F92CF-A0A6-4A3F-9469-685489F3B25A}</CLSID>
  12697. <CLSID>{64525392-CE21-4E79-B4F7-F296189A4C3A}</CLSID>
  12698. </CLSIDLIST>
  12699. <SUMMARY>Unknown BHOs (MSEVA.DLL, MSIBX.DLL)</SUMMARY>
  12700. <DEFAULTINSTALLPATHLIST>
  12701. </DEFAULTINSTALLPATHLIST>
  12702. <CATEGORY>ADWARE</CATEGORY>
  12703. <CONDITIONLIST>
  12704. <CONDITION>MD5=331c439f1c5873e6b933ef1b053fe097</CONDITION>
  12705. </CONDITIONLIST>
  12706. <OPERATOR>AND</OPERATOR>
  12707. <THREATLEVEL>10</THREATLEVEL>
  12708. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12709. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12710. </PROCESSDESCRIPTOR>
  12711. <PROCESSDESCRIPTOR>
  12712. <ID>1829</ID>
  12713. <PROCESSLIST>
  12714. <PROCESS>*</PROCESS>
  12715. <PROCESS>YKPGVNEU.DLL</PROCESS>
  12716. <PROCESS>XTSH.DLL</PROCESS>
  12717. <PROCESS>EBFQKT.DLL</PROCESS>
  12718. <PROCESS>VXWRVHN.DLL</PROCESS>
  12719. </PROCESSLIST>
  12720. <CLSIDLIST>
  12721. <CLSID>*</CLSID>
  12722. <CLSID>{D42DB730-2DF5-7E75-8696-72A2DB813E96}</CLSID>
  12723. <CLSID>{D608EF38-05FB-0875-D79B-04A2ABA46B9D}</CLSID>
  12724. <CLSID>{A029E041-5F86-2B2A-D596-76A2DDF767C5}</CLSID>
  12725. <CLSID>{DB0BC44F-7FA4-5F71-84E6-04A2D88668E0}</CLSID>
  12726. </CLSIDLIST>
  12727. <SUMMARY>Unknown BHOs (YKPGVNEU.DLL, XTSH.DLL, etc.)</SUMMARY>
  12728. <DEFAULTINSTALLPATHLIST>
  12729. </DEFAULTINSTALLPATHLIST>
  12730. <CATEGORY>ADWARE</CATEGORY>
  12731. <CONDITIONLIST>
  12732. <CONDITION>MD5=0db51899c207aa3ed620ddd8c20ae43e</CONDITION>
  12733. </CONDITIONLIST>
  12734. <OPERATOR>AND</OPERATOR>
  12735. <THREATLEVEL>10</THREATLEVEL>
  12736. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12737. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12738. </PROCESSDESCRIPTOR>
  12739. <PROCESSDESCRIPTOR>
  12740. <ID>1830</ID>
  12741. <PROCESSLIST>
  12742. <PROCESS>*</PROCESS>
  12743. <PROCESS>MCICDB.DLL</PROCESS>
  12744. </PROCESSLIST>
  12745. <CLSIDLIST>
  12746. <CLSID>{DC6AA004-965C-4F84-9D18-EEC4F2447900}</CLSID>
  12747. <CLSID>{1E4F72D9-2022-4BBF-BC59-3EEA3A8D66FF}</CLSID>
  12748. <CLSID>{6EC0DA40-A355-4BCD-BF9D-6F98B8D63A62}</CLSID>
  12749. </CLSIDLIST>
  12750. <SUMMARY>Unknown BHO (MCICDB.DLL)</SUMMARY>
  12751. <DEFAULTINSTALLPATHLIST>
  12752. </DEFAULTINSTALLPATHLIST>
  12753. <CATEGORY>ADWARE</CATEGORY>
  12754. <CONDITIONLIST>
  12755. </CONDITIONLIST>
  12756. <OPERATOR>AND</OPERATOR>
  12757. <THREATLEVEL>10</THREATLEVEL>
  12758. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12759. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12760. </PROCESSDESCRIPTOR>
  12761. <PROCESSDESCRIPTOR>
  12762. <ID>1831</ID>
  12763. <PROCESSLIST>
  12764. <PROCESS>*</PROCESS>
  12765. <PROCESS>MADB.DLL</PROCESS>
  12766. </PROCESSLIST>
  12767. <CLSIDLIST>
  12768. <CLSID>{B5CFE154-566C-483A-81C5-A349C9CC0506}</CLSID>
  12769. </CLSIDLIST>
  12770. <SUMMARY>Unknown BHO (MADB.DLL)</SUMMARY>
  12771. <DEFAULTINSTALLPATHLIST>
  12772. </DEFAULTINSTALLPATHLIST>
  12773. <CATEGORY>ADWARE</CATEGORY>
  12774. <CONDITIONLIST>
  12775. </CONDITIONLIST>
  12776. <OPERATOR>AND</OPERATOR>
  12777. <THREATLEVEL>10</THREATLEVEL>
  12778. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12779. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12780. </PROCESSDESCRIPTOR>
  12781. <PROCESSDESCRIPTOR>
  12782. <ID>1832</ID>
  12783. <PROCESSLIST>
  12784. <PROCESS>WINMSDC.EXE</PROCESS>
  12785. </PROCESSLIST>
  12786. <CLSIDLIST>
  12787. </CLSIDLIST>
  12788. <SUMMARY>WINMSDC.EXE</SUMMARY>
  12789. <DEFAULTINSTALLPATHLIST>
  12790. </DEFAULTINSTALLPATHLIST>
  12791. <CATEGORY>ADWARE</CATEGORY>
  12792. <CONDITIONLIST>
  12793. <CONDITION>FILELOCATION~system32</CONDITION>
  12794. </CONDITIONLIST>
  12795. <OPERATOR>AND</OPERATOR>
  12796. <THREATLEVEL>10</THREATLEVEL>
  12797. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12798. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12799. </PROCESSDESCRIPTOR>
  12800. <PROCESSDESCRIPTOR>
  12801. <ID>1833</ID>
  12802. <PROCESSLIST>
  12803. <PROCESS>VWIPXSPNT.EXE</PROCESS>
  12804. </PROCESSLIST>
  12805. <CLSIDLIST>
  12806. </CLSIDLIST>
  12807. <SUMMARY>VWIPXSPNT.EXE</SUMMARY>
  12808. <DEFAULTINSTALLPATHLIST>
  12809. </DEFAULTINSTALLPATHLIST>
  12810. <CATEGORY>ADWARE</CATEGORY>
  12811. <CONDITIONLIST>
  12812. <CONDITION>FILELOCATION~system32</CONDITION>
  12813. </CONDITIONLIST>
  12814. <OPERATOR>AND</OPERATOR>
  12815. <THREATLEVEL>10</THREATLEVEL>
  12816. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12817. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12818. </PROCESSDESCRIPTOR>
  12819. <PROCESSDESCRIPTOR>
  12820. <ID>1834</ID>
  12821. <PROCESSLIST>
  12822. <PROCESS>USRSHUTD.EXE</PROCESS>
  12823. </PROCESSLIST>
  12824. <CLSIDLIST>
  12825. </CLSIDLIST>
  12826. <SUMMARY>USRSHUTD.EXE</SUMMARY>
  12827. <DEFAULTINSTALLPATHLIST>
  12828. </DEFAULTINSTALLPATHLIST>
  12829. <CATEGORY>ADWARE</CATEGORY>
  12830. <CONDITIONLIST>
  12831. <CONDITION>FILELOCATION~system</CONDITION>
  12832. </CONDITIONLIST>
  12833. <OPERATOR>AND</OPERATOR>
  12834. <THREATLEVEL>10</THREATLEVEL>
  12835. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12836. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12837. </PROCESSDESCRIPTOR>
  12838. <PROCESSDESCRIPTOR>
  12839. <ID>1835</ID>
  12840. <PROCESSLIST>
  12841. <PROCESS>TLNTADMNX.EXE</PROCESS>
  12842. </PROCESSLIST>
  12843. <CLSIDLIST>
  12844. </CLSIDLIST>
  12845. <SUMMARY>TLNTADMNX.EXE</SUMMARY>
  12846. <DEFAULTINSTALLPATHLIST>
  12847. </DEFAULTINSTALLPATHLIST>
  12848. <CATEGORY>ADWARE</CATEGORY>
  12849. <CONDITIONLIST>
  12850. <CONDITION>FILELOCATION~system32</CONDITION>
  12851. </CONDITIONLIST>
  12852. <OPERATOR>AND</OPERATOR>
  12853. <THREATLEVEL>10</THREATLEVEL>
  12854. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12855. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12856. </PROCESSDESCRIPTOR>
  12857. <PROCESSDESCRIPTOR>
  12858. <ID>1836</ID>
  12859. <PROCESSLIST>
  12860. <PROCESS>*</PROCESS>
  12861. <PROCESS>(UCTC.EXE)</PROCESS>
  12862. </PROCESSLIST>
  12863. <CLSIDLIST>
  12864. </CLSIDLIST>
  12865. <SUMMARY>UCTC.EXE</SUMMARY>
  12866. <DEFAULTINSTALLPATHLIST>
  12867. </DEFAULTINSTALLPATHLIST>
  12868. <CATEGORY>ADWARE</CATEGORY>
  12869. <CONDITIONLIST>
  12870. <CONDITION>MD5=d874b805287fb7fcf551a09a710bfae6</CONDITION>
  12871. </CONDITIONLIST>
  12872. <OPERATOR>AND</OPERATOR>
  12873. <THREATLEVEL>10</THREATLEVEL>
  12874. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12875. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12876. </PROCESSDESCRIPTOR>
  12877. <PROCESSDESCRIPTOR>
  12878. <ID>1867</ID>
  12879. <PROCESSLIST>
  12880. <PROCESS>*</PROCESS>
  12881. <PROCESS>SYSUPD.DLL</PROCESS>
  12882. </PROCESSLIST>
  12883. <CLSIDLIST>
  12884. <CLSID>{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}</CLSID>
  12885. </CLSIDLIST>
  12886. <SUMMARY>Adware.iSearch.BHO</SUMMARY>
  12887. <DEFAULTINSTALLPATHLIST>
  12888. </DEFAULTINSTALLPATHLIST>
  12889. <CATEGORY>ADWARE</CATEGORY>
  12890. <CONDITIONLIST>
  12891. </CONDITIONLIST>
  12892. <OPERATOR>AND</OPERATOR>
  12893. <THREATLEVEL>10</THREATLEVEL>
  12894. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12895. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12896. </PROCESSDESCRIPTOR>
  12897. <PROCESSDESCRIPTOR>
  12898. <ID>1868</ID>
  12899. <PROCESSLIST>
  12900. <PROCESS>*</PROCESS>
  12901. <PROCESS>HSRB.DLL</PROCESS>
  12902. </PROCESSLIST>
  12903. <CLSIDLIST>
  12904. <CLSID>{285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824}</CLSID>
  12905. </CLSIDLIST>
  12906. <SUMMARY>HSRB Module BHO</SUMMARY>
  12907. <DEFAULTINSTALLPATHLIST>
  12908. </DEFAULTINSTALLPATHLIST>
  12909. <CATEGORY>ADWARE</CATEGORY>
  12910. <CONDITIONLIST>
  12911. </CONDITIONLIST>
  12912. <OPERATOR>AND</OPERATOR>
  12913. <THREATLEVEL>10</THREATLEVEL>
  12914. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12915. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12916. </PROCESSDESCRIPTOR>
  12917. <PROCESSDESCRIPTOR>
  12918. <ID>1910</ID>
  12919. <PROCESSLIST>
  12920. <PROCESS>FDGO.EXE</PROCESS>
  12921. </PROCESSLIST>
  12922. <CLSIDLIST>
  12923. </CLSIDLIST>
  12924. <SUMMARY>Fresh Download Software</SUMMARY>
  12925. <DEFAULTINSTALLPATHLIST>
  12926. </DEFAULTINSTALLPATHLIST>
  12927. <CATEGORY>ADWARE</CATEGORY>
  12928. <CONDITIONLIST>
  12929. </CONDITIONLIST>
  12930. <OPERATOR>AND</OPERATOR>
  12931. <THREATLEVEL>3</THREATLEVEL>
  12932. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  12933. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  12934. </PROCESSDESCRIPTOR>
  12935. <PROCESSDESCRIPTOR>
  12936. <ID>1948</ID>
  12937. <PROCESSLIST>
  12938. <PROCESS>*</PROCESS>
  12939. <PROCESS>SETGLBHO.DLL</PROCESS>
  12940. </PROCESSLIST>
  12941. <CLSIDLIST>
  12942. <CLSID>{531553EB-B210-4116-BC2C-C09608F4193E}</CLSID>
  12943. </CLSIDLIST>
  12944. <SUMMARY>Spywar.DigitalNames Spyware Application</SUMMARY>
  12945. <DEFAULTINSTALLPATHLIST>
  12946. </DEFAULTINSTALLPATHLIST>
  12947. <CATEGORY>SPYWARE</CATEGORY>
  12948. <CONDITIONLIST>
  12949. </CONDITIONLIST>
  12950. <OPERATOR>AND</OPERATOR>
  12951. <THREATLEVEL>10</THREATLEVEL>
  12952. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12953. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12954. </PROCESSDESCRIPTOR>
  12955. <PROCESSDESCRIPTOR>
  12956. <ID>1955</ID>
  12957. <PROCESSLIST>
  12958. <PROCESS>MSSTART.EXE</PROCESS>
  12959. </PROCESSLIST>
  12960. <CLSIDLIST>
  12961. </CLSIDLIST>
  12962. <SUMMARY>LIVUP.C Trojan Component</SUMMARY>
  12963. <DEFAULTINSTALLPATHLIST>
  12964. </DEFAULTINSTALLPATHLIST>
  12965. <CATEGORY>TROJAN</CATEGORY>
  12966. <CONDITIONLIST>
  12967. <CONDITION>MD5=31d752d85a68d1a761ed09a7fca1af72</CONDITION>
  12968. </CONDITIONLIST>
  12969. <OPERATOR>AND</OPERATOR>
  12970. <THREATLEVEL>10</THREATLEVEL>
  12971. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12972. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12973. </PROCESSDESCRIPTOR>
  12974. <PROCESSDESCRIPTOR>
  12975. <ID>1975</ID>
  12976. <PROCESSLIST>
  12977. <PROCESS>*</PROCESS>
  12978. <PROCESS>(AP9H4QMO.EXE)</PROCESS>
  12979. <PROCESS>(GAH95ON6.EXE)</PROCESS>
  12980. <PROCESS>(IBECDBV8.EXE)</PROCESS>
  12981. <PROCESS>(ABASA5JRP.EXE)</PROCESS>
  12982. </PROCESSLIST>
  12983. <CLSIDLIST>
  12984. </CLSIDLIST>
  12985. <SUMMARY>Spyware.ShopAtHomeSelect.Process</SUMMARY>
  12986. <DEFAULTINSTALLPATHLIST>
  12987. </DEFAULTINSTALLPATHLIST>
  12988. <CATEGORY>SPYWARE</CATEGORY>
  12989. <CONDITIONLIST>
  12990. <CONDITION>MD5=f011214997dfe3923690742434096533</CONDITION>
  12991. <CONDITION>MD5=722596BADF6A415C3D70ACC7577CBA8E</CONDITION>
  12992. </CONDITIONLIST>
  12993. <OPERATOR>OR</OPERATOR>
  12994. <THREATLEVEL>10</THREATLEVEL>
  12995. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  12996. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  12997. </PROCESSDESCRIPTOR>
  12998. <PROCESSDESCRIPTOR>
  12999. <ID>1977</ID>
  13000. <PROCESSLIST>
  13001. <PROCESS>BEARSHARE.EXE</PROCESS>
  13002. </PROCESSLIST>
  13003. <CLSIDLIST>
  13004. </CLSIDLIST>
  13005. <SUMMARY>BearShare File Sharing Client</SUMMARY>
  13006. <DEFAULTINSTALLPATHLIST>
  13007. </DEFAULTINSTALLPATHLIST>
  13008. <CATEGORY>ADWARE</CATEGORY>
  13009. <CONDITIONLIST>
  13010. </CONDITIONLIST>
  13011. <OPERATOR>AND</OPERATOR>
  13012. <THREATLEVEL>5</THREATLEVEL>
  13013. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  13014. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  13015. </PROCESSDESCRIPTOR>
  13016. <PROCESSDESCRIPTOR>
  13017. <ID>1978</ID>
  13018. <PROCESSLIST>
  13019. <PROCESS>FARMMEXT.EXE</PROCESS>
  13020. </PROCESSLIST>
  13021. <CLSIDLIST>
  13022. </CLSIDLIST>
  13023. <SUMMARY>Installed (reportedly) with eBaysMoMoneyMaker</SUMMARY>
  13024. <DEFAULTINSTALLPATHLIST>
  13025. </DEFAULTINSTALLPATHLIST>
  13026. <CATEGORY>ADWARE</CATEGORY>
  13027. <CONDITIONLIST>
  13028. <CONDITION>COMPANYNAME~FarmMext</CONDITION>
  13029. </CONDITIONLIST>
  13030. <OPERATOR>AND</OPERATOR>
  13031. <THREATLEVEL>8</THREATLEVEL>
  13032. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13033. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13034. </PROCESSDESCRIPTOR>
  13035. <PROCESSDESCRIPTOR>
  13036. <ID>1981</ID>
  13037. <PROCESSLIST>
  13038. <PROCESS>EZSTUB.EXE</PROCESS>
  13039. </PROCESSLIST>
  13040. <CLSIDLIST>
  13041. </CLSIDLIST>
  13042. <SUMMARY>Adware.eZula.Process</SUMMARY>
  13043. <DEFAULTINSTALLPATHLIST>
  13044. </DEFAULTINSTALLPATHLIST>
  13045. <CATEGORY>ADWARE</CATEGORY>
  13046. <CONDITIONLIST>
  13047. <CONDITION>COMPANYNAME~Bundleware</CONDITION>
  13048. </CONDITIONLIST>
  13049. <OPERATOR>AND</OPERATOR>
  13050. <THREATLEVEL>5</THREATLEVEL>
  13051. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13052. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13053. </PROCESSDESCRIPTOR>
  13054. <PROCESSDESCRIPTOR>
  13055. <ID>1984</ID>
  13056. <PROCESSLIST>
  13057. <PROCESS>BW2.COM</PROCESS>
  13058. </PROCESSLIST>
  13059. <CLSIDLIST>
  13060. </CLSIDLIST>
  13061. <SUMMARY>BW2.COM Loader Application (Variant 1)</SUMMARY>
  13062. <DEFAULTINSTALLPATHLIST>
  13063. </DEFAULTINSTALLPATHLIST>
  13064. <CATEGORY>ADWARE</CATEGORY>
  13065. <CONDITIONLIST>
  13066. <CONDITION>MD5=31a85ad4443e0c65c710d146fe3041ca</CONDITION>
  13067. </CONDITIONLIST>
  13068. <OPERATOR>AND</OPERATOR>
  13069. <THREATLEVEL>10</THREATLEVEL>
  13070. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13071. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13072. </PROCESSDESCRIPTOR>
  13073. <PROCESSDESCRIPTOR>
  13074. <ID>1985</ID>
  13075. <PROCESSLIST>
  13076. <PROCESS>BW2.COM</PROCESS>
  13077. </PROCESSLIST>
  13078. <CLSIDLIST>
  13079. </CLSIDLIST>
  13080. <SUMMARY>BW2.COM Loader Application (Variant 2)</SUMMARY>
  13081. <DEFAULTINSTALLPATHLIST>
  13082. </DEFAULTINSTALLPATHLIST>
  13083. <CATEGORY>ADWARE</CATEGORY>
  13084. <CONDITIONLIST>
  13085. <CONDITION>MD5=01ca92acf920f9ef759573d609318011</CONDITION>
  13086. </CONDITIONLIST>
  13087. <OPERATOR>AND</OPERATOR>
  13088. <THREATLEVEL>10</THREATLEVEL>
  13089. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13090. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13091. </PROCESSDESCRIPTOR>
  13092. <PROCESSDESCRIPTOR>
  13093. <ID>1986</ID>
  13094. <PROCESSLIST>
  13095. <PROCESS>*</PROCESS>
  13096. <PROCESS>(ACID BASE.EXE)</PROCESS>
  13097. </PROCESSLIST>
  13098. <CLSIDLIST>
  13099. </CLSIDLIST>
  13100. <SUMMARY>Adware.Lop.Process</SUMMARY>
  13101. <DEFAULTINSTALLPATHLIST>
  13102. </DEFAULTINSTALLPATHLIST>
  13103. <CATEGORY>ADWARE</CATEGORY>
  13104. <CONDITIONLIST>
  13105. <CONDITION>MD5=c8f8c1ff6d2288d53936c20b86d80348</CONDITION>
  13106. </CONDITIONLIST>
  13107. <OPERATOR>AND</OPERATOR>
  13108. <THREATLEVEL>10</THREATLEVEL>
  13109. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13110. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13111. </PROCESSDESCRIPTOR>
  13112. <PROCESSDESCRIPTOR>
  13113. <ID>1987</ID>
  13114. <PROCESSLIST>
  13115. <PROCESS>SMSS32.EXE</PROCESS>
  13116. </PROCESSLIST>
  13117. <CLSIDLIST>
  13118. </CLSIDLIST>
  13119. <SUMMARY>SMSS32.EXE</SUMMARY>
  13120. <DEFAULTINSTALLPATHLIST>
  13121. </DEFAULTINSTALLPATHLIST>
  13122. <CATEGORY>TROJAN</CATEGORY>
  13123. <CONDITIONLIST>
  13124. </CONDITIONLIST>
  13125. <OPERATOR>AND</OPERATOR>
  13126. <THREATLEVEL>10</THREATLEVEL>
  13127. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13128. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13129. </PROCESSDESCRIPTOR>
  13130. <PROCESSDESCRIPTOR>
  13131. <ID>1988</ID>
  13132. <PROCESSLIST>
  13133. <PROCESS>*</PROCESS>
  13134. <PROCESS>INETCONNECT.DLL</PROCESS>
  13135. </PROCESSLIST>
  13136. <CLSIDLIST>
  13137. <CLSID>{FD3A6AB4-5527-4B52-90AF-F90CD3270861}</CLSID>
  13138. </CLSIDLIST>
  13139. <SUMMARY>MultiClicker BHO</SUMMARY>
  13140. <DEFAULTINSTALLPATHLIST>
  13141. </DEFAULTINSTALLPATHLIST>
  13142. <CATEGORY>ADWARE</CATEGORY>
  13143. <CONDITIONLIST>
  13144. </CONDITIONLIST>
  13145. <OPERATOR>AND</OPERATOR>
  13146. <THREATLEVEL>10</THREATLEVEL>
  13147. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13148. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13149. </PROCESSDESCRIPTOR>
  13150. <PROCESSDESCRIPTOR>
  13151. <ID>1990</ID>
  13152. <PROCESSLIST>
  13153. <PROCESS>*</PROCESS>
  13154. <PROCESS>DSMANA~1.DLL</PROCESS>
  13155. </PROCESSLIST>
  13156. <CLSIDLIST>
  13157. <CLSID>{962F12AE-2773-4BEB-99EA-B5C3AB9A6606}</CLSID>
  13158. </CLSIDLIST>
  13159. <SUMMARY>Unknown Adware BHO</SUMMARY>
  13160. <DEFAULTINSTALLPATHLIST>
  13161. </DEFAULTINSTALLPATHLIST>
  13162. <CATEGORY>ADWARE</CATEGORY>
  13163. <CONDITIONLIST>
  13164. </CONDITIONLIST>
  13165. <OPERATOR>AND</OPERATOR>
  13166. <THREATLEVEL>10</THREATLEVEL>
  13167. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13168. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13169. </PROCESSDESCRIPTOR>
  13170. <PROCESSDESCRIPTOR>
  13171. <ID>1991</ID>
  13172. <PROCESSLIST>
  13173. <PROCESS>PDSCHED.EXE</PROCESS>
  13174. </PROCESSLIST>
  13175. <CLSIDLIST>
  13176. </CLSIDLIST>
  13177. <SUMMARY>SDBOT.CN Trojan Component</SUMMARY>
  13178. <DEFAULTINSTALLPATHLIST>
  13179. </DEFAULTINSTALLPATHLIST>
  13180. <CATEGORY>TROJAN</CATEGORY>
  13181. <CONDITIONLIST>
  13182. <CONDITION>MD5=017f827ebc26d39b243b0977ad8b9836</CONDITION>
  13183. </CONDITIONLIST>
  13184. <OPERATOR>AND</OPERATOR>
  13185. <THREATLEVEL>10</THREATLEVEL>
  13186. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13187. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13188. </PROCESSDESCRIPTOR>
  13189. <PROCESSDESCRIPTOR>
  13190. <ID>1996</ID>
  13191. <PROCESSLIST>
  13192. <PROCESS>*</PROCESS>
  13193. <PROCESS>(BIRD JUNK.EXE)</PROCESS>
  13194. </PROCESSLIST>
  13195. <CLSIDLIST>
  13196. </CLSIDLIST>
  13197. <SUMMARY>Adware.Lop.Process</SUMMARY>
  13198. <DEFAULTINSTALLPATHLIST>
  13199. </DEFAULTINSTALLPATHLIST>
  13200. <CATEGORY>ADWARE</CATEGORY>
  13201. <CONDITIONLIST>
  13202. <CONDITION>MD5=a8f9447cfee9b9e85950cfe7302fc9d8</CONDITION>
  13203. </CONDITIONLIST>
  13204. <OPERATOR>AND</OPERATOR>
  13205. <THREATLEVEL>10</THREATLEVEL>
  13206. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13207. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13208. </PROCESSDESCRIPTOR>
  13209. <PROCESSDESCRIPTOR>
  13210. <ID>1997</ID>
  13211. <PROCESSLIST>
  13212. <PROCESS>*</PROCESS>
  13213. <PROCESS>(SURFSITEPLUS.EXE)</PROCESS>
  13214. </PROCESSLIST>
  13215. <CLSIDLIST>
  13216. </CLSIDLIST>
  13217. <SUMMARY>Adware.Lop.Process</SUMMARY>
  13218. <DEFAULTINSTALLPATHLIST>
  13219. </DEFAULTINSTALLPATHLIST>
  13220. <CATEGORY>ADWARE</CATEGORY>
  13221. <CONDITIONLIST>
  13222. <CONDITION>MD5=8abe1ce6b32f1ee5a5252481e4edb438</CONDITION>
  13223. </CONDITIONLIST>
  13224. <OPERATOR>AND</OPERATOR>
  13225. <THREATLEVEL>10</THREATLEVEL>
  13226. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13227. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13228. </PROCESSDESCRIPTOR>
  13229. <PROCESSDESCRIPTOR>
  13230. <ID>1998</ID>
  13231. <PROCESSLIST>
  13232. <PROCESS>*</PROCESS>
  13233. <PROCESS>(REFBONE.EXE)</PROCESS>
  13234. </PROCESSLIST>
  13235. <CLSIDLIST>
  13236. </CLSIDLIST>
  13237. <SUMMARY>Adware.Lop.Process</SUMMARY>
  13238. <DEFAULTINSTALLPATHLIST>
  13239. </DEFAULTINSTALLPATHLIST>
  13240. <CATEGORY>ADWARE</CATEGORY>
  13241. <CONDITIONLIST>
  13242. <CONDITION>MD5=ddccc054f2db0b3fa4a15a0735cd1fe5</CONDITION>
  13243. </CONDITIONLIST>
  13244. <OPERATOR>AND</OPERATOR>
  13245. <THREATLEVEL>10</THREATLEVEL>
  13246. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13247. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13248. </PROCESSDESCRIPTOR>
  13249. <PROCESSDESCRIPTOR>
  13250. <ID>1999</ID>
  13251. <PROCESSLIST>
  13252. <PROCESS>*</PROCESS>
  13253. <PROCESS>(OEBXLII.EXE)</PROCESS>
  13254. </PROCESSLIST>
  13255. <CLSIDLIST>
  13256. </CLSIDLIST>
  13257. <SUMMARY>OEBXLII.EXE</SUMMARY>
  13258. <DEFAULTINSTALLPATHLIST>
  13259. </DEFAULTINSTALLPATHLIST>
  13260. <CATEGORY>ADWARE</CATEGORY>
  13261. <CONDITIONLIST>
  13262. <CONDITION>MD5=831a32629441e2e57d14730a59e27f21</CONDITION>
  13263. </CONDITIONLIST>
  13264. <OPERATOR>AND</OPERATOR>
  13265. <THREATLEVEL>10</THREATLEVEL>
  13266. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13267. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13268. </PROCESSDESCRIPTOR>
  13269. <PROCESSDESCRIPTOR>
  13270. <ID>2000</ID>
  13271. <PROCESSLIST>
  13272. <PROCESS>*</PROCESS>
  13273. <PROCESS>UPSPIRAL.DLL</PROCESS>
  13274. </PROCESSLIST>
  13275. <CLSIDLIST>
  13276. <CLSID>{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28}</CLSID>
  13277. </CLSIDLIST>
  13278. <SUMMARY>UpSpiral Toolbar BHO</SUMMARY>
  13279. <DEFAULTINSTALLPATHLIST>
  13280. </DEFAULTINSTALLPATHLIST>
  13281. <CATEGORY>ADWARE</CATEGORY>
  13282. <CONDITIONLIST>
  13283. </CONDITIONLIST>
  13284. <OPERATOR>AND</OPERATOR>
  13285. <THREATLEVEL>10</THREATLEVEL>
  13286. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13287. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13288. </PROCESSDESCRIPTOR>
  13289. <PROCESSDESCRIPTOR>
  13290. <ID>2001</ID>
  13291. <PROCESSLIST>
  13292. <PROCESS>NTSMOD.EXE</PROCESS>
  13293. </PROCESSLIST>
  13294. <CLSIDLIST>
  13295. </CLSIDLIST>
  13296. <SUMMARY>NT System Module</SUMMARY>
  13297. <DEFAULTINSTALLPATHLIST>
  13298. </DEFAULTINSTALLPATHLIST>
  13299. <CATEGORY>ADWARE</CATEGORY>
  13300. <CONDITIONLIST>
  13301. <CONDITION>FILELOCATION~system32</CONDITION>
  13302. </CONDITIONLIST>
  13303. <OPERATOR>AND</OPERATOR>
  13304. <THREATLEVEL>10</THREATLEVEL>
  13305. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13306. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13307. </PROCESSDESCRIPTOR>
  13308. <PROCESSDESCRIPTOR>
  13309. <ID>2002</ID>
  13310. <PROCESSLIST>
  13311. <PROCESS>*</PROCESS>
  13312. <PROCESS>4B_1,0,1,2_MSLAGENT.DLL</PROCESS>
  13313. </PROCESSLIST>
  13314. <CLSIDLIST>
  13315. <CLSID>{008DB894-99ED-445D-8547-0E7C9808898D}</CLSID>
  13316. </CLSIDLIST>
  13317. <SUMMARY>Adware.Slagent BHO</SUMMARY>
  13318. <DEFAULTINSTALLPATHLIST>
  13319. </DEFAULTINSTALLPATHLIST>
  13320. <CATEGORY>ADWARE</CATEGORY>
  13321. <CONDITIONLIST>
  13322. </CONDITIONLIST>
  13323. <OPERATOR>AND</OPERATOR>
  13324. <THREATLEVEL>10</THREATLEVEL>
  13325. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13326. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13327. </PROCESSDESCRIPTOR>
  13328. <PROCESSDESCRIPTOR>
  13329. <ID>2003</ID>
  13330. <PROCESSLIST>
  13331. <PROCESS>*</PROCESS>
  13332. <PROCESS>RK.EXE</PROCESS>
  13333. <PROCESS>MKSC.EXE</PROCESS>
  13334. </PROCESSLIST>
  13335. <CLSIDLIST>
  13336. </CLSIDLIST>
  13337. <SUMMARY>RelevantKnowledge Spyware Component</SUMMARY>
  13338. <DEFAULTINSTALLPATHLIST>
  13339. </DEFAULTINSTALLPATHLIST>
  13340. <CATEGORY>SPYWARE</CATEGORY>
  13341. <CONDITIONLIST>
  13342. <CONDITION>COMPANYNAME~RelevantKnowledge</CONDITION>
  13343. </CONDITIONLIST>
  13344. <OPERATOR>AND</OPERATOR>
  13345. <THREATLEVEL>10</THREATLEVEL>
  13346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13348. </PROCESSDESCRIPTOR>
  13349. <PROCESSDESCRIPTOR>
  13350. <ID>2004</ID>
  13351. <PROCESSLIST>
  13352. <PROCESS>*</PROCESS>
  13353. <PROCESS>PWRSMND1.DLL</PROCESS>
  13354. </PROCESSLIST>
  13355. <CLSIDLIST>
  13356. <CLSID>{4E7BD74F-2B8D-469E-A3FA-F161A787AD2D}</CLSID>
  13357. </CLSIDLIST>
  13358. <SUMMARY>PowerSearch BHO</SUMMARY>
  13359. <DEFAULTINSTALLPATHLIST>
  13360. </DEFAULTINSTALLPATHLIST>
  13361. <CATEGORY>ADWARE</CATEGORY>
  13362. <CONDITIONLIST>
  13363. </CONDITIONLIST>
  13364. <OPERATOR>AND</OPERATOR>
  13365. <THREATLEVEL>10</THREATLEVEL>
  13366. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13367. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13368. </PROCESSDESCRIPTOR>
  13369. <PROCESSDESCRIPTOR>
  13370. <ID>2005</ID>
  13371. <PROCESSLIST>
  13372. <PROCESS>MTSOEMON.EXE</PROCESS>
  13373. </PROCESSLIST>
  13374. <CLSIDLIST>
  13375. </CLSIDLIST>
  13376. <SUMMARY>MyTotalSearch Email Plugin</SUMMARY>
  13377. <DEFAULTINSTALLPATHLIST>
  13378. </DEFAULTINSTALLPATHLIST>
  13379. <CATEGORY>ADWARE</CATEGORY>
  13380. <CONDITIONLIST>
  13381. </CONDITIONLIST>
  13382. <OPERATOR>AND</OPERATOR>
  13383. <THREATLEVEL>5</THREATLEVEL>
  13384. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13385. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13386. </PROCESSDESCRIPTOR>
  13387. <PROCESSDESCRIPTOR>
  13388. <ID>2006</ID>
  13389. <PROCESSLIST>
  13390. <PROCESS>*</PROCESS>
  13391. <PROCESS>MTSSRCAS.DLL</PROCESS>
  13392. </PROCESSLIST>
  13393. <CLSIDLIST>
  13394. <CLSID>{00BD2861-C654-4694-A44A-98642D73247D}</CLSID>
  13395. </CLSIDLIST>
  13396. <SUMMARY>MyTotalSearch Search Assistant BHO</SUMMARY>
  13397. <DEFAULTINSTALLPATHLIST>
  13398. </DEFAULTINSTALLPATHLIST>
  13399. <CATEGORY>ADWARE</CATEGORY>
  13400. <CONDITIONLIST>
  13401. </CONDITIONLIST>
  13402. <OPERATOR>AND</OPERATOR>
  13403. <THREATLEVEL>10</THREATLEVEL>
  13404. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13405. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13406. </PROCESSDESCRIPTOR>
  13407. <PROCESSDESCRIPTOR>
  13408. <ID>2007</ID>
  13409. <PROCESSLIST>
  13410. <PROCESS>*</PROCESS>
  13411. <PROCESS>MTSBAR.DLL</PROCESS>
  13412. </PROCESSLIST>
  13413. <CLSIDLIST>
  13414. <CLSID>{094176F1-BF35-4bcb-B68A-108DFB8C3825}</CLSID>
  13415. </CLSIDLIST>
  13416. <SUMMARY>My Total Search Toolbar BHO</SUMMARY>
  13417. <DEFAULTINSTALLPATHLIST>
  13418. </DEFAULTINSTALLPATHLIST>
  13419. <CATEGORY>ADWARE</CATEGORY>
  13420. <CONDITIONLIST>
  13421. </CONDITIONLIST>
  13422. <OPERATOR>AND</OPERATOR>
  13423. <THREATLEVEL>10</THREATLEVEL>
  13424. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13425. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13426. </PROCESSDESCRIPTOR>
  13427. <PROCESSDESCRIPTOR>
  13428. <ID>2008</ID>
  13429. <PROCESSLIST>
  13430. <PROCESS>I11R54N4.EXE</PROCESS>
  13431. </PROCESSLIST>
  13432. <CLSIDLIST>
  13433. </CLSIDLIST>
  13434. <SUMMARY>Bagle/Beagle Internet Worm Variant</SUMMARY>
  13435. <DEFAULTINSTALLPATHLIST>
  13436. </DEFAULTINSTALLPATHLIST>
  13437. <CATEGORY>WORM</CATEGORY>
  13438. <CONDITIONLIST>
  13439. <CONDITION>FILELOCATION~system</CONDITION>
  13440. </CONDITIONLIST>
  13441. <OPERATOR>AND</OPERATOR>
  13442. <THREATLEVEL>10</THREATLEVEL>
  13443. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13444. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13445. </PROCESSDESCRIPTOR>
  13446. <PROCESSDESCRIPTOR>
  13447. <ID>2009</ID>
  13448. <PROCESSLIST>
  13449. <PROCESS>*</PROCESS>
  13450. <PROCESS>APIHF32.DLL</PROCESS>
  13451. </PROCESSLIST>
  13452. <CLSIDLIST>
  13453. <CLSID>{FA6A4655-C13C-BF9A-C97E-513B7A9A010A}</CLSID>
  13454. </CLSIDLIST>
  13455. <SUMMARY>Unknown BHO/URL Search Hook (APIHF32.DLL)</SUMMARY>
  13456. <DEFAULTINSTALLPATHLIST>
  13457. </DEFAULTINSTALLPATHLIST>
  13458. <CATEGORY>ADWARE</CATEGORY>
  13459. <CONDITIONLIST>
  13460. </CONDITIONLIST>
  13461. <OPERATOR>AND</OPERATOR>
  13462. <THREATLEVEL>10</THREATLEVEL>
  13463. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13464. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13465. </PROCESSDESCRIPTOR>
  13466. <PROCESSDESCRIPTOR>
  13467. <ID>2010</ID>
  13468. <PROCESSLIST>
  13469. <PROCESS>REMOVE_SPYWARE.EXE</PROCESS>
  13470. </PROCESSLIST>
  13471. <CLSIDLIST>
  13472. </CLSIDLIST>
  13473. <SUMMARY>Remove_spyware.exe</SUMMARY>
  13474. <DEFAULTINSTALLPATHLIST>
  13475. </DEFAULTINSTALLPATHLIST>
  13476. <CATEGORY>ADWARE</CATEGORY>
  13477. <CONDITIONLIST>
  13478. </CONDITIONLIST>
  13479. <OPERATOR>AND</OPERATOR>
  13480. <THREATLEVEL>5</THREATLEVEL>
  13481. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13482. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13483. </PROCESSDESCRIPTOR>
  13484. <PROCESSDESCRIPTOR>
  13485. <ID>2011</ID>
  13486. <PROCESSLIST>
  13487. <PROCESS>*</PROCESS>
  13488. <PROCESS>MSAXS.DLL</PROCESS>
  13489. <PROCESS>MSPUA.DLL</PROCESS>
  13490. </PROCESSLIST>
  13491. <CLSIDLIST>
  13492. <CLSID>{770C971E-08B7-497E-8F67-801EBA1ECC4D}</CLSID>
  13493. <CLSID>{EB77D262-F353-4AA9-B2BB-889660B0F5EA}</CLSID>
  13494. </CLSIDLIST>
  13495. <SUMMARY>Unknown BHO (MSAXS.DLL)</SUMMARY>
  13496. <DEFAULTINSTALLPATHLIST>
  13497. </DEFAULTINSTALLPATHLIST>
  13498. <CATEGORY>ADWARE</CATEGORY>
  13499. <CONDITIONLIST>
  13500. </CONDITIONLIST>
  13501. <OPERATOR>AND</OPERATOR>
  13502. <THREATLEVEL>10</THREATLEVEL>
  13503. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13504. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13505. </PROCESSDESCRIPTOR>
  13506. <PROCESSDESCRIPTOR>
  13507. <ID>2012</ID>
  13508. <PROCESSLIST>
  13509. <PROCESS>*</PROCESS>
  13510. <PROCESS>SDMTB.DLL</PROCESS>
  13511. </PROCESSLIST>
  13512. <CLSIDLIST>
  13513. <CLSID>{441354C5-911B-409B-9A66-A11D6D4E1A22}</CLSID>
  13514. </CLSIDLIST>
  13515. <SUMMARY>Web Directory Module BHO</SUMMARY>
  13516. <DEFAULTINSTALLPATHLIST>
  13517. </DEFAULTINSTALLPATHLIST>
  13518. <CATEGORY>ADWARE</CATEGORY>
  13519. <CONDITIONLIST>
  13520. </CONDITIONLIST>
  13521. <OPERATOR>AND</OPERATOR>
  13522. <THREATLEVEL>10</THREATLEVEL>
  13523. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13524. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13525. </PROCESSDESCRIPTOR>
  13526. <PROCESSDESCRIPTOR>
  13527. <ID>2014</ID>
  13528. <PROCESSLIST>
  13529. <PROCESS>*</PROCESS>
  13530. <PROCESS>NKWISHOY.DLL</PROCESS>
  13531. <PROCESS>HCMNELCK.DLL</PROCESS>
  13532. </PROCESSLIST>
  13533. <CLSIDLIST>
  13534. <CLSID>*</CLSID>
  13535. <CLSID>{B36759C9-29AB-E3D6-5690-B0A5CC7A9ACD}</CLSID>
  13536. <CLSID>{EDE958EB-C904-3795-0DB6-6CCB97601BB9}</CLSID>
  13537. </CLSIDLIST>
  13538. <SUMMARY>IEloader Module BHO</SUMMARY>
  13539. <DEFAULTINSTALLPATHLIST>
  13540. </DEFAULTINSTALLPATHLIST>
  13541. <CATEGORY>ADWARE</CATEGORY>
  13542. <CONDITIONLIST>
  13543. <CONDITION>FILELOCATION~system32</CONDITION>
  13544. <CONDITION>FILEDESCRIPTION=IEloader Module</CONDITION>
  13545. <CONDITION>INTERNALNAME=IEloader</CONDITION>
  13546. </CONDITIONLIST>
  13547. <OPERATOR>AND</OPERATOR>
  13548. <THREATLEVEL>10</THREATLEVEL>
  13549. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13550. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13551. </PROCESSDESCRIPTOR>
  13552. <PROCESSDESCRIPTOR>
  13553. <ID>2016</ID>
  13554. <PROCESSLIST>
  13555. <PROCESS>MCICDB.DLL</PROCESS>
  13556. </PROCESSLIST>
  13557. <CLSIDLIST>
  13558. <CLSID>*</CLSID>
  13559. <CLSID>{DC6AA004-965C-4F84-9D18-EEC4F2447900}</CLSID>
  13560. <CLSID>{1E4F72D9-2022-4BBF-BC59-3EEA3A8D66FF}</CLSID>
  13561. <CLSID>{6EC0DA40-A355-4BCD-BF9D-6F98B8D63A62}</CLSID>
  13562. </CLSIDLIST>
  13563. <SUMMARY>Unknown Browser Extension (MCICDB.DLL)</SUMMARY>
  13564. <DEFAULTINSTALLPATHLIST>
  13565. </DEFAULTINSTALLPATHLIST>
  13566. <CATEGORY>ADWARE</CATEGORY>
  13567. <CONDITIONLIST>
  13568. <CONDITION>FILELOCATION~system</CONDITION>
  13569. </CONDITIONLIST>
  13570. <OPERATOR>AND</OPERATOR>
  13571. <THREATLEVEL>10</THREATLEVEL>
  13572. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13573. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13574. </PROCESSDESCRIPTOR>
  13575. <PROCESSDESCRIPTOR>
  13576. <ID>2017</ID>
  13577. <PROCESSLIST>
  13578. <PROCESS>*</PROCESS>
  13579. <PROCESS>EBPPW.DLL</PROCESS>
  13580. <PROCESS>HEWFO.DLL</PROCESS>
  13581. <PROCESS>YFTXK.DLL</PROCESS>
  13582. <PROCESS>LCVMM.DLL</PROCESS>
  13583. <PROCESS>GBTIH.DLL</PROCESS>
  13584. <PROCESS>RTKBP.DLL</PROCESS>
  13585. <PROCESS>MVQZZ.DLL</PROCESS>
  13586. </PROCESSLIST>
  13587. <CLSIDLIST>
  13588. <CLSID>*</CLSID>
  13589. <CLSID>{733023F8-D55A-4917-A880-F53240E54D03}</CLSID>
  13590. <CLSID>{0EB39889-F9CF-41EB-AB7A-0C3D38302BF3}</CLSID>
  13591. <CLSID>{D96C3EA3-9B85-412E-9D7C-79B19A2D1118}</CLSID>
  13592. <CLSID>{73DC7B56-FF55-4EE8-B68C-6EF0404965B8}</CLSID>
  13593. <CLSID>{31A44560-6BA7-11D9-B056-00B0D0C263EE}</CLSID>
  13594. <CLSID>{5A463000-6BA7-11D9-B056-00B0D0C263EE}</CLSID>
  13595. <CLSID>{FD630860-6CD5-11D9-A1FA-00045A9A55D3}</CLSID>
  13596. </CLSIDLIST>
  13597. <SUMMARY>SWin32 Module BHO</SUMMARY>
  13598. <DEFAULTINSTALLPATHLIST>
  13599. </DEFAULTINSTALLPATHLIST>
  13600. <CATEGORY>ADWARE</CATEGORY>
  13601. <CONDITIONLIST>
  13602. <CONDITION>FILELOCATION~system</CONDITION>
  13603. <CONDITION>FILEDESCTIPTION=SWin32 Module</CONDITION>
  13604. <CONDITION>INTERNALNAME=SWin32</CONDITION>
  13605. </CONDITIONLIST>
  13606. <OPERATOR>AND</OPERATOR>
  13607. <THREATLEVEL>10</THREATLEVEL>
  13608. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13609. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13610. </PROCESSDESCRIPTOR>
  13611. <PROCESSDESCRIPTOR>
  13612. <ID>2018</ID>
  13613. <PROCESSLIST>
  13614. <PROCESS>*</PROCESS>
  13615. <PROCESS>KVGSPEEG.DLL</PROCESS>
  13616. </PROCESSLIST>
  13617. <CLSIDLIST>
  13618. <CLSID>{36ED1B80-8813-E6BA-20A3-A457E32E1BDD}</CLSID>
  13619. </CLSIDLIST>
  13620. <SUMMARY>Unknown BHO (KVGSPEEG.DLL)</SUMMARY>
  13621. <DEFAULTINSTALLPATHLIST>
  13622. </DEFAULTINSTALLPATHLIST>
  13623. <CATEGORY>ADWARE</CATEGORY>
  13624. <CONDITIONLIST>
  13625. </CONDITIONLIST>
  13626. <OPERATOR>AND</OPERATOR>
  13627. <THREATLEVEL>10</THREATLEVEL>
  13628. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13629. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13630. </PROCESSDESCRIPTOR>
  13631. <PROCESSDESCRIPTOR>
  13632. <ID>2019</ID>
  13633. <PROCESSLIST>
  13634. <PROCESS>*</PROCESS>
  13635. <PROCESS>SEKFECH.DLL</PROCESS>
  13636. <PROCESS>KZD.DLL</PROCESS>
  13637. <PROCESS>TGDBNLLO.DLL</PROCESS>
  13638. </PROCESSLIST>
  13639. <CLSIDLIST>
  13640. <CLSID>*</CLSID>
  13641. <CLSID>{AF0E441C-A8AA-FD03-806E-891D801045B2}</CLSID>
  13642. <CLSID>{AD211133-F984-8901-D91F-8D1D844012B0}</CLSID>
  13643. </CLSIDLIST>
  13644. <SUMMARY>Unknown BHO (SEKFECH.DLL)</SUMMARY>
  13645. <DEFAULTINSTALLPATHLIST>
  13646. </DEFAULTINSTALLPATHLIST>
  13647. <CATEGORY>ADWARE</CATEGORY>
  13648. <CONDITIONLIST>
  13649. <CONDITION>MD5=e3f7db48140ae24eaa843e54f559c16a</CONDITION>
  13650. </CONDITIONLIST>
  13651. <OPERATOR>AND</OPERATOR>
  13652. <THREATLEVEL>10</THREATLEVEL>
  13653. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13654. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13655. </PROCESSDESCRIPTOR>
  13656. <PROCESSDESCRIPTOR>
  13657. <ID>2020</ID>
  13658. <PROCESSLIST>
  13659. <PROCESS>*</PROCESS>
  13660. <PROCESS>KRDPOQUEJ.DLL</PROCESS>
  13661. <PROCESS>GXWOHI.DLL</PROCESS>
  13662. <PROCESS>KANFI.DLL</PROCESS>
  13663. </PROCESSLIST>
  13664. <CLSIDLIST>
  13665. <CLSID>*</CLSID>
  13666. <CLSID>{BE7DE7CB-DA7C-9D7D-253F-4A8B31A3C214}</CLSID>
  13667. <CLSID>{405CB368-5742-6C49-54C2-B4CD2CA77B1C}</CLSID>
  13668. <CLSID>{CF87FC39-6897-F513-30E5-0EBC5A2A9C6A}</CLSID>
  13669. </CLSIDLIST>
  13670. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  13671. <DEFAULTINSTALLPATHLIST>
  13672. </DEFAULTINSTALLPATHLIST>
  13673. <CATEGORY>ADWARE</CATEGORY>
  13674. <CONDITIONLIST>
  13675. <CONDITION>MD5=f1d70f00c6e726bb57c0f4b4765b64d0</CONDITION>
  13676. </CONDITIONLIST>
  13677. <OPERATOR>AND</OPERATOR>
  13678. <THREATLEVEL>10</THREATLEVEL>
  13679. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13680. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13681. </PROCESSDESCRIPTOR>
  13682. <PROCESSDESCRIPTOR>
  13683. <ID>2022</ID>
  13684. <PROCESSLIST>
  13685. <PROCESS>*</PROCESS>
  13686. <PROCESS>(ZEAFNOSVJ.EXE)</PROCESS>
  13687. </PROCESSLIST>
  13688. <CLSIDLIST>
  13689. </CLSIDLIST>
  13690. <SUMMARY>ZEAFNOSVJ.EXE</SUMMARY>
  13691. <DEFAULTINSTALLPATHLIST>
  13692. </DEFAULTINSTALLPATHLIST>
  13693. <CATEGORY>ADWARE</CATEGORY>
  13694. <CONDITIONLIST>
  13695. <CONDITION>MD5=46adef9e695aad12f1f1548ba9f45b36</CONDITION>
  13696. </CONDITIONLIST>
  13697. <OPERATOR>AND</OPERATOR>
  13698. <THREATLEVEL>10</THREATLEVEL>
  13699. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13700. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13701. </PROCESSDESCRIPTOR>
  13702. <PROCESSDESCRIPTOR>
  13703. <ID>2023</ID>
  13704. <PROCESSLIST>
  13705. <PROCESS>*</PROCESS>
  13706. <PROCESS>(NQVAVG.EXE)</PROCESS>
  13707. </PROCESSLIST>
  13708. <CLSIDLIST>
  13709. </CLSIDLIST>
  13710. <SUMMARY>NQVAVG.EXE</SUMMARY>
  13711. <DEFAULTINSTALLPATHLIST>
  13712. </DEFAULTINSTALLPATHLIST>
  13713. <CATEGORY>ADWARE</CATEGORY>
  13714. <CONDITIONLIST>
  13715. <CONDITION>MD5=efff434d22fa4c8ef9277f67056fa367</CONDITION>
  13716. </CONDITIONLIST>
  13717. <OPERATOR>AND</OPERATOR>
  13718. <THREATLEVEL>10</THREATLEVEL>
  13719. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13720. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13721. </PROCESSDESCRIPTOR>
  13722. <PROCESSDESCRIPTOR>
  13723. <ID>2024</ID>
  13724. <PROCESSLIST>
  13725. <PROCESS>*</PROCESS>
  13726. <PROCESS>(ISFET.EXE)</PROCESS>
  13727. </PROCESSLIST>
  13728. <CLSIDLIST>
  13729. </CLSIDLIST>
  13730. <SUMMARY>ISFET.EXE</SUMMARY>
  13731. <DEFAULTINSTALLPATHLIST>
  13732. </DEFAULTINSTALLPATHLIST>
  13733. <CATEGORY>ADWARE</CATEGORY>
  13734. <CONDITIONLIST>
  13735. <CONDITION>MD5=2906aed2a080e5c9da90a19b8f64603d</CONDITION>
  13736. </CONDITIONLIST>
  13737. <OPERATOR>AND</OPERATOR>
  13738. <THREATLEVEL>10</THREATLEVEL>
  13739. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13740. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13741. </PROCESSDESCRIPTOR>
  13742. <PROCESSDESCRIPTOR>
  13743. <ID>2025</ID>
  13744. <PROCESSLIST>
  13745. <PROCESS>*</PROCESS>
  13746. <PROCESS>ASNJNXJW.DLL</PROCESS>
  13747. </PROCESSLIST>
  13748. <CLSIDLIST>
  13749. <CLSID>*</CLSID>
  13750. <CLSID>{C5CF6D52-34C8-1FED-0FEE-B339CCFCAC4D}</CLSID>
  13751. </CLSIDLIST>
  13752. <SUMMARY>Unknown BHO (ASNJNXJW.DLL)</SUMMARY>
  13753. <DEFAULTINSTALLPATHLIST>
  13754. </DEFAULTINSTALLPATHLIST>
  13755. <CATEGORY>ADWARE</CATEGORY>
  13756. <CONDITIONLIST>
  13757. <CONDITION>MD5=9b4c4b90881a7d19714b7aefdb472af4</CONDITION>
  13758. </CONDITIONLIST>
  13759. <OPERATOR>AND</OPERATOR>
  13760. <THREATLEVEL>10</THREATLEVEL>
  13761. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13762. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13763. </PROCESSDESCRIPTOR>
  13764. <PROCESSDESCRIPTOR>
  13765. <ID>2026</ID>
  13766. <PROCESSLIST>
  13767. <PROCESS>*</PROCESS>
  13768. <PROCESS>(FLJB.EXE)</PROCESS>
  13769. </PROCESSLIST>
  13770. <CLSIDLIST>
  13771. </CLSIDLIST>
  13772. <SUMMARY>FLJB.EXE</SUMMARY>
  13773. <DEFAULTINSTALLPATHLIST>
  13774. </DEFAULTINSTALLPATHLIST>
  13775. <CATEGORY>ADWARE</CATEGORY>
  13776. <CONDITIONLIST>
  13777. <CONDITION>MD5=3c9685fcb80a5735f93d08018ba99890</CONDITION>
  13778. </CONDITIONLIST>
  13779. <OPERATOR>AND</OPERATOR>
  13780. <THREATLEVEL>10</THREATLEVEL>
  13781. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13782. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13783. </PROCESSDESCRIPTOR>
  13784. <PROCESSDESCRIPTOR>
  13785. <ID>2027</ID>
  13786. <PROCESSLIST>
  13787. <PROCESS>*</PROCESS>
  13788. <PROCESS>(DEES.EXE)</PROCESS>
  13789. </PROCESSLIST>
  13790. <CLSIDLIST>
  13791. </CLSIDLIST>
  13792. <SUMMARY>DEES.EXE</SUMMARY>
  13793. <DEFAULTINSTALLPATHLIST>
  13794. </DEFAULTINSTALLPATHLIST>
  13795. <CATEGORY>ADWARE</CATEGORY>
  13796. <CONDITIONLIST>
  13797. <CONDITION>MD5=1b136b2887309a2dfe3a4ab329fb27c9</CONDITION>
  13798. <CONDITION>MD5=3A44A2B0BBE61224EDD0503BDB01191F</CONDITION>
  13799. </CONDITIONLIST>
  13800. <OPERATOR>OR</OPERATOR>
  13801. <THREATLEVEL>10</THREATLEVEL>
  13802. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13803. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13804. </PROCESSDESCRIPTOR>
  13805. <PROCESSDESCRIPTOR>
  13806. <ID>2028</ID>
  13807. <PROCESSLIST>
  13808. <PROCESS>*</PROCESS>
  13809. <PROCESS>(MSCONFIG.EXE)</PROCESS>
  13810. <PROCESS>(MCONFI~1.EXE)</PROCESS>
  13811. </PROCESSLIST>
  13812. <CLSIDLIST>
  13813. </CLSIDLIST>
  13814. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  13815. <DEFAULTINSTALLPATHLIST>
  13816. </DEFAULTINSTALLPATHLIST>
  13817. <CATEGORY>ADWARE</CATEGORY>
  13818. <CONDITIONLIST>
  13819. <CONDITION>MD5=c0276d582041bf6f026091ec8f22269c</CONDITION>
  13820. </CONDITIONLIST>
  13821. <OPERATOR>AND</OPERATOR>
  13822. <THREATLEVEL>10</THREATLEVEL>
  13823. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13824. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13825. </PROCESSDESCRIPTOR>
  13826. <PROCESSDESCRIPTOR>
  13827. <ID>2029</ID>
  13828. <PROCESSLIST>
  13829. <PROCESS>*</PROCESS>
  13830. <PROCESS>ADWAREFILTER.DLL</PROCESS>
  13831. </PROCESSLIST>
  13832. <CLSIDLIST>
  13833. <CLSID>{1028F737-81E7-452B-A860-E50CAD90A08C}</CLSID>
  13834. </CLSIDLIST>
  13835. <SUMMARY>AdwareFilter Toolbar</SUMMARY>
  13836. <DEFAULTINSTALLPATHLIST>
  13837. </DEFAULTINSTALLPATHLIST>
  13838. <CATEGORY>ADWARE</CATEGORY>
  13839. <CONDITIONLIST>
  13840. </CONDITIONLIST>
  13841. <OPERATOR>AND</OPERATOR>
  13842. <THREATLEVEL>10</THREATLEVEL>
  13843. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13844. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13845. </PROCESSDESCRIPTOR>
  13846. <PROCESSDESCRIPTOR>
  13847. <ID>2030</ID>
  13848. <PROCESSLIST>
  13849. <PROCESS>*</PROCESS>
  13850. <PROCESS>(WJWF.EXE)</PROCESS>
  13851. </PROCESSLIST>
  13852. <CLSIDLIST>
  13853. </CLSIDLIST>
  13854. <SUMMARY>WJWF.EXE</SUMMARY>
  13855. <DEFAULTINSTALLPATHLIST>
  13856. </DEFAULTINSTALLPATHLIST>
  13857. <CATEGORY>ADWARE</CATEGORY>
  13858. <CONDITIONLIST>
  13859. <CONDITION>MD5=e384560fe73801831e888501ce4529d0</CONDITION>
  13860. </CONDITIONLIST>
  13861. <OPERATOR>AND</OPERATOR>
  13862. <THREATLEVEL>10</THREATLEVEL>
  13863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13865. </PROCESSDESCRIPTOR>
  13866. <PROCESSDESCRIPTOR>
  13867. <ID>2031</ID>
  13868. <PROCESSLIST>
  13869. <PROCESS>*</PROCESS>
  13870. <PROCESS>MSIBKD.DLL</PROCESS>
  13871. </PROCESSLIST>
  13872. <CLSIDLIST>
  13873. <CLSID>{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}</CLSID>
  13874. </CLSIDLIST>
  13875. <SUMMARY>ClientMan Adware BHO</SUMMARY>
  13876. <DEFAULTINSTALLPATHLIST>
  13877. </DEFAULTINSTALLPATHLIST>
  13878. <CATEGORY>ADWARE</CATEGORY>
  13879. <CONDITIONLIST>
  13880. </CONDITIONLIST>
  13881. <OPERATOR>AND</OPERATOR>
  13882. <THREATLEVEL>10</THREATLEVEL>
  13883. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13884. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13885. </PROCESSDESCRIPTOR>
  13886. <PROCESSDESCRIPTOR>
  13887. <ID>2032</ID>
  13888. <PROCESSLIST>
  13889. <PROCESS>*</PROCESS>
  13890. <PROCESS>MSDAIM.DLL</PROCESS>
  13891. </PROCESSLIST>
  13892. <CLSIDLIST>
  13893. <CLSID>{0BA1C6EB-D062-4E37-9DB5-B07743276324}</CLSID>
  13894. </CLSIDLIST>
  13895. <SUMMARY>ClientMan Adware BHO</SUMMARY>
  13896. <DEFAULTINSTALLPATHLIST>
  13897. </DEFAULTINSTALLPATHLIST>
  13898. <CATEGORY>ADWARE</CATEGORY>
  13899. <CONDITIONLIST>
  13900. </CONDITIONLIST>
  13901. <OPERATOR>AND</OPERATOR>
  13902. <THREATLEVEL>10</THREATLEVEL>
  13903. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13904. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13905. </PROCESSDESCRIPTOR>
  13906. <PROCESSDESCRIPTOR>
  13907. <ID>2033</ID>
  13908. <PROCESSLIST>
  13909. <PROCESS>*</PROCESS>
  13910. <PROCESS>(ANBSXAY.EXE)</PROCESS>
  13911. </PROCESSLIST>
  13912. <CLSIDLIST>
  13913. </CLSIDLIST>
  13914. <SUMMARY>ANBSXAY.EXE</SUMMARY>
  13915. <DEFAULTINSTALLPATHLIST>
  13916. </DEFAULTINSTALLPATHLIST>
  13917. <CATEGORY>ADWARE</CATEGORY>
  13918. <CONDITIONLIST>
  13919. <CONDITION>MD5=0507cc1b7f1044b16621095edb8850aa</CONDITION>
  13920. </CONDITIONLIST>
  13921. <OPERATOR>AND</OPERATOR>
  13922. <THREATLEVEL>10</THREATLEVEL>
  13923. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13924. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13925. </PROCESSDESCRIPTOR>
  13926. <PROCESSDESCRIPTOR>
  13927. <ID>2034</ID>
  13928. <PROCESSLIST>
  13929. <PROCESS>*</PROCESS>
  13930. <PROCESS>(WINMONV.EXE)</PROCESS>
  13931. </PROCESSLIST>
  13932. <CLSIDLIST>
  13933. </CLSIDLIST>
  13934. <SUMMARY>WINMONV.EXE</SUMMARY>
  13935. <DEFAULTINSTALLPATHLIST>
  13936. </DEFAULTINSTALLPATHLIST>
  13937. <CATEGORY>ADWARE</CATEGORY>
  13938. <CONDITIONLIST>
  13939. <CONDITION>MD5=ff9cafabc0c784f0c38a03365bfcd91f</CONDITION>
  13940. </CONDITIONLIST>
  13941. <OPERATOR>AND</OPERATOR>
  13942. <THREATLEVEL>10</THREATLEVEL>
  13943. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13944. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13945. </PROCESSDESCRIPTOR>
  13946. <PROCESSDESCRIPTOR>
  13947. <ID>2035</ID>
  13948. <PROCESSLIST>
  13949. <PROCESS>*</PROCESS>
  13950. <PROCESS>SNHELPER.DLL</PROCESS>
  13951. </PROCESSLIST>
  13952. <CLSIDLIST>
  13953. <CLSID>{4E7BD74F-2B8D-469E-C0FB-EF60B19DB42E}</CLSID>
  13954. <CLSID>{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}</CLSID>
  13955. </CLSIDLIST>
  13956. <SUMMARY>Browser Hijacker.Srng/ShopNav.BHO</SUMMARY>
  13957. <DEFAULTINSTALLPATHLIST>
  13958. </DEFAULTINSTALLPATHLIST>
  13959. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  13960. <CONDITIONLIST>
  13961. </CONDITIONLIST>
  13962. <OPERATOR>AND</OPERATOR>
  13963. <THREATLEVEL>10</THREATLEVEL>
  13964. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13965. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13966. </PROCESSDESCRIPTOR>
  13967. <PROCESSDESCRIPTOR>
  13968. <ID>2036</ID>
  13969. <PROCESSLIST>
  13970. <PROCESS>*</PROCESS>
  13971. <PROCESS>DREPLACE.DLL</PROCESS>
  13972. </PROCESSLIST>
  13973. <CLSIDLIST>
  13974. <CLSID>{086AE192-23A6-48D6-96EC-715F53797E85}</CLSID>
  13975. </CLSIDLIST>
  13976. <SUMMARY>HTMLCore Module BHO</SUMMARY>
  13977. <DEFAULTINSTALLPATHLIST>
  13978. </DEFAULTINSTALLPATHLIST>
  13979. <CATEGORY>ADWARE</CATEGORY>
  13980. <CONDITIONLIST>
  13981. </CONDITIONLIST>
  13982. <OPERATOR>AND</OPERATOR>
  13983. <THREATLEVEL>10</THREATLEVEL>
  13984. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  13985. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  13986. </PROCESSDESCRIPTOR>
  13987. <PROCESSDESCRIPTOR>
  13988. <ID>2037</ID>
  13989. <PROCESSLIST>
  13990. <PROCESS>*</PROCESS>
  13991. <PROCESS>(BAT ONCE.EXE)</PROCESS>
  13992. </PROCESSLIST>
  13993. <CLSIDLIST>
  13994. </CLSIDLIST>
  13995. <SUMMARY>Adware.Lop.Process</SUMMARY>
  13996. <DEFAULTINSTALLPATHLIST>
  13997. </DEFAULTINSTALLPATHLIST>
  13998. <CATEGORY>ADWARE</CATEGORY>
  13999. <CONDITIONLIST>
  14000. <CONDITION>MD5=580ce26927475b419463b1aad33954f0</CONDITION>
  14001. </CONDITIONLIST>
  14002. <OPERATOR>AND</OPERATOR>
  14003. <THREATLEVEL>10</THREATLEVEL>
  14004. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14005. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14006. </PROCESSDESCRIPTOR>
  14007. <PROCESSDESCRIPTOR>
  14008. <ID>2038</ID>
  14009. <PROCESSLIST>
  14010. <PROCESS>*</PROCESS>
  14011. <PROCESS>BHO001.DLL</PROCESS>
  14012. </PROCESSLIST>
  14013. <CLSIDLIST>
  14014. <CLSID>{60E78CAC-E9A7-4302-B9EE-8582EDE22FBF}</CLSID>
  14015. </CLSIDLIST>
  14016. <SUMMARY>Natural Language Navigation BHO</SUMMARY>
  14017. <DEFAULTINSTALLPATHLIST>
  14018. </DEFAULTINSTALLPATHLIST>
  14019. <CATEGORY>ADWARE</CATEGORY>
  14020. <CONDITIONLIST>
  14021. </CONDITIONLIST>
  14022. <OPERATOR>AND</OPERATOR>
  14023. <THREATLEVEL>10</THREATLEVEL>
  14024. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14025. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14026. </PROCESSDESCRIPTOR>
  14027. <PROCESSDESCRIPTOR>
  14028. <ID>2039</ID>
  14029. <PROCESSLIST>
  14030. <PROCESS>*</PROCESS>
  14031. <PROCESS>(FEVLKF.EXE)</PROCESS>
  14032. </PROCESSLIST>
  14033. <CLSIDLIST>
  14034. </CLSIDLIST>
  14035. <SUMMARY>FEVLKF.EXE</SUMMARY>
  14036. <DEFAULTINSTALLPATHLIST>
  14037. </DEFAULTINSTALLPATHLIST>
  14038. <CATEGORY>ADWARE</CATEGORY>
  14039. <CONDITIONLIST>
  14040. <CONDITION>MD5=c42d07bb41c892fc79e3f478b6a91b5c</CONDITION>
  14041. </CONDITIONLIST>
  14042. <OPERATOR>AND</OPERATOR>
  14043. <THREATLEVEL>10</THREATLEVEL>
  14044. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14045. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14046. </PROCESSDESCRIPTOR>
  14047. <PROCESSDESCRIPTOR>
  14048. <ID>2040</ID>
  14049. <PROCESSLIST>
  14050. <PROCESS>*</PROCESS>
  14051. <PROCESS>ZSEARCH.DLL</PROCESS>
  14052. </PROCESSLIST>
  14053. <CLSIDLIST>
  14054. <CLSID>{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7}</CLSID>
  14055. </CLSIDLIST>
  14056. <SUMMARY>TotalVelocity.com ZSearch Toolbar</SUMMARY>
  14057. <DEFAULTINSTALLPATHLIST>
  14058. </DEFAULTINSTALLPATHLIST>
  14059. <CATEGORY>SPYWARE</CATEGORY>
  14060. <CONDITIONLIST>
  14061. </CONDITIONLIST>
  14062. <OPERATOR>AND</OPERATOR>
  14063. <THREATLEVEL>10</THREATLEVEL>
  14064. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14065. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14066. </PROCESSDESCRIPTOR>
  14067. <PROCESSDESCRIPTOR>
  14068. <ID>2041</ID>
  14069. <PROCESSLIST>
  14070. <PROCESS>*</PROCESS>
  14071. <PROCESS>OEL.DLL</PROCESS>
  14072. </PROCESSLIST>
  14073. <CLSIDLIST>
  14074. <CLSID>*</CLSID>
  14075. <CLSID>{5BBC0AC0-B173-C180-7F65-9FDC3C6EB2B0}</CLSID>
  14076. </CLSIDLIST>
  14077. <SUMMARY>Unknown BHO (OEL.DLL)</SUMMARY>
  14078. <DEFAULTINSTALLPATHLIST>
  14079. </DEFAULTINSTALLPATHLIST>
  14080. <CATEGORY>ADWARE</CATEGORY>
  14081. <CONDITIONLIST>
  14082. <CONDITION>MD5=d358bea13e1972e71bbd18928f72ad14</CONDITION>
  14083. </CONDITIONLIST>
  14084. <OPERATOR>AND</OPERATOR>
  14085. <THREATLEVEL>10</THREATLEVEL>
  14086. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14087. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14088. </PROCESSDESCRIPTOR>
  14089. <PROCESSDESCRIPTOR>
  14090. <ID>2042</ID>
  14091. <PROCESSLIST>
  14092. <PROCESS>*</PROCESS>
  14093. <PROCESS>ENME.DLL</PROCESS>
  14094. </PROCESSLIST>
  14095. <CLSIDLIST>
  14096. <CLSID>*</CLSID>
  14097. <CLSID>{6BDF6423-C366-259E-D757-63557EF52A6A}</CLSID>
  14098. </CLSIDLIST>
  14099. <SUMMARY>Unknown BHO (ENME.DLL)</SUMMARY>
  14100. <DEFAULTINSTALLPATHLIST>
  14101. </DEFAULTINSTALLPATHLIST>
  14102. <CATEGORY>ADWARE</CATEGORY>
  14103. <CONDITIONLIST>
  14104. <CONDITION>MD5=7d011ff90fb9a13f75b2d2646f50d24f</CONDITION>
  14105. </CONDITIONLIST>
  14106. <OPERATOR>AND</OPERATOR>
  14107. <THREATLEVEL>10</THREATLEVEL>
  14108. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14109. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14110. </PROCESSDESCRIPTOR>
  14111. <PROCESSDESCRIPTOR>
  14112. <ID>2043</ID>
  14113. <PROCESSLIST>
  14114. <PROCESS>*</PROCESS>
  14115. <PROCESS>BI.DLL</PROCESS>
  14116. </PROCESSLIST>
  14117. <CLSIDLIST>
  14118. <CLSID>{000006B1-19B5-414A-849F-2A3C64AE6939}</CLSID>
  14119. </CLSIDLIST>
  14120. <SUMMARY>Adware.BetterInternet.BHO</SUMMARY>
  14121. <DEFAULTINSTALLPATHLIST>
  14122. </DEFAULTINSTALLPATHLIST>
  14123. <CATEGORY>ADWARE</CATEGORY>
  14124. <CONDITIONLIST>
  14125. </CONDITIONLIST>
  14126. <OPERATOR>AND</OPERATOR>
  14127. <THREATLEVEL>10</THREATLEVEL>
  14128. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14129. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14130. </PROCESSDESCRIPTOR>
  14131. <PROCESSDESCRIPTOR>
  14132. <ID>2044</ID>
  14133. <PROCESSLIST>
  14134. <PROCESS>*</PROCESS>
  14135. <PROCESS>REG2.DLL</PROCESS>
  14136. </PROCESSLIST>
  14137. <CLSIDLIST>
  14138. <CLSID>{63CF97E8-4133-438a-A831-CC9C6D47D673}</CLSID>
  14139. </CLSIDLIST>
  14140. <SUMMARY>FlashTrack BHO</SUMMARY>
  14141. <DEFAULTINSTALLPATHLIST>
  14142. </DEFAULTINSTALLPATHLIST>
  14143. <CATEGORY>ADWARE</CATEGORY>
  14144. <CONDITIONLIST>
  14145. </CONDITIONLIST>
  14146. <OPERATOR>AND</OPERATOR>
  14147. <THREATLEVEL>10</THREATLEVEL>
  14148. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14149. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14150. </PROCESSDESCRIPTOR>
  14151. <PROCESSDESCRIPTOR>
  14152. <ID>2045</ID>
  14153. <PROCESSLIST>
  14154. <PROCESS>*</PROCESS>
  14155. <PROCESS>(NSLOOKUP.EXE)</PROCESS>
  14156. <PROCESS>(NLOOKU~1.EXE)</PROCESS>
  14157. </PROCESSLIST>
  14158. <CLSIDLIST>
  14159. </CLSIDLIST>
  14160. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  14161. <DEFAULTINSTALLPATHLIST>
  14162. </DEFAULTINSTALLPATHLIST>
  14163. <CATEGORY>ADWARE</CATEGORY>
  14164. <CONDITIONLIST>
  14165. <CONDITION>MD5=53c73834e32ab740a50bbed28367547a</CONDITION>
  14166. </CONDITIONLIST>
  14167. <OPERATOR>AND</OPERATOR>
  14168. <THREATLEVEL>10</THREATLEVEL>
  14169. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14170. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14171. </PROCESSDESCRIPTOR>
  14172. <PROCESSDESCRIPTOR>
  14173. <ID>2046</ID>
  14174. <PROCESSLIST>
  14175. <PROCESS>*</PROCESS>
  14176. <PROCESS>(MRAR.EXE)</PROCESS>
  14177. </PROCESSLIST>
  14178. <CLSIDLIST>
  14179. </CLSIDLIST>
  14180. <SUMMARY>MRAR.EXE</SUMMARY>
  14181. <DEFAULTINSTALLPATHLIST>
  14182. </DEFAULTINSTALLPATHLIST>
  14183. <CATEGORY>ADWARE</CATEGORY>
  14184. <CONDITIONLIST>
  14185. <CONDITION>MD5=c64cd83859e42ef4b93010b554a26ad5</CONDITION>
  14186. </CONDITIONLIST>
  14187. <OPERATOR>AND</OPERATOR>
  14188. <THREATLEVEL>10</THREATLEVEL>
  14189. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14190. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14191. </PROCESSDESCRIPTOR>
  14192. <PROCESSDESCRIPTOR>
  14193. <ID>2047</ID>
  14194. <PROCESSLIST>
  14195. <PROCESS>*</PROCESS>
  14196. <PROCESS>(SVCHOST.EXE)</PROCESS>
  14197. <PROCESS>(CHOST~1.EXE)</PROCESS>
  14198. </PROCESSLIST>
  14199. <CLSIDLIST>
  14200. </CLSIDLIST>
  14201. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  14202. <DEFAULTINSTALLPATHLIST>
  14203. </DEFAULTINSTALLPATHLIST>
  14204. <CATEGORY>ADWARE</CATEGORY>
  14205. <CONDITIONLIST>
  14206. <CONDITION>MD5=bdddffbb1d097e8e05dc8669da32269b</CONDITION>
  14207. </CONDITIONLIST>
  14208. <OPERATOR>AND</OPERATOR>
  14209. <THREATLEVEL>10</THREATLEVEL>
  14210. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14211. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14212. </PROCESSDESCRIPTOR>
  14213. <PROCESSDESCRIPTOR>
  14214. <ID>2048</ID>
  14215. <PROCESSLIST>
  14216. <PROCESS>*</PROCESS>
  14217. <PROCESS>(HSEO.EXE)</PROCESS>
  14218. </PROCESSLIST>
  14219. <CLSIDLIST>
  14220. </CLSIDLIST>
  14221. <SUMMARY>HSEO.EXE</SUMMARY>
  14222. <DEFAULTINSTALLPATHLIST>
  14223. </DEFAULTINSTALLPATHLIST>
  14224. <CATEGORY>ADWARE</CATEGORY>
  14225. <CONDITIONLIST>
  14226. <CONDITION>MD5=baf6841fc91d47b96ebcc38d86c41275</CONDITION>
  14227. </CONDITIONLIST>
  14228. <OPERATOR>AND</OPERATOR>
  14229. <THREATLEVEL>10</THREATLEVEL>
  14230. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14231. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14232. </PROCESSDESCRIPTOR>
  14233. <PROCESSDESCRIPTOR>
  14234. <ID>2049</ID>
  14235. <PROCESSLIST>
  14236. <PROCESS>*</PROCESS>
  14237. <PROCESS>(BITS STORE.EXE)</PROCESS>
  14238. </PROCESSLIST>
  14239. <CLSIDLIST>
  14240. </CLSIDLIST>
  14241. <SUMMARY>Adware.Lop.Process</SUMMARY>
  14242. <DEFAULTINSTALLPATHLIST>
  14243. </DEFAULTINSTALLPATHLIST>
  14244. <CATEGORY>ADWARE</CATEGORY>
  14245. <CONDITIONLIST>
  14246. <CONDITION>MD5=780f2472a375cdc6cd6c5e42757a4f94</CONDITION>
  14247. </CONDITIONLIST>
  14248. <OPERATOR>AND</OPERATOR>
  14249. <THREATLEVEL>10</THREATLEVEL>
  14250. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14251. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14252. </PROCESSDESCRIPTOR>
  14253. <PROCESSDESCRIPTOR>
  14254. <ID>2050</ID>
  14255. <PROCESSLIST>
  14256. <PROCESS>WINSA32.EXE</PROCESS>
  14257. </PROCESSLIST>
  14258. <CLSIDLIST>
  14259. </CLSIDLIST>
  14260. <SUMMARY>WINSA32.EXE</SUMMARY>
  14261. <DEFAULTINSTALLPATHLIST>
  14262. </DEFAULTINSTALLPATHLIST>
  14263. <CATEGORY>ADWARE</CATEGORY>
  14264. <CONDITIONLIST>
  14265. <CONDITION>FILELOCATION~system32</CONDITION>
  14266. </CONDITIONLIST>
  14267. <OPERATOR>AND</OPERATOR>
  14268. <THREATLEVEL>10</THREATLEVEL>
  14269. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14270. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14271. </PROCESSDESCRIPTOR>
  14272. <PROCESSDESCRIPTOR>
  14273. <ID>2051</ID>
  14274. <PROCESSLIST>
  14275. <PROCESS>SCVHOSTINGG.EXE</PROCESS>
  14276. </PROCESSLIST>
  14277. <CLSIDLIST>
  14278. </CLSIDLIST>
  14279. <SUMMARY>SCVHOSTINGG.EXE</SUMMARY>
  14280. <DEFAULTINSTALLPATHLIST>
  14281. </DEFAULTINSTALLPATHLIST>
  14282. <CATEGORY>ADWARE</CATEGORY>
  14283. <CONDITIONLIST>
  14284. <CONDITION>FILELOCATION~system32</CONDITION>
  14285. </CONDITIONLIST>
  14286. <OPERATOR>AND</OPERATOR>
  14287. <THREATLEVEL>10</THREATLEVEL>
  14288. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14289. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14290. </PROCESSDESCRIPTOR>
  14291. <PROCESSDESCRIPTOR>
  14292. <ID>2052</ID>
  14293. <PROCESSLIST>
  14294. <PROCESS>*</PROCESS>
  14295. <PROCESS>4Y6O7IZTLI.DLL</PROCESS>
  14296. </PROCESSLIST>
  14297. <CLSIDLIST>
  14298. <CLSID>{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA99EB}</CLSID>
  14299. </CLSIDLIST>
  14300. <SUMMARY>TROJ_FAVADD.C Toolbar</SUMMARY>
  14301. <DEFAULTINSTALLPATHLIST>
  14302. </DEFAULTINSTALLPATHLIST>
  14303. <CATEGORY>TROJAN</CATEGORY>
  14304. <CONDITIONLIST>
  14305. </CONDITIONLIST>
  14306. <OPERATOR>AND</OPERATOR>
  14307. <THREATLEVEL>10</THREATLEVEL>
  14308. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14309. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14310. </PROCESSDESCRIPTOR>
  14311. <PROCESSDESCRIPTOR>
  14312. <ID>2053</ID>
  14313. <PROCESSLIST>
  14314. <PROCESS>*</PROCESS>
  14315. <PROCESS>(AXIS ERROR.EXE)</PROCESS>
  14316. </PROCESSLIST>
  14317. <CLSIDLIST>
  14318. </CLSIDLIST>
  14319. <SUMMARY>Adware.Lop.Process</SUMMARY>
  14320. <DEFAULTINSTALLPATHLIST>
  14321. </DEFAULTINSTALLPATHLIST>
  14322. <CATEGORY>ADWARE</CATEGORY>
  14323. <CONDITIONLIST>
  14324. <CONDITION>MD5=089f9f4f4da56b2901ed43dc37218030</CONDITION>
  14325. </CONDITIONLIST>
  14326. <OPERATOR>AND</OPERATOR>
  14327. <THREATLEVEL>10</THREATLEVEL>
  14328. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14329. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14330. </PROCESSDESCRIPTOR>
  14331. <PROCESSDESCRIPTOR>
  14332. <ID>2054</ID>
  14333. <PROCESSLIST>
  14334. <PROCESS>*</PROCESS>
  14335. <PROCESS>(EACH README.EXE)</PROCESS>
  14336. </PROCESSLIST>
  14337. <CLSIDLIST>
  14338. </CLSIDLIST>
  14339. <SUMMARY>Adware.Lop.Process</SUMMARY>
  14340. <DEFAULTINSTALLPATHLIST>
  14341. </DEFAULTINSTALLPATHLIST>
  14342. <CATEGORY>ADWARE</CATEGORY>
  14343. <CONDITIONLIST>
  14344. <CONDITION>MD5=dac00ab3d55212def3b02849db6ee269</CONDITION>
  14345. </CONDITIONLIST>
  14346. <OPERATOR>AND</OPERATOR>
  14347. <THREATLEVEL>10</THREATLEVEL>
  14348. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14349. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14350. </PROCESSDESCRIPTOR>
  14351. <PROCESSDESCRIPTOR>
  14352. <ID>2055</ID>
  14353. <PROCESSLIST>
  14354. <PROCESS>*</PROCESS>
  14355. <PROCESS>SPM1316.DLL</PROCESS>
  14356. </PROCESSLIST>
  14357. <CLSIDLIST>
  14358. <CLSID>{CF021F40-3E14-23A5-CBA2-7173706D1316}</CLSID>
  14359. </CLSIDLIST>
  14360. <SUMMARY>Tubby BHO</SUMMARY>
  14361. <DEFAULTINSTALLPATHLIST>
  14362. </DEFAULTINSTALLPATHLIST>
  14363. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  14364. <CONDITIONLIST>
  14365. </CONDITIONLIST>
  14366. <OPERATOR>AND</OPERATOR>
  14367. <THREATLEVEL>10</THREATLEVEL>
  14368. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14369. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14370. </PROCESSDESCRIPTOR>
  14371. <PROCESSDESCRIPTOR>
  14372. <ID>2056</ID>
  14373. <PROCESSLIST>
  14374. <PROCESS>SWITPA.EXE</PROCESS>
  14375. <PROCESS>SWITPB.EXE</PROCESS>
  14376. </PROCESSLIST>
  14377. <CLSIDLIST>
  14378. </CLSIDLIST>
  14379. <SUMMARY>Adware.OfferAgent.Process</SUMMARY>
  14380. <DEFAULTINSTALLPATHLIST>
  14381. </DEFAULTINSTALLPATHLIST>
  14382. <CATEGORY>ADWARE</CATEGORY>
  14383. <CONDITIONLIST>
  14384. </CONDITIONLIST>
  14385. <OPERATOR>AND</OPERATOR>
  14386. <THREATLEVEL>10</THREATLEVEL>
  14387. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14388. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14389. </PROCESSDESCRIPTOR>
  14390. <PROCESSDESCRIPTOR>
  14391. <ID>2057</ID>
  14392. <PROCESSLIST>
  14393. <PROCESS>ADSTATKEEP.EXE</PROCESS>
  14394. <PROCESS>ADSTATSERV.EXE</PROCESS>
  14395. </PROCESSLIST>
  14396. <CLSIDLIST>
  14397. </CLSIDLIST>
  14398. <SUMMARY>AdStatus Components</SUMMARY>
  14399. <DEFAULTINSTALLPATHLIST>
  14400. </DEFAULTINSTALLPATHLIST>
  14401. <CATEGORY>ADWARE</CATEGORY>
  14402. <CONDITIONLIST>
  14403. </CONDITIONLIST>
  14404. <OPERATOR>AND</OPERATOR>
  14405. <THREATLEVEL>10</THREATLEVEL>
  14406. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14407. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14408. </PROCESSDESCRIPTOR>
  14409. <PROCESSDESCRIPTOR>
  14410. <ID>2065</ID>
  14411. <PROCESSLIST>
  14412. <PROCESS>*</PROCESS>
  14413. <PROCESS>PQQSE.DLL</PROCESS>
  14414. <PROCESS>PSU.DLL</PROCESS>
  14415. <PROCESS>ZVQMU.DLL</PROCESS>
  14416. </PROCESSLIST>
  14417. <CLSIDLIST>
  14418. <CLSID>{B1FFFEF8-6E61-6FCE-3A04-6AB329E90BC7}</CLSID>
  14419. <CLSID>{10F20DDD-15A2-4B8B-A1B6-CEA9EA920797}</CLSID>
  14420. <CLSID>{7FE86F19-B6C1-40CA-B5A8-7C897B2520E6}</CLSID>
  14421. </CLSIDLIST>
  14422. <SUMMARY>Unknown Spyware/Parasite Browser Helper Objects</SUMMARY>
  14423. <DEFAULTINSTALLPATHLIST>
  14424. </DEFAULTINSTALLPATHLIST>
  14425. <CATEGORY>SPYWARE</CATEGORY>
  14426. <CONDITIONLIST>
  14427. </CONDITIONLIST>
  14428. <OPERATOR>AND</OPERATOR>
  14429. <THREATLEVEL>10</THREATLEVEL>
  14430. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14431. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14432. </PROCESSDESCRIPTOR>
  14433. <PROCESSDESCRIPTOR>
  14434. <ID>2066</ID>
  14435. <PROCESSLIST>
  14436. <PROCESS>*</PROCESS>
  14437. <PROCESS>YXEBOQQIJEVZPF.EXE</PROCESS>
  14438. </PROCESSLIST>
  14439. <CLSIDLIST>
  14440. </CLSIDLIST>
  14441. <SUMMARY>Unknown Trojan</SUMMARY>
  14442. <DEFAULTINSTALLPATHLIST>
  14443. </DEFAULTINSTALLPATHLIST>
  14444. <CATEGORY>TROJAN</CATEGORY>
  14445. <CONDITIONLIST>
  14446. <CONDITION>MD5=b353d450268b72b4c23747ceeb6889ae</CONDITION>
  14447. </CONDITIONLIST>
  14448. <OPERATOR>AND</OPERATOR>
  14449. <THREATLEVEL>10</THREATLEVEL>
  14450. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14451. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14452. </PROCESSDESCRIPTOR>
  14453. <PROCESSDESCRIPTOR>
  14454. <ID>2075</ID>
  14455. <PROCESSLIST>
  14456. <PROCESS>WEOEQKRBA.DLL</PROCESS>
  14457. </PROCESSLIST>
  14458. <CLSIDLIST>
  14459. <CLSID>{01B85B1D-B430-4E31-B01B-41BFCC259079}</CLSID>
  14460. </CLSIDLIST>
  14461. <SUMMARY>Trojan.Ksoa</SUMMARY>
  14462. <DEFAULTINSTALLPATHLIST>
  14463. </DEFAULTINSTALLPATHLIST>
  14464. <CATEGORY>TROJAN</CATEGORY>
  14465. <CONDITIONLIST>
  14466. </CONDITIONLIST>
  14467. <OPERATOR>AND</OPERATOR>
  14468. <THREATLEVEL>10</THREATLEVEL>
  14469. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14470. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14471. </PROCESSDESCRIPTOR>
  14472. <PROCESSDESCRIPTOR>
  14473. <ID>2076</ID>
  14474. <PROCESSLIST>
  14475. <PROCESS>GOGOLAUNCH.EXE</PROCESS>
  14476. </PROCESSLIST>
  14477. <CLSIDLIST>
  14478. </CLSIDLIST>
  14479. <SUMMARY>LaunchAdware Application</SUMMARY>
  14480. <DEFAULTINSTALLPATHLIST>
  14481. </DEFAULTINSTALLPATHLIST>
  14482. <CATEGORY>ADWARE</CATEGORY>
  14483. <CONDITIONLIST>
  14484. <CONDITION>PRODUCTNAME~LaunchAdware</CONDITION>
  14485. </CONDITIONLIST>
  14486. <OPERATOR>AND</OPERATOR>
  14487. <THREATLEVEL>8</THREATLEVEL>
  14488. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14489. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14490. </PROCESSDESCRIPTOR>
  14491. <PROCESSDESCRIPTOR>
  14492. <ID>2085</ID>
  14493. <PROCESSLIST>
  14494. <PROCESS>*</PROCESS>
  14495. <PROCESS>SIDEFIND.DLL</PROCESS>
  14496. </PROCESSLIST>
  14497. <CLSIDLIST>
  14498. <CLSID>{8CBA1B49-8144-4721-A7B1-64C578C9EED7}</CLSID>
  14499. </CLSIDLIST>
  14500. <SUMMARY>Adware.IST/SideFind.Explorer Bar</SUMMARY>
  14501. <DEFAULTINSTALLPATHLIST>
  14502. </DEFAULTINSTALLPATHLIST>
  14503. <CATEGORY>ADWARE</CATEGORY>
  14504. <CONDITIONLIST>
  14505. </CONDITIONLIST>
  14506. <OPERATOR>AND</OPERATOR>
  14507. <THREATLEVEL>10</THREATLEVEL>
  14508. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14509. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14510. </PROCESSDESCRIPTOR>
  14511. <PROCESSDESCRIPTOR>
  14512. <ID>2086</ID>
  14513. <PROCESSLIST>
  14514. <PROCESS>*</PROCESS>
  14515. <PROCESS>(FMAJPL.EXE)</PROCESS>
  14516. </PROCESSLIST>
  14517. <CLSIDLIST>
  14518. </CLSIDLIST>
  14519. <SUMMARY>FMAJPL.EXE</SUMMARY>
  14520. <DEFAULTINSTALLPATHLIST>
  14521. </DEFAULTINSTALLPATHLIST>
  14522. <CATEGORY>ADWARE</CATEGORY>
  14523. <CONDITIONLIST>
  14524. <CONDITION>MD5=c19a7148606dfb306f8368a70467c104</CONDITION>
  14525. </CONDITIONLIST>
  14526. <OPERATOR>AND</OPERATOR>
  14527. <THREATLEVEL>10</THREATLEVEL>
  14528. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14529. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14530. </PROCESSDESCRIPTOR>
  14531. <PROCESSDESCRIPTOR>
  14532. <ID>2097</ID>
  14533. <PROCESSLIST>
  14534. <PROCESS>SVCNET.EXE</PROCESS>
  14535. </PROCESSLIST>
  14536. <CLSIDLIST>
  14537. </CLSIDLIST>
  14538. <SUMMARY>W32.Tibick Worm</SUMMARY>
  14539. <DEFAULTINSTALLPATHLIST>
  14540. </DEFAULTINSTALLPATHLIST>
  14541. <CATEGORY>TROJAN</CATEGORY>
  14542. <CONDITIONLIST>
  14543. <CONDITION>MD5=5a50208f3c25faba022df34cd1aa661a</CONDITION>
  14544. <CONDITION>MD5=A09C71D2C5B81E8146ACE145785B7F04</CONDITION>
  14545. </CONDITIONLIST>
  14546. <OPERATOR>OR</OPERATOR>
  14547. <THREATLEVEL>10</THREATLEVEL>
  14548. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14549. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14550. </PROCESSDESCRIPTOR>
  14551. <PROCESSDESCRIPTOR>
  14552. <ID>2101</ID>
  14553. <PROCESSLIST>
  14554. <PROCESS>CSBAND.DLL</PROCESS>
  14555. </PROCESSLIST>
  14556. <CLSIDLIST>
  14557. <CLSID>{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}</CLSID>
  14558. <CLSID>{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}</CLSID>
  14559. </CLSIDLIST>
  14560. <SUMMARY>Comet Cursor Explorer Bar</SUMMARY>
  14561. <DEFAULTINSTALLPATHLIST>
  14562. </DEFAULTINSTALLPATHLIST>
  14563. <CATEGORY>SPYWARE</CATEGORY>
  14564. <CONDITIONLIST>
  14565. </CONDITIONLIST>
  14566. <OPERATOR>AND</OPERATOR>
  14567. <THREATLEVEL>5</THREATLEVEL>
  14568. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14569. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14570. </PROCESSDESCRIPTOR>
  14571. <PROCESSDESCRIPTOR>
  14572. <ID>2103</ID>
  14573. <PROCESSLIST>
  14574. <PROCESS>*</PROCESS>
  14575. <PROCESS>HNAQYGE.DLL</PROCESS>
  14576. </PROCESSLIST>
  14577. <CLSIDLIST>
  14578. <CLSID>{22B9A67D-E689-44B6-B775-0E8FE84B4F9B}</CLSID>
  14579. </CLSIDLIST>
  14580. <SUMMARY>bho8 Module BHO</SUMMARY>
  14581. <DEFAULTINSTALLPATHLIST>
  14582. </DEFAULTINSTALLPATHLIST>
  14583. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  14584. <CONDITIONLIST>
  14585. </CONDITIONLIST>
  14586. <OPERATOR>AND</OPERATOR>
  14587. <THREATLEVEL>10</THREATLEVEL>
  14588. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14589. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14590. </PROCESSDESCRIPTOR>
  14591. <PROCESSDESCRIPTOR>
  14592. <ID>2104</ID>
  14593. <PROCESSLIST>
  14594. <PROCESS>*</PROCESS>
  14595. <PROCESS>(HZLJGR.EXE)</PROCESS>
  14596. <PROCESS>(UEJKECKV.EXE)</PROCESS>
  14597. </PROCESSLIST>
  14598. <CLSIDLIST>
  14599. </CLSIDLIST>
  14600. <SUMMARY>HZLJGR.EXE</SUMMARY>
  14601. <DEFAULTINSTALLPATHLIST>
  14602. </DEFAULTINSTALLPATHLIST>
  14603. <CATEGORY>ADWARE</CATEGORY>
  14604. <CONDITIONLIST>
  14605. <CONDITION>MD5=2b4078e115e7d199b60d722f66669dcb</CONDITION>
  14606. </CONDITIONLIST>
  14607. <OPERATOR>AND</OPERATOR>
  14608. <THREATLEVEL>10</THREATLEVEL>
  14609. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14610. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14611. </PROCESSDESCRIPTOR>
  14612. <PROCESSDESCRIPTOR>
  14613. <ID>2105</ID>
  14614. <PROCESSLIST>
  14615. <PROCESS>*</PROCESS>
  14616. <PROCESS>(XVCWMGUP.EXE)</PROCESS>
  14617. <PROCESS>(QGSCOPDJ.EXE)</PROCESS>
  14618. <PROCESS>(WIN32.EXE)</PROCESS>
  14619. <PROCESS>(BKLUTAJN.EXE)</PROCESS>
  14620. </PROCESSLIST>
  14621. <CLSIDLIST>
  14622. </CLSIDLIST>
  14623. <SUMMARY>WIN32.EXE</SUMMARY>
  14624. <DEFAULTINSTALLPATHLIST>
  14625. </DEFAULTINSTALLPATHLIST>
  14626. <CATEGORY>ADWARE</CATEGORY>
  14627. <CONDITIONLIST>
  14628. <CONDITION>MD5=76e4afd0718745c8475495b1f83a8db8</CONDITION>
  14629. </CONDITIONLIST>
  14630. <OPERATOR>AND</OPERATOR>
  14631. <THREATLEVEL>10</THREATLEVEL>
  14632. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14633. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14634. </PROCESSDESCRIPTOR>
  14635. <PROCESSDESCRIPTOR>
  14636. <ID>2106</ID>
  14637. <PROCESSLIST>
  14638. <PROCESS>SBHC.EXE</PROCESS>
  14639. </PROCESSLIST>
  14640. <CLSIDLIST>
  14641. </CLSIDLIST>
  14642. <SUMMARY>SuperBar IE Parasite</SUMMARY>
  14643. <DEFAULTINSTALLPATHLIST>
  14644. </DEFAULTINSTALLPATHLIST>
  14645. <CATEGORY>ADWARE</CATEGORY>
  14646. <CONDITIONLIST>
  14647. <CONDITION>FILELOCATION~SuperBar</CONDITION>
  14648. </CONDITIONLIST>
  14649. <OPERATOR>AND</OPERATOR>
  14650. <THREATLEVEL>10</THREATLEVEL>
  14651. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14652. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14653. </PROCESSDESCRIPTOR>
  14654. <PROCESSDESCRIPTOR>
  14655. <ID>2108</ID>
  14656. <PROCESSLIST>
  14657. <PROCESS>*</PROCESS>
  14658. <PROCESS>RPWLGMYP.DLL</PROCESS>
  14659. </PROCESSLIST>
  14660. <CLSIDLIST>
  14661. <CLSID>{46F25112-B9A4-12F6-F0CB-480C0BFBAD49}</CLSID>
  14662. </CLSIDLIST>
  14663. <SUMMARY>Unknown (RPWLGMYP.DLL) Toolbar</SUMMARY>
  14664. <DEFAULTINSTALLPATHLIST>
  14665. </DEFAULTINSTALLPATHLIST>
  14666. <CATEGORY>ADWARE</CATEGORY>
  14667. <CONDITIONLIST>
  14668. </CONDITIONLIST>
  14669. <OPERATOR>AND</OPERATOR>
  14670. <THREATLEVEL>10</THREATLEVEL>
  14671. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14672. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14673. </PROCESSDESCRIPTOR>
  14674. <PROCESSDESCRIPTOR>
  14675. <ID>2109</ID>
  14676. <PROCESSLIST>
  14677. <PROCESS>CSBHO.DLL</PROCESS>
  14678. </PROCESSLIST>
  14679. <CLSIDLIST>
  14680. <CLSID>{D14D6793-9B65-11D3-80B6-00500487BDBA}</CLSID>
  14681. </CLSIDLIST>
  14682. <SUMMARY>Comet Cursor BHO</SUMMARY>
  14683. <DEFAULTINSTALLPATHLIST>
  14684. </DEFAULTINSTALLPATHLIST>
  14685. <CATEGORY>SPYWARE</CATEGORY>
  14686. <CONDITIONLIST>
  14687. </CONDITIONLIST>
  14688. <OPERATOR>AND</OPERATOR>
  14689. <THREATLEVEL>5</THREATLEVEL>
  14690. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14691. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14692. </PROCESSDESCRIPTOR>
  14693. <PROCESSDESCRIPTOR>
  14694. <ID>2110</ID>
  14695. <PROCESSLIST>
  14696. <PROCESS>CSIETB.DLL</PROCESS>
  14697. </PROCESSLIST>
  14698. <CLSIDLIST>
  14699. <CLSID>{FE6BC4EF-5676-484B-88AE-883323913256}</CLSID>
  14700. </CLSIDLIST>
  14701. <SUMMARY>Comet Cursor Toolbar</SUMMARY>
  14702. <DEFAULTINSTALLPATHLIST>
  14703. </DEFAULTINSTALLPATHLIST>
  14704. <CATEGORY>SPYWARE</CATEGORY>
  14705. <CONDITIONLIST>
  14706. </CONDITIONLIST>
  14707. <OPERATOR>AND</OPERATOR>
  14708. <THREATLEVEL>5</THREATLEVEL>
  14709. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14710. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14711. </PROCESSDESCRIPTOR>
  14712. <PROCESSDESCRIPTOR>
  14713. <ID>2111</ID>
  14714. <PROCESSLIST>
  14715. <PROCESS>*</PROCESS>
  14716. <PROCESS>WINNB56.DLL</PROCESS>
  14717. </PROCESSLIST>
  14718. <CLSIDLIST>
  14719. <CLSID>{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}</CLSID>
  14720. </CLSIDLIST>
  14721. <SUMMARY>NN_Bar Module BHO</SUMMARY>
  14722. <DEFAULTINSTALLPATHLIST>
  14723. </DEFAULTINSTALLPATHLIST>
  14724. <CATEGORY>ADWARE</CATEGORY>
  14725. <CONDITIONLIST>
  14726. </CONDITIONLIST>
  14727. <OPERATOR>AND</OPERATOR>
  14728. <THREATLEVEL>10</THREATLEVEL>
  14729. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14730. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14731. </PROCESSDESCRIPTOR>
  14732. <PROCESSDESCRIPTOR>
  14733. <ID>2112</ID>
  14734. <PROCESSLIST>
  14735. <PROCESS>*</PROCESS>
  14736. <PROCESS>(LIST CLOSE PHONE.EXE)</PROCESS>
  14737. </PROCESSLIST>
  14738. <CLSIDLIST>
  14739. </CLSIDLIST>
  14740. <SUMMARY>Adware.Lop.Process</SUMMARY>
  14741. <DEFAULTINSTALLPATHLIST>
  14742. </DEFAULTINSTALLPATHLIST>
  14743. <CATEGORY>ADWARE</CATEGORY>
  14744. <CONDITIONLIST>
  14745. <CONDITION>MD5=0a0f062122ab41a572cf75aee06f9a1f</CONDITION>
  14746. </CONDITIONLIST>
  14747. <OPERATOR>AND</OPERATOR>
  14748. <THREATLEVEL>10</THREATLEVEL>
  14749. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14750. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14751. </PROCESSDESCRIPTOR>
  14752. <PROCESSDESCRIPTOR>
  14753. <ID>2113</ID>
  14754. <PROCESSLIST>
  14755. <PROCESS>ADMANCTL.EXE</PROCESS>
  14756. <PROCESS>ADMANKEEP.EXE</PROCESS>
  14757. </PROCESSLIST>
  14758. <CLSIDLIST>
  14759. </CLSIDLIST>
  14760. <SUMMARY>Admanager Components</SUMMARY>
  14761. <DEFAULTINSTALLPATHLIST>
  14762. </DEFAULTINSTALLPATHLIST>
  14763. <CATEGORY>ADWARE</CATEGORY>
  14764. <CONDITIONLIST>
  14765. </CONDITIONLIST>
  14766. <OPERATOR>AND</OPERATOR>
  14767. <THREATLEVEL>10</THREATLEVEL>
  14768. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14769. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14770. </PROCESSDESCRIPTOR>
  14771. <PROCESSDESCRIPTOR>
  14772. <ID>2114</ID>
  14773. <PROCESSLIST>
  14774. <PROCESS>*</PROCESS>
  14775. <PROCESS>TXWIBUF.DLL</PROCESS>
  14776. <PROCESS>HKX.DLL</PROCESS>
  14777. <PROCESS>YNHEKQFD.DLL</PROCESS>
  14778. <PROCESS>LGIRCMJ.DLL</PROCESS>
  14779. <PROCESS>BWDRDP.DLL</PROCESS>
  14780. <PROCESS>VRVHKGXP.DLL</PROCESS>
  14781. <PROCESS>ETJIV.DLL</PROCESS>
  14782. <PROCESS>AGMF.DLL</PROCESS>
  14783. </PROCESSLIST>
  14784. <CLSIDLIST>
  14785. <CLSID>*</CLSID>
  14786. <CLSID>{BB014331-D183-8A51-843D-884DF1A42BCD}</CLSID>
  14787. <CLSID>{EB201F45-A0F0-8F2B-D73A-8C4DF1A673E1}</CLSID>
  14788. <CLSID>{99523B47-D3FD-FC05-803E-8A4D85D273C7}</CLSID>
  14789. <CLSID>{9B726D60-A0A1-9E29-D149-FD4D86A073E1}</CLSID>
  14790. <CLSID>{B8274C64-D2D4-FD5E-D53E-8A4D84D573CF}</CLSID>
  14791. <CLSID>{BF064236-A8F0-AF53-823E-FC4DF3D52BC2}</CLSID>
  14792. <CLSID>{91741836-D7A4-8055-D13C-8C4D82A62C97}</CLSID>
  14793. <CLSID>{CB734143-A183-DC71-D53A-8A4DF5F37CE2}</CLSID>
  14794. </CLSIDLIST>
  14795. <SUMMARY>Unknown Browser Helper Object</SUMMARY>
  14796. <DEFAULTINSTALLPATHLIST>
  14797. </DEFAULTINSTALLPATHLIST>
  14798. <CATEGORY>ADWARE</CATEGORY>
  14799. <CONDITIONLIST>
  14800. <CONDITION>MD5=7f71a71d175c9433e2ccbd889b6c702c</CONDITION>
  14801. </CONDITIONLIST>
  14802. <OPERATOR>AND</OPERATOR>
  14803. <THREATLEVEL>10</THREATLEVEL>
  14804. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14805. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14806. </PROCESSDESCRIPTOR>
  14807. <PROCESSDESCRIPTOR>
  14808. <ID>2115</ID>
  14809. <PROCESSLIST>
  14810. <PROCESS>*</PROCESS>
  14811. <PROCESS>KKBMFJ.DLL</PROCESS>
  14812. </PROCESSLIST>
  14813. <CLSIDLIST>
  14814. <CLSID>{E3827E11-2F47-40D6-8442-799BCDA592C2}</CLSID>
  14815. </CLSIDLIST>
  14816. <SUMMARY>Unknown BHO (KKBMFJ.DLL)</SUMMARY>
  14817. <DEFAULTINSTALLPATHLIST>
  14818. </DEFAULTINSTALLPATHLIST>
  14819. <CATEGORY>ADWARE</CATEGORY>
  14820. <CONDITIONLIST>
  14821. </CONDITIONLIST>
  14822. <OPERATOR>AND</OPERATOR>
  14823. <THREATLEVEL>10</THREATLEVEL>
  14824. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14825. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14826. </PROCESSDESCRIPTOR>
  14827. <PROCESSDESCRIPTOR>
  14828. <ID>2116</ID>
  14829. <PROCESSLIST>
  14830. <PROCESS>*</PROCESS>
  14831. <PROCESS>CDEM.DLL</PROCESS>
  14832. </PROCESSLIST>
  14833. <CLSIDLIST>
  14834. <CLSID>{7FED5399-912E-93F9-7B60-98DC483FE2C1}</CLSID>
  14835. </CLSIDLIST>
  14836. <SUMMARY>Unknown BHO (CDEM.DLL)</SUMMARY>
  14837. <DEFAULTINSTALLPATHLIST>
  14838. </DEFAULTINSTALLPATHLIST>
  14839. <CATEGORY>ADWARE</CATEGORY>
  14840. <CONDITIONLIST>
  14841. </CONDITIONLIST>
  14842. <OPERATOR>AND</OPERATOR>
  14843. <THREATLEVEL>10</THREATLEVEL>
  14844. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14845. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14846. </PROCESSDESCRIPTOR>
  14847. <PROCESSDESCRIPTOR>
  14848. <ID>2117</ID>
  14849. <PROCESSLIST>
  14850. <PROCESS>WUVIEWER.EXE</PROCESS>
  14851. </PROCESSLIST>
  14852. <CLSIDLIST>
  14853. </CLSIDLIST>
  14854. <SUMMARY>WUVIEWER.EXE</SUMMARY>
  14855. <DEFAULTINSTALLPATHLIST>
  14856. </DEFAULTINSTALLPATHLIST>
  14857. <CATEGORY>ADWARE</CATEGORY>
  14858. <CONDITIONLIST>
  14859. <CONDITION>FILELOCATION~system32</CONDITION>
  14860. </CONDITIONLIST>
  14861. <OPERATOR>AND</OPERATOR>
  14862. <THREATLEVEL>10</THREATLEVEL>
  14863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14865. </PROCESSDESCRIPTOR>
  14866. <PROCESSDESCRIPTOR>
  14867. <ID>2118</ID>
  14868. <PROCESSLIST>
  14869. <PROCESS>WINADSERV.EXE</PROCESS>
  14870. <PROCESS>WINADSLAVE.EXE</PROCESS>
  14871. </PROCESSLIST>
  14872. <CLSIDLIST>
  14873. </CLSIDLIST>
  14874. <SUMMARY>Windows Adservice Components</SUMMARY>
  14875. <DEFAULTINSTALLPATHLIST>
  14876. </DEFAULTINSTALLPATHLIST>
  14877. <CATEGORY>ADWARE</CATEGORY>
  14878. <CONDITIONLIST>
  14879. </CONDITIONLIST>
  14880. <OPERATOR>AND</OPERATOR>
  14881. <THREATLEVEL>10</THREATLEVEL>
  14882. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14883. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14884. </PROCESSDESCRIPTOR>
  14885. <PROCESSDESCRIPTOR>
  14886. <ID>2119</ID>
  14887. <PROCESSLIST>
  14888. <PROCESS>*</PROCESS>
  14889. <PROCESS>(YVPEDKG.EXE)</PROCESS>
  14890. </PROCESSLIST>
  14891. <CLSIDLIST>
  14892. </CLSIDLIST>
  14893. <SUMMARY>YVPEDKG.EXE</SUMMARY>
  14894. <DEFAULTINSTALLPATHLIST>
  14895. </DEFAULTINSTALLPATHLIST>
  14896. <CATEGORY>ADWARE</CATEGORY>
  14897. <CONDITIONLIST>
  14898. <CONDITION>MD5=b67f943ba6703e4caff5da57c82c72e0</CONDITION>
  14899. </CONDITIONLIST>
  14900. <OPERATOR>AND</OPERATOR>
  14901. <THREATLEVEL>10</THREATLEVEL>
  14902. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14903. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14904. </PROCESSDESCRIPTOR>
  14905. <PROCESSDESCRIPTOR>
  14906. <ID>2120</ID>
  14907. <PROCESSLIST>
  14908. <PROCESS>PYNIX.DLL</PROCESS>
  14909. </PROCESSLIST>
  14910. <CLSIDLIST>
  14911. <CLSID>*</CLSID>
  14912. <CLSID>{00000000-DD60-0064-6EC2-6E0100000000}</CLSID>
  14913. </CLSIDLIST>
  14914. <SUMMARY>Pynix Adware BHO</SUMMARY>
  14915. <DEFAULTINSTALLPATHLIST>
  14916. </DEFAULTINSTALLPATHLIST>
  14917. <CATEGORY>ADWARE</CATEGORY>
  14918. <CONDITIONLIST>
  14919. </CONDITIONLIST>
  14920. <OPERATOR>AND</OPERATOR>
  14921. <THREATLEVEL>10</THREATLEVEL>
  14922. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14923. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14924. </PROCESSDESCRIPTOR>
  14925. <PROCESSDESCRIPTOR>
  14926. <ID>2121</ID>
  14927. <PROCESSLIST>
  14928. <PROCESS>SPOOLMGR.EXE</PROCESS>
  14929. </PROCESSLIST>
  14930. <CLSIDLIST>
  14931. </CLSIDLIST>
  14932. <SUMMARY>NT System Module</SUMMARY>
  14933. <DEFAULTINSTALLPATHLIST>
  14934. </DEFAULTINSTALLPATHLIST>
  14935. <CATEGORY>ADWARE</CATEGORY>
  14936. <CONDITIONLIST>
  14937. <CONDITION>FILELOCATION~system32</CONDITION>
  14938. </CONDITIONLIST>
  14939. <OPERATOR>AND</OPERATOR>
  14940. <THREATLEVEL>10</THREATLEVEL>
  14941. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14942. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14943. </PROCESSDESCRIPTOR>
  14944. <PROCESSDESCRIPTOR>
  14945. <ID>2122</ID>
  14946. <PROCESSLIST>
  14947. <PROCESS>XPSP2FW.EXE</PROCESS>
  14948. </PROCESSLIST>
  14949. <CLSIDLIST>
  14950. </CLSIDLIST>
  14951. <SUMMARY>XPSP2FW.EXE</SUMMARY>
  14952. <DEFAULTINSTALLPATHLIST>
  14953. </DEFAULTINSTALLPATHLIST>
  14954. <CATEGORY>TROJAN</CATEGORY>
  14955. <CONDITIONLIST>
  14956. </CONDITIONLIST>
  14957. <OPERATOR>AND</OPERATOR>
  14958. <THREATLEVEL>10</THREATLEVEL>
  14959. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14960. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14961. </PROCESSDESCRIPTOR>
  14962. <PROCESSDESCRIPTOR>
  14963. <ID>2123</ID>
  14964. <PROCESSLIST>
  14965. <PROCESS>*</PROCESS>
  14966. <PROCESS>(VPEPL.EXE)</PROCESS>
  14967. </PROCESSLIST>
  14968. <CLSIDLIST>
  14969. </CLSIDLIST>
  14970. <SUMMARY>VPEPL.EXE</SUMMARY>
  14971. <DEFAULTINSTALLPATHLIST>
  14972. </DEFAULTINSTALLPATHLIST>
  14973. <CATEGORY>ADWARE</CATEGORY>
  14974. <CONDITIONLIST>
  14975. <CONDITION>MD5=43d8f6a63e37d91ddb09f87d5d0df99b</CONDITION>
  14976. </CONDITIONLIST>
  14977. <OPERATOR>AND</OPERATOR>
  14978. <THREATLEVEL>10</THREATLEVEL>
  14979. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  14980. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  14981. </PROCESSDESCRIPTOR>
  14982. <PROCESSDESCRIPTOR>
  14983. <ID>2124</ID>
  14984. <PROCESSLIST>
  14985. <PROCESS>*</PROCESS>
  14986. <PROCESS>(TIBS3.EXE)</PROCESS>
  14987. </PROCESSLIST>
  14988. <CLSIDLIST>
  14989. </CLSIDLIST>
  14990. <SUMMARY>TIBS3.EXE</SUMMARY>
  14991. <DEFAULTINSTALLPATHLIST>
  14992. </DEFAULTINSTALLPATHLIST>
  14993. <CATEGORY>DIALER</CATEGORY>
  14994. <CONDITIONLIST>
  14995. <CONDITION>MD5=cee246365ae74bdaf98f287b1aa0e544</CONDITION>
  14996. </CONDITIONLIST>
  14997. <OPERATOR>AND</OPERATOR>
  14998. <THREATLEVEL>10</THREATLEVEL>
  14999. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15000. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15001. </PROCESSDESCRIPTOR>
  15002. <PROCESSDESCRIPTOR>
  15003. <ID>2125</ID>
  15004. <PROCESSLIST>
  15005. <PROCESS>*</PROCESS>
  15006. <PROCESS>(DUI3DV.EXE)</PROCESS>
  15007. </PROCESSLIST>
  15008. <CLSIDLIST>
  15009. </CLSIDLIST>
  15010. <SUMMARY>DUI3DV.EXE</SUMMARY>
  15011. <DEFAULTINSTALLPATHLIST>
  15012. </DEFAULTINSTALLPATHLIST>
  15013. <CATEGORY>ADWARE</CATEGORY>
  15014. <CONDITIONLIST>
  15015. <CONDITION>MD5=7fbc072f6ba100b6e8bf0a098fefeb91</CONDITION>
  15016. </CONDITIONLIST>
  15017. <OPERATOR>AND</OPERATOR>
  15018. <THREATLEVEL>10</THREATLEVEL>
  15019. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15020. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15021. </PROCESSDESCRIPTOR>
  15022. <PROCESSDESCRIPTOR>
  15023. <ID>2126</ID>
  15024. <PROCESSLIST>
  15025. <PROCESS>*</PROCESS>
  15026. <PROCESS>(96FYD.EXE)</PROCESS>
  15027. </PROCESSLIST>
  15028. <CLSIDLIST>
  15029. </CLSIDLIST>
  15030. <SUMMARY>96FYD.EXE</SUMMARY>
  15031. <DEFAULTINSTALLPATHLIST>
  15032. </DEFAULTINSTALLPATHLIST>
  15033. <CATEGORY>ADWARE</CATEGORY>
  15034. <CONDITIONLIST>
  15035. <CONDITION>MD5=37e6ad0c10a5d0e5257d930ef36aba40</CONDITION>
  15036. </CONDITIONLIST>
  15037. <OPERATOR>AND</OPERATOR>
  15038. <THREATLEVEL>10</THREATLEVEL>
  15039. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15040. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15041. </PROCESSDESCRIPTOR>
  15042. <PROCESSDESCRIPTOR>
  15043. <ID>2127</ID>
  15044. <PROCESSLIST>
  15045. <PROCESS>*</PROCESS>
  15046. <PROCESS>(IPNJ.EXE)</PROCESS>
  15047. </PROCESSLIST>
  15048. <CLSIDLIST>
  15049. </CLSIDLIST>
  15050. <SUMMARY>IPNJ.EXE</SUMMARY>
  15051. <DEFAULTINSTALLPATHLIST>
  15052. </DEFAULTINSTALLPATHLIST>
  15053. <CATEGORY>ADWARE</CATEGORY>
  15054. <CONDITIONLIST>
  15055. <CONDITION>MD5=59672ec91fe2c45a90eb2be8a20b3e40</CONDITION>
  15056. </CONDITIONLIST>
  15057. <OPERATOR>AND</OPERATOR>
  15058. <THREATLEVEL>10</THREATLEVEL>
  15059. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15060. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15061. </PROCESSDESCRIPTOR>
  15062. <PROCESSDESCRIPTOR>
  15063. <ID>2128</ID>
  15064. <PROCESSLIST>
  15065. <PROCESS>*</PROCESS>
  15066. <PROCESS>(CRJX32.EXE)</PROCESS>
  15067. </PROCESSLIST>
  15068. <CLSIDLIST>
  15069. </CLSIDLIST>
  15070. <SUMMARY>CRJX32.EXE</SUMMARY>
  15071. <DEFAULTINSTALLPATHLIST>
  15072. </DEFAULTINSTALLPATHLIST>
  15073. <CATEGORY>ADWARE</CATEGORY>
  15074. <CONDITIONLIST>
  15075. <CONDITION>MD5=ce2a18c1fd22febcff876564e1fbf3c7</CONDITION>
  15076. </CONDITIONLIST>
  15077. <OPERATOR>AND</OPERATOR>
  15078. <THREATLEVEL>10</THREATLEVEL>
  15079. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15080. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15081. </PROCESSDESCRIPTOR>
  15082. <PROCESSDESCRIPTOR>
  15083. <ID>2129</ID>
  15084. <PROCESSLIST>
  15085. <PROCESS>*</PROCESS>
  15086. <PROCESS>(EXP1ORER.EXE)</PROCESS>
  15087. </PROCESSLIST>
  15088. <CLSIDLIST>
  15089. </CLSIDLIST>
  15090. <SUMMARY>Bogus MS EXPLORER.EXE</SUMMARY>
  15091. <DEFAULTINSTALLPATHLIST>
  15092. </DEFAULTINSTALLPATHLIST>
  15093. <CATEGORY>ADWARE</CATEGORY>
  15094. <CONDITIONLIST>
  15095. <CONDITION>MD5=d2adc4abc1c67cb64c0887a3b8307e65</CONDITION>
  15096. </CONDITIONLIST>
  15097. <OPERATOR>AND</OPERATOR>
  15098. <THREATLEVEL>10</THREATLEVEL>
  15099. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15100. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15101. </PROCESSDESCRIPTOR>
  15102. <PROCESSDESCRIPTOR>
  15103. <ID>2130</ID>
  15104. <PROCESSLIST>
  15105. <PROCESS>*</PROCESS>
  15106. <PROCESS>VOICEIP.DLL</PROCESS>
  15107. </PROCESSLIST>
  15108. <CLSIDLIST>
  15109. <CLSID>{00000250-0320-4DD4-BE4F-7566D2314352}</CLSID>
  15110. </CLSIDLIST>
  15111. <SUMMARY>Transponder Variant BHO</SUMMARY>
  15112. <DEFAULTINSTALLPATHLIST>
  15113. </DEFAULTINSTALLPATHLIST>
  15114. <CATEGORY>ADWARE</CATEGORY>
  15115. <CONDITIONLIST>
  15116. </CONDITIONLIST>
  15117. <OPERATOR>AND</OPERATOR>
  15118. <THREATLEVEL>10</THREATLEVEL>
  15119. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15120. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15121. </PROCESSDESCRIPTOR>
  15122. <PROCESSDESCRIPTOR>
  15123. <ID>2132</ID>
  15124. <PROCESSLIST>
  15125. <PROCESS>WAATSERVICE.EXE</PROCESS>
  15126. </PROCESSLIST>
  15127. <CLSIDLIST>
  15128. </CLSIDLIST>
  15129. <SUMMARY>WAATSERVICE.EXE</SUMMARY>
  15130. <DEFAULTINSTALLPATHLIST>
  15131. </DEFAULTINSTALLPATHLIST>
  15132. <CATEGORY>ADWARE</CATEGORY>
  15133. <CONDITIONLIST>
  15134. <CONDITION>FILELOCATION~system32</CONDITION>
  15135. </CONDITIONLIST>
  15136. <OPERATOR>AND</OPERATOR>
  15137. <THREATLEVEL>10</THREATLEVEL>
  15138. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15139. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15140. </PROCESSDESCRIPTOR>
  15141. <PROCESSDESCRIPTOR>
  15142. <ID>2133</ID>
  15143. <PROCESSLIST>
  15144. <PROCESS>*</PROCESS>
  15145. <PROCESS>(ZORB.EXE)</PROCESS>
  15146. </PROCESSLIST>
  15147. <CLSIDLIST>
  15148. </CLSIDLIST>
  15149. <SUMMARY>ZORB.EXE</SUMMARY>
  15150. <DEFAULTINSTALLPATHLIST>
  15151. </DEFAULTINSTALLPATHLIST>
  15152. <CATEGORY>ADWARE</CATEGORY>
  15153. <CONDITIONLIST>
  15154. <CONDITION>MD5=6acbf087a155528cc567b4f28443adf7</CONDITION>
  15155. </CONDITIONLIST>
  15156. <OPERATOR>AND</OPERATOR>
  15157. <THREATLEVEL>10</THREATLEVEL>
  15158. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15159. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15160. </PROCESSDESCRIPTOR>
  15161. <PROCESSDESCRIPTOR>
  15162. <ID>2136</ID>
  15163. <PROCESSLIST>
  15164. <PROCESS>WINSTAT.EXE</PROCESS>
  15165. <PROCESS>WINSTATKEEP.EXE</PROCESS>
  15166. </PROCESSLIST>
  15167. <CLSIDLIST>
  15168. </CLSIDLIST>
  15169. <SUMMARY>Windows AdStatus Components</SUMMARY>
  15170. <DEFAULTINSTALLPATHLIST>
  15171. </DEFAULTINSTALLPATHLIST>
  15172. <CATEGORY>ADWARE</CATEGORY>
  15173. <CONDITIONLIST>
  15174. <CONDITION>FILELOCATION~AdStatus</CONDITION>
  15175. </CONDITIONLIST>
  15176. <OPERATOR>AND</OPERATOR>
  15177. <THREATLEVEL>10</THREATLEVEL>
  15178. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15179. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15180. </PROCESSDESCRIPTOR>
  15181. <PROCESSDESCRIPTOR>
  15182. <ID>2138</ID>
  15183. <PROCESSLIST>
  15184. <PROCESS>DESKADKEEP.EXE</PROCESS>
  15185. <PROCESS>DESKADSERV.EXE</PROCESS>
  15186. </PROCESSLIST>
  15187. <CLSIDLIST>
  15188. </CLSIDLIST>
  15189. <SUMMARY>DeskAd Service Components</SUMMARY>
  15190. <DEFAULTINSTALLPATHLIST>
  15191. </DEFAULTINSTALLPATHLIST>
  15192. <CATEGORY>ADWARE</CATEGORY>
  15193. <CONDITIONLIST>
  15194. </CONDITIONLIST>
  15195. <OPERATOR>AND</OPERATOR>
  15196. <THREATLEVEL>10</THREATLEVEL>
  15197. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15198. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15199. </PROCESSDESCRIPTOR>
  15200. <PROCESSDESCRIPTOR>
  15201. <ID>2142</ID>
  15202. <PROCESSLIST>
  15203. <PROCESS>*</PROCESS>
  15204. <PROCESS>(2F9Z5N3.EXE)</PROCESS>
  15205. </PROCESSLIST>
  15206. <CLSIDLIST>
  15207. </CLSIDLIST>
  15208. <SUMMARY>2F9Z5N3.EXE</SUMMARY>
  15209. <DEFAULTINSTALLPATHLIST>
  15210. </DEFAULTINSTALLPATHLIST>
  15211. <CATEGORY>ADWARE</CATEGORY>
  15212. <CONDITIONLIST>
  15213. <CONDITION>MD5=911ded730eac4ed07b22ef000301cb31</CONDITION>
  15214. </CONDITIONLIST>
  15215. <OPERATOR>AND</OPERATOR>
  15216. <THREATLEVEL>10</THREATLEVEL>
  15217. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15218. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15219. </PROCESSDESCRIPTOR>
  15220. <PROCESSDESCRIPTOR>
  15221. <ID>2143</ID>
  15222. <PROCESSLIST>
  15223. <PROCESS>SHHOST.EXE</PROCESS>
  15224. </PROCESSLIST>
  15225. <CLSIDLIST>
  15226. </CLSIDLIST>
  15227. <SUMMARY>OutLaster Backdoor Trojan</SUMMARY>
  15228. <DEFAULTINSTALLPATHLIST>
  15229. </DEFAULTINSTALLPATHLIST>
  15230. <CATEGORY>TROJAN</CATEGORY>
  15231. <CONDITIONLIST>
  15232. <CONDITION>FILELOCATION~OutLaster</CONDITION>
  15233. </CONDITIONLIST>
  15234. <OPERATOR>AND</OPERATOR>
  15235. <THREATLEVEL>10</THREATLEVEL>
  15236. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15237. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15238. </PROCESSDESCRIPTOR>
  15239. <PROCESSDESCRIPTOR>
  15240. <ID>2144</ID>
  15241. <PROCESSLIST>
  15242. <PROCESS>ESYNDICATEINST.EXE</PROCESS>
  15243. </PROCESSLIST>
  15244. <CLSIDLIST>
  15245. </CLSIDLIST>
  15246. <SUMMARY>eSyndicate Adware Installer</SUMMARY>
  15247. <DEFAULTINSTALLPATHLIST>
  15248. </DEFAULTINSTALLPATHLIST>
  15249. <CATEGORY>ADWARE</CATEGORY>
  15250. <CONDITIONLIST>
  15251. </CONDITIONLIST>
  15252. <OPERATOR>AND</OPERATOR>
  15253. <THREATLEVEL>10</THREATLEVEL>
  15254. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15255. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15256. </PROCESSDESCRIPTOR>
  15257. <PROCESSDESCRIPTOR>
  15258. <ID>2145</ID>
  15259. <PROCESSLIST>
  15260. <PROCESS>*</PROCESS>
  15261. <PROCESS>KEOOBIE.DLL</PROCESS>
  15262. </PROCESSLIST>
  15263. <CLSIDLIST>
  15264. <CLSID>{15ACE85C-0BB1-42d1-9E32-07EB0506675A}</CLSID>
  15265. </CLSIDLIST>
  15266. <SUMMARY>Dloader-NL Trojan BHO</SUMMARY>
  15267. <DEFAULTINSTALLPATHLIST>
  15268. </DEFAULTINSTALLPATHLIST>
  15269. <CATEGORY>TROJAN</CATEGORY>
  15270. <CONDITIONLIST>
  15271. </CONDITIONLIST>
  15272. <OPERATOR>AND</OPERATOR>
  15273. <THREATLEVEL>10</THREATLEVEL>
  15274. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15275. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15276. </PROCESSDESCRIPTOR>
  15277. <PROCESSDESCRIPTOR>
  15278. <ID>2152</ID>
  15279. <PROCESSLIST>
  15280. <PROCESS>LOCALSPLNET.DLL</PROCESS>
  15281. </PROCESSLIST>
  15282. <CLSIDLIST>
  15283. <CLSID>*</CLSID>
  15284. <CLSID>{41943050-65CC-454B-81E4-9C8A9D7CBAEA}</CLSID>
  15285. </CLSIDLIST>
  15286. <SUMMARY>CoolWebSearch Parasite</SUMMARY>
  15287. <DEFAULTINSTALLPATHLIST>
  15288. </DEFAULTINSTALLPATHLIST>
  15289. <CATEGORY>PARASITE</CATEGORY>
  15290. <CONDITIONLIST>
  15291. <CONDITION>FILEDESCRIPTION~Local</CONDITION>
  15292. </CONDITIONLIST>
  15293. <OPERATOR>AND</OPERATOR>
  15294. <THREATLEVEL>10</THREATLEVEL>
  15295. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15296. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15297. </PROCESSDESCRIPTOR>
  15298. <PROCESSDESCRIPTOR>
  15299. <ID>2153</ID>
  15300. <PROCESSLIST>
  15301. <PROCESS>SVSHOST.EXE</PROCESS>
  15302. </PROCESSLIST>
  15303. <CLSIDLIST>
  15304. </CLSIDLIST>
  15305. <SUMMARY>SVSHOST.EXE</SUMMARY>
  15306. <DEFAULTINSTALLPATHLIST>
  15307. </DEFAULTINSTALLPATHLIST>
  15308. <CATEGORY>WORM</CATEGORY>
  15309. <CONDITIONLIST>
  15310. <CONDITION>FILELOCATION~system32</CONDITION>
  15311. </CONDITIONLIST>
  15312. <OPERATOR>AND</OPERATOR>
  15313. <THREATLEVEL>10</THREATLEVEL>
  15314. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15315. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15316. </PROCESSDESCRIPTOR>
  15317. <PROCESSDESCRIPTOR>
  15318. <ID>2154</ID>
  15319. <PROCESSLIST>
  15320. <PROCESS>WUAMPD.EXE</PROCESS>
  15321. </PROCESSLIST>
  15322. <CLSIDLIST>
  15323. </CLSIDLIST>
  15324. <SUMMARY>WUAMPD.EXE</SUMMARY>
  15325. <DEFAULTINSTALLPATHLIST>
  15326. </DEFAULTINSTALLPATHLIST>
  15327. <CATEGORY>WORM</CATEGORY>
  15328. <CONDITIONLIST>
  15329. <CONDITION>FILELOCATION~system</CONDITION>
  15330. </CONDITIONLIST>
  15331. <OPERATOR>AND</OPERATOR>
  15332. <THREATLEVEL>10</THREATLEVEL>
  15333. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15334. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15335. </PROCESSDESCRIPTOR>
  15336. <PROCESSDESCRIPTOR>
  15337. <ID>2155</ID>
  15338. <PROCESSLIST>
  15339. <PROCESS>*</PROCESS>
  15340. <PROCESS>(SYSMONNT.EXE)</PROCESS>
  15341. </PROCESSLIST>
  15342. <CLSIDLIST>
  15343. </CLSIDLIST>
  15344. <SUMMARY>SysMon Adware Component</SUMMARY>
  15345. <DEFAULTINSTALLPATHLIST>
  15346. </DEFAULTINSTALLPATHLIST>
  15347. <CATEGORY>ADWARE</CATEGORY>
  15348. <CONDITIONLIST>
  15349. <CONDITION>MD5=31035e5ea2afe9315728916f3597d56c</CONDITION>
  15350. <CONDITION>MD5=E922B299A5D349D050A65F482F088491</CONDITION>
  15351. <CONDITION>MD5=63627112A1CB31A3EDC6C3AF4ADC8401</CONDITION>
  15352. <CONDITION>MD5=3EE451B5B43C5361300A3854F1A24E4C</CONDITION>
  15353. </CONDITIONLIST>
  15354. <OPERATOR>OR</OPERATOR>
  15355. <THREATLEVEL>10</THREATLEVEL>
  15356. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15357. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15358. </PROCESSDESCRIPTOR>
  15359. <PROCESSDESCRIPTOR>
  15360. <ID>2156</ID>
  15361. <PROCESSLIST>
  15362. <PROCESS>*</PROCESS>
  15363. <PROCESS>(DGDCJTE.EXE)</PROCESS>
  15364. </PROCESSLIST>
  15365. <CLSIDLIST>
  15366. </CLSIDLIST>
  15367. <SUMMARY>DGDCJTE.EXE</SUMMARY>
  15368. <DEFAULTINSTALLPATHLIST>
  15369. </DEFAULTINSTALLPATHLIST>
  15370. <CATEGORY>ADWARE</CATEGORY>
  15371. <CONDITIONLIST>
  15372. <CONDITION>MD5=a035eff25b530efc227f4dd32cc6908b</CONDITION>
  15373. </CONDITIONLIST>
  15374. <OPERATOR>AND</OPERATOR>
  15375. <THREATLEVEL>10</THREATLEVEL>
  15376. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15377. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15378. </PROCESSDESCRIPTOR>
  15379. <PROCESSDESCRIPTOR>
  15380. <ID>2157</ID>
  15381. <PROCESSLIST>
  15382. <PROCESS>IPREG32.DLL</PROCESS>
  15383. </PROCESSLIST>
  15384. <CLSIDLIST>
  15385. <CLSID>{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}</CLSID>
  15386. </CLSIDLIST>
  15387. <SUMMARY>DownCom Module BHO</SUMMARY>
  15388. <DEFAULTINSTALLPATHLIST>
  15389. </DEFAULTINSTALLPATHLIST>
  15390. <CATEGORY>PARASITE</CATEGORY>
  15391. <CONDITIONLIST>
  15392. </CONDITIONLIST>
  15393. <OPERATOR>AND</OPERATOR>
  15394. <THREATLEVEL>10</THREATLEVEL>
  15395. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15396. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15397. </PROCESSDESCRIPTOR>
  15398. <PROCESSDESCRIPTOR>
  15399. <ID>2158</ID>
  15400. <PROCESSLIST>
  15401. <PROCESS>ASBAR.DLL</PROCESS>
  15402. </PROCESSLIST>
  15403. <CLSIDLIST>
  15404. <CLSID>{BB936323-19FA-4521-BA29-ECA6A121BC78}</CLSID>
  15405. </CLSIDLIST>
  15406. <SUMMARY>Coolbar by 3721.com</SUMMARY>
  15407. <DEFAULTINSTALLPATHLIST>
  15408. </DEFAULTINSTALLPATHLIST>
  15409. <CATEGORY>SPYWARE</CATEGORY>
  15410. <CONDITIONLIST>
  15411. <CONDITION>PRODUCTNAME~CoolBar</CONDITION>
  15412. </CONDITIONLIST>
  15413. <OPERATOR>AND</OPERATOR>
  15414. <THREATLEVEL>10</THREATLEVEL>
  15415. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15416. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15417. </PROCESSDESCRIPTOR>
  15418. <PROCESSDESCRIPTOR>
  15419. <ID>2159</ID>
  15420. <PROCESSLIST>
  15421. <PROCESS>ASSIST.DLL</PROCESS>
  15422. </PROCESSLIST>
  15423. <CLSIDLIST>
  15424. <CLSID>{1B0E7716-898E-48cc-9690-4E338E8DE1D3}</CLSID>
  15425. </CLSIDLIST>
  15426. <SUMMARY>CoolBar URL Search Hook</SUMMARY>
  15427. <DEFAULTINSTALLPATHLIST>
  15428. </DEFAULTINSTALLPATHLIST>
  15429. <CATEGORY>SPYWARE</CATEGORY>
  15430. <CONDITIONLIST>
  15431. <CONDITION>INTERNALNAME~Assist</CONDITION>
  15432. </CONDITIONLIST>
  15433. <OPERATOR>AND</OPERATOR>
  15434. <THREATLEVEL>10</THREATLEVEL>
  15435. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15436. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15437. </PROCESSDESCRIPTOR>
  15438. <PROCESSDESCRIPTOR>
  15439. <ID>2160</ID>
  15440. <PROCESSLIST>
  15441. <PROCESS>ASSISTSE.EXE</PROCESS>
  15442. </PROCESSLIST>
  15443. <CLSIDLIST>
  15444. </CLSIDLIST>
  15445. <SUMMARY>CnsMin / Coolbar Related Application</SUMMARY>
  15446. <DEFAULTINSTALLPATHLIST>
  15447. </DEFAULTINSTALLPATHLIST>
  15448. <CATEGORY>SPYWARE</CATEGORY>
  15449. <CONDITIONLIST>
  15450. <CONDITION>FILELOCATION~3721</CONDITION>
  15451. </CONDITIONLIST>
  15452. <OPERATOR>AND</OPERATOR>
  15453. <THREATLEVEL>10</THREATLEVEL>
  15454. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15455. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15456. </PROCESSDESCRIPTOR>
  15457. <PROCESSDESCRIPTOR>
  15458. <ID>2163</ID>
  15459. <PROCESSLIST>
  15460. <PROCESS>SYSTIME.EXE</PROCESS>
  15461. </PROCESSLIST>
  15462. <CLSIDLIST>
  15463. </CLSIDLIST>
  15464. <SUMMARY>SYSTIME.EXE</SUMMARY>
  15465. <DEFAULTINSTALLPATHLIST>
  15466. </DEFAULTINSTALLPATHLIST>
  15467. <CATEGORY>ADWARE</CATEGORY>
  15468. <CONDITIONLIST>
  15469. <CONDITION>FILELOCATION~system32</CONDITION>
  15470. </CONDITIONLIST>
  15471. <OPERATOR>AND</OPERATOR>
  15472. <THREATLEVEL>10</THREATLEVEL>
  15473. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15474. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15475. </PROCESSDESCRIPTOR>
  15476. <PROCESSDESCRIPTOR>
  15477. <ID>2164</ID>
  15478. <PROCESSLIST>
  15479. <PROCESS>*</PROCESS>
  15480. <PROCESS>(ME2.DLL)</PROCESS>
  15481. </PROCESSLIST>
  15482. <CLSIDLIST>
  15483. <CLSID>{85A702BA-EA8F-4B83-AA07-07A5186ACD7E}</CLSID>
  15484. </CLSIDLIST>
  15485. <SUMMARY>Medialoads Enhanced/Downloadware or ClipGenie</SUMMARY>
  15486. <DEFAULTINSTALLPATHLIST>
  15487. </DEFAULTINSTALLPATHLIST>
  15488. <CATEGORY>SPYWARE</CATEGORY>
  15489. <CONDITIONLIST>
  15490. <CONDITION>PRODUCTNAME~MediaLoads</CONDITION>
  15491. </CONDITIONLIST>
  15492. <OPERATOR>AND</OPERATOR>
  15493. <THREATLEVEL>10</THREATLEVEL>
  15494. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15495. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15496. </PROCESSDESCRIPTOR>
  15497. <PROCESSDESCRIPTOR>
  15498. <ID>2165</ID>
  15499. <PROCESSLIST>
  15500. <PROCESS>LCI.DLL</PROCESS>
  15501. </PROCESSLIST>
  15502. <CLSIDLIST>
  15503. <CLSID>{685AAA63-6550-11D9-823F-000C9C565796}</CLSID>
  15504. </CLSIDLIST>
  15505. <SUMMARY>Unknown Spyware/Adware Variant Browser Helper Object (BHO)</SUMMARY>
  15506. <DEFAULTINSTALLPATHLIST>
  15507. </DEFAULTINSTALLPATHLIST>
  15508. <CATEGORY>SPYWARE</CATEGORY>
  15509. <CONDITIONLIST>
  15510. </CONDITIONLIST>
  15511. <OPERATOR>AND</OPERATOR>
  15512. <THREATLEVEL>10</THREATLEVEL>
  15513. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15514. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15515. </PROCESSDESCRIPTOR>
  15516. <PROCESSDESCRIPTOR>
  15517. <ID>2168</ID>
  15518. <PROCESSLIST>
  15519. <PROCESS>IWONBAR.DLL</PROCESS>
  15520. </PROCESSLIST>
  15521. <CLSIDLIST>
  15522. <CLSID>{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}</CLSID>
  15523. <CLSID>{CA0B9B71-C2AF-11D3-B376-0800460222F0}</CLSID>
  15524. </CLSIDLIST>
  15525. <SUMMARY>iWon Co-Pilot for Internet Explorer and Netscape</SUMMARY>
  15526. <DEFAULTINSTALLPATHLIST>
  15527. </DEFAULTINSTALLPATHLIST>
  15528. <CATEGORY>ADWARE</CATEGORY>
  15529. <CONDITIONLIST>
  15530. <CONDITION>INTERNALNAME~iWon</CONDITION>
  15531. </CONDITIONLIST>
  15532. <OPERATOR>AND</OPERATOR>
  15533. <THREATLEVEL>8</THREATLEVEL>
  15534. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15535. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15536. </PROCESSDESCRIPTOR>
  15537. <PROCESSDESCRIPTOR>
  15538. <ID>2182</ID>
  15539. <PROCESSLIST>
  15540. <PROCESS>*</PROCESS>
  15541. <PROCESS>404SEARCH.DLL</PROCESS>
  15542. </PROCESSLIST>
  15543. <CLSIDLIST>
  15544. <CLSID>{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}</CLSID>
  15545. </CLSIDLIST>
  15546. <SUMMARY>404Search Adware BHO</SUMMARY>
  15547. <DEFAULTINSTALLPATHLIST>
  15548. </DEFAULTINSTALLPATHLIST>
  15549. <CATEGORY>ADWARE</CATEGORY>
  15550. <CONDITIONLIST>
  15551. <CONDITION>INTERNALNAME~404Search</CONDITION>
  15552. </CONDITIONLIST>
  15553. <OPERATOR>AND</OPERATOR>
  15554. <THREATLEVEL>8</THREATLEVEL>
  15555. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15556. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15557. </PROCESSDESCRIPTOR>
  15558. <PROCESSDESCRIPTOR>
  15559. <ID>2183</ID>
  15560. <PROCESSLIST>
  15561. <PROCESS>*</PROCESS>
  15562. <PROCESS>ABAR.DLL</PROCESS>
  15563. <PROCESS>BAIDUBAR.DLL</PROCESS>
  15564. </PROCESSLIST>
  15565. <CLSIDLIST>
  15566. <CLSID>{B580CF65-E151-49C3-B73F-70B13FCA8E86}</CLSID>
  15567. </CLSIDLIST>
  15568. <SUMMARY>BaiduBar BHO</SUMMARY>
  15569. <DEFAULTINSTALLPATHLIST>
  15570. </DEFAULTINSTALLPATHLIST>
  15571. <CATEGORY>ADWARE</CATEGORY>
  15572. <CONDITIONLIST>
  15573. <CONDITION>PRODUCTNAME~BaiduBar</CONDITION>
  15574. </CONDITIONLIST>
  15575. <OPERATOR>AND</OPERATOR>
  15576. <THREATLEVEL>8</THREATLEVEL>
  15577. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15578. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15579. </PROCESSDESCRIPTOR>
  15580. <PROCESSDESCRIPTOR>
  15581. <ID>2185</ID>
  15582. <PROCESSLIST>
  15583. <PROCESS>BDHELPER.DLL</PROCESS>
  15584. </PROCESSLIST>
  15585. <CLSIDLIST>
  15586. <CLSID>{CA92B524-BC8A-4610-BD2C-6BD3E28155D0}</CLSID>
  15587. </CLSIDLIST>
  15588. <SUMMARY>CnsMin Variant Browser Helper Object</SUMMARY>
  15589. <DEFAULTINSTALLPATHLIST>
  15590. </DEFAULTINSTALLPATHLIST>
  15591. <CATEGORY>ADWARE</CATEGORY>
  15592. <CONDITIONLIST>
  15593. <CONDITION>PRODUCTNAME~BDHelper</CONDITION>
  15594. </CONDITIONLIST>
  15595. <OPERATOR>AND</OPERATOR>
  15596. <THREATLEVEL>5</THREATLEVEL>
  15597. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15598. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15599. </PROCESSDESCRIPTOR>
  15600. <PROCESSDESCRIPTOR>
  15601. <ID>2186</ID>
  15602. <PROCESSLIST>
  15603. <PROCESS>*</PROCESS>
  15604. <PROCESS>BDPLUGIN.DLL</PROCESS>
  15605. </PROCESSLIST>
  15606. <CLSIDLIST>
  15607. <CLSID>{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}</CLSID>
  15608. </CLSIDLIST>
  15609. <SUMMARY>BDHelper Shell Execute Hook</SUMMARY>
  15610. <DEFAULTINSTALLPATHLIST>
  15611. </DEFAULTINSTALLPATHLIST>
  15612. <CATEGORY>ADWARE</CATEGORY>
  15613. <CONDITIONLIST>
  15614. </CONDITIONLIST>
  15615. <OPERATOR>AND</OPERATOR>
  15616. <THREATLEVEL>10</THREATLEVEL>
  15617. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15618. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15619. </PROCESSDESCRIPTOR>
  15620. <PROCESSDESCRIPTOR>
  15621. <ID>2187</ID>
  15622. <PROCESSLIST>
  15623. <PROCESS>BDSRHOOK.DLL</PROCESS>
  15624. </PROCESSLIST>
  15625. <CLSIDLIST>
  15626. <CLSID>{2C5AA40E-8814-4EB6-876E-7EFB8B3F9662}</CLSID>
  15627. </CLSIDLIST>
  15628. <SUMMARY>BD Url Search Hook</SUMMARY>
  15629. <DEFAULTINSTALLPATHLIST>
  15630. </DEFAULTINSTALLPATHLIST>
  15631. <CATEGORY>ADWARE</CATEGORY>
  15632. <CONDITIONLIST>
  15633. <CONDITION>PRODUCTNAME~SearchHook</CONDITION>
  15634. </CONDITIONLIST>
  15635. <OPERATOR>AND</OPERATOR>
  15636. <THREATLEVEL>10</THREATLEVEL>
  15637. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15638. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15639. </PROCESSDESCRIPTOR>
  15640. <PROCESSDESCRIPTOR>
  15641. <ID>2188</ID>
  15642. <PROCESSLIST>
  15643. <PROCESS>*</PROCESS>
  15644. <PROCESS>CRBK32.DLL</PROCESS>
  15645. <PROCESS>IEKD32.DLL</PROCESS>
  15646. <PROCESS>MSAI.DLL</PROCESS>
  15647. <PROCESS>MFCQW.DLL</PROCESS>
  15648. <PROCESS>D3UB.DLL</PROCESS>
  15649. </PROCESSLIST>
  15650. <CLSIDLIST>
  15651. <CLSID>*</CLSID>
  15652. <CLSID>{C7D9E145-52DB-B4D5-50F2-B854335AD4B1}</CLSID>
  15653. <CLSID>{E843DEFD-22B6-EBB3-0AC4-2EE1DC8C5882}</CLSID>
  15654. <CLSID>{FC4D1C93-3A3E-35D2-1515-1A241B913EAD}</CLSID>
  15655. <CLSID>{FCDF3AFF-011A-349F-5BA9-2BD2618D0F10}</CLSID>
  15656. <CLSID>{E374D485-455A-EA4B-4D0D-A9597EFAF27B}</CLSID>
  15657. </CLSIDLIST>
  15658. <SUMMARY>Unknown Adware BHO Variant</SUMMARY>
  15659. <DEFAULTINSTALLPATHLIST>
  15660. </DEFAULTINSTALLPATHLIST>
  15661. <CATEGORY>ADWARE</CATEGORY>
  15662. <CONDITIONLIST>
  15663. <CONDITION>MD5=34941906fd0e3079317ccec02871c2b8</CONDITION>
  15664. </CONDITIONLIST>
  15665. <OPERATOR>AND</OPERATOR>
  15666. <THREATLEVEL>8</THREATLEVEL>
  15667. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15668. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15669. </PROCESSDESCRIPTOR>
  15670. <PROCESSDESCRIPTOR>
  15671. <ID>2189</ID>
  15672. <PROCESSLIST>
  15673. <PROCESS>*</PROCESS>
  15674. <PROCESS>DIGITA~6.DLL</PROCESS>
  15675. </PROCESSLIST>
  15676. <CLSIDLIST>
  15677. <CLSID>{183D5161-0C62-4295-896C-44E7442CD6F2}</CLSID>
  15678. </CLSIDLIST>
  15679. <SUMMARY>Spyware.DigitalNames Variant</SUMMARY>
  15680. <DEFAULTINSTALLPATHLIST>
  15681. </DEFAULTINSTALLPATHLIST>
  15682. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  15683. <CONDITIONLIST>
  15684. <CONDITION>PRODUCTNAME~URL</CONDITION>
  15685. </CONDITIONLIST>
  15686. <OPERATOR>AND</OPERATOR>
  15687. <THREATLEVEL>8</THREATLEVEL>
  15688. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15689. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15690. </PROCESSDESCRIPTOR>
  15691. <PROCESSDESCRIPTOR>
  15692. <ID>2197</ID>
  15693. <PROCESSLIST>
  15694. <PROCESS>NHMOOF.DLL</PROCESS>
  15695. </PROCESSLIST>
  15696. <CLSIDLIST>
  15697. <CLSID>{6F26D74F-96FA-4FED-8039-361B549856E4}</CLSID>
  15698. </CLSIDLIST>
  15699. <SUMMARY>Unknown BHO</SUMMARY>
  15700. <DEFAULTINSTALLPATHLIST>
  15701. </DEFAULTINSTALLPATHLIST>
  15702. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  15703. <CONDITIONLIST>
  15704. </CONDITIONLIST>
  15705. <OPERATOR>AND</OPERATOR>
  15706. <THREATLEVEL>5</THREATLEVEL>
  15707. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15708. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15709. </PROCESSDESCRIPTOR>
  15710. <PROCESSDESCRIPTOR>
  15711. <ID>2199</ID>
  15712. <PROCESSLIST>
  15713. <PROCESS>BTLINK.DLL</PROCESS>
  15714. </PROCESSLIST>
  15715. <CLSIDLIST>
  15716. <CLSID>{D6DFF6D8-B94B-4720-B730-1C38C7065C3B}</CLSID>
  15717. </CLSIDLIST>
  15718. <SUMMARY>Huntbar Related Browser Helper Object</SUMMARY>
  15719. <DEFAULTINSTALLPATHLIST>
  15720. </DEFAULTINSTALLPATHLIST>
  15721. <CATEGORY>ADWARE</CATEGORY>
  15722. <CONDITIONLIST>
  15723. </CONDITIONLIST>
  15724. <OPERATOR>AND</OPERATOR>
  15725. <THREATLEVEL>8</THREATLEVEL>
  15726. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15727. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15728. </PROCESSDESCRIPTOR>
  15729. <PROCESSDESCRIPTOR>
  15730. <ID>2200</ID>
  15731. <PROCESSLIST>
  15732. <PROCESS>*</PROCESS>
  15733. <PROCESS>DASHBAR21.DLL</PROCESS>
  15734. <PROCESS>DASHBAR15.DLL</PROCESS>
  15735. <PROCESS>DASHBAR17.DLL</PROCESS>
  15736. </PROCESSLIST>
  15737. <CLSIDLIST>
  15738. <CLSID>{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8}</CLSID>
  15739. </CLSIDLIST>
  15740. <SUMMARY>Adware.GAIN/DashBar.Toolbar</SUMMARY>
  15741. <DEFAULTINSTALLPATHLIST>
  15742. </DEFAULTINSTALLPATHLIST>
  15743. <CATEGORY>ADWARE</CATEGORY>
  15744. <CONDITIONLIST>
  15745. </CONDITIONLIST>
  15746. <OPERATOR>AND</OPERATOR>
  15747. <THREATLEVEL>5</THREATLEVEL>
  15748. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  15749. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  15750. </PROCESSDESCRIPTOR>
  15751. <PROCESSDESCRIPTOR>
  15752. <ID>2201</ID>
  15753. <PROCESSLIST>
  15754. <PROCESS>*</PROCESS>
  15755. <PROCESS>Q433828.DLL</PROCESS>
  15756. <PROCESS>Q543642984.DLL</PROCESS>
  15757. </PROCESSLIST>
  15758. <CLSIDLIST>
  15759. <CLSID>*</CLSID>
  15760. <CLSID>{B52C2252-650F-4E9F-88AB-0F40D74EEB4A}</CLSID>
  15761. <CLSID>{1CB7DA9D-97E5-4FFB-8371-992C60CCE2F2}</CLSID>
  15762. </CLSIDLIST>
  15763. <SUMMARY>Unknown and Randomly Named/Registered Threat</SUMMARY>
  15764. <DEFAULTINSTALLPATHLIST>
  15765. </DEFAULTINSTALLPATHLIST>
  15766. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  15767. <CONDITIONLIST>
  15768. <CONDITION>MD5=0b45afd128e1fbcb2d40d7e1a8f13a3a</CONDITION>
  15769. </CONDITIONLIST>
  15770. <OPERATOR>AND</OPERATOR>
  15771. <THREATLEVEL>10</THREATLEVEL>
  15772. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15773. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15774. </PROCESSDESCRIPTOR>
  15775. <PROCESSDESCRIPTOR>
  15776. <ID>2203</ID>
  15777. <PROCESSLIST>
  15778. <PROCESS>*</PROCESS>
  15779. <PROCESS>CNBABE.DLL</PROCESS>
  15780. <PROCESS>CNBARIE.DLL</PROCESS>
  15781. </PROCESSLIST>
  15782. <CLSIDLIST>
  15783. <CLSID>{00000000-0000-0000-0000-000000000000}</CLSID>
  15784. </CLSIDLIST>
  15785. <SUMMARY>CommonName Toolbar/Browser Helper Object</SUMMARY>
  15786. <DEFAULTINSTALLPATHLIST>
  15787. </DEFAULTINSTALLPATHLIST>
  15788. <CATEGORY>ADWARE</CATEGORY>
  15789. <CONDITIONLIST>
  15790. <CONDITION>PRODUCTNAME~BabeIE</CONDITION>
  15791. </CONDITIONLIST>
  15792. <OPERATOR>AND</OPERATOR>
  15793. <THREATLEVEL>8</THREATLEVEL>
  15794. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15795. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15796. </PROCESSDESCRIPTOR>
  15797. <PROCESSDESCRIPTOR>
  15798. <ID>2205</ID>
  15799. <PROCESSLIST>
  15800. <PROCESS>PROTECT32.DLL</PROCESS>
  15801. </PROCESSLIST>
  15802. <CLSIDLIST>
  15803. <CLSID>{002FB48C-A41C-49AF-A312-7EC17E963F1A}</CLSID>
  15804. <CLSID>{FF06E421-6BB3-11D9-A13A-4445FAECD4B1}</CLSID>
  15805. <CLSID>{2F1EF902-4A68-42CB-A570-FD765449CFE0}</CLSID>
  15806. </CLSIDLIST>
  15807. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  15808. <DEFAULTINSTALLPATHLIST>
  15809. </DEFAULTINSTALLPATHLIST>
  15810. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  15811. <CONDITIONLIST>
  15812. </CONDITIONLIST>
  15813. <OPERATOR>AND</OPERATOR>
  15814. <THREATLEVEL>5</THREATLEVEL>
  15815. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15816. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15817. </PROCESSDESCRIPTOR>
  15818. <PROCESSDESCRIPTOR>
  15819. <ID>2206</ID>
  15820. <PROCESSLIST>
  15821. <PROCESS>WINSRM32.DLL</PROCESS>
  15822. </PROCESSLIST>
  15823. <CLSIDLIST>
  15824. <CLSID>{0AEE4D0C-4B38-4196-AE32-70ACE5656647}</CLSID>
  15825. <CLSID>{4B8F38C7-62FC-4762-B9A0-27E63F768167}</CLSID>
  15826. </CLSIDLIST>
  15827. <SUMMARY>iLookup Related Browser Helper Object</SUMMARY>
  15828. <DEFAULTINSTALLPATHLIST>
  15829. </DEFAULTINSTALLPATHLIST>
  15830. <CATEGORY>SPYWARE</CATEGORY>
  15831. <CONDITIONLIST>
  15832. </CONDITIONLIST>
  15833. <OPERATOR>AND</OPERATOR>
  15834. <THREATLEVEL>10</THREATLEVEL>
  15835. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15836. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15837. </PROCESSDESCRIPTOR>
  15838. <PROCESSDESCRIPTOR>
  15839. <ID>2207</ID>
  15840. <PROCESSLIST>
  15841. <PROCESS>*</PROCESS>
  15842. <PROCESS>XUNLEIBHO_V1.DLL</PROCESS>
  15843. </PROCESSLIST>
  15844. <CLSIDLIST>
  15845. <CLSID>{0005A87D-D626-4B3A-84F9-1D9571695F55}</CLSID>
  15846. </CLSIDLIST>
  15847. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  15848. <DEFAULTINSTALLPATHLIST>
  15849. </DEFAULTINSTALLPATHLIST>
  15850. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  15851. <CONDITIONLIST>
  15852. </CONDITIONLIST>
  15853. <OPERATOR>AND</OPERATOR>
  15854. <THREATLEVEL>5</THREATLEVEL>
  15855. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15856. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15857. </PROCESSDESCRIPTOR>
  15858. <PROCESSDESCRIPTOR>
  15859. <ID>2210</ID>
  15860. <PROCESSLIST>
  15861. <PROCESS>WINNET.EXE</PROCESS>
  15862. </PROCESSLIST>
  15863. <CLSIDLIST>
  15864. </CLSIDLIST>
  15865. <SUMMARY>CommonName Spyware Component</SUMMARY>
  15866. <DEFAULTINSTALLPATHLIST>
  15867. </DEFAULTINSTALLPATHLIST>
  15868. <CATEGORY>SPYWARE</CATEGORY>
  15869. <CONDITIONLIST>
  15870. <CONDITION>COMPANYNAME~CommonName</CONDITION>
  15871. </CONDITIONLIST>
  15872. <OPERATOR>AND</OPERATOR>
  15873. <THREATLEVEL>10</THREATLEVEL>
  15874. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15875. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15876. </PROCESSDESCRIPTOR>
  15877. <PROCESSDESCRIPTOR>
  15878. <ID>2211</ID>
  15879. <PROCESSLIST>
  15880. <PROCESS>EVTHTM.EXE</PROCESS>
  15881. </PROCESSLIST>
  15882. <CLSIDLIST>
  15883. </CLSIDLIST>
  15884. <SUMMARY>Adult Porn Dialer</SUMMARY>
  15885. <DEFAULTINSTALLPATHLIST>
  15886. </DEFAULTINSTALLPATHLIST>
  15887. <CATEGORY>SPYWARE</CATEGORY>
  15888. <CONDITIONLIST>
  15889. <CONDITION>MD5=d0db9a633a29b8e29f78ab89f4fdd45d</CONDITION>
  15890. </CONDITIONLIST>
  15891. <OPERATOR>AND</OPERATOR>
  15892. <THREATLEVEL>10</THREATLEVEL>
  15893. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15894. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15895. </PROCESSDESCRIPTOR>
  15896. <PROCESSDESCRIPTOR>
  15897. <ID>2212</ID>
  15898. <PROCESSLIST>
  15899. <PROCESS>MSBLAST.EXE</PROCESS>
  15900. </PROCESSLIST>
  15901. <CLSIDLIST>
  15902. </CLSIDLIST>
  15903. <SUMMARY>MSBlast Internet Worm</SUMMARY>
  15904. <DEFAULTINSTALLPATHLIST>
  15905. </DEFAULTINSTALLPATHLIST>
  15906. <CATEGORY>VIRUS</CATEGORY>
  15907. <CONDITIONLIST>
  15908. <CONDITION>FILELOCATION~System32</CONDITION>
  15909. </CONDITIONLIST>
  15910. <OPERATOR>AND</OPERATOR>
  15911. <THREATLEVEL>10</THREATLEVEL>
  15912. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15913. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15914. </PROCESSDESCRIPTOR>
  15915. <PROCESSDESCRIPTOR>
  15916. <ID>2213</ID>
  15917. <PROCESSLIST>
  15918. <PROCESS>SHCH.EXE</PROCESS>
  15919. </PROCESSLIST>
  15920. <CLSIDLIST>
  15921. </CLSIDLIST>
  15922. <SUMMARY>Adult Porn Dialer</SUMMARY>
  15923. <DEFAULTINSTALLPATHLIST>
  15924. </DEFAULTINSTALLPATHLIST>
  15925. <CATEGORY>DIALER</CATEGORY>
  15926. <CONDITIONLIST>
  15927. <CONDITION>MD5=3fdfacf15063486fd4899ca28ed81c12</CONDITION>
  15928. </CONDITIONLIST>
  15929. <OPERATOR>AND</OPERATOR>
  15930. <THREATLEVEL>10</THREATLEVEL>
  15931. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15932. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15933. </PROCESSDESCRIPTOR>
  15934. <PROCESSDESCRIPTOR>
  15935. <ID>2214</ID>
  15936. <PROCESSLIST>
  15937. <PROCESS>BALMBLUE.EXE</PROCESS>
  15938. </PROCESSLIST>
  15939. <CLSIDLIST>
  15940. </CLSIDLIST>
  15941. <SUMMARY>Adware.Lop.Process</SUMMARY>
  15942. <DEFAULTINSTALLPATHLIST>
  15943. </DEFAULTINSTALLPATHLIST>
  15944. <CATEGORY>SPYWARE</CATEGORY>
  15945. <CONDITIONLIST>
  15946. <CONDITION>MD5=5f604fdec2af078541978a1500b85caa</CONDITION>
  15947. </CONDITIONLIST>
  15948. <OPERATOR>AND</OPERATOR>
  15949. <THREATLEVEL>10</THREATLEVEL>
  15950. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15951. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15952. </PROCESSDESCRIPTOR>
  15953. <PROCESSDESCRIPTOR>
  15954. <ID>2215</ID>
  15955. <PROCESSLIST>
  15956. <PROCESS>FWNTOOLBAR.DLL</PROCESS>
  15957. </PROCESSLIST>
  15958. <CLSIDLIST>
  15959. <CLSID>{3D0BDAB3-12F4-471C-8966-E35A2C6C7DE7}</CLSID>
  15960. </CLSIDLIST>
  15961. <SUMMARY>FindWhatEverNow Toolbar for Internet Explorer</SUMMARY>
  15962. <DEFAULTINSTALLPATHLIST>
  15963. </DEFAULTINSTALLPATHLIST>
  15964. <CATEGORY>ADWARE</CATEGORY>
  15965. <CONDITIONLIST>
  15966. </CONDITIONLIST>
  15967. <OPERATOR>AND</OPERATOR>
  15968. <THREATLEVEL>7</THREATLEVEL>
  15969. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15970. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15971. </PROCESSDESCRIPTOR>
  15972. <PROCESSDESCRIPTOR>
  15973. <ID>2216</ID>
  15974. <PROCESSLIST>
  15975. <PROCESS>*</PROCESS>
  15976. <PROCESS>HTMLEDIT.DLL</PROCESS>
  15977. </PROCESSLIST>
  15978. <CLSIDLIST>
  15979. <CLSID>{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}</CLSID>
  15980. </CLSIDLIST>
  15981. <SUMMARY>CoolWebSearch or CommonName Browser Helper</SUMMARY>
  15982. <DEFAULTINSTALLPATHLIST>
  15983. </DEFAULTINSTALLPATHLIST>
  15984. <CATEGORY>ADWARE</CATEGORY>
  15985. <CONDITIONLIST>
  15986. </CONDITIONLIST>
  15987. <OPERATOR>AND</OPERATOR>
  15988. <THREATLEVEL>5</THREATLEVEL>
  15989. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  15990. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  15991. </PROCESSDESCRIPTOR>
  15992. <PROCESSDESCRIPTOR>
  15993. <ID>2217</ID>
  15994. <PROCESSLIST>
  15995. <PROCESS>*</PROCESS>
  15996. <PROCESS>(YENQC.EXE)</PROCESS>
  15997. </PROCESSLIST>
  15998. <CLSIDLIST>
  15999. </CLSIDLIST>
  16000. <SUMMARY>Unknown (Possible Lop.com) Process</SUMMARY>
  16001. <DEFAULTINSTALLPATHLIST>
  16002. </DEFAULTINSTALLPATHLIST>
  16003. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16004. <CONDITIONLIST>
  16005. <CONDITION>MD5=81da86d8d7b72f13796a64f0fe4616d8</CONDITION>
  16006. </CONDITIONLIST>
  16007. <OPERATOR>AND</OPERATOR>
  16008. <THREATLEVEL>10</THREATLEVEL>
  16009. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16010. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16011. </PROCESSDESCRIPTOR>
  16012. <PROCESSDESCRIPTOR>
  16013. <ID>2218</ID>
  16014. <PROCESSLIST>
  16015. <PROCESS>BRIDGE.DLL</PROCESS>
  16016. </PROCESSLIST>
  16017. <CLSIDLIST>
  16018. <CLSID>{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}</CLSID>
  16019. </CLSIDLIST>
  16020. <SUMMARY>Adware.WinFavorites</SUMMARY>
  16021. <DEFAULTINSTALLPATHLIST>
  16022. </DEFAULTINSTALLPATHLIST>
  16023. <CATEGORY>ADWARE</CATEGORY>
  16024. <CONDITIONLIST>
  16025. </CONDITIONLIST>
  16026. <OPERATOR>AND</OPERATOR>
  16027. <THREATLEVEL>8</THREATLEVEL>
  16028. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16029. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16030. </PROCESSDESCRIPTOR>
  16031. <PROCESSDESCRIPTOR>
  16032. <ID>2219</ID>
  16033. <PROCESSLIST>
  16034. <PROCESS>*</PROCESS>
  16035. <PROCESS>(TIBS3.EXE)</PROCESS>
  16036. </PROCESSLIST>
  16037. <CLSIDLIST>
  16038. </CLSIDLIST>
  16039. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  16040. <DEFAULTINSTALLPATHLIST>
  16041. </DEFAULTINSTALLPATHLIST>
  16042. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16043. <CONDITIONLIST>
  16044. <CONDITION>MD5=0dc6a048b469e8b498c1e119b9f2a2fa</CONDITION>
  16045. <CONDITION>MD5=26A62E774A55B13F3CF2D274017D9BF7</CONDITION>
  16046. </CONDITIONLIST>
  16047. <OPERATOR>OR</OPERATOR>
  16048. <THREATLEVEL>10</THREATLEVEL>
  16049. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16050. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16051. </PROCESSDESCRIPTOR>
  16052. <PROCESSDESCRIPTOR>
  16053. <ID>2220</ID>
  16054. <PROCESSLIST>
  16055. <PROCESS>*</PROCESS>
  16056. <PROCESS>WTOOLST.DLL</PROCESS>
  16057. </PROCESSLIST>
  16058. <CLSIDLIST>
  16059. <CLSID>{8DA5457F-A8AA-4CCF-A842-70E6FD274094}</CLSID>
  16060. </CLSIDLIST>
  16061. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).BHO</SUMMARY>
  16062. <DEFAULTINSTALLPATHLIST>
  16063. </DEFAULTINSTALLPATHLIST>
  16064. <CATEGORY>SPYWARE</CATEGORY>
  16065. <CONDITIONLIST>
  16066. </CONDITIONLIST>
  16067. <OPERATOR>AND</OPERATOR>
  16068. <THREATLEVEL>10</THREATLEVEL>
  16069. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16070. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16071. </PROCESSDESCRIPTOR>
  16072. <PROCESSDESCRIPTOR>
  16073. <ID>2230</ID>
  16074. <PROCESSLIST>
  16075. <PROCESS>LCDSAB13.EXE</PROCESS>
  16076. </PROCESSLIST>
  16077. <CLSIDLIST>
  16078. </CLSIDLIST>
  16079. <SUMMARY>SuperAdBlocker Illegal Crack File</SUMMARY>
  16080. <DEFAULTINSTALLPATHLIST>
  16081. </DEFAULTINSTALLPATHLIST>
  16082. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16083. <CONDITIONLIST>
  16084. <CONDITION>MD5=c2766d98b91629191192cf383048e9d0</CONDITION>
  16085. </CONDITIONLIST>
  16086. <OPERATOR>AND</OPERATOR>
  16087. <THREATLEVEL>1</THREATLEVEL>
  16088. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16089. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16090. </PROCESSDESCRIPTOR>
  16091. <PROCESSDESCRIPTOR>
  16092. <ID>2231</ID>
  16093. <PROCESSLIST>
  16094. <PROCESS>MSADBLOCK32.DLL</PROCESS>
  16095. </PROCESSLIST>
  16096. <CLSIDLIST>
  16097. <CLSID>*</CLSID>
  16098. <CLSID>{1DF2DDE1-03C1-9F7D-1398-514C7EBD00BA}</CLSID>
  16099. </CLSIDLIST>
  16100. <SUMMARY>Unknown Browser Hi-Jacker</SUMMARY>
  16101. <DEFAULTINSTALLPATHLIST>
  16102. </DEFAULTINSTALLPATHLIST>
  16103. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  16104. <CONDITIONLIST>
  16105. <CONDITION>FILELOCATION~System32</CONDITION>
  16106. </CONDITIONLIST>
  16107. <OPERATOR>AND</OPERATOR>
  16108. <THREATLEVEL>10</THREATLEVEL>
  16109. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16110. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16111. </PROCESSDESCRIPTOR>
  16112. <PROCESSDESCRIPTOR>
  16113. <ID>2232</ID>
  16114. <PROCESSLIST>
  16115. <PROCESS>SARISTAR.DLL</PROCESS>
  16116. </PROCESSLIST>
  16117. <CLSIDLIST>
  16118. <CLSID>{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50}</CLSID>
  16119. </CLSIDLIST>
  16120. <SUMMARY>Coulomb Dialer Parasite</SUMMARY>
  16121. <DEFAULTINSTALLPATHLIST>
  16122. </DEFAULTINSTALLPATHLIST>
  16123. <CATEGORY>TROJAN</CATEGORY>
  16124. <CONDITIONLIST>
  16125. </CONDITIONLIST>
  16126. <OPERATOR>AND</OPERATOR>
  16127. <THREATLEVEL>10</THREATLEVEL>
  16128. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16129. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16130. </PROCESSDESCRIPTOR>
  16131. <PROCESSDESCRIPTOR>
  16132. <ID>2236</ID>
  16133. <PROCESSLIST>
  16134. <PROCESS>*</PROCESS>
  16135. <PROCESS>HGLE.DLL</PROCESS>
  16136. </PROCESSLIST>
  16137. <CLSIDLIST>
  16138. <CLSID>{D97A9332-0ED3-7902-D7E2-01A2AFF73BE4}</CLSID>
  16139. </CLSIDLIST>
  16140. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16141. <DEFAULTINSTALLPATHLIST>
  16142. </DEFAULTINSTALLPATHLIST>
  16143. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16144. <CONDITIONLIST>
  16145. </CONDITIONLIST>
  16146. <OPERATOR>AND</OPERATOR>
  16147. <THREATLEVEL>10</THREATLEVEL>
  16148. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16149. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16150. </PROCESSDESCRIPTOR>
  16151. <PROCESSDESCRIPTOR>
  16152. <ID>2237</ID>
  16153. <PROCESSLIST>
  16154. <PROCESS>*</PROCESS>
  16155. <PROCESS>PSKW.DLL</PROCESS>
  16156. </PROCESSLIST>
  16157. <CLSIDLIST>
  16158. <CLSID>{3EDF385A-E34C-79E1-8205-125504F17A3B}</CLSID>
  16159. </CLSIDLIST>
  16160. <SUMMARY>Unknown Browser Helper Object</SUMMARY>
  16161. <DEFAULTINSTALLPATHLIST>
  16162. </DEFAULTINSTALLPATHLIST>
  16163. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16164. <CONDITIONLIST>
  16165. </CONDITIONLIST>
  16166. <OPERATOR>AND</OPERATOR>
  16167. <THREATLEVEL>10</THREATLEVEL>
  16168. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16169. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16170. </PROCESSDESCRIPTOR>
  16171. <PROCESSDESCRIPTOR>
  16172. <ID>2238</ID>
  16173. <PROCESSLIST>
  16174. <PROCESS>SDKGD.DLL</PROCESS>
  16175. </PROCESSLIST>
  16176. <CLSIDLIST>
  16177. <CLSID>{0B9E0B4B-FD49-6278-3F77-654C70658958}</CLSID>
  16178. </CLSIDLIST>
  16179. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16180. <DEFAULTINSTALLPATHLIST>
  16181. </DEFAULTINSTALLPATHLIST>
  16182. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16183. <CONDITIONLIST>
  16184. </CONDITIONLIST>
  16185. <OPERATOR>AND</OPERATOR>
  16186. <THREATLEVEL>10</THREATLEVEL>
  16187. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16188. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16189. </PROCESSDESCRIPTOR>
  16190. <PROCESSDESCRIPTOR>
  16191. <ID>2239</ID>
  16192. <PROCESSLIST>
  16193. <PROCESS>*</PROCESS>
  16194. <PROCESS>WINDJ.DLL</PROCESS>
  16195. </PROCESSLIST>
  16196. <CLSIDLIST>
  16197. <CLSID>{AB6F81AC-6C76-BCBF-C021-1BA9321DF5F0}</CLSID>
  16198. </CLSIDLIST>
  16199. <SUMMARY>Unknown Browser Helper Object</SUMMARY>
  16200. <DEFAULTINSTALLPATHLIST>
  16201. </DEFAULTINSTALLPATHLIST>
  16202. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16203. <CONDITIONLIST>
  16204. <CONDITION>MD5=884cf0b4be3e40b71d9cfa8762e7a864</CONDITION>
  16205. </CONDITIONLIST>
  16206. <OPERATOR>AND</OPERATOR>
  16207. <THREATLEVEL>10</THREATLEVEL>
  16208. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16209. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16210. </PROCESSDESCRIPTOR>
  16211. <PROCESSDESCRIPTOR>
  16212. <ID>2240</ID>
  16213. <PROCESSLIST>
  16214. <PROCESS>WTLBASS32.DLL</PROCESS>
  16215. </PROCESSLIST>
  16216. <CLSIDLIST>
  16217. <CLSID>{A0ED918D-B8E6-4c3d-BD15-1DB1AE9A5DD3}</CLSID>
  16218. </CLSIDLIST>
  16219. <SUMMARY>AnalyzeIE (Unknown Browser Helper Object)</SUMMARY>
  16220. <DEFAULTINSTALLPATHLIST>
  16221. </DEFAULTINSTALLPATHLIST>
  16222. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16223. <CONDITIONLIST>
  16224. </CONDITIONLIST>
  16225. <OPERATOR>AND</OPERATOR>
  16226. <THREATLEVEL>10</THREATLEVEL>
  16227. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16228. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16229. </PROCESSDESCRIPTOR>
  16230. <PROCESSDESCRIPTOR>
  16231. <ID>2244</ID>
  16232. <PROCESSLIST>
  16233. <PROCESS>*</PROCESS>
  16234. <PROCESS>LINKWAIT.EXE</PROCESS>
  16235. </PROCESSLIST>
  16236. <CLSIDLIST>
  16237. <CLSID>{B0B5717C-FAA6-865B-42CB-329A964F309C}</CLSID>
  16238. </CLSIDLIST>
  16239. <SUMMARY>Adware.Lop.BHO</SUMMARY>
  16240. <DEFAULTINSTALLPATHLIST>
  16241. </DEFAULTINSTALLPATHLIST>
  16242. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16243. <CONDITIONLIST>
  16244. </CONDITIONLIST>
  16245. <OPERATOR>AND</OPERATOR>
  16246. <THREATLEVEL>10</THREATLEVEL>
  16247. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16248. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16249. </PROCESSDESCRIPTOR>
  16250. <PROCESSDESCRIPTOR>
  16251. <ID>2245</ID>
  16252. <PROCESSLIST>
  16253. <PROCESS>BMS.DLL</PROCESS>
  16254. </PROCESSLIST>
  16255. <CLSIDLIST>
  16256. <CLSID>{C18517DA-CA70-46CE-86F4-882F6B62E975}</CLSID>
  16257. </CLSIDLIST>
  16258. <SUMMARY>Spyware.DigitalNames Browser Hijacker</SUMMARY>
  16259. <DEFAULTINSTALLPATHLIST>
  16260. </DEFAULTINSTALLPATHLIST>
  16261. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  16262. <CONDITIONLIST>
  16263. </CONDITIONLIST>
  16264. <OPERATOR>AND</OPERATOR>
  16265. <THREATLEVEL>10</THREATLEVEL>
  16266. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16267. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16268. </PROCESSDESCRIPTOR>
  16269. <PROCESSDESCRIPTOR>
  16270. <ID>2246</ID>
  16271. <PROCESSLIST>
  16272. <PROCESS>KEYBAND.DLL</PROCESS>
  16273. </PROCESSLIST>
  16274. <CLSIDLIST>
  16275. <CLSID>{46D387E9-41FC-4F71-A7C3-B0BEB3568F00}</CLSID>
  16276. </CLSIDLIST>
  16277. <SUMMARY>Related to Spyware.DigitalNames Hijacker</SUMMARY>
  16278. <DEFAULTINSTALLPATHLIST>
  16279. </DEFAULTINSTALLPATHLIST>
  16280. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  16281. <CONDITIONLIST>
  16282. </CONDITIONLIST>
  16283. <OPERATOR>AND</OPERATOR>
  16284. <THREATLEVEL>10</THREATLEVEL>
  16285. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16286. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16287. </PROCESSDESCRIPTOR>
  16288. <PROCESSDESCRIPTOR>
  16289. <ID>2247</ID>
  16290. <PROCESSLIST>
  16291. <PROCESS>KEYSERVICE.EXE</PROCESS>
  16292. </PROCESSLIST>
  16293. <CLSIDLIST>
  16294. </CLSIDLIST>
  16295. <SUMMARY>Spyware.DigitalNames (UBizNames)</SUMMARY>
  16296. <DEFAULTINSTALLPATHLIST>
  16297. </DEFAULTINSTALLPATHLIST>
  16298. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  16299. <CONDITIONLIST>
  16300. <CONDITION>FILELOCATION~UBizNames</CONDITION>
  16301. </CONDITIONLIST>
  16302. <OPERATOR>AND</OPERATOR>
  16303. <THREATLEVEL>10</THREATLEVEL>
  16304. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16305. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16306. </PROCESSDESCRIPTOR>
  16307. <PROCESSDESCRIPTOR>
  16308. <ID>2248</ID>
  16309. <PROCESSLIST>
  16310. <PROCESS>OLEABHO6.DLL</PROCESS>
  16311. </PROCESSLIST>
  16312. <CLSIDLIST>
  16313. <CLSID>{91F9A5B6-F7F3-4491-BE96-5A78EE0B825E}</CLSID>
  16314. </CLSIDLIST>
  16315. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16316. <DEFAULTINSTALLPATHLIST>
  16317. </DEFAULTINSTALLPATHLIST>
  16318. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16319. <CONDITIONLIST>
  16320. <CONDITION>INTERNALNAME~abho.dll</CONDITION>
  16321. </CONDITIONLIST>
  16322. <OPERATOR>AND</OPERATOR>
  16323. <THREATLEVEL>5</THREATLEVEL>
  16324. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16325. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16326. </PROCESSDESCRIPTOR>
  16327. <PROCESSDESCRIPTOR>
  16328. <ID>2249</ID>
  16329. <PROCESSLIST>
  16330. <PROCESS>*</PROCESS>
  16331. <PROCESS>SNHZZOA.DLL</PROCESS>
  16332. <PROCESS>WHHZZOA.DLL</PROCESS>
  16333. </PROCESSLIST>
  16334. <CLSIDLIST>
  16335. <CLSID>*</CLSID>
  16336. <CLSID>{7E64AB8B-C7AC-377E-9DF1-7FCA328C6193}</CLSID>
  16337. <CLSID>{B1726C8B-80FF-3A13-AD7A-11841E0DA623}</CLSID>
  16338. </CLSIDLIST>
  16339. <SUMMARY>Undefined Browser Helper Objects</SUMMARY>
  16340. <DEFAULTINSTALLPATHLIST>
  16341. </DEFAULTINSTALLPATHLIST>
  16342. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16343. <CONDITIONLIST>
  16344. <CONDITION>FILEDESCRIPTION~axHelper</CONDITION>
  16345. <CONDITION>PRODUCTNAME~axHelper</CONDITION>
  16346. </CONDITIONLIST>
  16347. <OPERATOR>AND</OPERATOR>
  16348. <THREATLEVEL>10</THREATLEVEL>
  16349. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16350. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16351. </PROCESSDESCRIPTOR>
  16352. <PROCESSDESCRIPTOR>
  16353. <ID>2250</ID>
  16354. <PROCESSLIST>
  16355. <PROCESS>*</PROCESS>
  16356. <PROCESS>WHWZZOA.DLL</PROCESS>
  16357. </PROCESSLIST>
  16358. <CLSIDLIST>
  16359. <CLSID>{9BFAB061-A618-387D-8048-32AA9F57D073}</CLSID>
  16360. </CLSIDLIST>
  16361. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16362. <DEFAULTINSTALLPATHLIST>
  16363. </DEFAULTINSTALLPATHLIST>
  16364. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16365. <CONDITIONLIST>
  16366. <CONDITION>INTERNALNAME~activex.dll</CONDITION>
  16367. </CONDITIONLIST>
  16368. <OPERATOR>AND</OPERATOR>
  16369. <THREATLEVEL>10</THREATLEVEL>
  16370. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16371. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16372. </PROCESSDESCRIPTOR>
  16373. <PROCESSDESCRIPTOR>
  16374. <ID>2251</ID>
  16375. <PROCESSLIST>
  16376. <PROCESS>*</PROCESS>
  16377. <PROCESS>(WININGSYSJ.EXE)</PROCESS>
  16378. </PROCESSLIST>
  16379. <CLSIDLIST>
  16380. </CLSIDLIST>
  16381. <SUMMARY>Unknown Threat</SUMMARY>
  16382. <DEFAULTINSTALLPATHLIST>
  16383. </DEFAULTINSTALLPATHLIST>
  16384. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16385. <CONDITIONLIST>
  16386. <CONDITION>MD5=825623e6ae701cfe4d1dbf729b4b24d6</CONDITION>
  16387. </CONDITIONLIST>
  16388. <OPERATOR>AND</OPERATOR>
  16389. <THREATLEVEL>10</THREATLEVEL>
  16390. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16391. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16392. </PROCESSDESCRIPTOR>
  16393. <PROCESSDESCRIPTOR>
  16394. <ID>2252</ID>
  16395. <PROCESSLIST>
  16396. <PROCESS>ZZOA.DLL</PROCESS>
  16397. </PROCESSLIST>
  16398. <CLSIDLIST>
  16399. <CLSID>{85E59517-4C2E-40A0-A997-1D53E1007828}</CLSID>
  16400. </CLSIDLIST>
  16401. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16402. <DEFAULTINSTALLPATHLIST>
  16403. </DEFAULTINSTALLPATHLIST>
  16404. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16405. <CONDITIONLIST>
  16406. </CONDITIONLIST>
  16407. <OPERATOR>AND</OPERATOR>
  16408. <THREATLEVEL>8</THREATLEVEL>
  16409. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16410. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16411. </PROCESSDESCRIPTOR>
  16412. <PROCESSDESCRIPTOR>
  16413. <ID>2253</ID>
  16414. <PROCESSLIST>
  16415. <PROCESS>DSSAGENT.EXE</PROCESS>
  16416. </PROCESSLIST>
  16417. <CLSIDLIST>
  16418. </CLSIDLIST>
  16419. <SUMMARY>Background Agent Application by Broderbund Software</SUMMARY>
  16420. <DEFAULTINSTALLPATHLIST>
  16421. </DEFAULTINSTALLPATHLIST>
  16422. <CATEGORY>SPYWARE</CATEGORY>
  16423. <CONDITIONLIST>
  16424. <CONDITION>PRODUCTNAME~background</CONDITION>
  16425. </CONDITIONLIST>
  16426. <OPERATOR>AND</OPERATOR>
  16427. <THREATLEVEL>10</THREATLEVEL>
  16428. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16429. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16430. </PROCESSDESCRIPTOR>
  16431. <PROCESSDESCRIPTOR>
  16432. <ID>2258</ID>
  16433. <PROCESSLIST>
  16434. <PROCESS>ACTIVEBANNER.DLL</PROCESS>
  16435. </PROCESSLIST>
  16436. <CLSIDLIST>
  16437. <CLSID>{A11F2B00-71BC-4667-A24F-EE9D27F010C8}</CLSID>
  16438. </CLSIDLIST>
  16439. <SUMMARY>Active Banner Browser Helper Object</SUMMARY>
  16440. <DEFAULTINSTALLPATHLIST>
  16441. </DEFAULTINSTALLPATHLIST>
  16442. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16443. <CONDITIONLIST>
  16444. <CONDITION>PRODUCTNAME~ActiveBanner</CONDITION>
  16445. </CONDITIONLIST>
  16446. <OPERATOR>AND</OPERATOR>
  16447. <THREATLEVEL>5</THREATLEVEL>
  16448. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16449. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16450. </PROCESSDESCRIPTOR>
  16451. <PROCESSDESCRIPTOR>
  16452. <ID>2259</ID>
  16453. <PROCESSLIST>
  16454. <PROCESS>CNILA.DLL</PROCESS>
  16455. </PROCESSLIST>
  16456. <CLSIDLIST>
  16457. <CLSID>{65F1B157-1532-4F3A-9B85-3DD4F91035C2}</CLSID>
  16458. </CLSIDLIST>
  16459. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16460. <DEFAULTINSTALLPATHLIST>
  16461. </DEFAULTINSTALLPATHLIST>
  16462. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16463. <CONDITIONLIST>
  16464. </CONDITIONLIST>
  16465. <OPERATOR>AND</OPERATOR>
  16466. <THREATLEVEL>5</THREATLEVEL>
  16467. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16468. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16469. </PROCESSDESCRIPTOR>
  16470. <PROCESSDESCRIPTOR>
  16471. <ID>2260</ID>
  16472. <PROCESSLIST>
  16473. <PROCESS>KBD20KA.DLL</PROCESS>
  16474. </PROCESSLIST>
  16475. <CLSIDLIST>
  16476. <CLSID>{3ED8ACD1-583F-4ECE-B46F-FC4FA189E184}</CLSID>
  16477. </CLSIDLIST>
  16478. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16479. <DEFAULTINSTALLPATHLIST>
  16480. </DEFAULTINSTALLPATHLIST>
  16481. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16482. <CONDITIONLIST>
  16483. <CONDITION>PRODUCTNAME~kbd20ka</CONDITION>
  16484. </CONDITIONLIST>
  16485. <OPERATOR>AND</OPERATOR>
  16486. <THREATLEVEL>5</THREATLEVEL>
  16487. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16488. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16489. </PROCESSDESCRIPTOR>
  16490. <PROCESSDESCRIPTOR>
  16491. <ID>2261</ID>
  16492. <PROCESSLIST>
  16493. <PROCESS>OB2.DLL</PROCESS>
  16494. </PROCESSLIST>
  16495. <CLSIDLIST>
  16496. <CLSID>{0F9E1CB9-1B32-436B-B44C-BC7B7369CB9B}</CLSID>
  16497. </CLSIDLIST>
  16498. <SUMMARY>Adware.Onban (Symantec Listed)</SUMMARY>
  16499. <DEFAULTINSTALLPATHLIST>
  16500. </DEFAULTINSTALLPATHLIST>
  16501. <CATEGORY>SPYWARE</CATEGORY>
  16502. <CONDITIONLIST>
  16503. <CONDITION>ORIGINALFILENAME~OB2.DLL</CONDITION>
  16504. </CONDITIONLIST>
  16505. <OPERATOR>AND</OPERATOR>
  16506. <THREATLEVEL>10</THREATLEVEL>
  16507. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16508. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16509. </PROCESSDESCRIPTOR>
  16510. <PROCESSDESCRIPTOR>
  16511. <ID>2262</ID>
  16512. <PROCESSLIST>
  16513. <PROCESS>ONBAN001.DLL</PROCESS>
  16514. </PROCESSLIST>
  16515. <CLSIDLIST>
  16516. <CLSID>{CA35A44E-3799-49ED-98CF-C3944FE74370}</CLSID>
  16517. </CLSIDLIST>
  16518. <SUMMARY>Undefined Browser Helper Object (OnBan Adware Related)</SUMMARY>
  16519. <DEFAULTINSTALLPATHLIST>
  16520. </DEFAULTINSTALLPATHLIST>
  16521. <CATEGORY>SPYWARE</CATEGORY>
  16522. <CONDITIONLIST>
  16523. <CONDITION>PRODUCTNAME~onban001</CONDITION>
  16524. </CONDITIONLIST>
  16525. <OPERATOR>AND</OPERATOR>
  16526. <THREATLEVEL>5</THREATLEVEL>
  16527. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16528. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16529. </PROCESSDESCRIPTOR>
  16530. <PROCESSDESCRIPTOR>
  16531. <ID>2263</ID>
  16532. <PROCESSLIST>
  16533. <PROCESS>MFCVS.DLL</PROCESS>
  16534. </PROCESSLIST>
  16535. <CLSIDLIST>
  16536. <CLSID>{F00DEE37-8509-AE59-6FB2-C712632ECE8B}</CLSID>
  16537. </CLSIDLIST>
  16538. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16539. <DEFAULTINSTALLPATHLIST>
  16540. </DEFAULTINSTALLPATHLIST>
  16541. <CATEGORY>UNDEFINEDTHREATS</CATEGORY>
  16542. <CONDITIONLIST>
  16543. </CONDITIONLIST>
  16544. <OPERATOR>AND</OPERATOR>
  16545. <THREATLEVEL>5</THREATLEVEL>
  16546. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16547. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16548. </PROCESSDESCRIPTOR>
  16549. <PROCESSDESCRIPTOR>
  16550. <ID>2264</ID>
  16551. <PROCESSLIST>
  16552. <PROCESS>SPECIALFILE.EXE</PROCESS>
  16553. </PROCESSLIST>
  16554. <CLSIDLIST>
  16555. </CLSIDLIST>
  16556. <SUMMARY>RBOT.RH Worm</SUMMARY>
  16557. <DEFAULTINSTALLPATHLIST>
  16558. </DEFAULTINSTALLPATHLIST>
  16559. <CATEGORY>WORM</CATEGORY>
  16560. <CONDITIONLIST>
  16561. <CONDITION>MD5=ed1be867fb5dcc15951352a9b6b71709</CONDITION>
  16562. </CONDITIONLIST>
  16563. <OPERATOR>AND</OPERATOR>
  16564. <THREATLEVEL>10</THREATLEVEL>
  16565. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16566. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16567. </PROCESSDESCRIPTOR>
  16568. <PROCESSDESCRIPTOR>
  16569. <ID>2273</ID>
  16570. <PROCESSLIST>
  16571. <PROCESS>AYVOVVKQ.DLL</PROCESS>
  16572. </PROCESSLIST>
  16573. <CLSIDLIST>
  16574. <CLSID>{6DCFFF6D-1385-632F-A80E-1C9448EE88CD}</CLSID>
  16575. </CLSIDLIST>
  16576. <SUMMARY>Undefined Browser Helper Object</SUMMARY>
  16577. <DEFAULTINSTALLPATHLIST>
  16578. </DEFAULTINSTALLPATHLIST>
  16579. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16580. <CONDITIONLIST>
  16581. </CONDITIONLIST>
  16582. <OPERATOR>AND</OPERATOR>
  16583. <THREATLEVEL>10</THREATLEVEL>
  16584. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16585. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16586. </PROCESSDESCRIPTOR>
  16587. <PROCESSDESCRIPTOR>
  16588. <ID>2276</ID>
  16589. <PROCESSLIST>
  16590. <PROCESS>TBC.DLL</PROCESS>
  16591. </PROCESSLIST>
  16592. <CLSIDLIST>
  16593. <CLSID>{9EAC0102-5E61-2312-BC2D-544243544243}</CLSID>
  16594. </CLSIDLIST>
  16595. <SUMMARY>CoolWebSearch Variant Browser Helper Object</SUMMARY>
  16596. <DEFAULTINSTALLPATHLIST>
  16597. </DEFAULTINSTALLPATHLIST>
  16598. <CATEGORY>SPYWARE</CATEGORY>
  16599. <CONDITIONLIST>
  16600. </CONDITIONLIST>
  16601. <OPERATOR>AND</OPERATOR>
  16602. <THREATLEVEL>10</THREATLEVEL>
  16603. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16604. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16605. </PROCESSDESCRIPTOR>
  16606. <PROCESSDESCRIPTOR>
  16607. <ID>2278</ID>
  16608. <PROCESSLIST>
  16609. <PROCESS>TBGAME.DLL</PROCESS>
  16610. </PROCESSLIST>
  16611. <CLSIDLIST>
  16612. <CLSID>{02ffc86e-283e-4faa-95d6-addca024f30a}</CLSID>
  16613. </CLSIDLIST>
  16614. <SUMMARY>Effective Brand Toolbar/180Search Toolbar</SUMMARY>
  16615. <DEFAULTINSTALLPATHLIST>
  16616. </DEFAULTINSTALLPATHLIST>
  16617. <CATEGORY>ADWARE</CATEGORY>
  16618. <CONDITIONLIST>
  16619. <CONDITION>PRODUCTNAME~Effective</CONDITION>
  16620. </CONDITIONLIST>
  16621. <OPERATOR>AND</OPERATOR>
  16622. <THREATLEVEL>10</THREATLEVEL>
  16623. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16624. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16625. </PROCESSDESCRIPTOR>
  16626. <PROCESSDESCRIPTOR>
  16627. <ID>2279</ID>
  16628. <PROCESSLIST>
  16629. <PROCESS>X1FF.DLL</PROCESS>
  16630. </PROCESSLIST>
  16631. <CLSIDLIST>
  16632. <CLSID>{CE7EF827-47CC-48EB-B570-C367F1E1277E}</CLSID>
  16633. </CLSIDLIST>
  16634. <SUMMARY>Ride Marketing Group Adware</SUMMARY>
  16635. <DEFAULTINSTALLPATHLIST>
  16636. </DEFAULTINSTALLPATHLIST>
  16637. <CATEGORY>ADWARE</CATEGORY>
  16638. <CONDITIONLIST>
  16639. </CONDITIONLIST>
  16640. <OPERATOR>AND</OPERATOR>
  16641. <THREATLEVEL>10</THREATLEVEL>
  16642. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16643. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16644. </PROCESSDESCRIPTOR>
  16645. <PROCESSDESCRIPTOR>
  16646. <ID>2281</ID>
  16647. <PROCESSLIST>
  16648. <PROCESS>*</PROCESS>
  16649. <PROCESS>WEBDLG32.DLL</PROCESS>
  16650. </PROCESSLIST>
  16651. <CLSIDLIST>
  16652. <CLSID>{30192F8D-0958-44E6-B54D-331FD39AC959}</CLSID>
  16653. <CLSID>{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}</CLSID>
  16654. </CLSIDLIST>
  16655. <SUMMARY>IWantSearchBar Browser Helper Object</SUMMARY>
  16656. <DEFAULTINSTALLPATHLIST>
  16657. </DEFAULTINSTALLPATHLIST>
  16658. <CATEGORY>ADWARE</CATEGORY>
  16659. <CONDITIONLIST>
  16660. </CONDITIONLIST>
  16661. <OPERATOR>AND</OPERATOR>
  16662. <THREATLEVEL>6</THREATLEVEL>
  16663. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16664. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16665. </PROCESSDESCRIPTOR>
  16666. <PROCESSDESCRIPTOR>
  16667. <ID>2282</ID>
  16668. <PROCESSLIST>
  16669. <PROCESS>CAPATTTCL.EXE</PROCESS>
  16670. </PROCESSLIST>
  16671. <CLSIDLIST>
  16672. <CLSID>{036652D4-A54E-2597-BBAB-E8228DA3DECC}</CLSID>
  16673. </CLSIDLIST>
  16674. <SUMMARY>Unidentified URL Search Hook</SUMMARY>
  16675. <DEFAULTINSTALLPATHLIST>
  16676. </DEFAULTINSTALLPATHLIST>
  16677. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  16678. <CONDITIONLIST>
  16679. </CONDITIONLIST>
  16680. <OPERATOR>AND</OPERATOR>
  16681. <THREATLEVEL>6</THREATLEVEL>
  16682. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16683. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16684. </PROCESSDESCRIPTOR>
  16685. <PROCESSDESCRIPTOR>
  16686. <ID>2283</ID>
  16687. <PROCESSLIST>
  16688. <PROCESS>*</PROCESS>
  16689. <PROCESS>BTIEIN.DLL</PROCESS>
  16690. </PROCESSLIST>
  16691. <CLSIDLIST>
  16692. <CLSID>{63B78BC1-A711-4D46-AD2F-C581AC420D41}</CLSID>
  16693. </CLSIDLIST>
  16694. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).BHO</SUMMARY>
  16695. <DEFAULTINSTALLPATHLIST>
  16696. </DEFAULTINSTALLPATHLIST>
  16697. <CATEGORY>SPYWARE</CATEGORY>
  16698. <CONDITIONLIST>
  16699. </CONDITIONLIST>
  16700. <OPERATOR>AND</OPERATOR>
  16701. <THREATLEVEL>8</THREATLEVEL>
  16702. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16703. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16704. </PROCESSDESCRIPTOR>
  16705. <PROCESSDESCRIPTOR>
  16706. <ID>2284</ID>
  16707. <PROCESSLIST>
  16708. <PROCESS>PWG.EXE</PROCESS>
  16709. </PROCESSLIST>
  16710. <CLSIDLIST>
  16711. </CLSIDLIST>
  16712. <SUMMARY>n-Case Spyware Component</SUMMARY>
  16713. <DEFAULTINSTALLPATHLIST>
  16714. </DEFAULTINSTALLPATHLIST>
  16715. <CATEGORY>SPYWARE</CATEGORY>
  16716. <CONDITIONLIST>
  16717. <CONDITION>MD5=a9bc3c424d4851e3d0076cc84223bd14</CONDITION>
  16718. </CONDITIONLIST>
  16719. <OPERATOR>AND</OPERATOR>
  16720. <THREATLEVEL>8</THREATLEVEL>
  16721. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16722. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16723. </PROCESSDESCRIPTOR>
  16724. <PROCESSDESCRIPTOR>
  16725. <ID>2285</ID>
  16726. <PROCESSLIST>
  16727. <PROCESS>*</PROCESS>
  16728. <PROCESS>KDPUPD.DLL</PROCESS>
  16729. </PROCESSLIST>
  16730. <CLSIDLIST>
  16731. <CLSID>{F281FFC7-6C63-4bf9-83F2-AB7A6157B109}</CLSID>
  16732. </CLSIDLIST>
  16733. <SUMMARY>SafeGuared Protect Adware</SUMMARY>
  16734. <DEFAULTINSTALLPATHLIST>
  16735. </DEFAULTINSTALLPATHLIST>
  16736. <CATEGORY>SPYWARE</CATEGORY>
  16737. <CONDITIONLIST>
  16738. </CONDITIONLIST>
  16739. <OPERATOR>AND</OPERATOR>
  16740. <THREATLEVEL>8</THREATLEVEL>
  16741. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16742. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16743. </PROCESSDESCRIPTOR>
  16744. <PROCESSDESCRIPTOR>
  16745. <ID>2286</ID>
  16746. <PROCESSLIST>
  16747. <PROCESS>*</PROCESS>
  16748. <PROCESS>PDFUPD.DLL</PROCESS>
  16749. </PROCESSLIST>
  16750. <CLSIDLIST>
  16751. <CLSID>{D4D505DF-D582-400c-91B6-84921012AFE3}</CLSID>
  16752. </CLSIDLIST>
  16753. <SUMMARY>SafeGuardProtect/Veevo Adware</SUMMARY>
  16754. <DEFAULTINSTALLPATHLIST>
  16755. </DEFAULTINSTALLPATHLIST>
  16756. <CATEGORY>ADWARE</CATEGORY>
  16757. <CONDITIONLIST>
  16758. </CONDITIONLIST>
  16759. <OPERATOR>AND</OPERATOR>
  16760. <THREATLEVEL>8</THREATLEVEL>
  16761. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16762. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16763. </PROCESSDESCRIPTOR>
  16764. <PROCESSDESCRIPTOR>
  16765. <ID>2287</ID>
  16766. <PROCESSLIST>
  16767. <PROCESS>XM320.DLL</PROCESS>
  16768. </PROCESSLIST>
  16769. <CLSIDLIST>
  16770. <CLSID>{7371F073-AC0F-4b80-BB2F-96A488CEFB32}</CLSID>
  16771. </CLSIDLIST>
  16772. <SUMMARY>FlashTrack Adware Browser Helper Object</SUMMARY>
  16773. <DEFAULTINSTALLPATHLIST>
  16774. </DEFAULTINSTALLPATHLIST>
  16775. <CATEGORY>ADWARE</CATEGORY>
  16776. <CONDITIONLIST>
  16777. </CONDITIONLIST>
  16778. <OPERATOR>AND</OPERATOR>
  16779. <THREATLEVEL>10</THREATLEVEL>
  16780. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16781. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16782. </PROCESSDESCRIPTOR>
  16783. <PROCESSDESCRIPTOR>
  16784. <ID>2288</ID>
  16785. <PROCESSLIST>
  16786. <PROCESS>*</PROCESS>
  16787. <PROCESS>WINTASK.EXE</PROCESS>
  16788. <PROCESS>EXP.EXE</PROCESS>
  16789. </PROCESSLIST>
  16790. <CLSIDLIST>
  16791. </CLSIDLIST>
  16792. <SUMMARY>Trojan Application</SUMMARY>
  16793. <DEFAULTINSTALLPATHLIST>
  16794. </DEFAULTINSTALLPATHLIST>
  16795. <CATEGORY>TROJAN</CATEGORY>
  16796. <CONDITIONLIST>
  16797. <CONDITION>MD5=3f660d7a76423ad2a72e70c972767f88</CONDITION>
  16798. </CONDITIONLIST>
  16799. <OPERATOR>AND</OPERATOR>
  16800. <THREATLEVEL>10</THREATLEVEL>
  16801. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16802. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16803. </PROCESSDESCRIPTOR>
  16804. <PROCESSDESCRIPTOR>
  16805. <ID>2289</ID>
  16806. <PROCESSLIST>
  16807. <PROCESS>*</PROCESS>
  16808. <PROCESS>NEM218.DLL</PROCESS>
  16809. </PROCESSLIST>
  16810. <CLSIDLIST>
  16811. <CLSID>{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}</CLSID>
  16812. </CLSIDLIST>
  16813. <SUMMARY>Adware.Avenue Media/Internet Optimizer.BHO</SUMMARY>
  16814. <DEFAULTINSTALLPATHLIST>
  16815. </DEFAULTINSTALLPATHLIST>
  16816. <CATEGORY>ADWARE</CATEGORY>
  16817. <CONDITIONLIST>
  16818. </CONDITIONLIST>
  16819. <OPERATOR>AND</OPERATOR>
  16820. <THREATLEVEL>10</THREATLEVEL>
  16821. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16822. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16823. </PROCESSDESCRIPTOR>
  16824. <PROCESSDESCRIPTOR>
  16825. <ID>2290</ID>
  16826. <PROCESSLIST>
  16827. <PROCESS>4B_1,0,1,0_MSLAGENT.DLL</PROCESS>
  16828. <PROCESS>4B_1,0,1,1_MSLAGENT.DLL</PROCESS>
  16829. </PROCESSLIST>
  16830. <CLSIDLIST>
  16831. <CLSID>{021BB032-80A8-4FB6-B3D5-CF27B1553B95}</CLSID>
  16832. <CLSID>{ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB}</CLSID>
  16833. </CLSIDLIST>
  16834. <SUMMARY>Slagent Trojan Browser Helper Object</SUMMARY>
  16835. <DEFAULTINSTALLPATHLIST>
  16836. </DEFAULTINSTALLPATHLIST>
  16837. <CATEGORY>TROJAN</CATEGORY>
  16838. <CONDITIONLIST>
  16839. </CONDITIONLIST>
  16840. <OPERATOR>AND</OPERATOR>
  16841. <THREATLEVEL>10</THREATLEVEL>
  16842. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16843. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16844. </PROCESSDESCRIPTOR>
  16845. <PROCESSDESCRIPTOR>
  16846. <ID>2291</ID>
  16847. <PROCESSLIST>
  16848. <PROCESS>IETOOLBAR.DLL</PROCESS>
  16849. </PROCESSLIST>
  16850. <CLSIDLIST>
  16851. <CLSID>{EA5A82FB-D6BE-44F9-9363-B1ABABC153C1}</CLSID>
  16852. </CLSIDLIST>
  16853. <SUMMARY>MBKWBar Toolbar</SUMMARY>
  16854. <DEFAULTINSTALLPATHLIST>
  16855. </DEFAULTINSTALLPATHLIST>
  16856. <CATEGORY>ADWARE</CATEGORY>
  16857. <CONDITIONLIST>
  16858. </CONDITIONLIST>
  16859. <OPERATOR>AND</OPERATOR>
  16860. <THREATLEVEL>10</THREATLEVEL>
  16861. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16862. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16863. </PROCESSDESCRIPTOR>
  16864. <PROCESSDESCRIPTOR>
  16865. <ID>2292</ID>
  16866. <PROCESSLIST>
  16867. <PROCESS>AEMD.DLL</PROCESS>
  16868. </PROCESSLIST>
  16869. <CLSIDLIST>
  16870. <CLSID>{7BECB7A8-8472-4F91-B419-94792540C862}</CLSID>
  16871. </CLSIDLIST>
  16872. <SUMMARY>Unknown BHO (AEMD.DLL)</SUMMARY>
  16873. <DEFAULTINSTALLPATHLIST>
  16874. </DEFAULTINSTALLPATHLIST>
  16875. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16876. <CONDITIONLIST>
  16877. </CONDITIONLIST>
  16878. <OPERATOR>AND</OPERATOR>
  16879. <THREATLEVEL>10</THREATLEVEL>
  16880. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16881. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16882. </PROCESSDESCRIPTOR>
  16883. <PROCESSDESCRIPTOR>
  16884. <ID>2293</ID>
  16885. <PROCESSLIST>
  16886. <PROCESS>*</PROCESS>
  16887. <PROCESS>QGJMXVIW.DLL</PROCESS>
  16888. </PROCESSLIST>
  16889. <CLSIDLIST>
  16890. <CLSID>{D358C610-59D1-0C0F-87EE-77A2D0D669B3}</CLSID>
  16891. </CLSIDLIST>
  16892. <SUMMARY>Unknown BHO (QGJMXVIW.DLL)</SUMMARY>
  16893. <DEFAULTINSTALLPATHLIST>
  16894. </DEFAULTINSTALLPATHLIST>
  16895. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16896. <CONDITIONLIST>
  16897. </CONDITIONLIST>
  16898. <OPERATOR>AND</OPERATOR>
  16899. <THREATLEVEL>10</THREATLEVEL>
  16900. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16901. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16902. </PROCESSDESCRIPTOR>
  16903. <PROCESSDESCRIPTOR>
  16904. <ID>2294</ID>
  16905. <PROCESSLIST>
  16906. <PROCESS>*</PROCESS>
  16907. <PROCESS>(GKVTX.EXE)</PROCESS>
  16908. </PROCESSLIST>
  16909. <CLSIDLIST>
  16910. </CLSIDLIST>
  16911. <SUMMARY>GKVTX.EXE</SUMMARY>
  16912. <DEFAULTINSTALLPATHLIST>
  16913. </DEFAULTINSTALLPATHLIST>
  16914. <CATEGORY>ADWARE</CATEGORY>
  16915. <CONDITIONLIST>
  16916. <CONDITION>MD5=6a24254ca59a1d797bef465367b62497</CONDITION>
  16917. </CONDITIONLIST>
  16918. <OPERATOR>AND</OPERATOR>
  16919. <THREATLEVEL>10</THREATLEVEL>
  16920. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16921. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16922. </PROCESSDESCRIPTOR>
  16923. <PROCESSDESCRIPTOR>
  16924. <ID>2296</ID>
  16925. <PROCESSLIST>
  16926. <PROCESS>*</PROCESS>
  16927. <PROCESS>(QXOMWH.EXE)</PROCESS>
  16928. </PROCESSLIST>
  16929. <CLSIDLIST>
  16930. </CLSIDLIST>
  16931. <SUMMARY>QXOMWH.EXE</SUMMARY>
  16932. <DEFAULTINSTALLPATHLIST>
  16933. </DEFAULTINSTALLPATHLIST>
  16934. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  16935. <CONDITIONLIST>
  16936. <CONDITION>MD5=0525f66ceebf5f7d8f4ef63e6d5f249a</CONDITION>
  16937. </CONDITIONLIST>
  16938. <OPERATOR>AND</OPERATOR>
  16939. <THREATLEVEL>10</THREATLEVEL>
  16940. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16941. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16942. </PROCESSDESCRIPTOR>
  16943. <PROCESSDESCRIPTOR>
  16944. <ID>2297</ID>
  16945. <PROCESSLIST>
  16946. <PROCESS>IESEARCHBAR.DLL</PROCESS>
  16947. </PROCESSLIST>
  16948. <CLSIDLIST>
  16949. <CLSID>{71ED4FBA-4024-4bbe-91DC-9704C93F453E}</CLSID>
  16950. </CLSIDLIST>
  16951. <SUMMARY>BlazeFind Internet Explorer Toolbar</SUMMARY>
  16952. <DEFAULTINSTALLPATHLIST>
  16953. </DEFAULTINSTALLPATHLIST>
  16954. <CATEGORY>ADWARE</CATEGORY>
  16955. <CONDITIONLIST>
  16956. </CONDITIONLIST>
  16957. <OPERATOR>AND</OPERATOR>
  16958. <THREATLEVEL>8</THREATLEVEL>
  16959. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16960. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16961. </PROCESSDESCRIPTOR>
  16962. <PROCESSDESCRIPTOR>
  16963. <ID>2298</ID>
  16964. <PROCESSLIST>
  16965. <PROCESS>SYSSFITB.DLL</PROCESS>
  16966. </PROCESSLIST>
  16967. <CLSIDLIST>
  16968. <CLSID>{C109664B-CEB1-420B-B353-D55A561536DD}</CLSID>
  16969. </CLSIDLIST>
  16970. <SUMMARY>AdShooter Adware/Search For It Toolbar</SUMMARY>
  16971. <DEFAULTINSTALLPATHLIST>
  16972. </DEFAULTINSTALLPATHLIST>
  16973. <CATEGORY>ADWARE</CATEGORY>
  16974. <CONDITIONLIST>
  16975. </CONDITIONLIST>
  16976. <OPERATOR>AND</OPERATOR>
  16977. <THREATLEVEL>8</THREATLEVEL>
  16978. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16979. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16980. </PROCESSDESCRIPTOR>
  16981. <PROCESSDESCRIPTOR>
  16982. <ID>2299</ID>
  16983. <PROCESSLIST>
  16984. <PROCESS>M030206POHS.DLL</PROCESS>
  16985. </PROCESSLIST>
  16986. <CLSIDLIST>
  16987. <CLSID>{57A746CE-AAEC-4DDE-83B0-31C0938EBC0B}</CLSID>
  16988. </CLSIDLIST>
  16989. <SUMMARY>WulrdMedia Adware</SUMMARY>
  16990. <DEFAULTINSTALLPATHLIST>
  16991. </DEFAULTINSTALLPATHLIST>
  16992. <CATEGORY>ADWARE</CATEGORY>
  16993. <CONDITIONLIST>
  16994. </CONDITIONLIST>
  16995. <OPERATOR>AND</OPERATOR>
  16996. <THREATLEVEL>8</THREATLEVEL>
  16997. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  16998. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  16999. </PROCESSDESCRIPTOR>
  17000. <PROCESSDESCRIPTOR>
  17001. <ID>2300</ID>
  17002. <PROCESSLIST>
  17003. <PROCESS>SQUERYCONTROL32.EXE</PROCESS>
  17004. </PROCESSLIST>
  17005. <CLSIDLIST>
  17006. </CLSIDLIST>
  17007. <SUMMARY>SQuery Adware</SUMMARY>
  17008. <DEFAULTINSTALLPATHLIST>
  17009. </DEFAULTINSTALLPATHLIST>
  17010. <CATEGORY>ADWARE</CATEGORY>
  17011. <CONDITIONLIST>
  17012. <CONDITION>PRODUCTNAME~ExMsgHook</CONDITION>
  17013. </CONDITIONLIST>
  17014. <OPERATOR>AND</OPERATOR>
  17015. <THREATLEVEL>8</THREATLEVEL>
  17016. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  17017. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  17018. </PROCESSDESCRIPTOR>
  17019. <PROCESSDESCRIPTOR>
  17020. <ID>2301</ID>
  17021. <PROCESSLIST>
  17022. <PROCESS>EZC.EXE</PROCESS>
  17023. </PROCESSLIST>
  17024. <CLSIDLIST>
  17025. </CLSIDLIST>
  17026. <SUMMARY>Win-Adware/EZCodec</SUMMARY>
  17027. <DEFAULTINSTALLPATHLIST>
  17028. </DEFAULTINSTALLPATHLIST>
  17029. <CATEGORY>ADWARE</CATEGORY>
  17030. <CONDITIONLIST>
  17031. <CONDITION>PRODUCTNAME~WingProc</CONDITION>
  17032. </CONDITIONLIST>
  17033. <OPERATOR>AND</OPERATOR>
  17034. <THREATLEVEL>8</THREATLEVEL>
  17035. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  17036. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  17037. </PROCESSDESCRIPTOR>
  17038. <PROCESSDESCRIPTOR>
  17039. <ID>2315</ID>
  17040. <PROCESSLIST>
  17041. <PROCESS>*</PROCESS>
  17042. <PROCESS>BH304181.DLL</PROCESS>
  17043. <PROCESS>BH309190.DLL</PROCESS>
  17044. </PROCESSLIST>
  17045. <CLSIDLIST>
  17046. <CLSID>{029CA12C-89C1-46A7-A3C7-82F2F98635CB}</CLSID>
  17047. </CLSIDLIST>
  17048. <SUMMARY>Kontiki Download Manager Browser Helper Object</SUMMARY>
  17049. <DEFAULTINSTALLPATHLIST>
  17050. </DEFAULTINSTALLPATHLIST>
  17051. <CATEGORY>APPLICATION</CATEGORY>
  17052. <CONDITIONLIST>
  17053. </CONDITIONLIST>
  17054. <OPERATOR>AND</OPERATOR>
  17055. <THREATLEVEL>6</THREATLEVEL>
  17056. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  17057. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  17058. </PROCESSDESCRIPTOR>
  17059. <PROCESSDESCRIPTOR>
  17060. <ID>2316</ID>
  17061. <PROCESSLIST>
  17062. <PROCESS>BAR.DLL</PROCESS>
  17063. </PROCESSLIST>
  17064. <CLSIDLIST>
  17065. <CLSID>{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B}</CLSID>
  17066. </CLSIDLIST>
  17067. <SUMMARY>Newton Known Search Hi-Jacker and Toolbar</SUMMARY>
  17068. <DEFAULTINSTALLPATHLIST>
  17069. </DEFAULTINSTALLPATHLIST>
  17070. <CATEGORY>ADWARE</CATEGORY>
  17071. <CONDITIONLIST>
  17072. </CONDITIONLIST>
  17073. <OPERATOR>AND</OPERATOR>
  17074. <THREATLEVEL>6</THREATLEVEL>
  17075. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  17076. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  17077. </PROCESSDESCRIPTOR>
  17078. <PROCESSDESCRIPTOR>
  17079. <ID>2317</ID>
  17080. <PROCESSLIST>
  17081. <PROCESS>BLEINP.DLL</PROCESS>
  17082. <PROCESS>KZTKEWUR.DLL</PROCESS>
  17083. <PROCESS>GIEONINE.DLL</PROCESS>
  17084. <PROCESS>JOLEYIG.DLL</PROCESS>
  17085. <PROCESS>LDFH.DLL</PROCESS>
  17086. <PROCESS>MSDOI.DLL</PROCESS>
  17087. <PROCESS>IFGIB.DLL</PROCESS>
  17088. <PROCESS>0NQYBBN.DLL</PROCESS>
  17089. <PROCESS>238589K.DLL</PROCESS>
  17090. <PROCESS>FEFL.DLL</PROCESS>
  17091. <PROCESS>QWSXP.DLL</PROCESS>
  17092. <PROCESS>DASHNEW.EXE</PROCESS>
  17093. <PROCESS>OAEL.DLL</PROCESS>
  17094. <PROCESS>PJDBCA.DLL</PROCESS>
  17095. <PROCESS>MQMBQCK.DLL</PROCESS>
  17096. <PROCESS>JOID.DLL</PROCESS>
  17097. <PROCESS>TOFARI32.DLL</PROCESS>
  17098. <PROCESS>UDEXBLH.DLL</PROCESS>
  17099. <PROCESS>IERE32.DLL</PROCESS>
  17100. <PROCESS>BNNJHD.DLL</PROCESS>
  17101. <PROCESS>YQULTPGR.DLL</PROCESS>
  17102. <PROCESS>APIKJ32.DLL</PROCESS>
  17103. <PROCESS>MSDZR.DLL</PROCESS>
  17104. <PROCESS>UKDUXZZR.DLL</PROCESS>
  17105. <PROCESS>MIHAGO.DLL</PROCESS>
  17106. <PROCESS>CBEB.DLL</PROCESS>
  17107. <PROCESS>IOBE.DLL</PROCESS>
  17108. <PROCESS>CIIBBK.DLL</PROCESS>
  17109. <PROCESS>NGII.DLL</PROCESS>
  17110. <PROCESS>WINXV.DLL</PROCESS>
  17111. <PROCESS>BLEUOI.DLL</PROCESS>
  17112. <PROCESS>AIWVUH.DLL</PROCESS>
  17113. <PROCESS>LDJFNDA.DLL</PROCESS>
  17114. <PROCESS>JAVAHX32.DLL</PROCESS>
  17115. <PROCESS>DFMNBF.DLL</PROCESS>
  17116. <PROCESS>MFCMB.DLL</PROCESS>
  17117. <PROCESS>KTIPJ.DLL</PROCESS>
  17118. <PROCESS>APIMI32.DLL</PROCESS>
  17119. <PROCESS>APPWU32.DLL</PROCESS>
  17120. <PROCESS>ASBKCRU.DLL</PROCESS>
  17121. <PROCESS>BHGQSCP.DLL</PROCESS>
  17122. <PROCESS>EOJICM.DLL</PROCESS>
  17123. <PROCESS>JALVHKW.DLL</PROCESS>
  17124. <PROCESS>JAVAHN32.DLL</PROCESS>
  17125. <PROCESS>JUXQF.DLL</PROCESS>
  17126. <PROCESS>MSRATEOLC.DLL</PROCESS>
  17127. <PROCESS>MSWX.DLL</PROCESS>
  17128. <PROCESS>TBNVF.DLL</PROCESS>
  17129. <PROCESS>PROGVID.DLL</PROCESS>
  17130. <PROCESS>SIPOZ.DLL</PROCESS>
  17131. <PROCESS>DOEC.DLL</PROCESS>
  17132. <PROCESS>LBPUY.DLL</PROCESS>
  17133. <PROCESS>OEUU.DLL</PROCESS>
  17134. <PROCESS>TTKUJ.DLL</PROCESS>
  17135. <PROCESS>CRYN.DLL</PROCESS>
  17136. <PROCESS>CVYCMB.DLL</PROCESS>
  17137. <PROCESS>IEAR.DLL</PROCESS>
  17138. <PROCESS>MFCCL32.DLL</PROCESS>
  17139. <PROCESS>NDIWK.DLL</PROCESS>
  17140. <PROCESS>RVBA.DLL</PROCESS>
  17141. <PROCESS>BLOH.DLL</PROCESS>
  17142. <PROCESS>D3VF32.DLL</PROCESS>
  17143. <PROCESS>CEV.DLL</PROCESS>
  17144. <PROCESS>GUTSKPCM.DLL</PROCESS>
  17145. <PROCESS>GYZCWMY.DLL</PROCESS>
  17146. <PROCESS>JFK.DLL</PROCESS>
  17147. <PROCESS>QTUWKXU.DLL</PROCESS>
  17148. <PROCESS>HPAL.DLL</PROCESS>
  17149. <PROCESS>CDKP.DLL</PROCESS>
  17150. <PROCESS>IPAU32.DLL</PROCESS>
  17151. <PROCESS>MABUNXQM.DLL</PROCESS>
  17152. <PROCESS>MDIA.DLL</PROCESS>
  17153. <PROCESS>MMGY.DLL</PROCESS>
  17154. <PROCESS>WINDC.DLL</PROCESS>
  17155. <PROCESS>NETSK.DLL</PROCESS>
  17156. <PROCESS>AFMU.DLL</PROCESS>
  17157. <PROCESS>ZEAYQR.DLL</PROCESS>
  17158. <PROCESS>APPLM32.DLL</PROCESS>
  17159. <PROCESS>CLSC.DLL</PROCESS>
  17160. <PROCESS>LJJL.DLL</PROCESS>
  17161. <PROCESS>NPUIVZB.DLL</PROCESS>
  17162. <PROCESS>DGJELA.DLL</PROCESS>
  17163. <PROCESS>PCIKBC.DLL</PROCESS>
  17164. <PROCESS>CERBMOD.DLL</PROCESS>
  17165. <PROCESS>MSHNY.DLL</PROCESS>
  17166. <PROCESS>QWSXP.DLL</PROCESS>
  17167. <PROCESS>DVUTX.DLL</PROCESS>
  17168. <PROCESS>UNJPH.DLL</PROCESS>
  17169. <PROCESS>LCNH.DLL</PROCESS>
  17170. <PROCESS>BOLN.DLL</PROCESS>
  17171. <PROCESS>SDKCD.DLL</PROCESS>
  17172. <PROCESS>EGKJ.DLL</PROCESS>
  17173. <PROCESS>SFM.DLL</PROCESS>
  17174. <PROCESS>OMDA.DLL</PROCESS>
  17175. <PROCESS>NTZU.DLL</PROCESS>
  17176. <PROCESS>JAVAQR.DLL</PROCESS>
  17177. <PROCESS>IEKG32.DLL</PROCESS>
  17178. <PROCESS>USPSMX.DLL</PROCESS>
  17179. <PROCESS>AHAJ.DLL</PROCESS>
  17180. <PROCESS>MFCBI.DLL</PROCESS>
  17181. <PROCESS>VQXOLHRT.DLL</PROCESS>
  17182. <PROCESS>NAFJB.DLL</PROCESS>
  17183. <PROCESS>WINOQ32.DLL</PROCESS>
  17184. <PROCESS>MFCVV.DLL</PROCESS>
  17185. <PROCESS>ATLRS32.DLL</PROCESS>
  17186. <PROCESS>JAKD.DLL</PROCESS>
  17187. <PROCESS>3LPJI1NW.DLL</PROCESS>
  17188. <PROCESS>SDKRG32.DLL</PROCESS>
  17189. <PROCESS>WINJO.DLL</PROCESS>
  17190. <PROCESS>UJXMYWQ.DLL</PROCESS>
  17191. <PROCESS>EIS.DLL</PROCESS>
  17192. <PROCESS>FHBB.DLL</PROCESS>
  17193. <PROCESS>WUWECUNO.DLL</PROCESS>
  17194. <PROCESS>YKEZN.DLL</PROCESS>
  17195. <PROCESS>YNVXD.DLL</PROCESS>
  17196. <PROCESS>ZOOMGYM.DLL</PROCESS>
  17197. <PROCESS>YPJZFSVH.DLL</PROCESS>
  17198. <PROCESS>WUHXHTZX.DLL</PROCESS>
  17199. <PROCESS>WLXKSWZJ.DLL</PROCESS>
  17200. <PROCESS>OPUVJXF.DLL</PROCESS>
  17201. <PROCESS>IEDP.DLL</PROCESS>
  17202. <PROCESS>BNREC.DLL</PROCESS>
  17203. <PROCESS>GGGP.DLL</PROCESS>
  17204. <PROCESS>MJHKFA.DLL</PROCESS>
  17205. <PROCESS>ABE.DLL</PROCESS>
  17206. <PROCESS>AOVDPHEL.DLL</PROCESS>
  17207. <PROCESS>IJQ.DLL</PROCESS>
  17208. <PROCESS>FNOPJAA.DLL</PROCESS>
  17209. <PROCESS>SFCMAN32.DLL</PROCESS>
  17210. <PROCESS>GPAB.DLL</PROCESS>
  17211. <PROCESS>MPLN.DLL</PROCESS>
  17212. <PROCESS>BEFK.DLL</PROCESS>
  17213. <PROCESS>UVWCATEL.DLL</PROCESS>
  17214. <PROCESS>IOGA.DLL</PROCESS>
  17215. <PROCESS>JGBJ.DLL</PROCESS>
  17216. <PROCESS>LMHA.DLL</PROCESS>
  17217. <PROCESS>JBCK.DLL</PROCESS>
  17218. <PROCESS>MSBVZ.DLL</PROCESS>
  17219. <PROCESS>MSCAE.DLL</PROCESS>
  17220. <PROCESS>EKGDMD.DLL</PROCESS>
  17221. <PROCESS>DEIA.DLL</PROCESS>
  17222. <PROCESS>MIHAHGA.DLL</PROCESS>
  17223. <PROCESS>194FERH8.DLL</PROCESS>
  17224. <PROCESS>CRBN.DLL</PROCESS>
  17225. <PROCESS>ATLPM32.DLL</PROCESS>
  17226. <PROCESS>FKADICB.DLL</PROCESS>
  17227. <PROCESS>RTUEM.DLL</PROCESS>
  17228. <PROCESS>XFFFWDG.DLL</PROCESS>
  17229. <PROCESS>XRLVOHGJ.DLL</PROCESS>
  17230. <PROCESS>HLIJ.DLL</PROCESS>
  17231. <PROCESS>3VH1U0SG.DLL</PROCESS>
  17232. <PROCESS>6AJVYX9C.DLL</PROCESS>
  17233. <PROCESS>8DXV96YL.DLL</PROCESS>
  17234. <PROCESS>AAMGF.DLL</PROCESS>
  17235. <PROCESS>ADBLDAA.DLL</PROCESS>
  17236. <PROCESS>WPTUYI.DLL</PROCESS>
  17237. <PROCESS>SYSCT32.DLL</PROCESS>
  17238. <PROCESS>MSGHY.DLL</PROCESS>
  17239. <PROCESS>SYSLG32.DLL</PROCESS>
  17240. <PROCESS>IECO.DLL</PROCESS>
  17241. <PROCESS>BYXXEEC.DLL</PROCESS>
  17242. <PROCESS>D3YJ32.DLL</PROCESS>
  17243. <PROCESS>APIUZ32.DLL</PROCESS>
  17244. <PROCESS>APIWG32.DLL</PROCESS>
  17245. <PROCESS>TKVR.DLL</PROCESS>
  17246. <PROCESS>GLAEIKA.DLL</PROCESS>
  17247. <PROCESS>MMJCE.DLL</PROCESS>
  17248. <PROCESS>QGKD.DLL</PROCESS>
  17249. <PROCESS>ONDTJ.DLL</PROCESS>
  17250. <PROCESS>GWTPG.DLL</PROCESS>
  17251. <PROCESS>EPGFU.DLL</PROCESS>
  17252. <PROCESS>MSOVF.DLL</PROCESS>
  17253. <PROCESS>SDKON.DLL</PROCESS>
  17254. <PROCESS>IJDCFE.DLL</PROCESS>
  17255. <PROCESS>BHEDIIF.DLL</PROCESS>
  17256. <PROCESS>APIVM32.DLL</PROCESS>
  17257. <PROCESS>CGBBH.DLL</PROCESS>
  17258. <PROCESS>EQDHO.DLL</PROCESS>
  17259. <PROCESS>CNWBY.DLL</PROCESS>
  17260. <PROCESS>VLUPU.DLL</PROCESS>
  17261. <PROCESS>RDDUW.DLL</PROCESS>
  17262. <PROCESS>HEJHZ.DLL</PROCESS>
  17263. <PROCESS>GLQET.DLL</PROCESS>
  17264. <PROCESS>DZNNX.DLL</PROCESS>
  17265. <PROCESS>EKLG.DLL</PROCESS>
  17266. <PROCESS>UGCCMOTY.DLL</PROCESS>
  17267. <PROCESS>RRQTMNCV.DLL</PROCESS>
  17268. <PROCESS>LMBVYYPZ.DLL</PROCESS>
  17269. <PROCESS>IOPC.DLL</PROCESS>
  17270. <PROCESS>MSKCT.DLL</PROCESS>
  17271. <PROCESS>ENJD.DLL</PROCESS>
  17272. <PROCESS>DFEA.DLL</PROCESS>
  17273. <PROCESS>JOBO.DLL</PROCESS>
  17274. <PROCESS>EHLABA.DLL</PROCESS>
  17275. <PROCESS>IPOQ32.DLL</PROCESS>
  17276. <PROCESS>OLIH.DLL</PROCESS>
  17277. <PROCESS>YEMOL.DLL</PROCESS>
  17278. <PROCESS>IEMG32.DLL</PROCESS>
  17279. <PROCESS>SDKUE32.DLL</PROCESS>
  17280. <PROCESS>D3DK.DLL</PROCESS>
  17281. <PROCESS>YPEREY.DLL</PROCESS>
  17282. <PROCESS>NGSDOAS.DLL</PROCESS>
  17283. <PROCESS>KAY.DLL</PROCESS>
  17284. <PROCESS>KPIPMHC.DLL</PROCESS>
  17285. <PROCESS>OSKN.DLL</PROCESS>
  17286. <PROCESS>YYAQKGKI.DLL</PROCESS>
  17287. <PROCESS>UWUZOEUG.DLL</PROCESS>
  17288. <PROCESS>NKDRBPBC.DLL</PROCESS>
  17289. <PROCESS>JVRJDHEB.DLL</PROCESS>
  17290. <PROCESS>KZDTAOSQ.DLL</PROCESS>
  17291. <PROCESS>PUNVTPL.DLL</PROCESS>
  17292. <PROCESS>EECDGOD.DLL</PROCESS>
  17293. <PROCESS>IPUI.DLL</PROCESS>
  17294. <PROCESS>ADDYH.DLL</PROCESS>
  17295. <PROCESS>NTFO32.DLL</PROCESS>
  17296. <PROCESS>IZROZS.DLL</PROCESS>
  17297. <PROCESS>MSSCK.DLL</PROCESS>
  17298. <PROCESS>MSIJ.DLL</PROCESS>
  17299. <PROCESS>EPGYGYFX.DLL</PROCESS>
  17300. <PROCESS>GGFJ.DLL</PROCESS>
  17301. <PROCESS>NETIG.DLL</PROCESS>
  17302. <PROCESS>SYSAW32.DLL</PROCESS>
  17303. <PROCESS>YYX.DLL</PROCESS>
  17304. <PROCESS>NGCFBVFD.DLL</PROCESS>
  17305. <PROCESS>JFMBGEF.DLL</PROCESS>
  17306. <PROCESS>AGDA.DLL</PROCESS>
  17307. <PROCESS>APPGO32.DLL</PROCESS>
  17308. <PROCESS>V6APQFP1.DLL</PROCESS>
  17309. <PROCESS>AOID.DLL</PROCESS>
  17310. <PROCESS>AUHEFIM.DLL</PROCESS>
  17311. <PROCESS>GMAH.DLL</PROCESS>
  17312. <PROCESS>DEPF.DLL</PROCESS>
  17313. <PROCESS>FHAE.DLL</PROCESS>
  17314. <PROCESS>SBOV.DLL</PROCESS>
  17315. <PROCESS>FFSNZM.DLL</PROCESS>
  17316. <PROCESS>XWDIIFMC.DLL</PROCESS>
  17317. <PROCESS>VBTJAQOL.DLL</PROCESS>
  17318. <PROCESS>VTVEOBON.DLL</PROCESS>
  17319. <PROCESS>IEEL32.DLL</PROCESS>
  17320. <PROCESS>TBWUGCVM.DLL</PROCESS>
  17321. <PROCESS>BGEPRIUB.DLL</PROCESS>
  17322. <PROCESS>XLYOIFKR.DLL</PROCESS>
  17323. <PROCESS>QEUGQVJ.DLL</PROCESS>
  17324. <PROCESS>7MAV2Q71.DLL</PROCESS>
  17325. <PROCESS>8Q9SE91R.DLL</PROCESS>
  17326. <PROCESS>C0OWSGN2.DLL</PROCESS>
  17327. <PROCESS>BW3AMWYL.DLL</PROCESS>
  17328. <PROCESS>69KLV9NV.DLL</PROCESS>
  17329. <PROCESS>ONKDDD.DLL</PROCESS>
  17330. <PROCESS>STHP.DLL</PROCESS>
  17331. <PROCESS>FHIF.DLL</PROCESS>
  17332. <PROCESS>OIBLBM.DLL</PROCESS>
  17333. <PROCESS>IGNE.DLL</PROCESS>
  17334. <PROCESS>SDKQV.DLL</PROCESS>
  17335. <PROCESS>JAVAEL.DLL</PROCESS>
  17336. <PROCESS>JAVADL.DLL</PROCESS>
  17337. <PROCESS>GFEFB.DLL</PROCESS>
  17338. <PROCESS>JNIKGC.DLL</PROCESS>
  17339. <PROCESS>INBF.DLL</PROCESS>
  17340. <PROCESS>JAVAMW32.DLL</PROCESS>
  17341. <PROCESS>PNGNLE.DLL</PROCESS>
  17342. <PROCESS>PGAXNATV.DLL</PROCESS>
  17343. <PROCESS>HBRPPUOG.DLL</PROCESS>
  17344. <PROCESS>IHOF.DLL</PROCESS>
  17345. <PROCESS>MEDCC.DLL</PROCESS>
  17346. <PROCESS>EMDK.DLL</PROCESS>
  17347. <PROCESS>2NU0BQF6.DLL</PROCESS>
  17348. <PROCESS>421A1492.DLL</PROCESS>
  17349. <PROCESS>GS0H6CWF.DLL</PROCESS>
  17350. <PROCESS>ZTBOT.DLL</PROCESS>
  17351. <PROCESS>MFCUL32.DLL</PROCESS>
  17352. <PROCESS>DNGNGD.DLL</PROCESS>
  17353. <PROCESS>OIHB.DLL</PROCESS>
  17354. <PROCESS>2908YK0S.DLL</PROCESS>
  17355. <PROCESS>2OG4EMGL.DLL</PROCESS>
  17356. <PROCESS>7CQV7SNM.DLL</PROCESS>
  17357. <PROCESS>7H7K1O8A.DLL</PROCESS>
  17358. <PROCESS>KRLLYECOO.DLL</PROCESS>
  17359. <PROCESS>ILDNNTA.DLL</PROCESS>
  17360. <PROCESS>CRBY.DLL</PROCESS>
  17361. <PROCESS>NETCGF.DLL</PROCESS>
  17362. <PROCESS>DLQRJKSB.DLL</PROCESS>
  17363. <PROCESS>NHPK.DLL</PROCESS>
  17364. <PROCESS>EFMK.DLL</PROCESS>
  17365. <PROCESS>CPJE.DLL</PROCESS>
  17366. <PROCESS>YPJGZKJ.DLL</PROCESS>
  17367. <PROCESS>CDOSBYS.DLL</PROCESS>
  17368. <PROCESS>IJINCO.DLL</PROCESS>
  17369. <PROCESS>HONEIZK.DLL</PROCESS>
  17370. <PROCESS>NPOB.DLL</PROCESS>
  17371. <PROCESS>JGTR6Y46.DLL</PROCESS>
  17372. <PROCESS>IDVGBPAK.DLL</PROCESS>
  17373. <PROCESS>IOZKK.DLL</PROCESS>
  17374. <PROCESS>WJJTWT.DLL</PROCESS>
  17375. <PROCESS>SDKSV32.DLL</PROCESS>
  17376. <PROCESS>KDOF.DLL</PROCESS>
  17377. <PROCESS>BOY57W3E.DLL</PROCESS>
  17378. <PROCESS>OQMWQGQL.DLL</PROCESS>
  17379. <PROCESS>BJFDC.DLL</PROCESS>
  17380. <PROCESS>HOM.DLL</PROCESS>
  17381. <PROCESS>OA8ANFBF.DLL</PROCESS>
  17382. <PROCESS>NDJP.DLL</PROCESS>
  17383. <PROCESS>MSVZQ.DLL</PROCESS>
  17384. <PROCESS>DSKRFUOUI.DLL</PROCESS>
  17385. <PROCESS>HTASS.DLL</PROCESS>
  17386. <PROCESS>DBLD.DLL</PROCESS>
  17387. <PROCESS>MSW.DLL</PROCESS>
  17388. <PROCESS>SHMGT.DLL</PROCESS>
  17389. <PROCESS>KTWWK.DLL</PROCESS>
  17390. <PROCESS>LDCC.DLL</PROCESS>
  17391. <PROCESS>RBOOTVID.DLL</PROCESS>
  17392. <PROCESS>QHPLASNU.DLL</PROCESS>
  17393. <PROCESS>KEPK.DLL</PROCESS>
  17394. <PROCESS>HKJI.DLL</PROCESS>
  17395. <PROCESS>MFCFN32.DLL</PROCESS>
  17396. <PROCESS>ATWQIU.DLL</PROCESS>
  17397. <PROCESS>APIZG32.DLL</PROCESS>
  17398. <PROCESS>ATLWA.DLL</PROCESS>
  17399. <PROCESS>BCGE.DLL</PROCESS>
  17400. <PROCESS>BEAF.DLL</PROCESS>
  17401. <PROCESS>BEB.DLL</PROCESS>
  17402. <PROCESS>BEEEKA.DLL</PROCESS>
  17403. <PROCESS>BHN.DLL</PROCESS>
  17404. <PROCESS>BOCK.DLL</PROCESS>
  17405. <PROCESS>CEGUGEC.DLL</PROCESS>
  17406. <PROCESS>CEJD.DLL</PROCESS>
  17407. <PROCESS>CGGK.DLL</PROCESS>
  17408. <PROCESS>CGPFA.DLL</PROCESS>
  17409. <PROCESS>CHIOB.DLL</PROCESS>
  17410. <PROCESS>CHLB.DLL</PROCESS>
  17411. <PROCESS>CJKH.DLL</PROCESS>
  17412. <PROCESS>CJOKDBA.DLL</PROCESS>
  17413. <PROCESS>CLBED.DLL</PROCESS>
  17414. <PROCESS>CLGEIDA.DLL</PROCESS>
  17415. <PROCESS>CMLI.DLL</PROCESS>
  17416. <PROCESS>CMPBGK32.DLL</PROCESS>
  17417. <PROCESS>COGIBB.DLL</PROCESS>
  17418. <PROCESS>COP.DLL</PROCESS>
  17419. <PROCESS>JAVASP32.DLL</PROCESS>
  17420. <PROCESS>CRLB32.DLL</PROCESS>
  17421. <PROCESS>CRSN32.DLL</PROCESS>
  17422. <PROCESS>CUBA.DLL</PROCESS>
  17423. <PROCESS>D3MF32.DLL</PROCESS>
  17424. <PROCESS>D3ZK.DLL</PROCESS>
  17425. <PROCESS>D3ZQ32.DLL</PROCESS>
  17426. <PROCESS>DCBH.DLL</PROCESS>
  17427. <PROCESS>DGKMCCA.DLL</PROCESS>
  17428. <PROCESS>DIGBFYU.DLL</PROCESS>
  17429. <PROCESS>DIGEWOTK.DLL</PROCESS>
  17430. <PROCESS>DJKF.DLL</PROCESS>
  17431. <PROCESS>DKR.DLL</PROCESS>
  17432. <PROCESS>DMHO.DLL</PROCESS>
  17433. <PROCESS>DODJ.DLL</PROCESS>
  17434. <PROCESS>DPAN.DLL</PROCESS>
  17435. <PROCESS>DPP.DLL</PROCESS>
  17436. <PROCESS>DRBLDGRUTSH.DLL</PROCESS>
  17437. <PROCESS>EBFL.DLL</PROCESS>
  17438. <PROCESS>ECFPJA.DLL</PROCESS>
  17439. <PROCESS>EDC.DLL</PROCESS>
  17440. <PROCESS>EDI.DLL</PROCESS>
  17441. <PROCESS>EDKC.DLL</PROCESS>
  17442. <PROCESS>EEGXRTSC.DLL</PROCESS>
  17443. <PROCESS>EEIDMA.DLL</PROCESS>
  17444. <PROCESS>EEMBCJD.DLL</PROCESS>
  17445. <PROCESS>EHLL.DLL</PROCESS>
  17446. <PROCESS>EIOM.DLL</PROCESS>
  17447. <PROCESS>EKJB.DLL</PROCESS>
  17448. <PROCESS>EKJMDCC.DLL</PROCESS>
  17449. <PROCESS>EOMP.DLL</PROCESS>
  17450. <PROCESS>EPFM.DLL</PROCESS>
  17451. <PROCESS>ESMOM.DLL</PROCESS>
  17452. <PROCESS>FADO.DLL</PROCESS>
  17453. <PROCESS>FBGM.DLL</PROCESS>
  17454. <PROCESS>FDIA.DLL</PROCESS>
  17455. <PROCESS>FGSUSD.DLL</PROCESS>
  17456. <PROCESS>FIIL.DLL</PROCESS>
  17457. <PROCESS>FILO.DLL</PROCESS>
  17458. <PROCESS>FIS.DLL</PROCESS>
  17459. <PROCESS>FKEE.DLL</PROCESS>
  17460. <PROCESS>FMBGPL.DLL</PROCESS>
  17461. <PROCESS>FMDI.DLL</PROCESS>
  17462. <PROCESS>FOEMAJ.DLL</PROCESS>
  17463. <PROCESS>PGFC.DLL</PROCESS>
  17464. <PROCESS>FRM20ENU.DLL</PROCESS>
  17465. <PROCESS>FSMR.DLL</PROCESS>
  17466. <PROCESS>FSZYEBHW.DLL</PROCESS>
  17467. <PROCESS>FTBTVFAQ.DLL</PROCESS>
  17468. <PROCESS>GAPC.DLL</PROCESS>
  17469. <PROCESS>GBAAEL.DLL</PROCESS>
  17470. <PROCESS>GBKICN.DLL</PROCESS>
  17471. <PROCESS>GDDB.DLL</PROCESS>
  17472. <PROCESS>GHFC.DLL</PROCESS>
  17473. <PROCESS>GHNK.DLL</PROCESS>
  17474. <PROCESS>GLCFCA.DLL</PROCESS>
  17475. <PROCESS>GLOF.DLL</PROCESS>
  17476. <PROCESS>GOKI.DLL</PROCESS>
  17477. <PROCESS>GUEQX.DLL</PROCESS>
  17478. <PROCESS>GWLLMP.DLL</PROCESS>
  17479. <PROCESS>HACPBF.DLL</PROCESS>
  17480. <PROCESS>HDEM.DLL</PROCESS>
  17481. <PROCESS>HEDP.DLL</PROCESS>
  17482. <PROCESS>HEKN.DLL</PROCESS>
  17483. <PROCESS>HGLLI.DLL</PROCESS>
  17484. <PROCESS>HGRX.DLL</PROCESS>
  17485. <PROCESS>HHM.DLL</PROCESS>
  17486. <PROCESS>HICE.DLL</PROCESS>
  17487. <PROCESS>HKAJ.DLL</PROCESS>
  17488. <PROCESS>HKD.DLL</PROCESS>
  17489. <PROCESS>HMI.DLL</PROCESS>
  17490. <PROCESS>HMOZIJ.DLL</PROCESS>
  17491. <PROCESS>HZLPRRXT.DLL</PROCESS>
  17492. <PROCESS>IAAIWUN.DLL</PROCESS>
  17493. <PROCESS>ICCTRZ.DLL</PROCESS>
  17494. <PROCESS>IECW.DLL</PROCESS>
  17495. <PROCESS>IEEA.DLL</PROCESS>
  17496. <PROCESS>IEFQ32.DLL</PROCESS>
  17497. <PROCESS>IEIH.DLL</PROCESS>
  17498. <PROCESS>IEIS32.DLL</PROCESS>
  17499. <PROCESS>IESS32.DLL</PROCESS>
  17500. <PROCESS>IEYG32.DLL</PROCESS>
  17501. <PROCESS>IEZJ32.DLL</PROCESS>
  17502. <PROCESS>IFAHJDA.DLL</PROCESS>
  17503. <PROCESS>IGUN.DLL</PROCESS>
  17504. <PROCESS>IHIB.DLL</PROCESS>
  17505. <PROCESS>IIGH.DLL</PROCESS>
  17506. <PROCESS>IIH.DLL</PROCESS>
  17507. <PROCESS>IJBCOH.DLL</PROCESS>
  17508. <PROCESS>IJSZLKV.DLL</PROCESS>
  17509. <PROCESS>IKCGH.DLL</PROCESS>
  17510. <PROCESS>IMMH.DLL</PROCESS>
  17511. <PROCESS>IPEN.DLL</PROCESS>
  17512. <PROCESS>IPIH.DLL</PROCESS>
  17513. <PROCESS>JDFC.DLL</PROCESS>
  17514. <PROCESS>JDM.DLL</PROCESS>
  17515. <PROCESS>JEOJ.DLL</PROCESS>
  17516. <PROCESS>JGPL4H00.DLL</PROCESS>
  17517. <PROCESS>JIPF.DLL</PROCESS>
  17518. <PROCESS>JJAI.DLL</PROCESS>
  17519. <PROCESS>JJDIBDA.DLL</PROCESS>
  17520. <PROCESS>JJPO.DLL</PROCESS>
  17521. <PROCESS>JLCM.DLL</PROCESS>
  17522. <PROCESS>JODP.DLL</PROCESS>
  17523. <PROCESS>JOMA.DLL</PROCESS>
  17524. <PROCESS>JPIC.DLL</PROCESS>
  17525. <PROCESS>JZYBQWT.DLL</PROCESS>
  17526. <PROCESS>KBDK.DLL</PROCESS>
  17527. <PROCESS>KEDO.DLL</PROCESS>
  17528. <PROCESS>KGPF.DLL</PROCESS>
  17529. <PROCESS>KIBL.DLL</PROCESS>
  17530. <PROCESS>KJHIBICK.DLL</PROCESS>
  17531. <PROCESS>KKLC.DLL</PROCESS>
  17532. <PROCESS>KMKB.DLL</PROCESS>
  17533. <PROCESS>KPLPYQ.DLL</PROCESS>
  17534. <PROCESS>KSPM.DLL</PROCESS>
  17535. <PROCESS>LAAOYUM.DLL</PROCESS>
  17536. <PROCESS>LAFK.DLL</PROCESS>
  17537. <PROCESS>LEHE.DLL</PROCESS>
  17538. <PROCESS>PZKNY.DLL</PROCESS>
  17539. <PROCESS>WER3548.DLL</PROCESS>
  17540. <PROCESS>BDIEWQKC.DLL</PROCESS>
  17541. <PROCESS>AONGSEUN.DLL</PROCESS>
  17542. <PROCESS>AHPWCEPL.DLL</PROCESS>
  17543. <PROCESS>MSHUC.DLL</PROCESS>
  17544. <PROCESS>ZYAEZZBO.DLL</PROCESS>
  17545. <PROCESS>YLGCZ.DLL</PROCESS>
  17546. <PROCESS>XWLOJHBN.DLL</PROCESS>
  17547. <PROCESS>TEFXEFQI.DLL</PROCESS>
  17548. <PROCESS>QDNMPXME.DLL</PROCESS>
  17549. <PROCESS>QCGTHVRR.DLL</PROCESS>
  17550. <PROCESS>LYXRGVRS.DLL</PROCESS>
  17551. <PROCESS>LNDVALRG.DLL</PROCESS>
  17552. <PROCESS>ISXJYUFL.DLL</PROCESS>
  17553. <PROCESS>HRHDRBQU.DLL</PROCESS>
  17554. <PROCESS>FGRIQQMS.DLL</PROCESS>
  17555. <PROCESS>MFCTY32.DLL</PROCESS>
  17556. <PROCESS>HBAO.DLL</PROCESS>
  17557. <PROCESS>GPJ.DLL</PROCESS>
  17558. <PROCESS>BAPP.DLL</PROCESS>
  17559. <PROCESS>TFCLICK.DLL</PROCESS>
  17560. <PROCESS>AJHK.DLL</PROCESS>
  17561. <PROCESS>LNCD.DLL</PROCESS>
  17562. <PROCESS>NETBC32.DLL</PROCESS>
  17563. <PROCESS>FFHH.DLL</PROCESS>
  17564. <PROCESS>OFFC.DLL</PROCESS>
  17565. <PROCESS>REQ.DAT</PROCESS>
  17566. <PROCESS>IDAFBAA.DLL</PROCESS>
  17567. <PROCESS>GNLM.DLL</PROCESS>
  17568. <PROCESS>GOAH.DLL</PROCESS>
  17569. <PROCESS>T1T304R.DLL</PROCESS>
  17570. <PROCESS>O2DPBZ3.DLL</PROCESS>
  17571. <PROCESS>JOEJA.DLL</PROCESS>
  17572. <PROCESS>APPLL.DLL</PROCESS>
  17573. <PROCESS>ADDMU32.DLL</PROCESS>
  17574. <PROCESS>DKJD.DLL</PROCESS>
  17575. <PROCESS>FLFMDM.DLL</PROCESS>
  17576. <PROCESS>DBKF.DLL</PROCESS>
  17577. <PROCESS>WINLX32.DLL</PROCESS>
  17578. <PROCESS>MNGP.DLL</PROCESS>
  17579. <PROCESS>NTDI.DLL</PROCESS>
  17580. <PROCESS>SDKDK32.DLL</PROCESS>
  17581. <PROCESS>YHINUPXT.DLL</PROCESS>
  17582. <PROCESS>NAIG.DLL</PROCESS>
  17583. <PROCESS>UUWMN.DLL</PROCESS>
  17584. <PROCESS>ALGA.DLL</PROCESS>
  17585. <PROCESS>PTFBAC.DAT</PROCESS>
  17586. <PROCESS>DECL.DLL</PROCESS>
  17587. <PROCESS>IPVW32.DLL</PROCESS>
  17588. <PROCESS>IDLD.DLL</PROCESS>
  17589. <PROCESS>GIKC.DLL</PROCESS>
  17590. <PROCESS>NIDKBA.DLL</PROCESS>
  17591. <PROCESS>AEEO.DLL</PROCESS>
  17592. <PROCESS>AOSOPOB.DLL</PROCESS>
  17593. <PROCESS>BLK.DLL</PROCESS>
  17594. <PROCESS>EGDC.DLL</PROCESS>
  17595. <PROCESS>JLIG.DLL</PROCESS>
  17596. <PROCESS>MBBH.DLL</PROCESS>
  17597. <PROCESS>XCWYRO.DLL</PROCESS>
  17598. <PROCESS>WINEE.DLL</PROCESS>
  17599. <PROCESS>APPLR.DLL</PROCESS>
  17600. <PROCESS>LTMQXQCM.DLL</PROCESS>
  17601. <PROCESS>TUSCMOD.DLL</PROCESS>
  17602. <PROCESS>OLEACCHC.DLL</PROCESS>
  17603. <PROCESS>IWAUH.DLL</PROCESS>
  17604. <PROCESS>MSAJO.DLL</PROCESS>
  17605. <PROCESS>ARXOMLFP.DLL</PROCESS>
  17606. <PROCESS>JCDAPJ.DLL</PROCESS>
  17607. <PROCESS>JFIM.DLL</PROCESS>
  17608. <PROCESS>GHIE.DLL</PROCESS>
  17609. <PROCESS>QCQPSR.DLL</PROCESS>
  17610. <PROCESS>VZMTLP.DLL</PROCESS>
  17611. <PROCESS>MSJD.DLL</PROCESS>
  17612. <PROCESS>MBHD.DLL</PROCESS>
  17613. <PROCESS>MACJ.DLL</PROCESS>
  17614. <PROCESS>JTDGYQ.DLL</PROCESS>
  17615. <PROCESS>OBGOLJJ.DLL</PROCESS>
  17616. <PROCESS>ICKL.DLL</PROCESS>
  17617. <PROCESS>ATLMC.DLL</PROCESS>
  17618. <PROCESS>MONMGM.DLL</PROCESS>
  17619. <PROCESS>DFCDJDD.DLL</PROCESS>
  17620. </PROCESSLIST>
  17621. <CLSIDLIST>
  17622. <CLSID>{6AA93E57-E847-2CED-8753-60550DF17F49}</CLSID>
  17623. <CLSID>{F4B3567E-170E-BEAD-55E9-FF12B1A3AEB4}</CLSID>
  17624. <CLSID>{F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E}</CLSID>
  17625. <CLSID>{6157B08E-3BF8-9446-A991-A3FC7BC89E85}</CLSID>
  17626. <CLSID>{50C4E0A1-73F2-11D9-9924-0002E57311C8}</CLSID>
  17627. <CLSID>{29A50220-73F2-11D9-9924-00022AB5ED6C}</CLSID>
  17628. <CLSID>{3CCFB632-ADDA-4957-8C74-D9D1553901B8}</CLSID>
  17629. <CLSID>{11CEFA27-5AE9-46CB-B791-738C242B4761}</CLSID>
  17630. <CLSID>{A3E9059A-4253-4912-9585-878782F24B80}</CLSID>
  17631. <CLSID>{55955EDD-0121-4E62-AE7B-CB0FD092659D}</CLSID>
  17632. <CLSID>{BD125B49-882F-4FD9-8E92-9FBFA2AE0250}</CLSID>
  17633. <CLSID>{950C2918-C2AE-EC3B-70D0-F5A2DB7DE92F}</CLSID>
  17634. <CLSID>{B1E91D2A-1E7A-46FC-A680-EDBEF1D42EE4}</CLSID>
  17635. <CLSID>{447FBE80-C3FB-4835-9300-AFF7C6FB7939}</CLSID>
  17636. <CLSID>{58DF410E-9DC0-035F-0DAA-CFF9BEEF806E}</CLSID>
  17637. <CLSID>{5A21BC0B-AA89-4EC7-9365-82C7101731DC}</CLSID>
  17638. <CLSID>{4D512E7A-1BB0-4405-00B1-77335BD81BE7}</CLSID>
  17639. <CLSID>{00962F9C-E575-B58C-7B61-EADC4962B49B}</CLSID>
  17640. <CLSID>{4410D8C5-0277-7086-4641-DD5178D4D6ED}</CLSID>
  17641. <CLSID>{8B13D86A-93CA-4791-A652-54E2FE3428D7}</CLSID>
  17642. <CLSID>{3C2AFE68-6CCF-A502-CC72-418444664D7A}</CLSID>
  17643. <CLSID>{C964E137-AC20-F832-469A-869B7E738F46}</CLSID>
  17644. <CLSID>{8B59E7A0-74E8-11D9-94FD-0050FC97BE21}</CLSID>
  17645. <CLSID>{B9EFFEA4-AF76-9EE9-5DD8-18EFE60BA884}</CLSID>
  17646. <CLSID>{5C5AF1C1-7514-11D9-B92E-0080909E113E}</CLSID>
  17647. <CLSID>{494F9AA5-2482-47E6-86F3-4B8E32B07EB6}</CLSID>
  17648. <CLSID>{AFFEDC41-C8F0-42F4-90A0-1B502C0FDB87}</CLSID>
  17649. <CLSID>{112AD30F-2903-4D1A-B963-BCA8BC60F37D}</CLSID>
  17650. <CLSID>{37F6E521-7657-11D9-9D64-0004C2778B2B}</CLSID>
  17651. <CLSID>{51219589-FE9D-A7E2-3F0C-070910E5C08A}</CLSID>
  17652. <CLSID>{3AAD312F-B917-0FB6-8753-60550BF3794B}</CLSID>
  17653. <CLSID>{4F8DAAC2-370D-47F5-2974-38B60F1EF396}</CLSID>
  17654. <CLSID>{A6BACA21-D950-11D8-9F09-0001CCA0918D}</CLSID>
  17655. <CLSID>{E0DE07B5-173A-9E15-4265-8EB6D5A181DF}</CLSID>
  17656. <CLSID>{086FD2F9-26D5-4053-BDB6-EC3F1E673059}</CLSID>
  17657. <CLSID>{6518F4B3-A15F-E14C-71F3-61A49FC2A684}</CLSID>
  17658. <CLSID>{5664B81B-02FB-0A09-885C-2D27B0E3B8B3}</CLSID>
  17659. <CLSID>{407FFCD2-654F-817E-A2EE-B535B9FBC95D}</CLSID>
  17660. <CLSID>{C8BFB1F8-6B02-5880-8993-6C955AAC22D9}</CLSID>
  17661. <CLSID>{A3541D1C-ADF1-DE22-D969-FB1DF3134591}</CLSID>
  17662. <CLSID>{BDC4D804-63BC-533D-EC5E-4F76611D5097}</CLSID>
  17663. <CLSID>{9CAEB6DD-952A-4A3D-986F-54D42D7FE6E3}</CLSID>
  17664. <CLSID>{291E1ABA-FD5D-CBDD-0A40-8ECABAA19ECE}</CLSID>
  17665. <CLSID>{88AE5BAB-3DC7-9717-34AB-BAC95A1C967A}</CLSID>
  17666. <CLSID>{E3D0F46E-69AD-6B5F-DA5B-3EE6098E59B9}</CLSID>
  17667. <CLSID>{B4E11900-F830-4B94-A829-F33D13A017FF}</CLSID>
  17668. <CLSID>{0262ABF6-020B-49AD-ABAE-37B60D3740DE}</CLSID>
  17669. <CLSID>{13DF4125-BA16-7ABC-D50B-66550D807F3B}</CLSID>
  17670. <CLSID>{7442D39A-CCEA-4346-9A6C-7C5519D9886C}</CLSID>
  17671. <CLSID>{DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE}</CLSID>
  17672. <CLSID>{B4073A39-90F8-4BC2-8459-84CA81B45037}</CLSID>
  17673. <CLSID>{1A8DD8BA-3651-3785-2974-38B6091FF390}</CLSID>
  17674. <CLSID>{96D1DC36-35A0-3478-892B-4AE60EFE5FCF}</CLSID>
  17675. <CLSID>{49A74673-E914-0EBA-8720-10550DD22D6C}</CLSID>
  17676. <CLSID>{36802CAF-4935-6B33-1F9E-5464B4EF1A9E}</CLSID>
  17677. <CLSID>{4FAB4A29-9046-71CC-8020-17550EAE7E1E}</CLSID>
  17678. <CLSID>{A771213E-BCAA-47E6-BF98-36D9049B7ADF}</CLSID>
  17679. <CLSID>{19C15D9B-ED76-52EE-036B-5591AF55B4A5}</CLSID>
  17680. <CLSID>{B8A2CC57-5B90-2918-B25C-5A17206524C3}</CLSID>
  17681. <CLSID>{E390C857-0198-43B3-BD9C-63F6AFD8955F}</CLSID>
  17682. <CLSID>{FD9794E7-7653-4081-A684-9DF55F9A0B59}</CLSID>
  17683. <CLSID>{D97EF13D-5746-4EA8-AD5C-9EE95E60016F}</CLSID>
  17684. <CLSID>{B8A9A425-D3A7-4724-92D4-691BBB73159E}</CLSID>
  17685. <CLSID>{DD33DD18-4D26-B41E-13DA-43F55E371DD6}</CLSID>
  17686. <CLSID>{9FE58464-39D7-5B07-D21D-4B861E4822C1}</CLSID>
  17687. <CLSID>{5E1A8160-1AF5-1E7F-D6D8-1034E524B4CE}</CLSID>
  17688. <CLSID>{F80F1067-D3F2-DC77-D51B-8F1D806519B4}</CLSID>
  17689. <CLSID>{E45E706D-BDAF-8B0B-89DE-E2ABA9710591}</CLSID>
  17690. <CLSID>{EAA2B603-2ACB-7514-B02F-5A17226C24CF}</CLSID>
  17691. <CLSID>{1A68F868-8DB3-43BB-A0E8-E9E365244F72}</CLSID>
  17692. <CLSID>{095D1D61-4A5E-11EA-864B-00A0C1BB7308}</CLSID>
  17693. <CLSID>{124D0F11-4118-F197-B2B9-2911BC897B9D}</CLSID>
  17694. <CLSID>{77C3B296-B2C7-04D1-9FA9-344B470380E8}</CLSID>
  17695. <CLSID>{55E02D39-4AB0-4906-9ABF-179C5ECD5188}</CLSID>
  17696. <CLSID>{E6297A1C-B6AD-B056-DF8F-E3ABDB765096}</CLSID>
  17697. <CLSID>{0B9BEF6F-48A7-B4E4-9373-E344FC57DCEA}</CLSID>
  17698. <CLSID>{A455DF6A-761C-84AC-C452-CF3486D353ED}</CLSID>
  17699. <CLSID>{ABC9913D-53DC-6D09-D93D-79C54E7C10E1}</CLSID>
  17700. <CLSID>{943E6173-A0CE-FA3B-E06A-F87A94B20D92}</CLSID>
  17701. <CLSID>{B7B890C3-6D1A-B040-77E8-04DF4910E570}</CLSID>
  17702. <CLSID>{6AAB6B04-C415-7995-8652-64550DF12A4A}</CLSID>
  17703. <CLSID>{C344947C-6283-4D6C-81AB-761B69E29925}</CLSID>
  17704. <CLSID>{943D6C03-DDB3-CF31-B51A-8B7AE6B10D94}</CLSID>
  17705. <CLSID>{1DF3672F-CE61-41B7-8724-12550EA62C14}</CLSID>
  17706. <CLSID>{49D83270-C910-2FB2-8000-60557EF3731F}</CLSID>
  17707. <CLSID>{B74EDC98-383A-487C-863E-6359D052AEF4}</CLSID>
  17708. <CLSID>{8654B9C1-722B-11D9-918F-4445C9EE1796}</CLSID>
  17709. <CLSID>{0F9561D0-03B2-44A3-89A6-E95E417CBA25}</CLSID>
  17710. <CLSID>{7EB43794-8A80-4D4A-8773-EDDDDDE68E83}</CLSID>
  17711. <CLSID>{2F08EF03-8C25-44E3-A3B8-C3DC1D9D68AA}</CLSID>
  17712. <CLSID>{F9D5A275-18ED-693B-BFAD-106470DA1F92}</CLSID>
  17713. <CLSID>{053F9C62-52F7-072D-8C2D-2E27C391BCC7}</CLSID>
  17714. <CLSID>{594CDEF4-5CD7-4357-80FB-FC482E616A24}</CLSID>
  17715. <CLSID>{B75F75B8-93F3-429D-FF34-660B206D897A}</CLSID>
  17716. <CLSID>{928234F6-C5C4-2850-6A67-BFEE94276F48}</CLSID>
  17717. <CLSID>{F7AB9706-38AF-4272-97B4-E5060B46A00E}</CLSID>
  17718. <CLSID>{FFD08327-4A95-3210-B5D9-1B640CAA18E8}</CLSID>
  17719. <CLSID>{12FBE009-EFF0-45E9-B51E-BDE0C515A4A0}</CLSID>
  17720. <CLSID>{BA997092-5DFF-A91F-6516-A449FC336452}</CLSID>
  17721. <CLSID>{BA97183C-849F-18AC-10FF-F7B7B52D6B07}</CLSID>
  17722. <CLSID>{BDDABD52-6460-D76F-0078-B26F3AE89F02}</CLSID>
  17723. <CLSID>{091FB995-0A55-208D-2887-23879B83E9C8}</CLSID>
  17724. <CLSID>{A1E404E1-7C0B-11D9-918F-0002DF25BBA7}</CLSID>
  17725. <CLSID>{9CC8F542-1A40-D18B-FB14-9CD9B4908857}</CLSID>
  17726. <CLSID>{567403C8-7446-AA9B-9A5C-8F3AA61EBBEA}</CLSID>
  17727. <CLSID>{8C33D81A-6010-44E8-9A22-9B1890489E8E}</CLSID>
  17728. <CLSID>{9AC961A7-A241-83F3-5E89-D226FCF7B906}</CLSID>
  17729. <CLSID>{A8C8A388-61C0-F0D9-91D0-47615F2F6A9B}</CLSID>
  17730. <CLSID>{61B3DE01-7C3C-11D9-9B99-0080BF8F791A}</CLSID>
  17731. <CLSID>{2350F746-0B16-47B3-AE68-0DC2207CDD20}</CLSID>
  17732. <CLSID>{40D569C1-F9AA-178A-455D-97CE4369C208}</CLSID>
  17733. <CLSID>{13A1197C-ED6F-7DC0-D70F-62550DAB7047}</CLSID>
  17734. <CLSID>{046FB3C8-2805-20FF-2CF6-2387EBF8EAB9}</CLSID>
  17735. <CLSID>{5BCFFDC1-7C91-11D9-BA24-00D09297E28D}</CLSID>
  17736. <CLSID>{044FB2C1-0001-09FA-28F6-20879884BC9C}</CLSID>
  17737. <CLSID>{40FADE99-4C75-67D5-7873-3CB6091FF1CE}</CLSID>
  17738. <CLSID>{FDD5F477-40B8-4139-B7D3-1B6477AC4F9F}</CLSID>
  17739. <CLSID>{0FB221A9-2FB0-EFBC-F7D2-791B8A34B8AE}</CLSID>
  17740. <CLSID>{76EB40F5-0241-427F-D677-7046D166A069}</CLSID>
  17741. <CLSID>{F0813CD2-E65F-5132-5A80-86B9F32D6BC4}</CLSID>
  17742. <CLSID>{616BE3BB-5355-03D9-27E6-0495BFA58997}</CLSID>
  17743. <CLSID>{8977E004-7E92-11D9-A530-F3E7F25E3E0A}</CLSID>
  17744. <CLSID>{CA676071-A1C0-F214-B56D-F97AE5B10E94}</CLSID>
  17745. <CLSID>{9A5C98A1-7AB1-11D9-BF80-00309B5510D2}</CLSID>
  17746. <CLSID>{4EA93207-EF11-7A92-8753-605509A47F1E}</CLSID>
  17747. <CLSID>{87FA4641-E879-11D4-8DEA-0010233CE377}</CLSID>
  17748. <CLSID>{29C8B296-FAF9-4050-9029-AB958BF22EE4}</CLSID>
  17749. <CLSID>{AE59401B-FDF7-8C75-D919-8B1D8B1518C3}</CLSID>
  17750. <CLSID>{3BAA3C07-9416-0DE9-845A-61550DD72834}</CLSID>
  17751. <CLSID>{1DF43517-D8A9-842E-80BE-F40A7209F1CC}</CLSID>
  17752. <CLSID>{70FBC416-2AED-4941-A524-BFF1C2ADBFF2}</CLSID>
  17753. <CLSID>{939BA3C1-C6BB-41AB-9B2C-EA0F63A6E022}</CLSID>
  17754. <CLSID>{083EB09B-0859-2883-2EF0-23879EF9BCEA}</CLSID>
  17755. <CLSID>{398CF54E-72B6-49BB-B852-F6390069FCAD}</CLSID>
  17756. <CLSID>{D4B0DA86-7CC2-11D9-B29C-004014A24FFD}</CLSID>
  17757. <CLSID>{784DE198-5958-5E8B-2EF0-57879EF4BECF}</CLSID>
  17758. <CLSID>{FB350E21-7C26-11D9-9FEF-000475E40761}</CLSID>
  17759. <CLSID>{9FA30BD9-6EA9-6EDF-1A94-F9A250E63880}</CLSID>
  17760. <CLSID>{7F5C6F61-7ECD-11D9-8928-000B8DD97DEE}</CLSID>
  17761. <CLSID>{C4C627E1-7A85-11D9-87EA-00084B91431B}</CLSID>
  17762. <CLSID>{00DA2AA1-7D25-11D9-945D-00004A1981DB}</CLSID>
  17763. <CLSID>{114C48A0-7F55-11D9-A01F-00403123D67E}</CLSID>
  17764. <CLSID>{5BA26EE0-7E22-11D9-97C9-000629775C67}</CLSID>
  17765. <CLSID>{E0C70E40-6BB3-11D9-A13A-444553540000}</CLSID>
  17766. <CLSID>{091CCA41-4F50-11D9-A13A-44451FB0A1AE}</CLSID>
  17767. <CLSID>{5B12AE81-7F81-11D9-80A8-00406DDDD73C}</CLSID>
  17768. <CLSID>{AEAA9725-A1C0-4C71-813E-7B0A8DE3A765}</CLSID>
  17769. <CLSID>{049ACC99-8BBC-45B7-AE24-26DA49496E6A}</CLSID>
  17770. <CLSID>{4C18C706-3C9C-0A0E-75BD-8958BD9CD254}</CLSID>
  17771. <CLSID>{6AF005A3-AB9D-AA25-A620-35F3DD52A8B7}</CLSID>
  17772. <CLSID>{E98A61B1-1123-486F-96FD-FC0FEA8F5F25}</CLSID>
  17773. <CLSID>{756F39C8-AE2D-8EAC-5942-FBCACBD59DCE}</CLSID>
  17774. <CLSID>{E7E6FC79-319E-1766-E92D-3C7610635196}</CLSID>
  17775. <CLSID>{6E8E637F-E264-07E7-8751-65557EAC7536}</CLSID>
  17776. <CLSID>{91DA7281-BFB3-472C-9FAA-B5667F55ABC6}</CLSID>
  17777. <CLSID>{5B5C5C6E-2BFD-4297-AC5D-512C3653DB51}</CLSID>
  17778. <CLSID>{B6C3CB92-4733-474D-8934-A7D0C3BA5B95}</CLSID>
  17779. <CLSID>{0905A8B3-F94C-441B-82E3-0E454C301E21}</CLSID>
  17780. <CLSID>{295B737D-D10B-475B-980A-C32BC768C341}</CLSID>
  17781. <CLSID>{42D19966-7B46-11D9-B7C3-F82B9C753739}</CLSID>
  17782. <CLSID>{C4666B74-8697-A167-B56D-F97AE5B05C9D}</CLSID>
  17783. <CLSID>{29FA3F79-9F1D-8DF8-A459-FF49FD02FC72}</CLSID>
  17784. <CLSID>{6C83DF70-FF01-49FF-8BB8-1D80DB741C32}</CLSID>
  17785. <CLSID>{ADD48D06-9F2B-47E9-D513-4941C64B5868}</CLSID>
  17786. <CLSID>{2AF43CE3-5084-EDEA-E47E-202CDEEAFF2E}</CLSID>
  17787. <CLSID>{4CA0143C-FEFB-956A-879D-840A017BA6BE}</CLSID>
  17788. <CLSID>{B93A6A3D-9B7D-4B3D-F50A-8450933B13E9}</CLSID>
  17789. <CLSID>{47AEE64C-5AEA-4ED8-103A-64D56785E44D}</CLSID>
  17790. <CLSID>{4A5ABB53-102D-C19C-B368-482572DCB536}</CLSID>
  17791. <CLSID>{C6A8D11B-3BA5-330F-DA2B-3DE67C885FC8}</CLSID>
  17792. <CLSID>{2B606031-810B-11D9-A942-00C0FBFBB4DB}</CLSID>
  17793. <CLSID>{1E8C7F49-45E8-4861-875A-4D4728FCC01F}</CLSID>
  17794. <CLSID>{3CD76228-9E4B-7E98-D170-6C550DF47C3B}</CLSID>
  17795. <CLSID>{EDD5FF32-14A2-6F7E-8F5B-31E67C8F5AEF}</CLSID>
  17796. <CLSID>{B1DBFA33-43AD-6B7F-8D5B-31E67C8F5AEF}</CLSID>
  17797. <CLSID>{3ADC6E7E-CB43-789B-D770-6C550DF47D39}</CLSID>
  17798. <CLSID>{4D9F3B99-4C2C-4B83-AF52-D030E73E022E}</CLSID>
  17799. <CLSID>{D01EB607-FCB6-D9F9-F253-E432410DA962}</CLSID>
  17800. <CLSID>{3E2450C4-7F32-11D9-93E6-00E0644DBC8A}</CLSID>
  17801. <CLSID>{354BA804-7E0F-11D9-BE46-00D04A85E75E}</CLSID>
  17802. <CLSID>{EF3F1C7D-511A-0A1F-2915-8BF8D1F23F0D}</CLSID>
  17803. <CLSID>{1CA21262-A786-C308-80C8-F90A0479A69B}</CLSID>
  17804. <CLSID>{569A1484-6182-4CC7-AF83-8F9EF1585C20}</CLSID>
  17805. <CLSID>{79B38A76-EFF6-46BB-B3E0-1DEFAF2A8713}</CLSID>
  17806. <CLSID>{F7021607-4C75-4841-8622-6E8051437B8B}</CLSID>
  17807. <CLSID>{20F1FA89-12C8-4922-A5E5-8346B7C6C603}</CLSID>
  17808. <CLSID>{4E7861F2-6158-4871-BDD7-8AE076F1AA89}</CLSID>
  17809. <CLSID>{17223ACE-5BAA-4CE6-862E-6FDD1B24A6CE}</CLSID>
  17810. <CLSID>{7626F346-8956-4D15-86B6-4F16E39BF7A8}</CLSID>
  17811. <CLSID>{0A99795D-2295-4B5F-A819-AB587086F5C7}</CLSID>
  17812. <CLSID>{30A13D51-C235-009D-8357-65557FD52918}</CLSID>
  17813. <CLSID>{F4808A5F-43BB-1E38-B5DC-116477AC1BE5}</CLSID>
  17814. <CLSID>{39A83652-9315-08C1-8753-60550DF37F44}</CLSID>
  17815. <CLSID>{3BA50E07-81A5-11D9-A5C8-C0B6A2857B7B}</CLSID>
  17816. <CLSID>{CD1F8703-D1A5-4645-BA71-45E3C0773DF3}</CLSID>
  17817. <CLSID>{3B4B3573-62B1-4BC3-945A-BEF4E13C6EFB}</CLSID>
  17818. <CLSID>{485533D5-2F64-4C8A-A47E-4644C08C645D}</CLSID>
  17819. <CLSID>{3FB80C61-79DD-11D9-88C9-52545C26091D}</CLSID>
  17820. <CLSID>{E90C0AC2-F2C4-404A-B8EC-0ACC193FAB2F}</CLSID>
  17821. <CLSID>{1B849856-C2B0-C16F-7AA2-AF1A44A6BEDA}</CLSID>
  17822. <CLSID>{1C520161-6B1B-4DA3-97C4-767BDA8F680C}</CLSID>
  17823. <CLSID>{B25AE380-3C64-43B8-92DF-CD7DD0D31AFC}</CLSID>
  17824. <CLSID>{7239C462-6987-5177-AF61-FF4790041E7B}</CLSID>
  17825. <CLSID>{61D02CEC-F196-F016-A5EC-BFA68EABD7C3}</CLSID>
  17826. <CLSID>{3CA3E8B3-2AEC-D1BC-67A0-CAF0EFBE1257}</CLSID>
  17827. <CLSID>{634992CE-530F-0084-7A94-0195BDD78D93}</CLSID>
  17828. <CLSID>{A3DA8D74-3DBB-6B6A-B7D2-1B6406D94BC8}</CLSID>
  17829. <CLSID>{32D9302D-C715-58E7-D356-16550DDA2E18}</CLSID>
  17830. <CLSID>{723DB09A-5B54-27D8-28D7-5787EFF2B89E}</CLSID>
  17831. <CLSID>{64AAA8B9-3301-64A3-7A77-34B60916AA94}</CLSID>
  17832. <CLSID>{ADD20A4D-68D6-4F45-800A-5CFE51460871}</CLSID>
  17833. <CLSID>{5A31059B-0F8D-D477-A437-E63C01483CA4}</CLSID>
  17834. <CLSID>{05F1335B-D243-36F8-6815-765831B80108}</CLSID>
  17835. <CLSID>{EA111030-D94F-1D5C-556A-FC2C9C7B1225}</CLSID>
  17836. <CLSID>{8614147A-3326-1E0A-307E-1E042C6F4D5F}</CLSID>
  17837. <CLSID>{264EC04E-068F-085A-8A2C-2F27C190BC90}</CLSID>
  17838. <CLSID>{99602D4E-415A-41B7-B0D6-FFA28061CB4E}</CLSID>
  17839. <CLSID>{75ABCEA0-563C-8B9C-F538-83FF7C428B05}</CLSID>
  17840. <CLSID>{B01F41A6-DABC-F76F-4F6D-43DD757CDBEB}</CLSID>
  17841. <CLSID>{565D9CD0-2D1B-B265-3401-B4D542904CEA}</CLSID>
  17842. <CLSID>{335989CB-3D81-4355-BE55-36B697A4B42D}</CLSID>
  17843. <CLSID>{C68083B0-5654-4D39-8C45-C6D55D38A400}</CLSID>
  17844. <CLSID>{3C6C7E8D-FEFE-4871-8C1C-B371FFEA69CD}</CLSID>
  17845. <CLSID>{842CA3F4-39A8-4F80-0000-000005000000}</CLSID>
  17846. <CLSID>{C43DA601-82E0-11D9-AD64-00E069C67A48}</CLSID>
  17847. <CLSID>{ADDF5F06-3DE4-A41D-5C13-3EAAF30B1F46}</CLSID>
  17848. <CLSID>{143EBC15-4991-A934-4980-E36A6603389A}</CLSID>
  17849. <CLSID>{68AB442A-B040-249F-8553-665578807A4D}</CLSID>
  17850. <CLSID>{34DA8BE2-6225-41AC-5135-3936269FFFE6}</CLSID>
  17851. <CLSID>{4A122419-42C7-47AD-B04D-6614C4DBF479}</CLSID>
  17852. <CLSID>{F7624004-C5C6-4AFD-88E8-96B59C55686E}</CLSID>
  17853. <CLSID>{B9EE66CA-433D-7E40-0E41-7DBE07FC4F7A}</CLSID>
  17854. <CLSID>{DA2B0294-405D-4DDB-886D-CE7FB1C64EAC}</CLSID>
  17855. <CLSID>{B3137401-7CBD-11D9-B51D-0011DA434A24}</CLSID>
  17856. <CLSID>{C29C4257-EDF3-828C-A74B-5F7D42A5857E}</CLSID>
  17857. <CLSID>{0711E541-84E9-11D9-8B7B-0040F24BF2DB}</CLSID>
  17858. <CLSID>{98BF8381-818D-11D9-971B-0000659BD7B3}</CLSID>
  17859. <CLSID>{419FB9C1-85B2-11D9-926C-000E9D0DF297}</CLSID>
  17860. <CLSID>{49AE392C-E232-7DB9-D350-635579D1781D}</CLSID>
  17861. <CLSID>{45806737-ACA8-F471-8798-F80A077AA697}</CLSID>
  17862. <CLSID>{0748F3D9-FF80-F399-5BB6-5ABE96DD3789}</CLSID>
  17863. <CLSID>{8E4998A4-EA7B-FD82-97E1-E20AEAECC8EA}</CLSID>
  17864. <CLSID>{17A7025D-0FF4-4B56-A6DA-271B5926B387}</CLSID>
  17865. <CLSID>{766F9B61-B64F-B399-53BC-66C5E6321C5B}</CLSID>
  17866. <CLSID>{A239FBA0-336B-6950-33E5-99BF5E8FC916}</CLSID>
  17867. <CLSID>{6AED511E-C9F0-1172-4A44-AC98A87BCFB1}</CLSID>
  17868. <CLSID>{488C0A78-6289-11C9-27D7-980D41896737}</CLSID>
  17869. <CLSID>{D5F68207-6BCE-4E64-E4D9-156406DF4FEE}</CLSID>
  17870. <CLSID>{BF7C12FD-2B08-49EC-BEBF-03D74FF6CBC1}</CLSID>
  17871. <CLSID>{E52CA22F-C32D-4FE7-BF8E-80ABDAF2FE69}</CLSID>
  17872. <CLSID>{42F5ACC4-78E9-47A3-BC6D-D88777956813}</CLSID>
  17873. <CLSID>{2B450E7F-3D1F-451E-AB30-3C154DF779C0}</CLSID>
  17874. <CLSID>{F1F78D9D-98CA-4CA9-A6FB-EBC630328CF0}</CLSID>
  17875. <CLSID>{2DBBD141-107F-483A-B96E-3E88C8CAEA29}</CLSID>
  17876. <CLSID>{6EF93456-E84F-2ECA-D303-165505F47D4E}</CLSID>
  17877. <CLSID>{4CEAEA22-8990-11D9-902B-E5CD1906C12A}</CLSID>
  17878. <CLSID>{DBE8F2CB-88A8-11D9-8D31-000234D7862A}</CLSID>
  17879. <CLSID>{431CC981-88F7-11D9-93A7-44458ED3802A}</CLSID>
  17880. <CLSID>{81987654-9403-AFD0-0AE8-55FE907D9846}</CLSID>
  17881. <CLSID>{9A735E65-B77E-83B5-E2CE-86A183CD727B}</CLSID>
  17882. <CLSID>{1A013D1B-37FD-F86D-9AB8-07151F1653C2}</CLSID>
  17883. <CLSID>{73498A5C-3FBD-4F61-983B-C13FBC682C2F}</CLSID>
  17884. <CLSID>{F91F5254-5D7D-414A-ABC1-6ED8B94C2522}</CLSID>
  17885. <CLSID>{8195B0AF-FA3E-4F2C-8A59-01AA63D85C21}</CLSID>
  17886. <CLSID>{EFBC97F2-4308-C0B5-9CAA-B092559036A9}</CLSID>
  17887. <CLSID>{BFED1A66-89A0-11D9-96E8-009084075CD8}</CLSID>
  17888. <CLSID>{B3E1E7A0-D1B5-BFDF-66FC-5A56979BBFF1}</CLSID>
  17889. <CLSID>{6940B362-1D9D-A566-09F2-F2DAC9B11F69}</CLSID>
  17890. <CLSID>{2253F7B3-7251-4F24-AC6C-92C7F73342EF}</CLSID>
  17891. <CLSID>{981F2FDD-5264-45A6-8EA4-FBE582D0F12D}</CLSID>
  17892. <CLSID>{DD5245AF-7BAD-4923-B5CA-92069279A4F4}</CLSID>
  17893. <CLSID>{C9B55F8A-6C8E-4BF8-8062-F63A11E1CD24}</CLSID>
  17894. <CLSID>{C52CBAEC-D969-4635-9F50-426CC15CE463}</CLSID>
  17895. <CLSID>{5C213EFE-855C-440C-88AB-EC9EA8976E4D}</CLSID>
  17896. <CLSID>{37DB6B02-BE35-73B8-D171-625505F3736A}</CLSID>
  17897. <CLSID>{85E56198-1317-4AA3-031F-529D9C16FA79}</CLSID>
  17898. <CLSID>{98F27BA1-74AE-11D9-A856-00409B8DCB14}</CLSID>
  17899. <CLSID>{41D5B50A-FC48-4E14-8D21-3AA56441BD21}</CLSID>
  17900. <CLSID>{3928A8CC-E531-42C0-9810-0ED36F59241A}</CLSID>
  17901. <CLSID>{2EB93899-8085-470F-9137-FE65A0033418}</CLSID>
  17902. <CLSID>{27449403-5B8F-40C4-9CAC-0283D71BD6A5}</CLSID>
  17903. <CLSID>{175863E5-AC7C-4A60-9992-B65EC2FA7949}</CLSID>
  17904. <CLSID>{02BB892E-59FC-4236-AEE7-4A87A8A67573}</CLSID>
  17905. <CLSID>{00C15FAB-BA01-4302-9880-9F456C2E192F}</CLSID>
  17906. <CLSID>{069EEF0A-7FC9-054C-CF6E-2AA71D4BC690}</CLSID>
  17907. <CLSID>{59AC6BEF-5B61-2B7A-2C62-D55A9708772D}</CLSID>
  17908. <CLSID>{E9590744-812B-46C3-96EB-33212855927D}</CLSID>
  17909. <CLSID>{220EC580-374F-3A90-2464-711FF00D1E4C}</CLSID>
  17910. <CLSID>{195E1F1A-2542-4FDC-A2AC-A87115792D55}</CLSID>
  17911. <CLSID>{8C0AF2A1-F254-4419-85A9-682E2A3E4865}</CLSID>
  17912. <CLSID>{1D1D6221-8A97-11D9-8CE3-44450778E5ED}</CLSID>
  17913. <CLSID>{FBBB045C-E6E3-BD6D-B88B-969B1EA838E5}</CLSID>
  17914. <CLSID>{79F50FB9-8139-4979-A167-BF8068737FAB}</CLSID>
  17915. <CLSID>{2643D327-8F3B-4CBA-B5EF-DB7F923EB1C2}</CLSID>
  17916. <CLSID>{01BBBB7E-0FBB-0C60-986B-2DA7194ACEC3}</CLSID>
  17917. <CLSID>{7CFAB12A-B8CF-4E70-9EBE-1650A26CA7D2}</CLSID>
  17918. <CLSID>{1B6E56C8-6E34-4841-8C56-09A9B8AC2FE8}</CLSID>
  17919. <CLSID>{B0CAE7AA-E101-AC62-6287-D0563BD86527}</CLSID>
  17920. <CLSID>{3CF95C56-AC24-4F8A-AB34-EDDD00D8327E}</CLSID>
  17921. <CLSID>{3A8D6322-EC12-59B7-8154-67550F877E4B}</CLSID>
  17922. <CLSID>{660FEFD2-4306-0622-B7AB-060F0FC94E20}</CLSID>
  17923. <CLSID>{83E13EBF-10D2-4117-BB36-F8152A4119EE}</CLSID>
  17924. <CLSID>{2F54FA08-E35B-436C-BB07-153B7BBE6C44}</CLSID>
  17925. <CLSID>{1668EDEC-0754-0586-2FE0-0495CCD4899F}</CLSID>
  17926. <CLSID>{E6AC4E23-7870-456A-B30E-37A5D92A9C7E}</CLSID>
  17927. <CLSID>{4C6AB1F0-09BA-4C3A-B50C-8AC502F87FD1}</CLSID>
  17928. <CLSID>{B85054BD-AB2C-4010-B7C6-88DF1B35633E}</CLSID>
  17929. <CLSID>{668A22E6-9297-418F-9F4E-D95AFAB9A889}</CLSID>
  17930. <CLSID>{F0875B2C-FFE1-4117-A0CA-F40036D308C5}</CLSID>
  17931. <CLSID>{E455FC2C-9D3D-4604-8990-DFEE8ADBAC40}</CLSID>
  17932. <CLSID>{5699343D-5DEE-4463-89AE-7520351F443E}</CLSID>
  17933. <CLSID>{FB018033-9F4E-46AA-98AB-7BDAB6828CB4}</CLSID>
  17934. <CLSID>{9E6EC32A-7C19-4409-99E8-FC980BCDAF26}</CLSID>
  17935. <CLSID>{8A4FE39A-BAF0-4145-BF5C-817C52460DA8}</CLSID>
  17936. <CLSID>{4B57B77A-B130-4EB8-8CFB-42B880F6D311}</CLSID>
  17937. <CLSID>{83B841B8-7772-4FDA-8E8B-16AD2F31424D}</CLSID>
  17938. <CLSID>{9ADC5BE1-EE74-49AD-B429-E1F82A50B60D}</CLSID>
  17939. <CLSID>{E4E5CB5D-7066-4C06-89AB-DC14EA10DC43}</CLSID>
  17940. <CLSID>{394D77F0-9288-4446-B4A8-34D3B2BFC1A5}</CLSID>
  17941. <CLSID>{69A24F29-9719-26E3-D054-12550DAF761B}</CLSID>
  17942. <CLSID>{0421E314-7885-423A-A48F-64DC963EACBF}</CLSID>
  17943. <CLSID>{0003160C-D554-4F0C-AB13-3D5B2AA9DF29}</CLSID>
  17944. <CLSID>{824F961E-C514-D0CC-4C64-4BFCDECFF74D}</CLSID>
  17945. <CLSID>{1FFF365C-B165-02C4-800A-625578D52A6D}</CLSID>
  17946. <CLSID>{147910CC-E564-44A8-2EDA-3D0FCD283F61}</CLSID>
  17947. <CLSID>{9E341BFC-A0E5-ADF4-05C5-F84E4309D3C0}</CLSID>
  17948. <CLSID>{866CFC41-7EDA-11D9-B5B7-0010D32BB654}</CLSID>
  17949. <CLSID>{22E43A5D-E5BE-480D-BB37-A083289A0B9B}</CLSID>
  17950. <CLSID>{478C20EA-F80C-4A54-B6F9-03F77029627B}</CLSID>
  17951. <CLSID>{F0B26941-5127-48B0-B6B5-6F97CDD27CF9}</CLSID>
  17952. <CLSID>{4A3A6FD3-7FCC-4D97-AE53-BE9E6B59F9F3}</CLSID>
  17953. <CLSID>{A31BEA24-0970-4DB2-A5AF-0DF6AB338E4D}</CLSID>
  17954. <CLSID>{CB005C89-861B-DFBB-3803-63A6B901C038}</CLSID>
  17955. <CLSID>{7995F079-1917-4A0E-9F65-4026AED49478}</CLSID>
  17956. <CLSID>{20940C67-4611-4DA6-BC12-E8AC647E40F3}</CLSID>
  17957. <CLSID>{A324BFA1-2E56-11D9-86D6-44456D775C15}</CLSID>
  17958. <CLSID>{DAC595C2-8373-11D9-952F-000B2385A1C0}</CLSID>
  17959. <CLSID>{4FAF19C1-7FF9-11D9-BD2C-4445E275978F}</CLSID>
  17960. <CLSID>{8860C6C0-E7FD-4B0B-AD2C-188DF74D177B}</CLSID>
  17961. <CLSID>{9A94E1DC-F946-4A12-9B00-1099C720E3D5}</CLSID>
  17962. <CLSID>{B7100AC1-7EE6-11D9-A9BD-0005B397DF28}</CLSID>
  17963. <CLSID>{888D65AC-3E2F-41B2-ACE4-DF59C4ACDFD3}</CLSID>
  17964. <CLSID>{92904081-7DFF-11D9-B341-0010FC4683BE}</CLSID>
  17965. <CLSID>{73CDA283-D594-4529-9E74-821EC6ACFB18}</CLSID>
  17966. <CLSID>{98F5510E-7F52-11D9-95B5-00606A510EA0}</CLSID>
  17967. <CLSID>{FBD81690-0049-43CC-A0CF-88EDF2B327D1}</CLSID>
  17968. <CLSID>{039B7C13-F237-757B-D633-29FC992B6EB7}</CLSID>
  17969. <CLSID>{127B258A-8F8E-75B6-D538-4A7711988318}</CLSID>
  17970. <CLSID>{12869A5D-0FF9-B9AA-8BD8-9337FB04C5C6}</CLSID>
  17971. <CLSID>{18D84158-EB3F-2FBC-DD76-64557CF6284F}</CLSID>
  17972. <CLSID>{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453}</CLSID>
  17973. <CLSID>{C375DE0D-F4D5-D76E-F451-DC7FECE368E5}</CLSID>
  17974. <CLSID>{3EAC3BA5-7412-4A8A-1395-BE66BF71FF3C}</CLSID>
  17975. <CLSID>{5CE8DB16-81F8-4F3E-81BB-6BBFD48F01CE}</CLSID>
  17976. <CLSID>{332D2D80-7F6A-11D9-8347-00D095AA8CA9}</CLSID>
  17977. <CLSID>{3AF96374-E316-2C9F-D02F-60557CF4296A}</CLSID>
  17978. <CLSID>{1AA2655F-E113-0ECD-D124-60557BD22C39}</CLSID>
  17979. <CLSID>{2CDF312F-CC0A-4C89-B290-79523D6CA350}</CLSID>
  17980. <CLSID>{97636708-84CE-8518-B51D-897A97B90D95}</CLSID>
  17981. <CLSID>{69007FC1-426B-43F0-881A-914F5275A6A3}</CLSID>
  17982. <CLSID>{62D6EE74-0762-4484-A5DA-81D950039E3C}</CLSID>
  17983. <CLSID>{8AEE093E-C4E8-4D6D-A0E5-FFFA7048691A}</CLSID>
  17984. <CLSID>{32E9DE3D-45DA-1B7C-FD59-1A943A98D9C2}</CLSID>
  17985. <CLSID>{D318D87E-9723-4621-AF8C-D0B718B2BB15}</CLSID>
  17986. <CLSID>{CF23C4C3-25B2-4C9A-994F-ECFDB4FCB341}</CLSID>
  17987. <CLSID>{1FEB2691-57CB-4248-98FD-2BF75D80E3A3}</CLSID>
  17988. <CLSID>{4D8A3271-909A-4EC4-939C-53C5D5DD491A}</CLSID>
  17989. <CLSID>{9FAD9355-C258-432E-8195-6DC787B3713F}</CLSID>
  17990. <CLSID>{52280387-2454-4EAA-8DD3-A19214A8A417}</CLSID>
  17991. <CLSID>{16CE442F-D323-6DD7-24B3-A7113B2DD0D7}</CLSID>
  17992. <CLSID>{20BF6E6E-151C-4C10-B446-D38DEDFDFD77}</CLSID>
  17993. <CLSID>{029EA649-3C78-4007-B6E4-EAB653E87B16}</CLSID>
  17994. <CLSID>{B162077F-5B58-4C41-A009-BBE4408D1EFF}</CLSID>
  17995. <CLSID>{F469F2E6-625A-4FD5-9F42-8E9A7E9E9BE5}</CLSID>
  17996. <CLSID>{9A14D2A4-2ED6-4817-A259-8A9A06292837}</CLSID>
  17997. <CLSID>{2AF7008F-9548-474C-8047-7E98430F35E3}</CLSID>
  17998. <CLSID>{3658EC0B-1264-4D67-B7D0-2BD9CE727828}</CLSID>
  17999. <CLSID>{42465E69-7C0C-11D9-B2F7-000282EED717}</CLSID>
  18000. <CLSID>{AB7BE063-09F0-7A0C-8090-76A2AAF567C4}</CLSID>
  18001. <CLSID>{9E033869-0861-444E-8974-DB23D13DB36C}</CLSID>
  18002. <CLSID>{5F7CD761-7E79-11D9-80B1-444506359E1E}</CLSID>
  18003. <CLSID>{E79689C4-D7EB-471F-BC35-8086E7683139}</CLSID>
  18004. <CLSID>{11EF0C25-495F-482E-86B2-1B2AADB69936}</CLSID>
  18005. <CLSID>{C6078C36-A0CC-4345-8459-74CD0997563C}</CLSID>
  18006. <CLSID>{BCEA8CE5-2C72-418D-BDEF-69DFE81C71FB}</CLSID>
  18007. <CLSID>{B06C6179-D7CC-813A-E864-F87AE5C00DE7}</CLSID>
  18008. <CLSID>{43EAC0F6-F5E9-48E3-BBAF-ED6F327ACAA7}</CLSID>
  18009. <CLSID>{6FD495B1-83FE-48A8-8DCB-71F556CACE33}</CLSID>
  18010. <CLSID>{810975B8-C933-46E8-A3C6-0832CE1F31D3}</CLSID>
  18011. <CLSID>{2EAA5D0D-BF9E-40E5-9086-828514DE12F1}</CLSID>
  18012. <CLSID>{0AB58E3F-F8AF-473A-A902-B1A6348B9532}</CLSID>
  18013. <CLSID>{F450B3A7-9634-465B-80D4-73DDD0E91D89}</CLSID>
  18014. <CLSID>{6FAC3D08-9844-5BEC-800B-61550D827368}</CLSID>
  18015. <CLSID>{B462690F-F4CD-851F-E46D-8E7AECC50D9A}</CLSID>
  18016. <CLSID>{27EBAC92-16AD-40B6-FCB6-69873718E764}</CLSID>
  18017. <CLSID>{EED243BA-DDDA-4AA3-BE91-DF611D4F0483}</CLSID>
  18018. <CLSID>{6AC19941-FB45-45A3-960F-5D157DBE80B8}</CLSID>
  18019. <CLSID>{1B834288-F0D3-4D83-A821-EE18CDF12E6B}</CLSID>
  18020. <CLSID>{A22E5FC6-5624-41AC-9C3F-5F02A2CDEDE4}</CLSID>
  18021. <CLSID>{7F2111F0-F0F8-4421-A2AB-CC1012ABB8D3}</CLSID>
  18022. <CLSID>{8500E0C8-DAA0-40C9-9DA4-E4B90CD94D99}</CLSID>
  18023. <CLSID>{063F55CE-7E14-11D9-A7EB-00104E7F3908}</CLSID>
  18024. <CLSID>{418243C8-5F87-48B1-8036-D452950AEFBC}</CLSID>
  18025. <CLSID>{C1A68492-A438-422D-92C1-0BEC45FB8BEB}</CLSID>
  18026. <CLSID>{47D6F899-3E03-33D3-2B02-38B67819F1B2}</CLSID>
  18027. <CLSID>{B0F8ED77-09CA-0317-B32A-2A17226524BB}</CLSID>
  18028. <CLSID>{9D793B22-D65C-4814-B30D-BA8A2E93CDF6}</CLSID>
  18029. <CLSID>{6DC73D7C-E2DB-4DA7-BACE-3B9897F457A3}</CLSID>
  18030. <CLSID>{40879671-0A81-4EB9-8C3D-FF732AF7F972}</CLSID>
  18031. <CLSID>{182BAFE1-A2F1-11D2-AAD8-0002F5FCDDA9}</CLSID>
  18032. <CLSID>{1261EE41-6FFF-43BA-B0B8-EA4772BC3B11}</CLSID>
  18033. <CLSID>{32FB460C-B613-5E96-875E-625504A07C43}</CLSID>
  18034. <CLSID>{54C1BBB1-B2A1-46C5-B873-6C0F684733AD}</CLSID>
  18035. <CLSID>{43BBE4C6-9DC8-4FEA-9833-DE1DE38434C7}</CLSID>
  18036. <CLSID>{F381F3C3-7E4A-11D9-AAF0-00061DF36195}</CLSID>
  18037. <CLSID>{7538B2E5-0928-53DF-2C8A-26879F86BFEE}</CLSID>
  18038. <CLSID>{83ADB839-3EE3-0638-A018-09CB4CB877FF}</CLSID>
  18039. <CLSID>{16AE3650-B010-1DB8-8751-67557BAE294E}</CLSID>
  18040. <CLSID>{BEFC8DC6-B034-0798-C28C-7610F76DAFF8}</CLSID>
  18041. <CLSID>{89380295-C270-B0DD-D89F-B5C4DCF0929A}</CLSID>
  18042. <CLSID>{E56B4F7A-D490-FA1A-E864-8B7AE0C25CC6}</CLSID>
  18043. <CLSID>{05429DE5-9AEC-4A99-3592-2D986ECF6294}</CLSID>
  18044. <CLSID>{13DFFD82-94B1-31CB-5C0B-300B9E37563F}</CLSID>
  18045. <CLSID>{FE20707E-55DD-02AB-49D8-AE6258A0B4A7}</CLSID>
  18046. <CLSID>{21ACF30C-FA9A-4310-BC04-91E36A40F646}</CLSID>
  18047. <CLSID>{3A140E08-C802-67B8-809D-CF1DF9C20041}</CLSID>
  18048. <CLSID>{9B27E389-B149-C2C8-758A-5712FE0B7F18}</CLSID>
  18049. <CLSID>{302BD18C-5709-F540-1484-1D5734FA8BCE}</CLSID>
  18050. <CLSID>{F4991605-C957-0BAE-49B7-A7115B539ABB}</CLSID>
  18051. <CLSID>{7A2D6053-E475-4884-BDC9-802D1DB4D423}</CLSID>
  18052. <CLSID>{F1DEF624-6BE4-133F-B5DC-676405AC1B92}</CLSID>
  18053. <CLSID>{60858031-4631-466C-BDEE-6D13568E9E6C}</CLSID>
  18054. <CLSID>{9992B161-7F71-11D9-9436-000283AD3776}</CLSID>
  18055. <CLSID>{84977702-8CCD-4D87-8086-2FB364B6B670}</CLSID>
  18056. <CLSID>{75982578-18B2-43CC-82AB-CB23091A460A}</CLSID>
  18057. <CLSID>{626A9896-5053-75FA-2BE1-7195BFA3DC91}</CLSID>
  18058. <CLSID>{0B5A7A02-0897-4046-87C2-7A13FF8E4AEE}</CLSID>
  18059. <CLSID>{93B3667E-CBAA-4151-91E7-391006CB7B18}</CLSID>
  18060. <CLSID>{B32DCFA1-7F77-11D9-8710-0005E88A82C4}</CLSID>
  18061. <CLSID>{FEE2A97E-C8C2-A677-8AF0-992DD76300B4}</CLSID>
  18062. <CLSID>{A82E8761-E065-4C4E-A413-3CBD372C79DC}</CLSID>
  18063. <CLSID>{ECAD82D5-5DD7-4988-8EDF-31DE55E185B8}</CLSID>
  18064. <CLSID>{62261700-8D4A-11D9-97AF-000F1CBF36FA}</CLSID>
  18065. <CLSID>{DA89C887-0D74-4299-A5B3-0A17FF180617}</CLSID>
  18066. <CLSID>{D027919D-5E0C-4E0E-94F4-E42267EDA96F}</CLSID>
  18067. <CLSID>{E95072B8-EEA7-4890-B8F8-EC131536B77E}</CLSID>
  18068. <CLSID>{18602A14-7CCB-4ABA-AB4B-CE4A95161D3B}</CLSID>
  18069. <CLSID>{483DBF0F-B0D5-4888-A3FE-1B645E4529A7}</CLSID>
  18070. <CLSID>{A66AB471-FF75-44C7-8775-1438042DCAE4}</CLSID>
  18071. <CLSID>{6DBD1FA1-837A-11D9-9AB9-00D09BFA0B6C}</CLSID>
  18072. <CLSID>{A1B6E34D-9D16-4F38-B17A-2449786B2172}</CLSID>
  18073. <CLSID>{3119D1F9-6F23-47BD-A7D9-AD5AB9D97B67}</CLSID>
  18074. <CLSID>{6F40F53E-9974-4CF9-918D-3C7B562501AB}</CLSID>
  18075. <CLSID>{641A9FE1-772F-0BAE-7E96-0195C9D7DF9E}</CLSID>
  18076. <CLSID>{44775B7B-DF41-4574-BC23-DD68100DEC2D}</CLSID>
  18077. <CLSID>{63A5B957-F6D9-4FD2-86F6-6F4E91AE65C1}</CLSID>
  18078. <CLSID>{A71AC5C2-85B5-4499-B4E2-2B6562E5D86A}</CLSID>
  18079. <CLSID>{5A76C301-7AA7-11D9-A793-00017D710671}</CLSID>
  18080. <CLSID>{8D2C8219-2BC9-3AF1-2367-1C96CE1BD8ED}</CLSID>
  18081. <CLSID>{3E0695FC-844E-4D7B-B9A5-9D3ACC95C428}</CLSID>
  18082. <CLSID>{2A8219AE-1186-4B36-ADEE-A24CD6F984F1}</CLSID>
  18083. <CLSID>{6639AA6E-2DE5-1868-F21A-1C0A80D494F4}</CLSID>
  18084. <CLSID>{3AA83C7C-B246-28BA-8652-65557EAE2F6E}</CLSID>
  18085. <CLSID>{BC295A8D-1054-ADD2-7921-4933BA265D3F}</CLSID>
  18086. <CLSID>{251ED2D7-C18E-4D5B-BA76-E3A09CE9DDF3}</CLSID>
  18087. <CLSID>{792FF262-C0F6-45C2-9BBF-117DC2D69801}</CLSID>
  18088. <CLSID>{87877C70-4245-4013-B7B9-ABD4B4D2CB03}</CLSID>
  18089. <CLSID>{CF021F40-3E14-23A5-CBA2-717765723548}</CLSID>
  18090. <CLSID>{3F41BE24-E9AF-8F6E-1B97-77E4DD08C9B3}</CLSID>
  18091. <CLSID>{3F0A7FD9-F1CC-5543-6FCB-396BC564D1AF}</CLSID>
  18092. <CLSID>{FB440C37-4188-1C42-7EFC-CBF09C88F4A5}</CLSID>
  18093. <CLSID>{7EF3AB76-03FA-4111-8727-703105B105F5}</CLSID>
  18094. <CLSID>{B196617C-E7A7-8F20-C4BE-D3B62B9C17F1}</CLSID>
  18095. <CLSID>{B6C03679-B2A1-DD77-9DBE-D3B62B9C14A3}</CLSID>
  18096. <CLSID>{CDE6C8BD-BD66-F90F-463B-1ACBBD3565C1}</CLSID>
  18097. <CLSID>{2BF055B0-F59D-61CC-FDBF-BBA61731438A}</CLSID>
  18098. <CLSID>{E1F85535-7137-0AB5-A108-C5091CC4C3BA}</CLSID>
  18099. <CLSID>{1FDF0E25-0177-0BD8-DF08-579004080E05}</CLSID>
  18100. <CLSID>{2771A88D-3349-26D4-6913-5E3D6BB8E04F}</CLSID>
  18101. <CLSID>{6EBA17FF-7FD4-DA7B-D801-092767CE6E45}</CLSID>
  18102. <CLSID>{10BE0D06-D3DA-E900-EF0E-ED55058EE6AC}</CLSID>
  18103. <CLSID>{1D6C8D9B-31AD-6A7D-25F1-A40B518CB5D0}</CLSID>
  18104. <CLSID>{5B478E70-38F3-CA56-8C6A-F9DBD8508914}</CLSID>
  18105. <CLSID>{29D85F04-92C0-EE38-6B32-B7DFD60147B3}</CLSID>
  18106. <CLSID>{2A036643-C8D4-43D6-9CA6-BCA1123F2B70}</CLSID>
  18107. <CLSID>{34614418-8F88-4191-A17F-F5A64E315C86}</CLSID>
  18108. <CLSID>{6F0E1901-8CE3-11D9-85D7-0040E871C4CB}</CLSID>
  18109. <CLSID>{D36AC614-F331-F31A-53ED-FDD682644311}</CLSID>
  18110. <CLSID>{BFCEBE8F-92C4-4762-814E-3DCCD9EB8606}</CLSID>
  18111. <CLSID>{4D0E117F-6A6D-47D4-ACEE-397C848A1CEA}</CLSID>
  18112. <CLSID>{27AEC4A9-04D2-010E-E4EE-05EC681D0E43}</CLSID>
  18113. <CLSID>{9987C861-90EA-11D9-AD6F-444526093E27}</CLSID>
  18114. <CLSID>{7DC8D70D-AD83-450A-94C6-02E54F76554B}</CLSID>
  18115. <CLSID>{1C044AAD-7955-4CBD-8175-501A165C4E5D}</CLSID>
  18116. <CLSID>{92F283B9-293E-4231-9BB4-7590BA06B4CC}</CLSID>
  18117. <CLSID>{763C2D0D-CA93-461D-BF79-DCC1786D9B4A}</CLSID>
  18118. <CLSID>{4719DA01-8DD4-11D9-86C8-00086252635B}</CLSID>
  18119. <CLSID>{7A12A061-1396-4A68-8D0D-920618F280DA}</CLSID>
  18120. <CLSID>{D9B01994-E62F-4C66-AEA2-7D910D0A65F3}</CLSID>
  18121. <CLSID>{F19C092B-94D8-5E55-32D6-D05850CEB9A8}</CLSID>
  18122. <CLSID>{424ECF3F-0AA2-ED97-35AB-180E7F0F8EB4}</CLSID>
  18123. <CLSID>{7F8E08A1-9574-11D9-BD6B-000B5CBE5959}</CLSID>
  18124. <CLSID>{916DF902-94E7-11D9-966A-001051BFB1CB}</CLSID>
  18125. <CLSID>{C1FD7ED5-D1A1-42E5-AA40-5B9C73A61AC9}</CLSID>
  18126. <CLSID>{79087965-71F3-E206-3B60-2AF5FFBD19AA}</CLSID>
  18127. <CLSID>{F5055B76-786D-4C1A-8519-427B411B63DB}</CLSID>
  18128. <CLSID>{84D7618E-B6FD-43F3-C5E9-F9934345100C}</CLSID>
  18129. <CLSID>{8D195624-80FF-8F80-C868-02E47C15E2AD}</CLSID>
  18130. <CLSID>{4C580F56-04E1-FC90-E63F-BBA726790B91}</CLSID>
  18131. <CLSID>{E29B4805-5788-4226-9A72-E169C09B46AC}</CLSID>
  18132. <CLSID>{49AB6F51-C016-7292-810B-6D550CFA7245}</CLSID>
  18133. <CLSID>{B70EFFD6-964A-11D9-B116-000254ABE582}</CLSID>
  18134. <CLSID>{13589181-4F0D-4553-B9F8-B4B72172C139}</CLSID>
  18135. <CLSID>{BAF40407-81E1-4981-B8C0-B16642A2D2E7}</CLSID>
  18136. <CLSID>{86C67865-5E4B-89A3-AC2F-5B5A6034A958}</CLSID>
  18137. <CLSID>{3FEBB941-2AFE-468D-888C-04C5A0CB971C}</CLSID>
  18138. <CLSID>{E81B8DBD-CA3F-41CD-A579-2EC9DB81D72A}</CLSID>
  18139. <CLSID>{557DA3F5-62E6-4D05-B0BB-0BCD62C7AFE2}</CLSID>
  18140. <CLSID>{2E8DDD22-B959-4209-9B25-FC23BB7214CB}</CLSID>
  18141. <CLSID>{1AB9A820-C2DB-A88B-A0A6-2FF5B0F4737A}</CLSID>
  18142. <CLSID>{539CD7F6-690E-4C9B-BC33-F7B5B4BDE97B}</CLSID>
  18143. <CLSID>{6FE9218F-F1AF-4595-A5E7-CB0AB7587F79}</CLSID>
  18144. <CLSID>{E0DA0190-95DC-47E1-9A7E-C74E77109C8B}</CLSID>
  18145. <CLSID>{8792BD7C-AC59-4C16-B166-37A6EC3BF1A0}</CLSID>
  18146. <CLSID>{75CFB27C-7FBA-5139-CF6B-2CA71F48C5B5}</CLSID>
  18147. <CLSID>{93F1C865-3803-9149-D3C4-3BB5A30E7516}</CLSID>
  18148. <CLSID>{18B8331E-80E3-49E4-8009-EBCC0933A0E8}</CLSID>
  18149. <CLSID>{5564A298-FBE3-0550-7DC3-C15BBD9771C1}</CLSID>
  18150. <CLSID>{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}</CLSID>
  18151. <CLSID>{A90029FD-70AF-316E-CF3F-17FA3F1C1C14}</CLSID>
  18152. <CLSID>{BF686074-D2EC-FE18-E069-FF7A90B05BE0}</CLSID>
  18153. <CLSID>{57F8F210-085B-4B7D-89FF-DDD007E22C29}</CLSID>
  18154. <CLSID>{C66AD327-16E0-4D4F-C9A1-4E8192B15F9E}</CLSID>
  18155. <CLSID>{37EBBF3A-0DF9-0272-D18F-554032EAFD9B}</CLSID>
  18156. <CLSID>{D0353054-2378-4316-AC2E-C088E8950DCD}</CLSID>
  18157. <CLSID>{80FFB436-CFED-43E4-A693-E0F7B0F5ACDF}</CLSID>
  18158. <CLSID>{D756541A-E5DC-AA20-FE79-C8C9DEC06F96}</CLSID>
  18159. <CLSID>{4888300E-E439-509A-DA50-64550DA9764C}</CLSID>
  18160. <CLSID>{97D9F9BB-0441-0B23-B05F-5D74ED758D56}</CLSID>
  18161. <CLSID>{ABBA4394-DEC6-4542-A008-4D6F74424E87}</CLSID>
  18162. <CLSID>{69F102E1-78FA-11D9-8633-00E0A1DF9605}</CLSID>
  18163. <CLSID>{6B8A4777-B845-51CF-D504-16550DFA7E3A}</CLSID>
  18164. <CLSID>{921CBE5A-2A96-45FE-885B-A97A3794F4AE}</CLSID>
  18165. <CLSID>{06FC1DF0-F2DC-430A-A40F-E8E3A2F4E334}</CLSID>
  18166. <CLSID>{2041AB6C-669B-F327-4633-E37DB709B041}</CLSID>
  18167. <CLSID>{BF727391-D1BA-464F-8314-BCCBA153ED20}</CLSID>
  18168. <CLSID>{2241E83C-45E4-4164-8379-F5C9385B468F}</CLSID>
  18169. </CLSIDLIST>
  18170. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  18171. <DEFAULTINSTALLPATHLIST>
  18172. </DEFAULTINSTALLPATHLIST>
  18173. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18174. <CONDITIONLIST>
  18175. </CONDITIONLIST>
  18176. <OPERATOR>AND</OPERATOR>
  18177. <THREATLEVEL>5</THREATLEVEL>
  18178. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18179. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18180. </PROCESSDESCRIPTOR>
  18181. <PROCESSDESCRIPTOR>
  18182. <ID>2319</ID>
  18183. <PROCESSLIST>
  18184. <PROCESS>TASKMGN.EXE</PROCESS>
  18185. </PROCESSLIST>
  18186. <CLSIDLIST>
  18187. </CLSIDLIST>
  18188. <SUMMARY>Undefined Malware/Adware</SUMMARY>
  18189. <DEFAULTINSTALLPATHLIST>
  18190. </DEFAULTINSTALLPATHLIST>
  18191. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18192. <CONDITIONLIST>
  18193. <CONDITION>FILELOCATION~System32</CONDITION>
  18194. </CONDITIONLIST>
  18195. <OPERATOR>AND</OPERATOR>
  18196. <THREATLEVEL>5</THREATLEVEL>
  18197. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18198. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18199. </PROCESSDESCRIPTOR>
  18200. <PROCESSDESCRIPTOR>
  18201. <ID>2329</ID>
  18202. <PROCESSLIST>
  18203. <PROCESS>MCAFE32.EXE</PROCESS>
  18204. <PROCESS>MSAMS.EXE</PROCESS>
  18205. </PROCESSLIST>
  18206. <CLSIDLIST>
  18207. </CLSIDLIST>
  18208. <SUMMARY>WORM_RBOT Parasite/Worm</SUMMARY>
  18209. <DEFAULTINSTALLPATHLIST>
  18210. </DEFAULTINSTALLPATHLIST>
  18211. <CATEGORY>WORM</CATEGORY>
  18212. <CONDITIONLIST>
  18213. <CONDITION>FILELOCATION~System</CONDITION>
  18214. </CONDITIONLIST>
  18215. <OPERATOR>AND</OPERATOR>
  18216. <THREATLEVEL>10</THREATLEVEL>
  18217. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18218. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18219. </PROCESSDESCRIPTOR>
  18220. <PROCESSDESCRIPTOR>
  18221. <ID>2330</ID>
  18222. <PROCESSLIST>
  18223. <PROCESS>IEHOST.EXE</PROCESS>
  18224. </PROCESSLIST>
  18225. <CLSIDLIST>
  18226. </CLSIDLIST>
  18227. <SUMMARY>Undefined Adware (IEHOST)</SUMMARY>
  18228. <DEFAULTINSTALLPATHLIST>
  18229. </DEFAULTINSTALLPATHLIST>
  18230. <CATEGORY>ADWARE</CATEGORY>
  18231. <CONDITIONLIST>
  18232. <CONDITION>FILELOCATION~System</CONDITION>
  18233. <CONDITION>PRODUCTNAME~IEHost</CONDITION>
  18234. </CONDITIONLIST>
  18235. <OPERATOR>AND</OPERATOR>
  18236. <THREATLEVEL>5</THREATLEVEL>
  18237. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18238. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18239. </PROCESSDESCRIPTOR>
  18240. <PROCESSDESCRIPTOR>
  18241. <ID>2332</ID>
  18242. <PROCESSLIST>
  18243. <PROCESS>*</PROCESS>
  18244. <PROCESS>(TROJAN.EXE)</PROCESS>
  18245. <PROCESS>(MSSGS.EXE)</PROCESS>
  18246. <PROCESS>(MSN MESSENGER.EXE)</PROCESS>
  18247. <PROCESS>(MSGSWORD.EXE)</PROCESS>
  18248. </PROCESSLIST>
  18249. <CLSIDLIST>
  18250. </CLSIDLIST>
  18251. <SUMMARY>Trojanserver3 Trojan</SUMMARY>
  18252. <DEFAULTINSTALLPATHLIST>
  18253. </DEFAULTINSTALLPATHLIST>
  18254. <CATEGORY>TROJAN</CATEGORY>
  18255. <CONDITIONLIST>
  18256. <CONDITION>INTERNALNAME~trojanserver3</CONDITION>
  18257. </CONDITIONLIST>
  18258. <OPERATOR>AND</OPERATOR>
  18259. <THREATLEVEL>10</THREATLEVEL>
  18260. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18261. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18262. </PROCESSDESCRIPTOR>
  18263. <PROCESSDESCRIPTOR>
  18264. <ID>2333</ID>
  18265. <PROCESSLIST>
  18266. <PROCESS>*</PROCESS>
  18267. <PROCESS>(MPHSZFC.EXE)</PROCESS>
  18268. </PROCESSLIST>
  18269. <CLSIDLIST>
  18270. </CLSIDLIST>
  18271. <SUMMARY>Undefined Process (MPHSZFC.EXE)</SUMMARY>
  18272. <DEFAULTINSTALLPATHLIST>
  18273. </DEFAULTINSTALLPATHLIST>
  18274. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18275. <CONDITIONLIST>
  18276. <CONDITION>MD5=0e31f3d6573c46a9af35c8be1e79cf5f</CONDITION>
  18277. </CONDITIONLIST>
  18278. <OPERATOR>AND</OPERATOR>
  18279. <THREATLEVEL>10</THREATLEVEL>
  18280. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18281. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18282. </PROCESSDESCRIPTOR>
  18283. <PROCESSDESCRIPTOR>
  18284. <ID>2334</ID>
  18285. <PROCESSLIST>
  18286. <PROCESS>IESEARCHTOOLBAR.DLL</PROCESS>
  18287. </PROCESSLIST>
  18288. <CLSIDLIST>
  18289. <CLSID>{EB381422-F797-4A98-A266-9DC490821907}</CLSID>
  18290. </CLSIDLIST>
  18291. <SUMMARY>IESearch Toolbar</SUMMARY>
  18292. <DEFAULTINSTALLPATHLIST>
  18293. </DEFAULTINSTALLPATHLIST>
  18294. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18295. <CONDITIONLIST>
  18296. </CONDITIONLIST>
  18297. <OPERATOR>AND</OPERATOR>
  18298. <THREATLEVEL>5</THREATLEVEL>
  18299. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18300. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18301. </PROCESSDESCRIPTOR>
  18302. <PROCESSDESCRIPTOR>
  18303. <ID>2335</ID>
  18304. <PROCESSLIST>
  18305. <PROCESS>SYSTEM32.EXE</PROCESS>
  18306. </PROCESSLIST>
  18307. <CLSIDLIST>
  18308. </CLSIDLIST>
  18309. <SUMMARY>SYSTEM32.EXE Trojan</SUMMARY>
  18310. <DEFAULTINSTALLPATHLIST>
  18311. </DEFAULTINSTALLPATHLIST>
  18312. <CATEGORY>TROJAN</CATEGORY>
  18313. <CONDITIONLIST>
  18314. <CONDITION>FILELOCATION~system</CONDITION>
  18315. </CONDITIONLIST>
  18316. <OPERATOR>AND</OPERATOR>
  18317. <THREATLEVEL>10</THREATLEVEL>
  18318. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18319. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18320. </PROCESSDESCRIPTOR>
  18321. <PROCESSDESCRIPTOR>
  18322. <ID>2336</ID>
  18323. <PROCESSLIST>
  18324. <PROCESS>TBEXTN.DLL</PROCESS>
  18325. </PROCESSLIST>
  18326. <CLSIDLIST>
  18327. <CLSID>{6b95678d-30a4-4ff8-a72f-4208340c1f7f}</CLSID>
  18328. </CLSIDLIST>
  18329. <SUMMARY>IEMenuExtension Toolbar</SUMMARY>
  18330. <DEFAULTINSTALLPATHLIST>
  18331. </DEFAULTINSTALLPATHLIST>
  18332. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18333. <CONDITIONLIST>
  18334. </CONDITIONLIST>
  18335. <OPERATOR>AND</OPERATOR>
  18336. <THREATLEVEL>5</THREATLEVEL>
  18337. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18338. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18339. </PROCESSDESCRIPTOR>
  18340. <PROCESSDESCRIPTOR>
  18341. <ID>2337</ID>
  18342. <PROCESSLIST>
  18343. <PROCESS>*</PROCESS>
  18344. <PROCESS>(VSHIYSQ.EXE)</PROCESS>
  18345. </PROCESSLIST>
  18346. <CLSIDLIST>
  18347. </CLSIDLIST>
  18348. <SUMMARY>Undefined Process (VSHIYSQ.EXE)</SUMMARY>
  18349. <DEFAULTINSTALLPATHLIST>
  18350. </DEFAULTINSTALLPATHLIST>
  18351. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18352. <CONDITIONLIST>
  18353. <CONDITION>MD5=94c70008fe9d9be76e7a7b08b9cbd200</CONDITION>
  18354. </CONDITIONLIST>
  18355. <OPERATOR>AND</OPERATOR>
  18356. <THREATLEVEL>10</THREATLEVEL>
  18357. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18358. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18359. </PROCESSDESCRIPTOR>
  18360. <PROCESSDESCRIPTOR>
  18361. <ID>2338</ID>
  18362. <PROCESSLIST>
  18363. <PROCESS>KERNELS32.EXE</PROCESS>
  18364. </PROCESSLIST>
  18365. <CLSIDLIST>
  18366. </CLSIDLIST>
  18367. <SUMMARY>Troj/Dloader-FC Trojan Downloader</SUMMARY>
  18368. <DEFAULTINSTALLPATHLIST>
  18369. </DEFAULTINSTALLPATHLIST>
  18370. <CATEGORY>TROJAN</CATEGORY>
  18371. <CONDITIONLIST>
  18372. <CONDITION>FILELOCATION~System</CONDITION>
  18373. </CONDITIONLIST>
  18374. <OPERATOR>AND</OPERATOR>
  18375. <THREATLEVEL>10</THREATLEVEL>
  18376. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18377. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18378. </PROCESSDESCRIPTOR>
  18379. <PROCESSDESCRIPTOR>
  18380. <ID>2339</ID>
  18381. <PROCESSLIST>
  18382. <PROCESS>*</PROCESS>
  18383. <PROCESS>(LEAU.EXE)</PROCESS>
  18384. </PROCESSLIST>
  18385. <CLSIDLIST>
  18386. </CLSIDLIST>
  18387. <SUMMARY>Undefined Process (LEAU.EXE)</SUMMARY>
  18388. <DEFAULTINSTALLPATHLIST>
  18389. </DEFAULTINSTALLPATHLIST>
  18390. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18391. <CONDITIONLIST>
  18392. <CONDITION>MD5=8cc9a997a59fd00d30d6f9fa87099ce3</CONDITION>
  18393. </CONDITIONLIST>
  18394. <OPERATOR>AND</OPERATOR>
  18395. <THREATLEVEL>10</THREATLEVEL>
  18396. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18397. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18398. </PROCESSDESCRIPTOR>
  18399. <PROCESSDESCRIPTOR>
  18400. <ID>2340</ID>
  18401. <PROCESSLIST>
  18402. <PROCESS>*</PROCESS>
  18403. <PROCESS>(5186.EXE)</PROCESS>
  18404. </PROCESSLIST>
  18405. <CLSIDLIST>
  18406. </CLSIDLIST>
  18407. <SUMMARY>Undefined Process (5186.EXE)</SUMMARY>
  18408. <DEFAULTINSTALLPATHLIST>
  18409. </DEFAULTINSTALLPATHLIST>
  18410. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18411. <CONDITIONLIST>
  18412. <CONDITION>MD5=4d53b8e8fb60af6297f2af4ac191ad57</CONDITION>
  18413. </CONDITIONLIST>
  18414. <OPERATOR>AND</OPERATOR>
  18415. <THREATLEVEL>10</THREATLEVEL>
  18416. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18417. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18418. </PROCESSDESCRIPTOR>
  18419. <PROCESSDESCRIPTOR>
  18420. <ID>2341</ID>
  18421. <PROCESSLIST>
  18422. <PROCESS>*</PROCESS>
  18423. <PROCESS>(KFJLIM.EXE)</PROCESS>
  18424. </PROCESSLIST>
  18425. <CLSIDLIST>
  18426. </CLSIDLIST>
  18427. <SUMMARY>Undefined Process (KFJLIM.EXE)</SUMMARY>
  18428. <DEFAULTINSTALLPATHLIST>
  18429. </DEFAULTINSTALLPATHLIST>
  18430. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18431. <CONDITIONLIST>
  18432. <CONDITION>MD5=70c5c1ccf72bf38504fc0263fd05b2a5</CONDITION>
  18433. </CONDITIONLIST>
  18434. <OPERATOR>AND</OPERATOR>
  18435. <THREATLEVEL>10</THREATLEVEL>
  18436. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18437. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18438. </PROCESSDESCRIPTOR>
  18439. <PROCESSDESCRIPTOR>
  18440. <ID>2342</ID>
  18441. <PROCESSLIST>
  18442. <PROCESS>IESEARCH.EXE</PROCESS>
  18443. </PROCESSLIST>
  18444. <CLSIDLIST>
  18445. </CLSIDLIST>
  18446. <SUMMARY>LookNSearch Adware</SUMMARY>
  18447. <DEFAULTINSTALLPATHLIST>
  18448. </DEFAULTINSTALLPATHLIST>
  18449. <CATEGORY>ADWARE</CATEGORY>
  18450. <CONDITIONLIST>
  18451. </CONDITIONLIST>
  18452. <OPERATOR>AND</OPERATOR>
  18453. <THREATLEVEL>10</THREATLEVEL>
  18454. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18455. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18456. </PROCESSDESCRIPTOR>
  18457. <PROCESSDESCRIPTOR>
  18458. <ID>2343</ID>
  18459. <PROCESSLIST>
  18460. <PROCESS>PEOPLEONPAGE.EXE</PROCESS>
  18461. </PROCESSLIST>
  18462. <CLSIDLIST>
  18463. </CLSIDLIST>
  18464. <SUMMARY>Browser Hijacker.Apropos Media/PeopleOnPage.Process</SUMMARY>
  18465. <DEFAULTINSTALLPATHLIST>
  18466. </DEFAULTINSTALLPATHLIST>
  18467. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  18468. <CONDITIONLIST>
  18469. <CONDITION>FILELOCATION~system</CONDITION>
  18470. </CONDITIONLIST>
  18471. <OPERATOR>AND</OPERATOR>
  18472. <THREATLEVEL>10</THREATLEVEL>
  18473. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18474. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18475. </PROCESSDESCRIPTOR>
  18476. <PROCESSDESCRIPTOR>
  18477. <ID>2344</ID>
  18478. <PROCESSLIST>
  18479. <PROCESS>*</PROCESS>
  18480. <PROCESS>(OITXAM.EXE)</PROCESS>
  18481. </PROCESSLIST>
  18482. <CLSIDLIST>
  18483. </CLSIDLIST>
  18484. <SUMMARY>Undefined Process (OITXAM.EXE)</SUMMARY>
  18485. <DEFAULTINSTALLPATHLIST>
  18486. </DEFAULTINSTALLPATHLIST>
  18487. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18488. <CONDITIONLIST>
  18489. <CONDITION>MD5=9426a3f175fc732031baf53f43e90a58</CONDITION>
  18490. </CONDITIONLIST>
  18491. <OPERATOR>AND</OPERATOR>
  18492. <THREATLEVEL>10</THREATLEVEL>
  18493. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18494. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18495. </PROCESSDESCRIPTOR>
  18496. <PROCESSDESCRIPTOR>
  18497. <ID>2345</ID>
  18498. <PROCESSLIST>
  18499. <PROCESS>*</PROCESS>
  18500. <PROCESS>(MGKEI.EXE)</PROCESS>
  18501. </PROCESSLIST>
  18502. <CLSIDLIST>
  18503. </CLSIDLIST>
  18504. <SUMMARY>Undefined Process (MGKEI.EXE)</SUMMARY>
  18505. <DEFAULTINSTALLPATHLIST>
  18506. </DEFAULTINSTALLPATHLIST>
  18507. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18508. <CONDITIONLIST>
  18509. <CONDITION>MD5=6a4d4b445f8668804104a15cc14ada7e</CONDITION>
  18510. </CONDITIONLIST>
  18511. <OPERATOR>AND</OPERATOR>
  18512. <THREATLEVEL>10</THREATLEVEL>
  18513. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18514. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18515. </PROCESSDESCRIPTOR>
  18516. <PROCESSDESCRIPTOR>
  18517. <ID>2346</ID>
  18518. <PROCESSLIST>
  18519. <PROCESS>*</PROCESS>
  18520. <PROCESS>(KGOTCXCI.EXE)</PROCESS>
  18521. </PROCESSLIST>
  18522. <CLSIDLIST>
  18523. </CLSIDLIST>
  18524. <SUMMARY>Undefined Process (KGOTCXCI.EXE)</SUMMARY>
  18525. <DEFAULTINSTALLPATHLIST>
  18526. </DEFAULTINSTALLPATHLIST>
  18527. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18528. <CONDITIONLIST>
  18529. <CONDITION>MD5=af8a583fd88d0478af573a9e9e46b2dc</CONDITION>
  18530. </CONDITIONLIST>
  18531. <OPERATOR>AND</OPERATOR>
  18532. <THREATLEVEL>10</THREATLEVEL>
  18533. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18534. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18535. </PROCESSDESCRIPTOR>
  18536. <PROCESSDESCRIPTOR>
  18537. <ID>2347</ID>
  18538. <PROCESSLIST>
  18539. <PROCESS>*</PROCESS>
  18540. <PROCESS>(DYVEO.EXE)</PROCESS>
  18541. </PROCESSLIST>
  18542. <CLSIDLIST>
  18543. </CLSIDLIST>
  18544. <SUMMARY>Undefined Process (DYVEO.EXE)</SUMMARY>
  18545. <DEFAULTINSTALLPATHLIST>
  18546. </DEFAULTINSTALLPATHLIST>
  18547. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18548. <CONDITIONLIST>
  18549. <CONDITION>MD5=9159b83cbdd499978c8274de13a07373</CONDITION>
  18550. </CONDITIONLIST>
  18551. <OPERATOR>AND</OPERATOR>
  18552. <THREATLEVEL>10</THREATLEVEL>
  18553. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18554. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18555. </PROCESSDESCRIPTOR>
  18556. <PROCESSDESCRIPTOR>
  18557. <ID>2348</ID>
  18558. <PROCESSLIST>
  18559. <PROCESS>*</PROCESS>
  18560. <PROCESS>(ASXQAFGP.EXE)</PROCESS>
  18561. </PROCESSLIST>
  18562. <CLSIDLIST>
  18563. </CLSIDLIST>
  18564. <SUMMARY>Undefined Process (ASXQAFGP.EXE)</SUMMARY>
  18565. <DEFAULTINSTALLPATHLIST>
  18566. </DEFAULTINSTALLPATHLIST>
  18567. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18568. <CONDITIONLIST>
  18569. <CONDITION>MD5=69949cfd62165146c6a8f0758204c0a9</CONDITION>
  18570. </CONDITIONLIST>
  18571. <OPERATOR>AND</OPERATOR>
  18572. <THREATLEVEL>10</THREATLEVEL>
  18573. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18574. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18575. </PROCESSDESCRIPTOR>
  18576. <PROCESSDESCRIPTOR>
  18577. <ID>2349</ID>
  18578. <PROCESSLIST>
  18579. <PROCESS>DMVLITE.EXE</PROCESS>
  18580. </PROCESSLIST>
  18581. <CLSIDLIST>
  18582. </CLSIDLIST>
  18583. <SUMMARY>Unknown Process (DMVLITE.EXE)</SUMMARY>
  18584. <DEFAULTINSTALLPATHLIST>
  18585. </DEFAULTINSTALLPATHLIST>
  18586. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18587. <CONDITIONLIST>
  18588. <CONDITION>FILELOCATION~system</CONDITION>
  18589. </CONDITIONLIST>
  18590. <OPERATOR>AND</OPERATOR>
  18591. <THREATLEVEL>10</THREATLEVEL>
  18592. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18593. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18594. </PROCESSDESCRIPTOR>
  18595. <PROCESSDESCRIPTOR>
  18596. <ID>2350</ID>
  18597. <PROCESSLIST>
  18598. <PROCESS>*</PROCESS>
  18599. <PROCESS>(SECURE.EXE)</PROCESS>
  18600. <PROCESS>(PWGWMJ.EXE)</PROCESS>
  18601. <PROCESS>(PEZUML.EXE)</PROCESS>
  18602. </PROCESSLIST>
  18603. <CLSIDLIST>
  18604. </CLSIDLIST>
  18605. <SUMMARY>SECURE.EXE Redirector Adware</SUMMARY>
  18606. <DEFAULTINSTALLPATHLIST>
  18607. </DEFAULTINSTALLPATHLIST>
  18608. <CATEGORY>ADWARE</CATEGORY>
  18609. <CONDITIONLIST>
  18610. <CONDITION>FILELOCATION~system</CONDITION>
  18611. <CONDITION>INTERNALNAME~redirect</CONDITION>
  18612. <CONDITION>MD5=5061127004bed33a9defc8f69c6c0665</CONDITION>
  18613. <CONDITION>MD5=1693121F01C137EB3F894085EFCAD375</CONDITION>
  18614. </CONDITIONLIST>
  18615. <OPERATOR>OR</OPERATOR>
  18616. <THREATLEVEL>10</THREATLEVEL>
  18617. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18618. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18619. </PROCESSDESCRIPTOR>
  18620. <PROCESSDESCRIPTOR>
  18621. <ID>2351</ID>
  18622. <PROCESSLIST>
  18623. <PROCESS>*</PROCESS>
  18624. <PROCESS>MPCWGTV.DLL</PROCESS>
  18625. </PROCESSLIST>
  18626. <CLSIDLIST>
  18627. <CLSID>{01FB9C55-FC66-4476-A199-389241193188}</CLSID>
  18628. </CLSIDLIST>
  18629. <SUMMARY>Unknown BHO (MPCWGTV.DLL)</SUMMARY>
  18630. <DEFAULTINSTALLPATHLIST>
  18631. </DEFAULTINSTALLPATHLIST>
  18632. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18633. <CONDITIONLIST>
  18634. </CONDITIONLIST>
  18635. <OPERATOR>AND</OPERATOR>
  18636. <THREATLEVEL>10</THREATLEVEL>
  18637. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18638. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18639. </PROCESSDESCRIPTOR>
  18640. <PROCESSDESCRIPTOR>
  18641. <ID>2352</ID>
  18642. <PROCESSLIST>
  18643. <PROCESS>*</PROCESS>
  18644. <PROCESS>(IWRQUTLHF.EXE)</PROCESS>
  18645. </PROCESSLIST>
  18646. <CLSIDLIST>
  18647. </CLSIDLIST>
  18648. <SUMMARY>Undefined Process (IWRQUTLHF.EXE)</SUMMARY>
  18649. <DEFAULTINSTALLPATHLIST>
  18650. </DEFAULTINSTALLPATHLIST>
  18651. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18652. <CONDITIONLIST>
  18653. <CONDITION>MD5=0f58a1f16bbbbf9ba436de2a93e0dc04</CONDITION>
  18654. </CONDITIONLIST>
  18655. <OPERATOR>AND</OPERATOR>
  18656. <THREATLEVEL>10</THREATLEVEL>
  18657. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18658. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18659. </PROCESSDESCRIPTOR>
  18660. <PROCESSDESCRIPTOR>
  18661. <ID>2353</ID>
  18662. <PROCESSLIST>
  18663. <PROCESS>*</PROCESS>
  18664. <PROCESS>HAPIU.DLL</PROCESS>
  18665. </PROCESSLIST>
  18666. <CLSIDLIST>
  18667. <CLSID>*</CLSID>
  18668. <CLSID>{5BCF29E9-E25E-9CA3-2F30-91DC474DBAC0}</CLSID>
  18669. </CLSIDLIST>
  18670. <SUMMARY>Unknown BHO (HAPIU.DLL)</SUMMARY>
  18671. <DEFAULTINSTALLPATHLIST>
  18672. </DEFAULTINSTALLPATHLIST>
  18673. <CATEGORY>ADWARE</CATEGORY>
  18674. <CONDITIONLIST>
  18675. <CONDITION>MD5=d358bea13e1972e71bbd18928f72ad14</CONDITION>
  18676. </CONDITIONLIST>
  18677. <OPERATOR>AND</OPERATOR>
  18678. <THREATLEVEL>10</THREATLEVEL>
  18679. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18680. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18681. </PROCESSDESCRIPTOR>
  18682. <PROCESSDESCRIPTOR>
  18683. <ID>2354</ID>
  18684. <PROCESSLIST>
  18685. <PROCESS>*</PROCESS>
  18686. <PROCESS>(IERF32.EXE)</PROCESS>
  18687. </PROCESSLIST>
  18688. <CLSIDLIST>
  18689. </CLSIDLIST>
  18690. <SUMMARY>Unknown Process (IERF32.EXE)</SUMMARY>
  18691. <DEFAULTINSTALLPATHLIST>
  18692. </DEFAULTINSTALLPATHLIST>
  18693. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18694. <CONDITIONLIST>
  18695. <CONDITION>MD5=993b8bd271c00a3db4f4e38864df8689</CONDITION>
  18696. </CONDITIONLIST>
  18697. <OPERATOR>AND</OPERATOR>
  18698. <THREATLEVEL>10</THREATLEVEL>
  18699. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18700. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18701. </PROCESSDESCRIPTOR>
  18702. <PROCESSDESCRIPTOR>
  18703. <ID>2355</ID>
  18704. <PROCESSLIST>
  18705. <PROCESS>*</PROCESS>
  18706. <PROCESS>(P0DJZCRTJ.EXE)</PROCESS>
  18707. </PROCESSLIST>
  18708. <CLSIDLIST>
  18709. </CLSIDLIST>
  18710. <SUMMARY>Unknown Process (P0DJZCRTJ.EXE)</SUMMARY>
  18711. <DEFAULTINSTALLPATHLIST>
  18712. </DEFAULTINSTALLPATHLIST>
  18713. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18714. <CONDITIONLIST>
  18715. <CONDITION>MD5=6d31a1d30c28157c30847a1723640351</CONDITION>
  18716. </CONDITIONLIST>
  18717. <OPERATOR>AND</OPERATOR>
  18718. <THREATLEVEL>10</THREATLEVEL>
  18719. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18720. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18721. </PROCESSDESCRIPTOR>
  18722. <PROCESSDESCRIPTOR>
  18723. <ID>2356</ID>
  18724. <PROCESSLIST>
  18725. <PROCESS>*</PROCESS>
  18726. <PROCESS>(EETU.EXE)</PROCESS>
  18727. </PROCESSLIST>
  18728. <CLSIDLIST>
  18729. </CLSIDLIST>
  18730. <SUMMARY>Undefined Process (EETU.EXE)</SUMMARY>
  18731. <DEFAULTINSTALLPATHLIST>
  18732. </DEFAULTINSTALLPATHLIST>
  18733. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18734. <CONDITIONLIST>
  18735. <CONDITION>MD5=b1ef615c8f80d5e3b7273395418a784b</CONDITION>
  18736. </CONDITIONLIST>
  18737. <OPERATOR>AND</OPERATOR>
  18738. <THREATLEVEL>10</THREATLEVEL>
  18739. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18740. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18741. </PROCESSDESCRIPTOR>
  18742. <PROCESSDESCRIPTOR>
  18743. <ID>2357</ID>
  18744. <PROCESSLIST>
  18745. <PROCESS>MSXMIDI.EXE</PROCESS>
  18746. </PROCESSLIST>
  18747. <CLSIDLIST>
  18748. </CLSIDLIST>
  18749. <SUMMARY>CoolWebSearch Variant (MSXMIDI.EXE)</SUMMARY>
  18750. <DEFAULTINSTALLPATHLIST>
  18751. </DEFAULTINSTALLPATHLIST>
  18752. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  18753. <CONDITIONLIST>
  18754. <CONDITION>FILELOCATION~system</CONDITION>
  18755. </CONDITIONLIST>
  18756. <OPERATOR>AND</OPERATOR>
  18757. <THREATLEVEL>10</THREATLEVEL>
  18758. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18759. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18760. </PROCESSDESCRIPTOR>
  18761. <PROCESSDESCRIPTOR>
  18762. <ID>2358</ID>
  18763. <PROCESSLIST>
  18764. <PROCESS>STRAD32.DLL</PROCESS>
  18765. </PROCESSLIST>
  18766. <CLSIDLIST>
  18767. <CLSID>{1433F750-E53F-11D8-9669-0800200C9A66}</CLSID>
  18768. </CLSIDLIST>
  18769. <SUMMARY>STRAd32 Module BHO</SUMMARY>
  18770. <DEFAULTINSTALLPATHLIST>
  18771. </DEFAULTINSTALLPATHLIST>
  18772. <CATEGORY>ADWARE</CATEGORY>
  18773. <CONDITIONLIST>
  18774. <CONDITION>FILEDESCRIPTION~STRAd32</CONDITION>
  18775. </CONDITIONLIST>
  18776. <OPERATOR>AND</OPERATOR>
  18777. <THREATLEVEL>10</THREATLEVEL>
  18778. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18779. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18780. </PROCESSDESCRIPTOR>
  18781. <PROCESSDESCRIPTOR>
  18782. <ID>2359</ID>
  18783. <PROCESSLIST>
  18784. <PROCESS>*</PROCESS>
  18785. <PROCESS>APPTQ.DLL</PROCESS>
  18786. </PROCESSLIST>
  18787. <CLSIDLIST>
  18788. <CLSID>{2BAB9DCF-AB6E-FD19-25BB-4FA3012F78E1}</CLSID>
  18789. </CLSIDLIST>
  18790. <SUMMARY>Unknown URL Search Hook (APPTQ.DLL)</SUMMARY>
  18791. <DEFAULTINSTALLPATHLIST>
  18792. </DEFAULTINSTALLPATHLIST>
  18793. <CATEGORY>ADWARE</CATEGORY>
  18794. <CONDITIONLIST>
  18795. </CONDITIONLIST>
  18796. <OPERATOR>AND</OPERATOR>
  18797. <THREATLEVEL>10</THREATLEVEL>
  18798. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18799. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18800. </PROCESSDESCRIPTOR>
  18801. <PROCESSDESCRIPTOR>
  18802. <ID>2360</ID>
  18803. <PROCESSLIST>
  18804. <PROCESS>*</PROCESS>
  18805. <PROCESS>(WINNTX.EXE)</PROCESS>
  18806. </PROCESSLIST>
  18807. <CLSIDLIST>
  18808. </CLSIDLIST>
  18809. <SUMMARY>Unknown Process (WINNTX.EXE)</SUMMARY>
  18810. <DEFAULTINSTALLPATHLIST>
  18811. </DEFAULTINSTALLPATHLIST>
  18812. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18813. <CONDITIONLIST>
  18814. <CONDITION>MD5=360730a15adfa1e2e17032a6f90bcbd2</CONDITION>
  18815. </CONDITIONLIST>
  18816. <OPERATOR>AND</OPERATOR>
  18817. <THREATLEVEL>10</THREATLEVEL>
  18818. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18819. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18820. </PROCESSDESCRIPTOR>
  18821. <PROCESSDESCRIPTOR>
  18822. <ID>2361</ID>
  18823. <PROCESSLIST>
  18824. <PROCESS>*</PROCESS>
  18825. <PROCESS>(TASKMNSGR.EXE)</PROCESS>
  18826. </PROCESSLIST>
  18827. <CLSIDLIST>
  18828. </CLSIDLIST>
  18829. <SUMMARY>Unknown Process (TASKMNSGR.EXE)</SUMMARY>
  18830. <DEFAULTINSTALLPATHLIST>
  18831. </DEFAULTINSTALLPATHLIST>
  18832. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18833. <CONDITIONLIST>
  18834. <CONDITION>MD5=8ed6ec9ba888dc8a2a8a53e680634647</CONDITION>
  18835. </CONDITIONLIST>
  18836. <OPERATOR>AND</OPERATOR>
  18837. <THREATLEVEL>10</THREATLEVEL>
  18838. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18839. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18840. </PROCESSDESCRIPTOR>
  18841. <PROCESSDESCRIPTOR>
  18842. <ID>2362</ID>
  18843. <PROCESSLIST>
  18844. <PROCESS>*</PROCESS>
  18845. <PROCESS>(POUNBV.EXE)</PROCESS>
  18846. </PROCESSLIST>
  18847. <CLSIDLIST>
  18848. </CLSIDLIST>
  18849. <SUMMARY>Unknown Process (POUNBV.EXE)</SUMMARY>
  18850. <DEFAULTINSTALLPATHLIST>
  18851. </DEFAULTINSTALLPATHLIST>
  18852. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18853. <CONDITIONLIST>
  18854. <CONDITION>MD5=1931b3696d6f6f59c6b90dfd0820af7f</CONDITION>
  18855. </CONDITIONLIST>
  18856. <OPERATOR>AND</OPERATOR>
  18857. <THREATLEVEL>10</THREATLEVEL>
  18858. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18859. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18860. </PROCESSDESCRIPTOR>
  18861. <PROCESSDESCRIPTOR>
  18862. <ID>2363</ID>
  18863. <PROCESSLIST>
  18864. <PROCESS>*</PROCESS>
  18865. <PROCESS>(EXP1ORER.EXE)</PROCESS>
  18866. </PROCESSLIST>
  18867. <CLSIDLIST>
  18868. </CLSIDLIST>
  18869. <SUMMARY>Bogus MS EXPLORER.EXE</SUMMARY>
  18870. <DEFAULTINSTALLPATHLIST>
  18871. </DEFAULTINSTALLPATHLIST>
  18872. <CATEGORY>ADWARE</CATEGORY>
  18873. <CONDITIONLIST>
  18874. <CONDITION>MD5=f14467957bc32374227955c37e679cbf</CONDITION>
  18875. </CONDITIONLIST>
  18876. <OPERATOR>AND</OPERATOR>
  18877. <THREATLEVEL>10</THREATLEVEL>
  18878. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18879. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18880. </PROCESSDESCRIPTOR>
  18881. <PROCESSDESCRIPTOR>
  18882. <ID>2364</ID>
  18883. <PROCESSLIST>
  18884. <PROCESS>SVCH0ST.EXE</PROCESS>
  18885. </PROCESSLIST>
  18886. <CLSIDLIST>
  18887. </CLSIDLIST>
  18888. <SUMMARY>Bogus MS SVCHOST.EXE</SUMMARY>
  18889. <DEFAULTINSTALLPATHLIST>
  18890. </DEFAULTINSTALLPATHLIST>
  18891. <CATEGORY>TROJAN</CATEGORY>
  18892. <CONDITIONLIST>
  18893. </CONDITIONLIST>
  18894. <OPERATOR>AND</OPERATOR>
  18895. <THREATLEVEL>10</THREATLEVEL>
  18896. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18897. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18898. </PROCESSDESCRIPTOR>
  18899. <PROCESSDESCRIPTOR>
  18900. <ID>2371</ID>
  18901. <PROCESSLIST>
  18902. <PROCESS>*</PROCESS>
  18903. <PROCESS>(BLEH BYTE.EXE)</PROCESS>
  18904. </PROCESSLIST>
  18905. <CLSIDLIST>
  18906. </CLSIDLIST>
  18907. <SUMMARY>Adware.Lop.Process</SUMMARY>
  18908. <DEFAULTINSTALLPATHLIST>
  18909. </DEFAULTINSTALLPATHLIST>
  18910. <CATEGORY>ADWARE</CATEGORY>
  18911. <CONDITIONLIST>
  18912. <CONDITION>MD5=08dd4219e97d95e04e42c6949ed5e4eb</CONDITION>
  18913. </CONDITIONLIST>
  18914. <OPERATOR>AND</OPERATOR>
  18915. <THREATLEVEL>10</THREATLEVEL>
  18916. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18917. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18918. </PROCESSDESCRIPTOR>
  18919. <PROCESSDESCRIPTOR>
  18920. <ID>2372</ID>
  18921. <PROCESSLIST>
  18922. <PROCESS>WST.DLL</PROCESS>
  18923. </PROCESSLIST>
  18924. <CLSIDLIST>
  18925. <CLSID>{EC788B03-A743-4274-AC9E-DB4F2A03F515}</CLSID>
  18926. </CLSIDLIST>
  18927. <SUMMARY>WST Module Toolbar</SUMMARY>
  18928. <DEFAULTINSTALLPATHLIST>
  18929. </DEFAULTINSTALLPATHLIST>
  18930. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  18931. <CONDITIONLIST>
  18932. </CONDITIONLIST>
  18933. <OPERATOR>AND</OPERATOR>
  18934. <THREATLEVEL>5</THREATLEVEL>
  18935. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18936. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18937. </PROCESSDESCRIPTOR>
  18938. <PROCESSDESCRIPTOR>
  18939. <ID>2373</ID>
  18940. <PROCESSLIST>
  18941. <PROCESS>*</PROCESS>
  18942. <PROCESS>ADDLU.DLL</PROCESS>
  18943. </PROCESSLIST>
  18944. <CLSIDLIST>
  18945. <CLSID>{0C0B3165-AF00-6B5A-D914-42A02B2759AC}</CLSID>
  18946. </CLSIDLIST>
  18947. <SUMMARY>Unknown BHO (ADDLU.DLL)</SUMMARY>
  18948. <DEFAULTINSTALLPATHLIST>
  18949. </DEFAULTINSTALLPATHLIST>
  18950. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18951. <CONDITIONLIST>
  18952. </CONDITIONLIST>
  18953. <OPERATOR>AND</OPERATOR>
  18954. <THREATLEVEL>10</THREATLEVEL>
  18955. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18956. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18957. </PROCESSDESCRIPTOR>
  18958. <PROCESSDESCRIPTOR>
  18959. <ID>2374</ID>
  18960. <PROCESSLIST>
  18961. <PROCESS>*</PROCESS>
  18962. <PROCESS>(BSHZFHKL5.EXE)</PROCESS>
  18963. </PROCESSLIST>
  18964. <CLSIDLIST>
  18965. </CLSIDLIST>
  18966. <SUMMARY>Unknown Process (BSHZFHKL5.EXE)</SUMMARY>
  18967. <DEFAULTINSTALLPATHLIST>
  18968. </DEFAULTINSTALLPATHLIST>
  18969. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  18970. <CONDITIONLIST>
  18971. <CONDITION>MD5=648a0370fa041f6b56f5f0630922b6ec</CONDITION>
  18972. </CONDITIONLIST>
  18973. <OPERATOR>AND</OPERATOR>
  18974. <THREATLEVEL>10</THREATLEVEL>
  18975. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18976. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18977. </PROCESSDESCRIPTOR>
  18978. <PROCESSDESCRIPTOR>
  18979. <ID>2375</ID>
  18980. <PROCESSLIST>
  18981. <PROCESS>MTC.DLL</PROCESS>
  18982. </PROCESSLIST>
  18983. <CLSIDLIST>
  18984. <CLSID>{9EAC0102-5E61-2312-BC2D-4D54434D5443}</CLSID>
  18985. </CLSIDLIST>
  18986. <SUMMARY>Tubby BHO</SUMMARY>
  18987. <DEFAULTINSTALLPATHLIST>
  18988. </DEFAULTINSTALLPATHLIST>
  18989. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  18990. <CONDITIONLIST>
  18991. </CONDITIONLIST>
  18992. <OPERATOR>AND</OPERATOR>
  18993. <THREATLEVEL>10</THREATLEVEL>
  18994. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  18995. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  18996. </PROCESSDESCRIPTOR>
  18997. <PROCESSDESCRIPTOR>
  18998. <ID>2376</ID>
  18999. <PROCESSLIST>
  19000. <PROCESS>*</PROCESS>
  19001. <PROCESS>(FKAIFD32.EXE)</PROCESS>
  19002. </PROCESSLIST>
  19003. <CLSIDLIST>
  19004. </CLSIDLIST>
  19005. <SUMMARY>Unknown Process (FKAIFD32.EXE)</SUMMARY>
  19006. <DEFAULTINSTALLPATHLIST>
  19007. </DEFAULTINSTALLPATHLIST>
  19008. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19009. <CONDITIONLIST>
  19010. <CONDITION>MD5=af3d42cec345fa6e72aa19adcc5b1cb3</CONDITION>
  19011. </CONDITIONLIST>
  19012. <OPERATOR>AND</OPERATOR>
  19013. <THREATLEVEL>10</THREATLEVEL>
  19014. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19015. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19016. </PROCESSDESCRIPTOR>
  19017. <PROCESSDESCRIPTOR>
  19018. <ID>2377</ID>
  19019. <PROCESSLIST>
  19020. <PROCESS>SPOOLSRV32.EXE</PROCESS>
  19021. </PROCESSLIST>
  19022. <CLSIDLIST>
  19023. </CLSIDLIST>
  19024. <SUMMARY>SPOOLSRV32.EXE Trojan</SUMMARY>
  19025. <DEFAULTINSTALLPATHLIST>
  19026. </DEFAULTINSTALLPATHLIST>
  19027. <CATEGORY>TROJAN</CATEGORY>
  19028. <CONDITIONLIST>
  19029. <CONDITION>FILELOCATION~system</CONDITION>
  19030. </CONDITIONLIST>
  19031. <OPERATOR>AND</OPERATOR>
  19032. <THREATLEVEL>10</THREATLEVEL>
  19033. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19034. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19035. </PROCESSDESCRIPTOR>
  19036. <PROCESSDESCRIPTOR>
  19037. <ID>2378</ID>
  19038. <PROCESSLIST>
  19039. <PROCESS>SVPHOST.EXE</PROCESS>
  19040. </PROCESSLIST>
  19041. <CLSIDLIST>
  19042. </CLSIDLIST>
  19043. <SUMMARY>SVPHOST.EXE Trojan</SUMMARY>
  19044. <DEFAULTINSTALLPATHLIST>
  19045. </DEFAULTINSTALLPATHLIST>
  19046. <CATEGORY>TROJAN</CATEGORY>
  19047. <CONDITIONLIST>
  19048. <CONDITION>FILELOCATION~system</CONDITION>
  19049. </CONDITIONLIST>
  19050. <OPERATOR>AND</OPERATOR>
  19051. <THREATLEVEL>10</THREATLEVEL>
  19052. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19053. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19054. </PROCESSDESCRIPTOR>
  19055. <PROCESSDESCRIPTOR>
  19056. <ID>2379</ID>
  19057. <PROCESSLIST>
  19058. <PROCESS>*</PROCESS>
  19059. <PROCESS>(QMFBL.EXE)</PROCESS>
  19060. </PROCESSLIST>
  19061. <CLSIDLIST>
  19062. </CLSIDLIST>
  19063. <SUMMARY>Undefined Process (QMFBL.EXE)</SUMMARY>
  19064. <DEFAULTINSTALLPATHLIST>
  19065. </DEFAULTINSTALLPATHLIST>
  19066. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19067. <CONDITIONLIST>
  19068. <CONDITION>MD5=7b356b3a63130005ca3cbc1761b9a2b0</CONDITION>
  19069. </CONDITIONLIST>
  19070. <OPERATOR>AND</OPERATOR>
  19071. <THREATLEVEL>10</THREATLEVEL>
  19072. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19073. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19074. </PROCESSDESCRIPTOR>
  19075. <PROCESSDESCRIPTOR>
  19076. <ID>2380</ID>
  19077. <PROCESSLIST>
  19078. <PROCESS>*</PROCESS>
  19079. <PROCESS>(IVJQEQF.EXE)</PROCESS>
  19080. </PROCESSLIST>
  19081. <CLSIDLIST>
  19082. </CLSIDLIST>
  19083. <SUMMARY>Undefined Process (IVJQEQF.EXE)</SUMMARY>
  19084. <DEFAULTINSTALLPATHLIST>
  19085. </DEFAULTINSTALLPATHLIST>
  19086. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19087. <CONDITIONLIST>
  19088. <CONDITION>MD5=16459de619aac95c1c5699869158f6fa</CONDITION>
  19089. </CONDITIONLIST>
  19090. <OPERATOR>AND</OPERATOR>
  19091. <THREATLEVEL>10</THREATLEVEL>
  19092. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19093. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19094. </PROCESSDESCRIPTOR>
  19095. <PROCESSDESCRIPTOR>
  19096. <ID>2381</ID>
  19097. <PROCESSLIST>
  19098. <PROCESS>DATEMANAGER.EXE</PROCESS>
  19099. </PROCESSLIST>
  19100. <CLSIDLIST>
  19101. </CLSIDLIST>
  19102. <SUMMARY>DateManager</SUMMARY>
  19103. <DEFAULTINSTALLPATHLIST>
  19104. </DEFAULTINSTALLPATHLIST>
  19105. <CATEGORY>ADWARE</CATEGORY>
  19106. <CONDITIONLIST>
  19107. </CONDITIONLIST>
  19108. <OPERATOR>AND</OPERATOR>
  19109. <THREATLEVEL>5</THREATLEVEL>
  19110. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  19111. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  19112. </PROCESSDESCRIPTOR>
  19113. <PROCESSDESCRIPTOR>
  19114. <ID>2383</ID>
  19115. <PROCESSLIST>
  19116. <PROCESS>LSASSS.EXE</PROCESS>
  19117. </PROCESSLIST>
  19118. <CLSIDLIST>
  19119. </CLSIDLIST>
  19120. <SUMMARY>SASSER.E Worm</SUMMARY>
  19121. <DEFAULTINSTALLPATHLIST>
  19122. </DEFAULTINSTALLPATHLIST>
  19123. <CATEGORY>WORM</CATEGORY>
  19124. <CONDITIONLIST>
  19125. </CONDITIONLIST>
  19126. <OPERATOR>AND</OPERATOR>
  19127. <THREATLEVEL>10</THREATLEVEL>
  19128. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19129. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19130. </PROCESSDESCRIPTOR>
  19131. <PROCESSDESCRIPTOR>
  19132. <ID>2384</ID>
  19133. <PROCESSLIST>
  19134. <PROCESS>PWRSACEZ.DLL</PROCESS>
  19135. </PROCESSLIST>
  19136. <CLSIDLIST>
  19137. <CLSID>{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}</CLSID>
  19138. </CLSIDLIST>
  19139. <SUMMARY>KeenValue Adware BHO</SUMMARY>
  19140. <DEFAULTINSTALLPATHLIST>
  19141. </DEFAULTINSTALLPATHLIST>
  19142. <CATEGORY>ADWARE</CATEGORY>
  19143. <CONDITIONLIST>
  19144. </CONDITIONLIST>
  19145. <OPERATOR>AND</OPERATOR>
  19146. <THREATLEVEL>10</THREATLEVEL>
  19147. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19148. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19149. </PROCESSDESCRIPTOR>
  19150. <PROCESSDESCRIPTOR>
  19151. <ID>2385</ID>
  19152. <PROCESSLIST>
  19153. <PROCESS>*</PROCESS>
  19154. <PROCESS>(VOYPONMG.EXE)</PROCESS>
  19155. </PROCESSLIST>
  19156. <CLSIDLIST>
  19157. </CLSIDLIST>
  19158. <SUMMARY>Unknown Process (VOYPONMG.EXE)</SUMMARY>
  19159. <DEFAULTINSTALLPATHLIST>
  19160. </DEFAULTINSTALLPATHLIST>
  19161. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19162. <CONDITIONLIST>
  19163. <CONDITION>MD5=9bbb8d733c26477c94b911a749ce4132</CONDITION>
  19164. </CONDITIONLIST>
  19165. <OPERATOR>AND</OPERATOR>
  19166. <THREATLEVEL>10</THREATLEVEL>
  19167. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19168. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19169. </PROCESSDESCRIPTOR>
  19170. <PROCESSDESCRIPTOR>
  19171. <ID>2391</ID>
  19172. <PROCESSLIST>
  19173. <PROCESS>*</PROCESS>
  19174. <PROCESS>(PCGLAVCG.EXE)</PROCESS>
  19175. </PROCESSLIST>
  19176. <CLSIDLIST>
  19177. </CLSIDLIST>
  19178. <SUMMARY>Unknown Process (PCGLAVCG.EXE)</SUMMARY>
  19179. <DEFAULTINSTALLPATHLIST>
  19180. </DEFAULTINSTALLPATHLIST>
  19181. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19182. <CONDITIONLIST>
  19183. <CONDITION>MD5=4fef7f94e87a3d4e5ceb49f187f90738</CONDITION>
  19184. </CONDITIONLIST>
  19185. <OPERATOR>AND</OPERATOR>
  19186. <THREATLEVEL>10</THREATLEVEL>
  19187. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19188. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19189. </PROCESSDESCRIPTOR>
  19190. <PROCESSDESCRIPTOR>
  19191. <ID>2392</ID>
  19192. <PROCESSLIST>
  19193. <PROCESS>EVTHTM.EXE</PROCESS>
  19194. </PROCESSLIST>
  19195. <CLSIDLIST>
  19196. </CLSIDLIST>
  19197. <SUMMARY>EVTHTM.EXE</SUMMARY>
  19198. <DEFAULTINSTALLPATHLIST>
  19199. </DEFAULTINSTALLPATHLIST>
  19200. <CATEGORY>DIALER</CATEGORY>
  19201. <CONDITIONLIST>
  19202. <CONDITION>FILELOCATION~system</CONDITION>
  19203. </CONDITIONLIST>
  19204. <OPERATOR>AND</OPERATOR>
  19205. <THREATLEVEL>10</THREATLEVEL>
  19206. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19207. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19208. </PROCESSDESCRIPTOR>
  19209. <PROCESSDESCRIPTOR>
  19210. <ID>2393</ID>
  19211. <PROCESSLIST>
  19212. <PROCESS>VIRGINS.EXE</PROCESS>
  19213. </PROCESSLIST>
  19214. <CLSIDLIST>
  19215. </CLSIDLIST>
  19216. <SUMMARY>VIRGINS.EXE</SUMMARY>
  19217. <DEFAULTINSTALLPATHLIST>
  19218. </DEFAULTINSTALLPATHLIST>
  19219. <CATEGORY>DIALER</CATEGORY>
  19220. <CONDITIONLIST>
  19221. <CONDITION>FILELOCATION~dialer</CONDITION>
  19222. </CONDITIONLIST>
  19223. <OPERATOR>AND</OPERATOR>
  19224. <THREATLEVEL>10</THREATLEVEL>
  19225. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19226. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19227. </PROCESSDESCRIPTOR>
  19228. <PROCESSDESCRIPTOR>
  19229. <ID>2410</ID>
  19230. <PROCESSLIST>
  19231. <PROCESS>WINSYNC.EXE</PROCESS>
  19232. <PROCESS>SYNCROAD.EXE</PROCESS>
  19233. </PROCESSLIST>
  19234. <CLSIDLIST>
  19235. </CLSIDLIST>
  19236. <SUMMARY>Windows SyncroAd Adware Components</SUMMARY>
  19237. <DEFAULTINSTALLPATHLIST>
  19238. </DEFAULTINSTALLPATHLIST>
  19239. <CATEGORY>ADWARE</CATEGORY>
  19240. <CONDITIONLIST>
  19241. <CONDITION>FILELOCATION~SyncroAd</CONDITION>
  19242. </CONDITIONLIST>
  19243. <OPERATOR>AND</OPERATOR>
  19244. <THREATLEVEL>10</THREATLEVEL>
  19245. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19246. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19247. </PROCESSDESCRIPTOR>
  19248. <PROCESSDESCRIPTOR>
  19249. <ID>2411</ID>
  19250. <PROCESSLIST>
  19251. <PROCESS>*</PROCESS>
  19252. <PROCESS>AMCIS.DLL</PROCESS>
  19253. <PROCESS>AMCIS2.DLL</PROCESS>
  19254. </PROCESSLIST>
  19255. <CLSIDLIST>
  19256. <CLSID>{EBBFE27C-BDF0-11D2-BBE5-00609419F467}</CLSID>
  19257. </CLSIDLIST>
  19258. <SUMMARY>Stub Loader Module BHO</SUMMARY>
  19259. <DEFAULTINSTALLPATHLIST>
  19260. </DEFAULTINSTALLPATHLIST>
  19261. <CATEGORY>ADWARE</CATEGORY>
  19262. <CONDITIONLIST>
  19263. </CONDITIONLIST>
  19264. <OPERATOR>AND</OPERATOR>
  19265. <THREATLEVEL>10</THREATLEVEL>
  19266. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19267. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19268. </PROCESSDESCRIPTOR>
  19269. <PROCESSDESCRIPTOR>
  19270. <ID>2412</ID>
  19271. <PROCESSLIST>
  19272. <PROCESS>SEARCHUPGRADER.EXE</PROCESS>
  19273. </PROCESSLIST>
  19274. <CLSIDLIST>
  19275. </CLSIDLIST>
  19276. <SUMMARY>KeenValue SearchUpgrader Adware</SUMMARY>
  19277. <DEFAULTINSTALLPATHLIST>
  19278. </DEFAULTINSTALLPATHLIST>
  19279. <CATEGORY>ADWARE</CATEGORY>
  19280. <CONDITIONLIST>
  19281. </CONDITIONLIST>
  19282. <OPERATOR>AND</OPERATOR>
  19283. <THREATLEVEL>10</THREATLEVEL>
  19284. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19285. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19286. </PROCESSDESCRIPTOR>
  19287. <PROCESSDESCRIPTOR>
  19288. <ID>2413</ID>
  19289. <PROCESSLIST>
  19290. <PROCESS>*</PROCESS>
  19291. <PROCESS>(SVCHST.EXE)</PROCESS>
  19292. <PROCESS>(WINAGENT.EXE)</PROCESS>
  19293. </PROCESSLIST>
  19294. <CLSIDLIST>
  19295. </CLSIDLIST>
  19296. <SUMMARY>SVCHST.EXE</SUMMARY>
  19297. <DEFAULTINSTALLPATHLIST>
  19298. </DEFAULTINSTALLPATHLIST>
  19299. <CATEGORY>DIALER</CATEGORY>
  19300. <CONDITIONLIST>
  19301. <CONDITION>MD5=f0225bf20873226df2bb5be28a22fddf</CONDITION>
  19302. </CONDITIONLIST>
  19303. <OPERATOR>AND</OPERATOR>
  19304. <THREATLEVEL>10</THREATLEVEL>
  19305. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19306. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19307. </PROCESSDESCRIPTOR>
  19308. <PROCESSDESCRIPTOR>
  19309. <ID>2414</ID>
  19310. <PROCESSLIST>
  19311. <PROCESS>SVCHOSTT.EXE</PROCESS>
  19312. </PROCESSLIST>
  19313. <CLSIDLIST>
  19314. </CLSIDLIST>
  19315. <SUMMARY>WSAConfiguration Worm</SUMMARY>
  19316. <DEFAULTINSTALLPATHLIST>
  19317. </DEFAULTINSTALLPATHLIST>
  19318. <CATEGORY>WORM</CATEGORY>
  19319. <CONDITIONLIST>
  19320. <CONDITION>FILELOCATION~system</CONDITION>
  19321. </CONDITIONLIST>
  19322. <OPERATOR>AND</OPERATOR>
  19323. <THREATLEVEL>10</THREATLEVEL>
  19324. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19325. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19326. </PROCESSDESCRIPTOR>
  19327. <PROCESSDESCRIPTOR>
  19328. <ID>2415</ID>
  19329. <PROCESSLIST>
  19330. <PROCESS>*</PROCESS>
  19331. <PROCESS>(STCGA11N.EXE)</PROCESS>
  19332. <PROCESS>(FRE0_32.EXE)</PROCESS>
  19333. </PROCESSLIST>
  19334. <CLSIDLIST>
  19335. </CLSIDLIST>
  19336. <SUMMARY>Unknown Process (STCGA11N.EXE)</SUMMARY>
  19337. <DEFAULTINSTALLPATHLIST>
  19338. </DEFAULTINSTALLPATHLIST>
  19339. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19340. <CONDITIONLIST>
  19341. <CONDITION>MD5=e37ef3caec59d1a92e8681904883f5f5</CONDITION>
  19342. </CONDITIONLIST>
  19343. <OPERATOR>AND</OPERATOR>
  19344. <THREATLEVEL>10</THREATLEVEL>
  19345. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19346. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19347. </PROCESSDESCRIPTOR>
  19348. <PROCESSDESCRIPTOR>
  19349. <ID>2416</ID>
  19350. <PROCESSLIST>
  19351. <PROCESS>*</PROCESS>
  19352. <PROCESS>(SWP256.EXE)</PROCESS>
  19353. </PROCESSLIST>
  19354. <CLSIDLIST>
  19355. </CLSIDLIST>
  19356. <SUMMARY>Unknown Process (SWP256.EXE)</SUMMARY>
  19357. <DEFAULTINSTALLPATHLIST>
  19358. </DEFAULTINSTALLPATHLIST>
  19359. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19360. <CONDITIONLIST>
  19361. <CONDITION>MD5=facc179603fa874feab477891ee8aabe</CONDITION>
  19362. </CONDITIONLIST>
  19363. <OPERATOR>AND</OPERATOR>
  19364. <THREATLEVEL>10</THREATLEVEL>
  19365. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19366. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19367. </PROCESSDESCRIPTOR>
  19368. <PROCESSDESCRIPTOR>
  19369. <ID>2417</ID>
  19370. <PROCESSLIST>
  19371. <PROCESS>SOFT.EXE</PROCESS>
  19372. </PROCESSLIST>
  19373. <CLSIDLIST>
  19374. </CLSIDLIST>
  19375. <SUMMARY>BeavButt.A Trojan</SUMMARY>
  19376. <DEFAULTINSTALLPATHLIST>
  19377. </DEFAULTINSTALLPATHLIST>
  19378. <CATEGORY>TROJAN</CATEGORY>
  19379. <CONDITIONLIST>
  19380. <CONDITION>FILELOCATION~system</CONDITION>
  19381. </CONDITIONLIST>
  19382. <OPERATOR>AND</OPERATOR>
  19383. <THREATLEVEL>10</THREATLEVEL>
  19384. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19385. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19386. </PROCESSDESCRIPTOR>
  19387. <PROCESSDESCRIPTOR>
  19388. <ID>2418</ID>
  19389. <PROCESSLIST>
  19390. <PROCESS>*</PROCESS>
  19391. <PROCESS>(FMWEBK.EXE)</PROCESS>
  19392. </PROCESSLIST>
  19393. <CLSIDLIST>
  19394. </CLSIDLIST>
  19395. <SUMMARY>Unknown Process (FMWEBK.EXE)</SUMMARY>
  19396. <DEFAULTINSTALLPATHLIST>
  19397. </DEFAULTINSTALLPATHLIST>
  19398. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19399. <CONDITIONLIST>
  19400. <CONDITION>MD5=57b4c8b61e0b8a3eea58f5e5891647a7</CONDITION>
  19401. </CONDITIONLIST>
  19402. <OPERATOR>AND</OPERATOR>
  19403. <THREATLEVEL>10</THREATLEVEL>
  19404. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19405. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19406. </PROCESSDESCRIPTOR>
  19407. <PROCESSDESCRIPTOR>
  19408. <ID>2419</ID>
  19409. <PROCESSLIST>
  19410. <PROCESS>*</PROCESS>
  19411. <PROCESS>(OGRGVLRA.EXE)</PROCESS>
  19412. </PROCESSLIST>
  19413. <CLSIDLIST>
  19414. </CLSIDLIST>
  19415. <SUMMARY>Unknown Process (OGRGVLRA.EXE)</SUMMARY>
  19416. <DEFAULTINSTALLPATHLIST>
  19417. </DEFAULTINSTALLPATHLIST>
  19418. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19419. <CONDITIONLIST>
  19420. <CONDITION>MD5=f7e34435378cf5a9d74ce12e4636bd4c</CONDITION>
  19421. </CONDITIONLIST>
  19422. <OPERATOR>AND</OPERATOR>
  19423. <THREATLEVEL>10</THREATLEVEL>
  19424. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19425. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19426. </PROCESSDESCRIPTOR>
  19427. <PROCESSDESCRIPTOR>
  19428. <ID>2420</ID>
  19429. <PROCESSLIST>
  19430. <PROCESS>*</PROCESS>
  19431. <PROCESS>(Q9OOI3.EXE)</PROCESS>
  19432. </PROCESSLIST>
  19433. <CLSIDLIST>
  19434. </CLSIDLIST>
  19435. <SUMMARY>Unknown Process (Q9OOI3.EXE)</SUMMARY>
  19436. <DEFAULTINSTALLPATHLIST>
  19437. </DEFAULTINSTALLPATHLIST>
  19438. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19439. <CONDITIONLIST>
  19440. <CONDITION>MD5=ba880ad48e30f55a6e2b0c09202fdbcc</CONDITION>
  19441. </CONDITIONLIST>
  19442. <OPERATOR>AND</OPERATOR>
  19443. <THREATLEVEL>10</THREATLEVEL>
  19444. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19445. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19446. </PROCESSDESCRIPTOR>
  19447. <PROCESSDESCRIPTOR>
  19448. <ID>2421</ID>
  19449. <PROCESSLIST>
  19450. <PROCESS>*</PROCESS>
  19451. <PROCESS>(TMPF00.EXE)</PROCESS>
  19452. <PROCESS>(TMPF01.EXE)</PROCESS>
  19453. </PROCESSLIST>
  19454. <CLSIDLIST>
  19455. </CLSIDLIST>
  19456. <SUMMARY>Unknown Processes (TMPF0X.EXE)</SUMMARY>
  19457. <DEFAULTINSTALLPATHLIST>
  19458. </DEFAULTINSTALLPATHLIST>
  19459. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19460. <CONDITIONLIST>
  19461. <CONDITION>MD5=4502461faa90764eab16eac74f00c14b</CONDITION>
  19462. </CONDITIONLIST>
  19463. <OPERATOR>AND</OPERATOR>
  19464. <THREATLEVEL>10</THREATLEVEL>
  19465. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19466. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19467. </PROCESSDESCRIPTOR>
  19468. <PROCESSDESCRIPTOR>
  19469. <ID>2422</ID>
  19470. <PROCESSLIST>
  19471. <PROCESS>*</PROCESS>
  19472. <PROCESS>(RUBZI239.EXE)</PROCESS>
  19473. </PROCESSLIST>
  19474. <CLSIDLIST>
  19475. </CLSIDLIST>
  19476. <SUMMARY>Unknown Process (RUBZI239.EXE)</SUMMARY>
  19477. <DEFAULTINSTALLPATHLIST>
  19478. </DEFAULTINSTALLPATHLIST>
  19479. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19480. <CONDITIONLIST>
  19481. <CONDITION>MD5=1cdeebe4074b5287c9014726e112af00</CONDITION>
  19482. </CONDITIONLIST>
  19483. <OPERATOR>AND</OPERATOR>
  19484. <THREATLEVEL>10</THREATLEVEL>
  19485. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19486. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19487. </PROCESSDESCRIPTOR>
  19488. <PROCESSDESCRIPTOR>
  19489. <ID>2423</ID>
  19490. <PROCESSLIST>
  19491. <PROCESS>*</PROCESS>
  19492. <PROCESS>(PYL0XCYHC.EXE)</PROCESS>
  19493. </PROCESSLIST>
  19494. <CLSIDLIST>
  19495. </CLSIDLIST>
  19496. <SUMMARY>Unknown Process (PYL0XCYHC.EXE)</SUMMARY>
  19497. <DEFAULTINSTALLPATHLIST>
  19498. </DEFAULTINSTALLPATHLIST>
  19499. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19500. <CONDITIONLIST>
  19501. <CONDITION>MD5=e6d9260007a17f864f7ee7a7deaad2ca</CONDITION>
  19502. </CONDITIONLIST>
  19503. <OPERATOR>AND</OPERATOR>
  19504. <THREATLEVEL>10</THREATLEVEL>
  19505. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19506. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19507. </PROCESSDESCRIPTOR>
  19508. <PROCESSDESCRIPTOR>
  19509. <ID>2424</ID>
  19510. <PROCESSLIST>
  19511. <PROCESS>*</PROCESS>
  19512. <PROCESS>(QDXJSZ.EXE)</PROCESS>
  19513. </PROCESSLIST>
  19514. <CLSIDLIST>
  19515. </CLSIDLIST>
  19516. <SUMMARY>Unknown Process (QDXJSZ.EXE)</SUMMARY>
  19517. <DEFAULTINSTALLPATHLIST>
  19518. </DEFAULTINSTALLPATHLIST>
  19519. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19520. <CONDITIONLIST>
  19521. <CONDITION>MD5=42955ca0e651f6e8c4db89fea24d8c74</CONDITION>
  19522. </CONDITIONLIST>
  19523. <OPERATOR>AND</OPERATOR>
  19524. <THREATLEVEL>10</THREATLEVEL>
  19525. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19526. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19527. </PROCESSDESCRIPTOR>
  19528. <PROCESSDESCRIPTOR>
  19529. <ID>2425</ID>
  19530. <PROCESSLIST>
  19531. <PROCESS>*</PROCESS>
  19532. <PROCESS>(WINFBFE32.EXE)</PROCESS>
  19533. </PROCESSLIST>
  19534. <CLSIDLIST>
  19535. </CLSIDLIST>
  19536. <SUMMARY>Unknown Process (WINFBFE32.EXE)</SUMMARY>
  19537. <DEFAULTINSTALLPATHLIST>
  19538. </DEFAULTINSTALLPATHLIST>
  19539. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19540. <CONDITIONLIST>
  19541. <CONDITION>MD5=cc62a5caf7dcbcc51647d854de3e6b2c</CONDITION>
  19542. </CONDITIONLIST>
  19543. <OPERATOR>AND</OPERATOR>
  19544. <THREATLEVEL>10</THREATLEVEL>
  19545. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19546. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19547. </PROCESSDESCRIPTOR>
  19548. <PROCESSDESCRIPTOR>
  19549. <ID>2426</ID>
  19550. <PROCESSLIST>
  19551. <PROCESS>*</PROCESS>
  19552. <PROCESS>(WFYWBTZ.EXE)</PROCESS>
  19553. </PROCESSLIST>
  19554. <CLSIDLIST>
  19555. </CLSIDLIST>
  19556. <SUMMARY>Unknown Process (WFYWBTZ.EXE)</SUMMARY>
  19557. <DEFAULTINSTALLPATHLIST>
  19558. </DEFAULTINSTALLPATHLIST>
  19559. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19560. <CONDITIONLIST>
  19561. <CONDITION>MD5=74a42f94de3088ab95853f8c89378f95</CONDITION>
  19562. </CONDITIONLIST>
  19563. <OPERATOR>AND</OPERATOR>
  19564. <THREATLEVEL>10</THREATLEVEL>
  19565. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19566. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19567. </PROCESSDESCRIPTOR>
  19568. <PROCESSDESCRIPTOR>
  19569. <ID>2427</ID>
  19570. <PROCESSLIST>
  19571. <PROCESS>*</PROCESS>
  19572. <PROCESS>(XCUF.EXE)</PROCESS>
  19573. </PROCESSLIST>
  19574. <CLSIDLIST>
  19575. </CLSIDLIST>
  19576. <SUMMARY>Unknown Process (XCUF.EXE)</SUMMARY>
  19577. <DEFAULTINSTALLPATHLIST>
  19578. </DEFAULTINSTALLPATHLIST>
  19579. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19580. <CONDITIONLIST>
  19581. <CONDITION>MD5=ec6d0ee829ba9e5991cd62cdd03dbb20</CONDITION>
  19582. </CONDITIONLIST>
  19583. <OPERATOR>AND</OPERATOR>
  19584. <THREATLEVEL>10</THREATLEVEL>
  19585. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19586. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19587. </PROCESSDESCRIPTOR>
  19588. <PROCESSDESCRIPTOR>
  19589. <ID>2428</ID>
  19590. <PROCESSLIST>
  19591. <PROCESS>*</PROCESS>
  19592. <PROCESS>(WYS.EXE)</PROCESS>
  19593. </PROCESSLIST>
  19594. <CLSIDLIST>
  19595. </CLSIDLIST>
  19596. <SUMMARY>Unknown Process (WYS.EXE)</SUMMARY>
  19597. <DEFAULTINSTALLPATHLIST>
  19598. </DEFAULTINSTALLPATHLIST>
  19599. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19600. <CONDITIONLIST>
  19601. <CONDITION>MD5=55fa80bda8923ec59e71fd9d8938ba3e</CONDITION>
  19602. </CONDITIONLIST>
  19603. <OPERATOR>AND</OPERATOR>
  19604. <THREATLEVEL>10</THREATLEVEL>
  19605. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19606. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19607. </PROCESSDESCRIPTOR>
  19608. <PROCESSDESCRIPTOR>
  19609. <ID>2429</ID>
  19610. <PROCESSLIST>
  19611. <PROCESS>DAILYTOOLBAR.DLL</PROCESS>
  19612. </PROCESSLIST>
  19613. <CLSIDLIST>
  19614. <CLSID>{8333C319-0669-4893-A418-F56D9249FCA6}</CLSID>
  19615. </CLSIDLIST>
  19616. <SUMMARY>DailyToolbar Adware Toolbar</SUMMARY>
  19617. <DEFAULTINSTALLPATHLIST>
  19618. </DEFAULTINSTALLPATHLIST>
  19619. <CATEGORY>ADWARE</CATEGORY>
  19620. <CONDITIONLIST>
  19621. </CONDITIONLIST>
  19622. <OPERATOR>AND</OPERATOR>
  19623. <THREATLEVEL>10</THREATLEVEL>
  19624. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19625. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19626. </PROCESSDESCRIPTOR>
  19627. <PROCESSDESCRIPTOR>
  19628. <ID>2430</ID>
  19629. <PROCESSLIST>
  19630. <PROCESS>*</PROCESS>
  19631. <PROCESS>SBCIE027.DLL</PROCESS>
  19632. <PROCESS>SBCIE026.DLL</PROCESS>
  19633. <PROCESS>SBCIE0261.DLL</PROCESS>
  19634. <PROCESS>SBCIE028.DLL</PROCESS>
  19635. </PROCESSLIST>
  19636. <CLSIDLIST>
  19637. <CLSID>{08351227-6472-43BD-8A40-D9221FF1C4CE}</CLSID>
  19638. <CLSID>{08361226-6472-43BD-8A40-D9221FF1C4CE}</CLSID>
  19639. <CLSID>{08351226-6472-43BD-8A40-D9221FF1C4CE}</CLSID>
  19640. <CLSID>{08361227-6472-43BD-8A40-D9221FF1C4CE}</CLSID>
  19641. <CLSID>{83B28A74-640D-48F4-9F51-E80EED7CC7E0}</CLSID>
  19642. </CLSIDLIST>
  19643. <SUMMARY>SideStep Adware Browser Helper Object / Explorer Bars</SUMMARY>
  19644. <DEFAULTINSTALLPATHLIST>
  19645. </DEFAULTINSTALLPATHLIST>
  19646. <CATEGORY>ADWARE</CATEGORY>
  19647. <CONDITIONLIST>
  19648. </CONDITIONLIST>
  19649. <OPERATOR>AND</OPERATOR>
  19650. <THREATLEVEL>10</THREATLEVEL>
  19651. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19652. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19653. </PROCESSDESCRIPTOR>
  19654. <PROCESSDESCRIPTOR>
  19655. <ID>2431</ID>
  19656. <PROCESSLIST>
  19657. <PROCESS>*</PROCESS>
  19658. <PROCESS>(MSOBJS.EXE)</PROCESS>
  19659. </PROCESSLIST>
  19660. <CLSIDLIST>
  19661. </CLSIDLIST>
  19662. <SUMMARY>Unknown Process (MSOBJS.EXE)</SUMMARY>
  19663. <DEFAULTINSTALLPATHLIST>
  19664. </DEFAULTINSTALLPATHLIST>
  19665. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19666. <CONDITIONLIST>
  19667. <CONDITION>MD5=a5a2d1ed847c56f5aaa9074774486508</CONDITION>
  19668. <CONDITION>MD5=7AF61DAC853546FFA111EF806B3CE541</CONDITION>
  19669. </CONDITIONLIST>
  19670. <OPERATOR>OR</OPERATOR>
  19671. <THREATLEVEL>10</THREATLEVEL>
  19672. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19673. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19674. </PROCESSDESCRIPTOR>
  19675. <PROCESSDESCRIPTOR>
  19676. <ID>2432</ID>
  19677. <PROCESSLIST>
  19678. <PROCESS>*</PROCESS>
  19679. <PROCESS>(BDIVEL.EXE)</PROCESS>
  19680. </PROCESSLIST>
  19681. <CLSIDLIST>
  19682. </CLSIDLIST>
  19683. <SUMMARY>Undefined Process (BDIVEL.EXE)</SUMMARY>
  19684. <DEFAULTINSTALLPATHLIST>
  19685. </DEFAULTINSTALLPATHLIST>
  19686. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19687. <CONDITIONLIST>
  19688. <CONDITION>MD5=1e34d43cb9988e1f4a8b48f5cabd2706</CONDITION>
  19689. </CONDITIONLIST>
  19690. <OPERATOR>AND</OPERATOR>
  19691. <THREATLEVEL>10</THREATLEVEL>
  19692. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19693. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19694. </PROCESSDESCRIPTOR>
  19695. <PROCESSDESCRIPTOR>
  19696. <ID>2433</ID>
  19697. <PROCESSLIST>
  19698. <PROCESS>*</PROCESS>
  19699. <PROCESS>(NKQQ5.EXE)</PROCESS>
  19700. </PROCESSLIST>
  19701. <CLSIDLIST>
  19702. </CLSIDLIST>
  19703. <SUMMARY>Unknown Process (NKQQ5.EXE)</SUMMARY>
  19704. <DEFAULTINSTALLPATHLIST>
  19705. </DEFAULTINSTALLPATHLIST>
  19706. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19707. <CONDITIONLIST>
  19708. <CONDITION>MD5=fb7343076d6798b633b86ff634fd7430</CONDITION>
  19709. </CONDITIONLIST>
  19710. <OPERATOR>AND</OPERATOR>
  19711. <THREATLEVEL>10</THREATLEVEL>
  19712. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19713. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19714. </PROCESSDESCRIPTOR>
  19715. <PROCESSDESCRIPTOR>
  19716. <ID>2434</ID>
  19717. <PROCESSLIST>
  19718. <PROCESS>*</PROCESS>
  19719. <PROCESS>(CDSM3239.EXE)</PROCESS>
  19720. </PROCESSLIST>
  19721. <CLSIDLIST>
  19722. </CLSIDLIST>
  19723. <SUMMARY>Unknown Process (CDSM3239.EXE)</SUMMARY>
  19724. <DEFAULTINSTALLPATHLIST>
  19725. </DEFAULTINSTALLPATHLIST>
  19726. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19727. <CONDITIONLIST>
  19728. <CONDITION>MD5=4c1ac635b91753b4879cac796f8cbf64</CONDITION>
  19729. </CONDITIONLIST>
  19730. <OPERATOR>AND</OPERATOR>
  19731. <THREATLEVEL>10</THREATLEVEL>
  19732. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19733. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19734. </PROCESSDESCRIPTOR>
  19735. <PROCESSDESCRIPTOR>
  19736. <ID>2435</ID>
  19737. <PROCESSLIST>
  19738. <PROCESS>*</PROCESS>
  19739. <PROCESS>(KSSS.EXE)</PROCESS>
  19740. </PROCESSLIST>
  19741. <CLSIDLIST>
  19742. </CLSIDLIST>
  19743. <SUMMARY>Undefined Process (KSSS.EXE)</SUMMARY>
  19744. <DEFAULTINSTALLPATHLIST>
  19745. </DEFAULTINSTALLPATHLIST>
  19746. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19747. <CONDITIONLIST>
  19748. <CONDITION>MD5=3cc32c14af15863e5c4903d729ff03b1</CONDITION>
  19749. </CONDITIONLIST>
  19750. <OPERATOR>AND</OPERATOR>
  19751. <THREATLEVEL>10</THREATLEVEL>
  19752. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19753. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19754. </PROCESSDESCRIPTOR>
  19755. <PROCESSDESCRIPTOR>
  19756. <ID>2436</ID>
  19757. <PROCESSLIST>
  19758. <PROCESS>*</PROCESS>
  19759. <PROCESS>(MFCBX.EXE)</PROCESS>
  19760. </PROCESSLIST>
  19761. <CLSIDLIST>
  19762. </CLSIDLIST>
  19763. <SUMMARY>Unknown Process (MFCBX.EXE)</SUMMARY>
  19764. <DEFAULTINSTALLPATHLIST>
  19765. </DEFAULTINSTALLPATHLIST>
  19766. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19767. <CONDITIONLIST>
  19768. <CONDITION>MD5=c8eccc63300601bc9f69c7160b31dd2c</CONDITION>
  19769. </CONDITIONLIST>
  19770. <OPERATOR>AND</OPERATOR>
  19771. <THREATLEVEL>10</THREATLEVEL>
  19772. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19773. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19774. </PROCESSDESCRIPTOR>
  19775. <PROCESSDESCRIPTOR>
  19776. <ID>2437</ID>
  19777. <PROCESSLIST>
  19778. <PROCESS>*</PROCESS>
  19779. <PROCESS>(2LESS.EXE)</PROCESS>
  19780. </PROCESSLIST>
  19781. <CLSIDLIST>
  19782. </CLSIDLIST>
  19783. <SUMMARY>Adware.Lop.Process</SUMMARY>
  19784. <DEFAULTINSTALLPATHLIST>
  19785. </DEFAULTINSTALLPATHLIST>
  19786. <CATEGORY>ADWARE</CATEGORY>
  19787. <CONDITIONLIST>
  19788. <CONDITION>MD5=3015e91ac7e020e14e57631403c28d70</CONDITION>
  19789. </CONDITIONLIST>
  19790. <OPERATOR>AND</OPERATOR>
  19791. <THREATLEVEL>10</THREATLEVEL>
  19792. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19793. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19794. </PROCESSDESCRIPTOR>
  19795. <PROCESSDESCRIPTOR>
  19796. <ID>2438</ID>
  19797. <PROCESSLIST>
  19798. <PROCESS>*</PROCESS>
  19799. <PROCESS>(ACID ADMIN FUNK.EXE)</PROCESS>
  19800. </PROCESSLIST>
  19801. <CLSIDLIST>
  19802. </CLSIDLIST>
  19803. <SUMMARY>Adware.Lop.Process</SUMMARY>
  19804. <DEFAULTINSTALLPATHLIST>
  19805. </DEFAULTINSTALLPATHLIST>
  19806. <CATEGORY>ADWARE</CATEGORY>
  19807. <CONDITIONLIST>
  19808. <CONDITION>MD5=7ef573ba687a75e74e5b6142a76e0279</CONDITION>
  19809. </CONDITIONLIST>
  19810. <OPERATOR>AND</OPERATOR>
  19811. <THREATLEVEL>10</THREATLEVEL>
  19812. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19813. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19814. </PROCESSDESCRIPTOR>
  19815. <PROCESSDESCRIPTOR>
  19816. <ID>2439</ID>
  19817. <PROCESSLIST>
  19818. <PROCESS>*</PROCESS>
  19819. <PROCESS>(STOPBA~1.EXE)</PROCESS>
  19820. </PROCESSLIST>
  19821. <CLSIDLIST>
  19822. </CLSIDLIST>
  19823. <SUMMARY>Adware.Lop.Process</SUMMARY>
  19824. <DEFAULTINSTALLPATHLIST>
  19825. </DEFAULTINSTALLPATHLIST>
  19826. <CATEGORY>ADWARE</CATEGORY>
  19827. <CONDITIONLIST>
  19828. <CONDITION>MD5=c035efb30a0634720c955658a8499339</CONDITION>
  19829. </CONDITIONLIST>
  19830. <OPERATOR>AND</OPERATOR>
  19831. <THREATLEVEL>10</THREATLEVEL>
  19832. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19833. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19834. </PROCESSDESCRIPTOR>
  19835. <PROCESSDESCRIPTOR>
  19836. <ID>2449</ID>
  19837. <PROCESSLIST>
  19838. <PROCESS>ADV.DLL</PROCESS>
  19839. </PROCESSLIST>
  19840. <CLSIDLIST>
  19841. <CLSID>{9EAC0102-5E61-2312-BC2D-414456544F4E}</CLSID>
  19842. </CLSIDLIST>
  19843. <SUMMARY>CoolWebSearch Browser Helper Object</SUMMARY>
  19844. <DEFAULTINSTALLPATHLIST>
  19845. </DEFAULTINSTALLPATHLIST>
  19846. <CATEGORY>ADWARE</CATEGORY>
  19847. <CONDITIONLIST>
  19848. </CONDITIONLIST>
  19849. <OPERATOR>AND</OPERATOR>
  19850. <THREATLEVEL>10</THREATLEVEL>
  19851. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19852. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19853. </PROCESSDESCRIPTOR>
  19854. <PROCESSDESCRIPTOR>
  19855. <ID>2475</ID>
  19856. <PROCESSLIST>
  19857. <PROCESS>*</PROCESS>
  19858. <PROCESS>(IPOE.EXE)</PROCESS>
  19859. </PROCESSLIST>
  19860. <CLSIDLIST>
  19861. </CLSIDLIST>
  19862. <SUMMARY>Unknown Process (IPOE.EXE)</SUMMARY>
  19863. <DEFAULTINSTALLPATHLIST>
  19864. </DEFAULTINSTALLPATHLIST>
  19865. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19866. <CONDITIONLIST>
  19867. <CONDITION>MD5=77bca48f901317ed1136be3bb79fe1bd</CONDITION>
  19868. </CONDITIONLIST>
  19869. <OPERATOR>AND</OPERATOR>
  19870. <THREATLEVEL>10</THREATLEVEL>
  19871. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19872. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19873. </PROCESSDESCRIPTOR>
  19874. <PROCESSDESCRIPTOR>
  19875. <ID>2476</ID>
  19876. <PROCESSLIST>
  19877. <PROCESS>*</PROCESS>
  19878. <PROCESS>(IEVK32.EXE)</PROCESS>
  19879. </PROCESSLIST>
  19880. <CLSIDLIST>
  19881. </CLSIDLIST>
  19882. <SUMMARY>Unknown Process (IEVK32.EXE)</SUMMARY>
  19883. <DEFAULTINSTALLPATHLIST>
  19884. </DEFAULTINSTALLPATHLIST>
  19885. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19886. <CONDITIONLIST>
  19887. <CONDITION>MD5=bd5a9b7860190924b913b82f34ecf3a2</CONDITION>
  19888. </CONDITIONLIST>
  19889. <OPERATOR>AND</OPERATOR>
  19890. <THREATLEVEL>10</THREATLEVEL>
  19891. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19892. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19893. </PROCESSDESCRIPTOR>
  19894. <PROCESSDESCRIPTOR>
  19895. <ID>2477</ID>
  19896. <PROCESSLIST>
  19897. <PROCESS>*</PROCESS>
  19898. <PROCESS>(DBJYED.EXE)</PROCESS>
  19899. </PROCESSLIST>
  19900. <CLSIDLIST>
  19901. </CLSIDLIST>
  19902. <SUMMARY>Unknown Process (DBJYED.EXE)</SUMMARY>
  19903. <DEFAULTINSTALLPATHLIST>
  19904. </DEFAULTINSTALLPATHLIST>
  19905. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19906. <CONDITIONLIST>
  19907. <CONDITION>MD5=0b6f63c1b461d6c4d517605dee2f9976</CONDITION>
  19908. </CONDITIONLIST>
  19909. <OPERATOR>AND</OPERATOR>
  19910. <THREATLEVEL>10</THREATLEVEL>
  19911. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19912. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19913. </PROCESSDESCRIPTOR>
  19914. <PROCESSDESCRIPTOR>
  19915. <ID>2478</ID>
  19916. <PROCESSLIST>
  19917. <PROCESS>*</PROCESS>
  19918. <PROCESS>(EJ9PBMX.EXE)</PROCESS>
  19919. </PROCESSLIST>
  19920. <CLSIDLIST>
  19921. </CLSIDLIST>
  19922. <SUMMARY>Unknown Process (EJ9PBMX.EXE)</SUMMARY>
  19923. <DEFAULTINSTALLPATHLIST>
  19924. </DEFAULTINSTALLPATHLIST>
  19925. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19926. <CONDITIONLIST>
  19927. <CONDITION>MD5=3ca779c04c43867696cc993592940fa8</CONDITION>
  19928. </CONDITIONLIST>
  19929. <OPERATOR>AND</OPERATOR>
  19930. <THREATLEVEL>10</THREATLEVEL>
  19931. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19932. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19933. </PROCESSDESCRIPTOR>
  19934. <PROCESSDESCRIPTOR>
  19935. <ID>2479</ID>
  19936. <PROCESSLIST>
  19937. <PROCESS>*</PROCESS>
  19938. <PROCESS>(EQZJG91B.EXE)</PROCESS>
  19939. </PROCESSLIST>
  19940. <CLSIDLIST>
  19941. </CLSIDLIST>
  19942. <SUMMARY>Unknown Process (EQZJG91B.EXE)</SUMMARY>
  19943. <DEFAULTINSTALLPATHLIST>
  19944. </DEFAULTINSTALLPATHLIST>
  19945. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19946. <CONDITIONLIST>
  19947. <CONDITION>MD5=0133aa6ccbe32522c7fe056517db5b4b</CONDITION>
  19948. </CONDITIONLIST>
  19949. <OPERATOR>AND</OPERATOR>
  19950. <THREATLEVEL>10</THREATLEVEL>
  19951. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19952. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19953. </PROCESSDESCRIPTOR>
  19954. <PROCESSDESCRIPTOR>
  19955. <ID>2480</ID>
  19956. <PROCESSLIST>
  19957. <PROCESS>*</PROCESS>
  19958. <PROCESS>(USAI.EXE)</PROCESS>
  19959. </PROCESSLIST>
  19960. <CLSIDLIST>
  19961. </CLSIDLIST>
  19962. <SUMMARY>Unknown Process (USAI.EXE)</SUMMARY>
  19963. <DEFAULTINSTALLPATHLIST>
  19964. </DEFAULTINSTALLPATHLIST>
  19965. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  19966. <CONDITIONLIST>
  19967. <CONDITION>MD5=7e2c6c9f8c59964ee9c50123ce0989c3</CONDITION>
  19968. </CONDITIONLIST>
  19969. <OPERATOR>AND</OPERATOR>
  19970. <THREATLEVEL>10</THREATLEVEL>
  19971. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19972. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19973. </PROCESSDESCRIPTOR>
  19974. <PROCESSDESCRIPTOR>
  19975. <ID>2481</ID>
  19976. <PROCESSLIST>
  19977. <PROCESS>NTXP2.EXE</PROCESS>
  19978. </PROCESSLIST>
  19979. <CLSIDLIST>
  19980. </CLSIDLIST>
  19981. <SUMMARY>NT System Module</SUMMARY>
  19982. <DEFAULTINSTALLPATHLIST>
  19983. </DEFAULTINSTALLPATHLIST>
  19984. <CATEGORY>ADWARE</CATEGORY>
  19985. <CONDITIONLIST>
  19986. <CONDITION>FILELOCATION~system</CONDITION>
  19987. </CONDITIONLIST>
  19988. <OPERATOR>AND</OPERATOR>
  19989. <THREATLEVEL>10</THREATLEVEL>
  19990. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  19991. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  19992. </PROCESSDESCRIPTOR>
  19993. <PROCESSDESCRIPTOR>
  19994. <ID>2482</ID>
  19995. <PROCESSLIST>
  19996. <PROCESS>*</PROCESS>
  19997. <PROCESS>(LICENSEMEET.EXE)</PROCESS>
  19998. <PROCESS>(LICENS~1.EXE)</PROCESS>
  19999. </PROCESSLIST>
  20000. <CLSIDLIST>
  20001. </CLSIDLIST>
  20002. <SUMMARY>Adware.Lop.Process</SUMMARY>
  20003. <DEFAULTINSTALLPATHLIST>
  20004. </DEFAULTINSTALLPATHLIST>
  20005. <CATEGORY>ADWARE</CATEGORY>
  20006. <CONDITIONLIST>
  20007. <CONDITION>MD5=051d8c2a13246e0d7a855809d78cd8e7</CONDITION>
  20008. </CONDITIONLIST>
  20009. <OPERATOR>AND</OPERATOR>
  20010. <THREATLEVEL>10</THREATLEVEL>
  20011. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20012. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20013. </PROCESSDESCRIPTOR>
  20014. <PROCESSDESCRIPTOR>
  20015. <ID>2483</ID>
  20016. <PROCESSLIST>
  20017. <PROCESS>*</PROCESS>
  20018. <PROCESS>(GREY VIEW.EXE)</PROCESS>
  20019. </PROCESSLIST>
  20020. <CLSIDLIST>
  20021. </CLSIDLIST>
  20022. <SUMMARY>Adware.Lop.Process</SUMMARY>
  20023. <DEFAULTINSTALLPATHLIST>
  20024. </DEFAULTINSTALLPATHLIST>
  20025. <CATEGORY>ADWARE</CATEGORY>
  20026. <CONDITIONLIST>
  20027. <CONDITION>MD5=d585b61f983c2a527cead196dc9527c3</CONDITION>
  20028. </CONDITIONLIST>
  20029. <OPERATOR>AND</OPERATOR>
  20030. <THREATLEVEL>10</THREATLEVEL>
  20031. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20032. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20033. </PROCESSDESCRIPTOR>
  20034. <PROCESSDESCRIPTOR>
  20035. <ID>2490</ID>
  20036. <PROCESSLIST>
  20037. <PROCESS>TSMSETUP.EXE</PROCESS>
  20038. </PROCESSLIST>
  20039. <CLSIDLIST>
  20040. </CLSIDLIST>
  20041. <SUMMARY>Unknown Process (TSMSETUP.EXE)</SUMMARY>
  20042. <DEFAULTINSTALLPATHLIST>
  20043. </DEFAULTINSTALLPATHLIST>
  20044. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20045. <CONDITIONLIST>
  20046. <CONDITION>FILELOCATION~system</CONDITION>
  20047. </CONDITIONLIST>
  20048. <OPERATOR>AND</OPERATOR>
  20049. <THREATLEVEL>10</THREATLEVEL>
  20050. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20051. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20052. </PROCESSDESCRIPTOR>
  20053. <PROCESSDESCRIPTOR>
  20054. <ID>2491</ID>
  20055. <PROCESSLIST>
  20056. <PROCESS>SETHCD.EXE</PROCESS>
  20057. </PROCESSLIST>
  20058. <CLSIDLIST>
  20059. </CLSIDLIST>
  20060. <SUMMARY>Unknown Process (SETHCD.EXE)</SUMMARY>
  20061. <DEFAULTINSTALLPATHLIST>
  20062. </DEFAULTINSTALLPATHLIST>
  20063. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20064. <CONDITIONLIST>
  20065. <CONDITION>FILELOCATION~system</CONDITION>
  20066. </CONDITIONLIST>
  20067. <OPERATOR>AND</OPERATOR>
  20068. <THREATLEVEL>10</THREATLEVEL>
  20069. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20070. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20071. </PROCESSDESCRIPTOR>
  20072. <PROCESSDESCRIPTOR>
  20073. <ID>2492</ID>
  20074. <PROCESSLIST>
  20075. <PROCESS>SMBDINS.EXE</PROCESS>
  20076. </PROCESSLIST>
  20077. <CLSIDLIST>
  20078. </CLSIDLIST>
  20079. <SUMMARY>Unknown Process (SMBDINS.EXE)</SUMMARY>
  20080. <DEFAULTINSTALLPATHLIST>
  20081. </DEFAULTINSTALLPATHLIST>
  20082. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20083. <CONDITIONLIST>
  20084. <CONDITION>FILELOCATION~system</CONDITION>
  20085. </CONDITIONLIST>
  20086. <OPERATOR>AND</OPERATOR>
  20087. <THREATLEVEL>10</THREATLEVEL>
  20088. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20089. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20090. </PROCESSDESCRIPTOR>
  20091. <PROCESSDESCRIPTOR>
  20092. <ID>2494</ID>
  20093. <PROCESSLIST>
  20094. <PROCESS>*</PROCESS>
  20095. <PROCESS>(IGAVQF.EXE)</PROCESS>
  20096. </PROCESSLIST>
  20097. <CLSIDLIST>
  20098. </CLSIDLIST>
  20099. <SUMMARY>Unknown Process (IGAVQF.EXE)</SUMMARY>
  20100. <DEFAULTINSTALLPATHLIST>
  20101. </DEFAULTINSTALLPATHLIST>
  20102. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20103. <CONDITIONLIST>
  20104. <CONDITION>MD5=9a1f3cf70a56a527669d93cf7cd4b531</CONDITION>
  20105. </CONDITIONLIST>
  20106. <OPERATOR>AND</OPERATOR>
  20107. <THREATLEVEL>10</THREATLEVEL>
  20108. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20109. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20110. </PROCESSDESCRIPTOR>
  20111. <PROCESSDESCRIPTOR>
  20112. <ID>2495</ID>
  20113. <PROCESSLIST>
  20114. <PROCESS>*</PROCESS>
  20115. <PROCESS>MSZLZ.DLL</PROCESS>
  20116. </PROCESSLIST>
  20117. <CLSIDLIST>
  20118. <CLSID>*</CLSID>
  20119. <CLSID>{A39772BA-6D62-4EB7-B337-5C1A11FAB3B9}</CLSID>
  20120. </CLSIDLIST>
  20121. <SUMMARY>Unknown BHO (MSZLZ.DLL)</SUMMARY>
  20122. <DEFAULTINSTALLPATHLIST>
  20123. </DEFAULTINSTALLPATHLIST>
  20124. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20125. <CONDITIONLIST>
  20126. <CONDITION>MD5=e1e976cf148c607d5f05cdbd20f27cb3</CONDITION>
  20127. </CONDITIONLIST>
  20128. <OPERATOR>AND</OPERATOR>
  20129. <THREATLEVEL>10</THREATLEVEL>
  20130. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20131. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20132. </PROCESSDESCRIPTOR>
  20133. <PROCESSDESCRIPTOR>
  20134. <ID>2499</ID>
  20135. <PROCESSLIST>
  20136. <PROCESS>*</PROCESS>
  20137. <PROCESS>(YWVHGJD.EXE)</PROCESS>
  20138. </PROCESSLIST>
  20139. <CLSIDLIST>
  20140. </CLSIDLIST>
  20141. <SUMMARY>Unknown Process (YWVHGJD.EXE)</SUMMARY>
  20142. <DEFAULTINSTALLPATHLIST>
  20143. </DEFAULTINSTALLPATHLIST>
  20144. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20145. <CONDITIONLIST>
  20146. <CONDITION>MD5=bb6b2e25a5506ea2a92ad583a5cf3313</CONDITION>
  20147. </CONDITIONLIST>
  20148. <OPERATOR>AND</OPERATOR>
  20149. <THREATLEVEL>10</THREATLEVEL>
  20150. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20151. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20152. </PROCESSDESCRIPTOR>
  20153. <PROCESSDESCRIPTOR>
  20154. <ID>2500</ID>
  20155. <PROCESSLIST>
  20156. <PROCESS>*</PROCESS>
  20157. <PROCESS>(HOFOO.EXE)</PROCESS>
  20158. </PROCESSLIST>
  20159. <CLSIDLIST>
  20160. </CLSIDLIST>
  20161. <SUMMARY>Unknown Process (HOFOO.EXE)</SUMMARY>
  20162. <DEFAULTINSTALLPATHLIST>
  20163. </DEFAULTINSTALLPATHLIST>
  20164. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20165. <CONDITIONLIST>
  20166. <CONDITION>MD5=13a3b54efd5f1462f8dc2218578e1dcd</CONDITION>
  20167. </CONDITIONLIST>
  20168. <OPERATOR>AND</OPERATOR>
  20169. <THREATLEVEL>10</THREATLEVEL>
  20170. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20171. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20172. </PROCESSDESCRIPTOR>
  20173. <PROCESSDESCRIPTOR>
  20174. <ID>2501</ID>
  20175. <PROCESSLIST>
  20176. <PROCESS>IDONATE.DLL</PROCESS>
  20177. </PROCESSLIST>
  20178. <CLSIDLIST>
  20179. <CLSID>{397D7D63-816E-4ECF-8761-775C932C5CF1}</CLSID>
  20180. </CLSIDLIST>
  20181. <SUMMARY>iDonate Module BHO</SUMMARY>
  20182. <DEFAULTINSTALLPATHLIST>
  20183. </DEFAULTINSTALLPATHLIST>
  20184. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  20185. <CONDITIONLIST>
  20186. </CONDITIONLIST>
  20187. <OPERATOR>AND</OPERATOR>
  20188. <THREATLEVEL>10</THREATLEVEL>
  20189. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20190. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20191. </PROCESSDESCRIPTOR>
  20192. <PROCESSDESCRIPTOR>
  20193. <ID>2502</ID>
  20194. <PROCESSLIST>
  20195. <PROCESS>*</PROCESS>
  20196. <PROCESS>(TIBS3.EXE)</PROCESS>
  20197. </PROCESSLIST>
  20198. <CLSIDLIST>
  20199. </CLSIDLIST>
  20200. <SUMMARY>TIBS3.EXE</SUMMARY>
  20201. <DEFAULTINSTALLPATHLIST>
  20202. </DEFAULTINSTALLPATHLIST>
  20203. <CATEGORY>DIALER</CATEGORY>
  20204. <CONDITIONLIST>
  20205. <CONDITION>MD5=ae9e17aa72a74c9ea9bdd8677847a7bd</CONDITION>
  20206. </CONDITIONLIST>
  20207. <OPERATOR>AND</OPERATOR>
  20208. <THREATLEVEL>10</THREATLEVEL>
  20209. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20210. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20211. </PROCESSDESCRIPTOR>
  20212. <PROCESSDESCRIPTOR>
  20213. <ID>2503</ID>
  20214. <PROCESSLIST>
  20215. <PROCESS>AP9H4QMO.EXE</PROCESS>
  20216. <PROCESS>GAH95ON6.EXE</PROCESS>
  20217. </PROCESSLIST>
  20218. <CLSIDLIST>
  20219. </CLSIDLIST>
  20220. <SUMMARY>Spyware.ShopAtHomeSelect.Process</SUMMARY>
  20221. <DEFAULTINSTALLPATHLIST>
  20222. </DEFAULTINSTALLPATHLIST>
  20223. <CATEGORY>SPYWARE</CATEGORY>
  20224. <CONDITIONLIST>
  20225. </CONDITIONLIST>
  20226. <OPERATOR>AND</OPERATOR>
  20227. <THREATLEVEL>10</THREATLEVEL>
  20228. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20229. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20230. </PROCESSDESCRIPTOR>
  20231. <PROCESSDESCRIPTOR>
  20232. <ID>2504</ID>
  20233. <PROCESSLIST>
  20234. <PROCESS>*</PROCESS>
  20235. <PROCESS>LCIMGB.DLL</PROCESS>
  20236. </PROCESSLIST>
  20237. <CLSIDLIST>
  20238. <CLSID>*</CLSID>
  20239. <CLSID>{DF8DB041-753D-11D9-8512-000E5213B0D0}</CLSID>
  20240. </CLSIDLIST>
  20241. <SUMMARY>Unknown BHO (LCIMGB.DLL)</SUMMARY>
  20242. <DEFAULTINSTALLPATHLIST>
  20243. </DEFAULTINSTALLPATHLIST>
  20244. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20245. <CONDITIONLIST>
  20246. <CONDITION>MD5=2ed01295218208e657934dfa6d99228f</CONDITION>
  20247. </CONDITIONLIST>
  20248. <OPERATOR>AND</OPERATOR>
  20249. <THREATLEVEL>10</THREATLEVEL>
  20250. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20251. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20252. </PROCESSDESCRIPTOR>
  20253. <PROCESSDESCRIPTOR>
  20254. <ID>2506</ID>
  20255. <PROCESSLIST>
  20256. <PROCESS>COMET.DLL</PROCESS>
  20257. </PROCESSLIST>
  20258. <CLSIDLIST>
  20259. <CLSID>{1678F7E1-C422-11D0-AD7D-00400515CAAA}</CLSID>
  20260. </CLSIDLIST>
  20261. <SUMMARY>Comet Cursor BHO</SUMMARY>
  20262. <DEFAULTINSTALLPATHLIST>
  20263. </DEFAULTINSTALLPATHLIST>
  20264. <CATEGORY>SPYWARE</CATEGORY>
  20265. <CONDITIONLIST>
  20266. </CONDITIONLIST>
  20267. <OPERATOR>AND</OPERATOR>
  20268. <THREATLEVEL>5</THREATLEVEL>
  20269. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20270. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20271. </PROCESSDESCRIPTOR>
  20272. <PROCESSDESCRIPTOR>
  20273. <ID>2519</ID>
  20274. <PROCESSLIST>
  20275. <PROCESS>N20050308.EXE</PROCESS>
  20276. </PROCESSLIST>
  20277. <CLSIDLIST>
  20278. </CLSIDLIST>
  20279. <SUMMARY>N20050308.EXE</SUMMARY>
  20280. <DEFAULTINSTALLPATHLIST>
  20281. </DEFAULTINSTALLPATHLIST>
  20282. <CATEGORY>ADWARE</CATEGORY>
  20283. <CONDITIONLIST>
  20284. </CONDITIONLIST>
  20285. <OPERATOR>AND</OPERATOR>
  20286. <THREATLEVEL>10</THREATLEVEL>
  20287. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20288. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20289. </PROCESSDESCRIPTOR>
  20290. <PROCESSDESCRIPTOR>
  20291. <ID>2559</ID>
  20292. <PROCESSLIST>
  20293. <PROCESS>*</PROCESS>
  20294. <PROCESS>(ATI2EVXX.EXE)</PROCESS>
  20295. <PROCESS>(TI2EVX~1.EXE)</PROCESS>
  20296. </PROCESSLIST>
  20297. <CLSIDLIST>
  20298. </CLSIDLIST>
  20299. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  20300. <DEFAULTINSTALLPATHLIST>
  20301. </DEFAULTINSTALLPATHLIST>
  20302. <CATEGORY>ADWARE</CATEGORY>
  20303. <CONDITIONLIST>
  20304. <CONDITION>MD5=fcc00fafa1eb4370c9a29e14673bc753</CONDITION>
  20305. </CONDITIONLIST>
  20306. <OPERATOR>AND</OPERATOR>
  20307. <THREATLEVEL>10</THREATLEVEL>
  20308. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20309. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20310. </PROCESSDESCRIPTOR>
  20311. <PROCESSDESCRIPTOR>
  20312. <ID>2560</ID>
  20313. <PROCESSLIST>
  20314. <PROCESS>SPECIALOFFERS.EXE</PROCESS>
  20315. <PROCESS>SPECIALOFFERS4.EXE</PROCESS>
  20316. </PROCESSLIST>
  20317. <CLSIDLIST>
  20318. </CLSIDLIST>
  20319. <SUMMARY>Special Offers Networks Adware</SUMMARY>
  20320. <DEFAULTINSTALLPATHLIST>
  20321. </DEFAULTINSTALLPATHLIST>
  20322. <CATEGORY>ADWARE</CATEGORY>
  20323. <CONDITIONLIST>
  20324. </CONDITIONLIST>
  20325. <OPERATOR>AND</OPERATOR>
  20326. <THREATLEVEL>10</THREATLEVEL>
  20327. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20328. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20329. </PROCESSDESCRIPTOR>
  20330. <PROCESSDESCRIPTOR>
  20331. <ID>2561</ID>
  20332. <PROCESSLIST>
  20333. <PROCESS>01A00.DLL</PROCESS>
  20334. </PROCESSLIST>
  20335. <CLSIDLIST>
  20336. <CLSID>{00F16DC8-1B2A-42F4-B18B-E21DA9D2D7FD}</CLSID>
  20337. </CLSIDLIST>
  20338. <SUMMARY>SubSearch Adware</SUMMARY>
  20339. <DEFAULTINSTALLPATHLIST>
  20340. </DEFAULTINSTALLPATHLIST>
  20341. <CATEGORY>ADWARE</CATEGORY>
  20342. <CONDITIONLIST>
  20343. </CONDITIONLIST>
  20344. <OPERATOR>AND</OPERATOR>
  20345. <THREATLEVEL>10</THREATLEVEL>
  20346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20348. </PROCESSDESCRIPTOR>
  20349. <PROCESSDESCRIPTOR>
  20350. <ID>2562</ID>
  20351. <PROCESSLIST>
  20352. <PROCESS>*</PROCESS>
  20353. <PROCESS>(WTTA.EXE)</PROCESS>
  20354. </PROCESSLIST>
  20355. <CLSIDLIST>
  20356. </CLSIDLIST>
  20357. <SUMMARY>Unknown Process (WTTA.EXE)</SUMMARY>
  20358. <DEFAULTINSTALLPATHLIST>
  20359. </DEFAULTINSTALLPATHLIST>
  20360. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20361. <CONDITIONLIST>
  20362. <CONDITION>MD5=8f083b96e59a7693b4e057391a65e2ed</CONDITION>
  20363. <CONDITION>MD5=B237922D120B96FD23BC5FC702D84927</CONDITION>
  20364. </CONDITIONLIST>
  20365. <OPERATOR>OR</OPERATOR>
  20366. <THREATLEVEL>10</THREATLEVEL>
  20367. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20368. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20369. </PROCESSDESCRIPTOR>
  20370. <PROCESSDESCRIPTOR>
  20371. <ID>2565</ID>
  20372. <PROCESSLIST>
  20373. <PROCESS>*</PROCESS>
  20374. <PROCESS>(EIRYBSH.EXE)</PROCESS>
  20375. </PROCESSLIST>
  20376. <CLSIDLIST>
  20377. </CLSIDLIST>
  20378. <SUMMARY>Unknown Process (EIRYBSH.EXE)</SUMMARY>
  20379. <DEFAULTINSTALLPATHLIST>
  20380. </DEFAULTINSTALLPATHLIST>
  20381. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20382. <CONDITIONLIST>
  20383. <CONDITION>MD5=5f086edb45ff3bc9d61ea0d6711c2d51</CONDITION>
  20384. </CONDITIONLIST>
  20385. <OPERATOR>AND</OPERATOR>
  20386. <THREATLEVEL>10</THREATLEVEL>
  20387. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20388. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20389. </PROCESSDESCRIPTOR>
  20390. <PROCESSDESCRIPTOR>
  20391. <ID>2581</ID>
  20392. <PROCESSLIST>
  20393. <PROCESS>*</PROCESS>
  20394. <PROCESS>W8C6S4~1.DLL</PROCESS>
  20395. <PROCESS>DT2NZM~1.DLL</PROCESS>
  20396. </PROCESSLIST>
  20397. <CLSIDLIST>
  20398. <CLSID>{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}</CLSID>
  20399. </CLSIDLIST>
  20400. <SUMMARY>CoolWebSearch Parasite Variant</SUMMARY>
  20401. <DEFAULTINSTALLPATHLIST>
  20402. </DEFAULTINSTALLPATHLIST>
  20403. <CATEGORY>SPYWARE</CATEGORY>
  20404. <CONDITIONLIST>
  20405. </CONDITIONLIST>
  20406. <OPERATOR>AND</OPERATOR>
  20407. <THREATLEVEL>10</THREATLEVEL>
  20408. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20409. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20410. </PROCESSDESCRIPTOR>
  20411. <PROCESSDESCRIPTOR>
  20412. <ID>2588</ID>
  20413. <PROCESSLIST>
  20414. <PROCESS>*</PROCESS>
  20415. <PROCESS>(BGVVRB.EXE)</PROCESS>
  20416. </PROCESSLIST>
  20417. <CLSIDLIST>
  20418. </CLSIDLIST>
  20419. <SUMMARY>Undefined Process (BGVVRB.EXE)</SUMMARY>
  20420. <DEFAULTINSTALLPATHLIST>
  20421. </DEFAULTINSTALLPATHLIST>
  20422. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20423. <CONDITIONLIST>
  20424. <CONDITION>MD5=ef25534bc281436daaef578fe3cbbab4</CONDITION>
  20425. </CONDITIONLIST>
  20426. <OPERATOR>AND</OPERATOR>
  20427. <THREATLEVEL>10</THREATLEVEL>
  20428. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20429. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20430. </PROCESSDESCRIPTOR>
  20431. <PROCESSDESCRIPTOR>
  20432. <ID>2589</ID>
  20433. <PROCESSLIST>
  20434. <PROCESS>*</PROCESS>
  20435. <PROCESS>INCFIN~2.DLL</PROCESS>
  20436. </PROCESSLIST>
  20437. <CLSIDLIST>
  20438. <CLSID>{4FC95EDD-4796-4966-9049-29649C80111D}</CLSID>
  20439. </CLSIDLIST>
  20440. <SUMMARY>IncrediFindBHO Class (INCFIN~2.DLL)</SUMMARY>
  20441. <DEFAULTINSTALLPATHLIST>
  20442. </DEFAULTINSTALLPATHLIST>
  20443. <CATEGORY>ADWARE</CATEGORY>
  20444. <CONDITIONLIST>
  20445. </CONDITIONLIST>
  20446. <OPERATOR>AND</OPERATOR>
  20447. <THREATLEVEL>10</THREATLEVEL>
  20448. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20449. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20450. </PROCESSDESCRIPTOR>
  20451. <PROCESSDESCRIPTOR>
  20452. <ID>2590</ID>
  20453. <PROCESSLIST>
  20454. <PROCESS>*</PROCESS>
  20455. <PROCESS>(KUJCZX.EXE)</PROCESS>
  20456. </PROCESSLIST>
  20457. <CLSIDLIST>
  20458. </CLSIDLIST>
  20459. <SUMMARY>Unknown Process (KUJCZX.EXE)</SUMMARY>
  20460. <DEFAULTINSTALLPATHLIST>
  20461. </DEFAULTINSTALLPATHLIST>
  20462. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20463. <CONDITIONLIST>
  20464. <CONDITION>MD5=efd846b05a8b54a475f9e5d84b4fa8d7</CONDITION>
  20465. </CONDITIONLIST>
  20466. <OPERATOR>AND</OPERATOR>
  20467. <THREATLEVEL>10</THREATLEVEL>
  20468. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20469. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20470. </PROCESSDESCRIPTOR>
  20471. <PROCESSDESCRIPTOR>
  20472. <ID>2591</ID>
  20473. <PROCESSLIST>
  20474. <PROCESS>*</PROCESS>
  20475. <PROCESS>(VUFABFHC.EXE)</PROCESS>
  20476. </PROCESSLIST>
  20477. <CLSIDLIST>
  20478. </CLSIDLIST>
  20479. <SUMMARY>Unknown Process (VUFABFHC.EXE)</SUMMARY>
  20480. <DEFAULTINSTALLPATHLIST>
  20481. </DEFAULTINSTALLPATHLIST>
  20482. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20483. <CONDITIONLIST>
  20484. <CONDITION>MD5=38de7f1ee4957a8b3d18876a9adce338</CONDITION>
  20485. </CONDITIONLIST>
  20486. <OPERATOR>AND</OPERATOR>
  20487. <THREATLEVEL>10</THREATLEVEL>
  20488. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20489. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20490. </PROCESSDESCRIPTOR>
  20491. <PROCESSDESCRIPTOR>
  20492. <ID>2592</ID>
  20493. <PROCESSLIST>
  20494. <PROCESS>*</PROCESS>
  20495. <PROCESS>(YVIE6MCVU.EXE)</PROCESS>
  20496. </PROCESSLIST>
  20497. <CLSIDLIST>
  20498. </CLSIDLIST>
  20499. <SUMMARY>Unknown Process (YVIE6MCVU.EXE)</SUMMARY>
  20500. <DEFAULTINSTALLPATHLIST>
  20501. </DEFAULTINSTALLPATHLIST>
  20502. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20503. <CONDITIONLIST>
  20504. <CONDITION>MD5=9481104fecefd90ad03a545e905cc806</CONDITION>
  20505. </CONDITIONLIST>
  20506. <OPERATOR>AND</OPERATOR>
  20507. <THREATLEVEL>10</THREATLEVEL>
  20508. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20509. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20510. </PROCESSDESCRIPTOR>
  20511. <PROCESSDESCRIPTOR>
  20512. <ID>2593</ID>
  20513. <PROCESSLIST>
  20514. <PROCESS>*</PROCESS>
  20515. <PROCESS>(NTMSHHS-.EXE)</PROCESS>
  20516. </PROCESSLIST>
  20517. <CLSIDLIST>
  20518. </CLSIDLIST>
  20519. <SUMMARY>Unknown Process (NTMSHHS-.EXE)</SUMMARY>
  20520. <DEFAULTINSTALLPATHLIST>
  20521. </DEFAULTINSTALLPATHLIST>
  20522. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20523. <CONDITIONLIST>
  20524. <CONDITION>MD5=17cc04fdbd2428fd520f27248824c032</CONDITION>
  20525. </CONDITIONLIST>
  20526. <OPERATOR>AND</OPERATOR>
  20527. <THREATLEVEL>10</THREATLEVEL>
  20528. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20529. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20530. </PROCESSDESCRIPTOR>
  20531. <PROCESSDESCRIPTOR>
  20532. <ID>2594</ID>
  20533. <PROCESSLIST>
  20534. <PROCESS>*</PROCESS>
  20535. <PROCESS>(NEWPOP63.EXE)</PROCESS>
  20536. <PROCESS>(NEWPOP62.EXE)</PROCESS>
  20537. <PROCESS>(NEWPOP61.EXE)</PROCESS>
  20538. </PROCESSLIST>
  20539. <CLSIDLIST>
  20540. </CLSIDLIST>
  20541. <SUMMARY>prjMensagem Adware</SUMMARY>
  20542. <DEFAULTINSTALLPATHLIST>
  20543. </DEFAULTINSTALLPATHLIST>
  20544. <CATEGORY>ADWARE</CATEGORY>
  20545. <CONDITIONLIST>
  20546. <CONDITION>PRODUCTNAME~prjMensagem</CONDITION>
  20547. </CONDITIONLIST>
  20548. <OPERATOR>AND</OPERATOR>
  20549. <THREATLEVEL>10</THREATLEVEL>
  20550. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20551. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20552. </PROCESSDESCRIPTOR>
  20553. <PROCESSDESCRIPTOR>
  20554. <ID>2595</ID>
  20555. <PROCESSLIST>
  20556. <PROCESS>*</PROCESS>
  20557. <PROCESS>(WINPO32.EXE)</PROCESS>
  20558. <PROCESS>(MFCGU32.EXE)</PROCESS>
  20559. </PROCESSLIST>
  20560. <CLSIDLIST>
  20561. </CLSIDLIST>
  20562. <SUMMARY>Unknown Process (WINPO32.EXE)</SUMMARY>
  20563. <DEFAULTINSTALLPATHLIST>
  20564. </DEFAULTINSTALLPATHLIST>
  20565. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20566. <CONDITIONLIST>
  20567. <CONDITION>MD5=91a23bef807068903988f62a751e54f4</CONDITION>
  20568. </CONDITIONLIST>
  20569. <OPERATOR>AND</OPERATOR>
  20570. <THREATLEVEL>10</THREATLEVEL>
  20571. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20572. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20573. </PROCESSDESCRIPTOR>
  20574. <PROCESSDESCRIPTOR>
  20575. <ID>2596</ID>
  20576. <PROCESSLIST>
  20577. <PROCESS>*</PROCESS>
  20578. <PROCESS>(APIGB.EXE)</PROCESS>
  20579. </PROCESSLIST>
  20580. <CLSIDLIST>
  20581. </CLSIDLIST>
  20582. <SUMMARY>Unknown Process (APIGB.EXE)</SUMMARY>
  20583. <DEFAULTINSTALLPATHLIST>
  20584. </DEFAULTINSTALLPATHLIST>
  20585. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20586. <CONDITIONLIST>
  20587. <CONDITION>MD5=0b35b69030ebf46a616dcac84451c0e9</CONDITION>
  20588. </CONDITIONLIST>
  20589. <OPERATOR>AND</OPERATOR>
  20590. <THREATLEVEL>10</THREATLEVEL>
  20591. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20592. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20593. </PROCESSDESCRIPTOR>
  20594. <PROCESSDESCRIPTOR>
  20595. <ID>2800</ID>
  20596. <PROCESSLIST>
  20597. <PROCESS>*</PROCESS>
  20598. <PROCESS>(SVCHOST.EXE)</PROCESS>
  20599. <PROCESS>(CHOST~1.EXE)</PROCESS>
  20600. </PROCESSLIST>
  20601. <CLSIDLIST>
  20602. </CLSIDLIST>
  20603. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  20604. <DEFAULTINSTALLPATHLIST>
  20605. </DEFAULTINSTALLPATHLIST>
  20606. <CATEGORY>ADWARE</CATEGORY>
  20607. <CONDITIONLIST>
  20608. <CONDITION>MD5=472de7e940f8c894960443e9f6b06e38</CONDITION>
  20609. </CONDITIONLIST>
  20610. <OPERATOR>AND</OPERATOR>
  20611. <THREATLEVEL>10</THREATLEVEL>
  20612. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20613. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20614. </PROCESSDESCRIPTOR>
  20615. <PROCESSDESCRIPTOR>
  20616. <ID>2820</ID>
  20617. <PROCESSLIST>
  20618. <PROCESS>IETB.DLL</PROCESS>
  20619. </PROCESSLIST>
  20620. <CLSIDLIST>
  20621. <CLSID>{6596829B-37D4-40AD-971B-1E9041725C52}</CLSID>
  20622. </CLSIDLIST>
  20623. <SUMMARY>Commander Toolbar</SUMMARY>
  20624. <DEFAULTINSTALLPATHLIST>
  20625. </DEFAULTINSTALLPATHLIST>
  20626. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20627. <CONDITIONLIST>
  20628. <CONDITION>COMPANYNAME~Microsoft</CONDITION>
  20629. </CONDITIONLIST>
  20630. <OPERATOR>AND</OPERATOR>
  20631. <THREATLEVEL>5</THREATLEVEL>
  20632. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20633. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20634. </PROCESSDESCRIPTOR>
  20635. <PROCESSDESCRIPTOR>
  20636. <ID>2827</ID>
  20637. <PROCESSLIST>
  20638. <PROCESS>IE_CLRSCH.DLL</PROCESS>
  20639. </PROCESSLIST>
  20640. <CLSIDLIST>
  20641. <CLSID>{947E6D5A-4B9F-4CF4-91B3-562CA8D03313}</CLSID>
  20642. </CLSIDLIST>
  20643. <SUMMARY>Clear Search Toolbar BHO</SUMMARY>
  20644. <DEFAULTINSTALLPATHLIST>
  20645. </DEFAULTINSTALLPATHLIST>
  20646. <CATEGORY>ADWARE</CATEGORY>
  20647. <CONDITIONLIST>
  20648. </CONDITIONLIST>
  20649. <OPERATOR>AND</OPERATOR>
  20650. <THREATLEVEL>10</THREATLEVEL>
  20651. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20652. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20653. </PROCESSDESCRIPTOR>
  20654. <PROCESSDESCRIPTOR>
  20655. <ID>2832</ID>
  20656. <PROCESSLIST>
  20657. <PROCESS>INETDCTR.DLL</PROCESS>
  20658. </PROCESSLIST>
  20659. <CLSIDLIST>
  20660. <CLSID>{1C4DA27D-4D52-4465-A089-98E01BB725CA}</CLSID>
  20661. </CLSIDLIST>
  20662. <SUMMARY>Var1 Module BHO</SUMMARY>
  20663. <DEFAULTINSTALLPATHLIST>
  20664. </DEFAULTINSTALLPATHLIST>
  20665. <CATEGORY>ADWARE</CATEGORY>
  20666. <CONDITIONLIST>
  20667. </CONDITIONLIST>
  20668. <OPERATOR>AND</OPERATOR>
  20669. <THREATLEVEL>5</THREATLEVEL>
  20670. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20671. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20672. </PROCESSDESCRIPTOR>
  20673. <PROCESSDESCRIPTOR>
  20674. <ID>2838</ID>
  20675. <PROCESSLIST>
  20676. <PROCESS>SBB.DLL</PROCESS>
  20677. </PROCESSLIST>
  20678. <CLSIDLIST>
  20679. <CLSID>{29F7B7FA-ADC8-48EA-9E1C-EA87A05AE642}</CLSID>
  20680. </CLSIDLIST>
  20681. <SUMMARY>Commander Toolbar BHO</SUMMARY>
  20682. <DEFAULTINSTALLPATHLIST>
  20683. </DEFAULTINSTALLPATHLIST>
  20684. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20685. <CONDITIONLIST>
  20686. </CONDITIONLIST>
  20687. <OPERATOR>AND</OPERATOR>
  20688. <THREATLEVEL>5</THREATLEVEL>
  20689. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20690. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20691. </PROCESSDESCRIPTOR>
  20692. <PROCESSDESCRIPTOR>
  20693. <ID>2843</ID>
  20694. <PROCESSLIST>
  20695. <PROCESS>AQADCUP.EXE</PROCESS>
  20696. </PROCESSLIST>
  20697. <CLSIDLIST>
  20698. </CLSIDLIST>
  20699. <SUMMARY>Backdoor.Agent.bg Trojan</SUMMARY>
  20700. <DEFAULTINSTALLPATHLIST>
  20701. </DEFAULTINSTALLPATHLIST>
  20702. <CATEGORY>TROJAN</CATEGORY>
  20703. <CONDITIONLIST>
  20704. </CONDITIONLIST>
  20705. <OPERATOR>AND</OPERATOR>
  20706. <THREATLEVEL>10</THREATLEVEL>
  20707. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20708. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20709. </PROCESSDESCRIPTOR>
  20710. <PROCESSDESCRIPTOR>
  20711. <ID>2844</ID>
  20712. <PROCESSLIST>
  20713. <PROCESS>*</PROCESS>
  20714. <PROCESS>WINSB1.DLL</PROCESS>
  20715. </PROCESSLIST>
  20716. <CLSIDLIST>
  20717. <CLSID>{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C}</CLSID>
  20718. <CLSID>{1E432263-6841-4653-8F02-366A2F77E339}</CLSID>
  20719. </CLSIDLIST>
  20720. <SUMMARY>Windows Search Bar BHO</SUMMARY>
  20721. <DEFAULTINSTALLPATHLIST>
  20722. </DEFAULTINSTALLPATHLIST>
  20723. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  20724. <CONDITIONLIST>
  20725. </CONDITIONLIST>
  20726. <OPERATOR>AND</OPERATOR>
  20727. <THREATLEVEL>10</THREATLEVEL>
  20728. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20729. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20730. </PROCESSDESCRIPTOR>
  20731. <PROCESSDESCRIPTOR>
  20732. <ID>2845</ID>
  20733. <PROCESSLIST>
  20734. <PROCESS>*</PROCESS>
  20735. <PROCESS>SAB3PM.DAT</PROCESS>
  20736. <PROCESS>RVSOFNI.DAT</PROCESS>
  20737. </PROCESSLIST>
  20738. <CLSIDLIST>
  20739. <CLSID>{02F96FB7-8AF6-439B-B7BA-2F952F9E4800}</CLSID>
  20740. <CLSID>{D6964FD8-3AF1-4A2A-ABB7-3D0C62924FD6}</CLSID>
  20741. </CLSIDLIST>
  20742. <SUMMARY>VirtuMonde Adware Variant BHO</SUMMARY>
  20743. <DEFAULTINSTALLPATHLIST>
  20744. </DEFAULTINSTALLPATHLIST>
  20745. <CATEGORY>ADWARE</CATEGORY>
  20746. <CONDITIONLIST>
  20747. </CONDITIONLIST>
  20748. <OPERATOR>AND</OPERATOR>
  20749. <THREATLEVEL>10</THREATLEVEL>
  20750. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20751. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20752. </PROCESSDESCRIPTOR>
  20753. <PROCESSDESCRIPTOR>
  20754. <ID>2850</ID>
  20755. <PROCESSLIST>
  20756. <PROCESS>BHO.DLL</PROCESS>
  20757. </PROCESSLIST>
  20758. <CLSIDLIST>
  20759. <CLSID>{269B6797-664E-48AA-B283-B012BDF6E525}</CLSID>
  20760. </CLSIDLIST>
  20761. <SUMMARY>KeenValue Adware BHO</SUMMARY>
  20762. <DEFAULTINSTALLPATHLIST>
  20763. </DEFAULTINSTALLPATHLIST>
  20764. <CATEGORY>ADWARE</CATEGORY>
  20765. <CONDITIONLIST>
  20766. </CONDITIONLIST>
  20767. <OPERATOR>AND</OPERATOR>
  20768. <THREATLEVEL>10</THREATLEVEL>
  20769. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20770. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20771. </PROCESSDESCRIPTOR>
  20772. <PROCESSDESCRIPTOR>
  20773. <ID>2851</ID>
  20774. <PROCESSLIST>
  20775. <PROCESS>NDRV.DLL</PROCESS>
  20776. </PROCESSLIST>
  20777. <CLSIDLIST>
  20778. <CLSID>{1B7D753B-1981-4BD2-91F3-6D055EE113A0}</CLSID>
  20779. </CLSIDLIST>
  20780. <SUMMARY>Adware.ClickSpring/PuritySCAN.BHO</SUMMARY>
  20781. <DEFAULTINSTALLPATHLIST>
  20782. </DEFAULTINSTALLPATHLIST>
  20783. <CATEGORY>ADWARE</CATEGORY>
  20784. <CONDITIONLIST>
  20785. </CONDITIONLIST>
  20786. <OPERATOR>AND</OPERATOR>
  20787. <THREATLEVEL>10</THREATLEVEL>
  20788. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20789. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20790. </PROCESSDESCRIPTOR>
  20791. <PROCESSDESCRIPTOR>
  20792. <ID>2852</ID>
  20793. <PROCESSLIST>
  20794. <PROCESS>*</PROCESS>
  20795. <PROCESS>(FASTBIRD.EXE)</PROCESS>
  20796. </PROCESSLIST>
  20797. <CLSIDLIST>
  20798. </CLSIDLIST>
  20799. <SUMMARY>Adware.Lop.Process</SUMMARY>
  20800. <DEFAULTINSTALLPATHLIST>
  20801. </DEFAULTINSTALLPATHLIST>
  20802. <CATEGORY>ADWARE</CATEGORY>
  20803. <CONDITIONLIST>
  20804. <CONDITION>MD5=9c40dbae7d2fa7a130cb96ce1ce9b5a3</CONDITION>
  20805. </CONDITIONLIST>
  20806. <OPERATOR>AND</OPERATOR>
  20807. <THREATLEVEL>10</THREATLEVEL>
  20808. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20809. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20810. </PROCESSDESCRIPTOR>
  20811. <PROCESSDESCRIPTOR>
  20812. <ID>2853</ID>
  20813. <PROCESSLIST>
  20814. <PROCESS>*</PROCESS>
  20815. <PROCESS>(WZYLFKB.EXE)</PROCESS>
  20816. </PROCESSLIST>
  20817. <CLSIDLIST>
  20818. </CLSIDLIST>
  20819. <SUMMARY>Unknown Process (WZYLFKB.EXE)</SUMMARY>
  20820. <DEFAULTINSTALLPATHLIST>
  20821. </DEFAULTINSTALLPATHLIST>
  20822. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  20823. <CONDITIONLIST>
  20824. <CONDITION>MD5=3e4558bbf7a21401263cef3a7bc0ceac</CONDITION>
  20825. </CONDITIONLIST>
  20826. <OPERATOR>AND</OPERATOR>
  20827. <THREATLEVEL>10</THREATLEVEL>
  20828. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20829. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20830. </PROCESSDESCRIPTOR>
  20831. <PROCESSDESCRIPTOR>
  20832. <ID>2854</ID>
  20833. <PROCESSLIST>
  20834. <PROCESS>SVCHOS1.EXE</PROCESS>
  20835. </PROCESSLIST>
  20836. <CLSIDLIST>
  20837. </CLSIDLIST>
  20838. <SUMMARY>SVCHOS1.EXE Trojan</SUMMARY>
  20839. <DEFAULTINSTALLPATHLIST>
  20840. </DEFAULTINSTALLPATHLIST>
  20841. <CATEGORY>WORM</CATEGORY>
  20842. <CONDITIONLIST>
  20843. <CONDITION>FILELOCATION~system</CONDITION>
  20844. </CONDITIONLIST>
  20845. <OPERATOR>AND</OPERATOR>
  20846. <THREATLEVEL>10</THREATLEVEL>
  20847. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20848. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20849. </PROCESSDESCRIPTOR>
  20850. <PROCESSDESCRIPTOR>
  20851. <ID>2855</ID>
  20852. <PROCESSLIST>
  20853. <PROCESS>*</PROCESS>
  20854. <PROCESS>(HKNTFS~1.EXE)</PROCESS>
  20855. <PROCESS>(CHKNTFS.EXE)</PROCESS>
  20856. <PROCESS>(DXPLOR~1.EXE)</PROCESS>
  20857. </PROCESSLIST>
  20858. <CLSIDLIST>
  20859. </CLSIDLIST>
  20860. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  20861. <DEFAULTINSTALLPATHLIST>
  20862. </DEFAULTINSTALLPATHLIST>
  20863. <CATEGORY>ADWARE</CATEGORY>
  20864. <CONDITIONLIST>
  20865. <CONDITION>MD5=4c08de5c4723e8c1137804debe5254d4</CONDITION>
  20866. </CONDITIONLIST>
  20867. <OPERATOR>AND</OPERATOR>
  20868. <THREATLEVEL>10</THREATLEVEL>
  20869. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20870. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20871. </PROCESSDESCRIPTOR>
  20872. <PROCESSDESCRIPTOR>
  20873. <ID>2856</ID>
  20874. <PROCESSLIST>
  20875. <PROCESS>*</PROCESS>
  20876. <PROCESS>(BROWSE SECT.EXE)</PROCESS>
  20877. </PROCESSLIST>
  20878. <CLSIDLIST>
  20879. </CLSIDLIST>
  20880. <SUMMARY>Adware.Lop.Process</SUMMARY>
  20881. <DEFAULTINSTALLPATHLIST>
  20882. </DEFAULTINSTALLPATHLIST>
  20883. <CATEGORY>ADWARE</CATEGORY>
  20884. <CONDITIONLIST>
  20885. <CONDITION>MD5=fd877ca137e8ce07625f1760abad4174</CONDITION>
  20886. </CONDITIONLIST>
  20887. <OPERATOR>AND</OPERATOR>
  20888. <THREATLEVEL>10</THREATLEVEL>
  20889. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20890. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20891. </PROCESSDESCRIPTOR>
  20892. <PROCESSDESCRIPTOR>
  20893. <ID>2857</ID>
  20894. <PROCESSLIST>
  20895. <PROCESS>*</PROCESS>
  20896. <PROCESS>(EXIT FUNK BEEP.EXE)</PROCESS>
  20897. </PROCESSLIST>
  20898. <CLSIDLIST>
  20899. </CLSIDLIST>
  20900. <SUMMARY>Adware.Lop.Process</SUMMARY>
  20901. <DEFAULTINSTALLPATHLIST>
  20902. </DEFAULTINSTALLPATHLIST>
  20903. <CATEGORY>ADWARE</CATEGORY>
  20904. <CONDITIONLIST>
  20905. <CONDITION>MD5=b916570f17853ec038973d8cac432869</CONDITION>
  20906. </CONDITIONLIST>
  20907. <OPERATOR>AND</OPERATOR>
  20908. <THREATLEVEL>10</THREATLEVEL>
  20909. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20910. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20911. </PROCESSDESCRIPTOR>
  20912. <PROCESSDESCRIPTOR>
  20913. <ID>2887</ID>
  20914. <PROCESSLIST>
  20915. <PROCESS>BW2.COM</PROCESS>
  20916. </PROCESSLIST>
  20917. <CLSIDLIST>
  20918. </CLSIDLIST>
  20919. <SUMMARY>BW2.COM Loader Application (Variant 3)</SUMMARY>
  20920. <DEFAULTINSTALLPATHLIST>
  20921. </DEFAULTINSTALLPATHLIST>
  20922. <CATEGORY>ADWARE</CATEGORY>
  20923. <CONDITIONLIST>
  20924. <CONDITION>MD5=CB578468F7F523BC98076E67ECD53C8B</CONDITION>
  20925. </CONDITIONLIST>
  20926. <OPERATOR>AND</OPERATOR>
  20927. <THREATLEVEL>10</THREATLEVEL>
  20928. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20929. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20930. </PROCESSDESCRIPTOR>
  20931. <PROCESSDESCRIPTOR>
  20932. <ID>2911</ID>
  20933. <PROCESSLIST>
  20934. <PROCESS>*</PROCESS>
  20935. <PROCESS>BRBHO.DLL</PROCESS>
  20936. </PROCESSLIST>
  20937. <CLSIDLIST>
  20938. <CLSID>{96DA5BEE-4ACC-476C-B3EC-54C6730C4293}</CLSID>
  20939. </CLSIDLIST>
  20940. <SUMMARY>Comet Cursor Browser Helper Object</SUMMARY>
  20941. <DEFAULTINSTALLPATHLIST>
  20942. </DEFAULTINSTALLPATHLIST>
  20943. <CATEGORY>ADWARE</CATEGORY>
  20944. <CONDITIONLIST>
  20945. </CONDITIONLIST>
  20946. <OPERATOR>AND</OPERATOR>
  20947. <THREATLEVEL>5</THREATLEVEL>
  20948. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20949. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20950. </PROCESSDESCRIPTOR>
  20951. <PROCESSDESCRIPTOR>
  20952. <ID>2942</ID>
  20953. <PROCESSLIST>
  20954. <PROCESS>PDFMGR.DLL</PROCESS>
  20955. </PROCESSLIST>
  20956. <CLSIDLIST>
  20957. <CLSID>{60261C06-81B0-4DE0-9313-E5BA203A64E9}</CLSID>
  20958. </CLSIDLIST>
  20959. <SUMMARY>Naupoint Toolbar BHO</SUMMARY>
  20960. <DEFAULTINSTALLPATHLIST>
  20961. </DEFAULTINSTALLPATHLIST>
  20962. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  20963. <CONDITIONLIST>
  20964. </CONDITIONLIST>
  20965. <OPERATOR>AND</OPERATOR>
  20966. <THREATLEVEL>10</THREATLEVEL>
  20967. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20968. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20969. </PROCESSDESCRIPTOR>
  20970. <PROCESSDESCRIPTOR>
  20971. <ID>2943</ID>
  20972. <PROCESSLIST>
  20973. <PROCESS>SNNPAPI.DLL</PROCESS>
  20974. </PROCESSLIST>
  20975. <CLSIDLIST>
  20976. <CLSID>*</CLSID>
  20977. <CLSID>{C0EA46D3-7EE4-45E4-9933-1C5B344874C1}</CLSID>
  20978. </CLSIDLIST>
  20979. <SUMMARY>CoolWebSearch Parasite Variant BHO</SUMMARY>
  20980. <DEFAULTINSTALLPATHLIST>
  20981. </DEFAULTINSTALLPATHLIST>
  20982. <CATEGORY>SPYWARE</CATEGORY>
  20983. <CONDITIONLIST>
  20984. </CONDITIONLIST>
  20985. <OPERATOR>AND</OPERATOR>
  20986. <THREATLEVEL>10</THREATLEVEL>
  20987. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  20988. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  20989. </PROCESSDESCRIPTOR>
  20990. <PROCESSDESCRIPTOR>
  20991. <ID>2944</ID>
  20992. <PROCESSLIST>
  20993. <PROCESS>WINCT.DLL</PROCESS>
  20994. </PROCESSLIST>
  20995. <CLSIDLIST>
  20996. <CLSID>{A21291D3-FB9A-C738-0034-769E8D26575C}</CLSID>
  20997. </CLSIDLIST>
  20998. <SUMMARY>Unknown URL Search Hook (WINCT.DLL)</SUMMARY>
  20999. <DEFAULTINSTALLPATHLIST>
  21000. </DEFAULTINSTALLPATHLIST>
  21001. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21002. <CONDITIONLIST>
  21003. </CONDITIONLIST>
  21004. <OPERATOR>AND</OPERATOR>
  21005. <THREATLEVEL>5</THREATLEVEL>
  21006. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21007. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21008. </PROCESSDESCRIPTOR>
  21009. <PROCESSDESCRIPTOR>
  21010. <ID>2951</ID>
  21011. <PROCESSLIST>
  21012. <PROCESS>ENHUPDT.EXE</PROCESS>
  21013. </PROCESSLIST>
  21014. <CLSIDLIST>
  21015. </CLSIDLIST>
  21016. <SUMMARY>Adware Trojan Downloader</SUMMARY>
  21017. <DEFAULTINSTALLPATHLIST>
  21018. </DEFAULTINSTALLPATHLIST>
  21019. <CATEGORY>TROJAN</CATEGORY>
  21020. <CONDITIONLIST>
  21021. </CONDITIONLIST>
  21022. <OPERATOR>AND</OPERATOR>
  21023. <THREATLEVEL>10</THREATLEVEL>
  21024. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21025. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21026. </PROCESSDESCRIPTOR>
  21027. <PROCESSDESCRIPTOR>
  21028. <ID>2953</ID>
  21029. <PROCESSLIST>
  21030. <PROCESS>PTASK.EXE</PROCESS>
  21031. </PROCESSLIST>
  21032. <CLSIDLIST>
  21033. </CLSIDLIST>
  21034. <SUMMARY>Parallel Tasking Adware</SUMMARY>
  21035. <DEFAULTINSTALLPATHLIST>
  21036. </DEFAULTINSTALLPATHLIST>
  21037. <CATEGORY>TROJAN</CATEGORY>
  21038. <CONDITIONLIST>
  21039. <CONDITION>FILELOCATION~parallel</CONDITION>
  21040. </CONDITIONLIST>
  21041. <OPERATOR>AND</OPERATOR>
  21042. <THREATLEVEL>10</THREATLEVEL>
  21043. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21044. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21045. </PROCESSDESCRIPTOR>
  21046. <PROCESSDESCRIPTOR>
  21047. <ID>2954</ID>
  21048. <PROCESSLIST>
  21049. <PROCESS>NAVMGRD.EXE</PROCESS>
  21050. </PROCESSLIST>
  21051. <CLSIDLIST>
  21052. </CLSIDLIST>
  21053. <SUMMARY>BKDR_SDBOT.DP Trojan</SUMMARY>
  21054. <DEFAULTINSTALLPATHLIST>
  21055. </DEFAULTINSTALLPATHLIST>
  21056. <CATEGORY>TROJAN</CATEGORY>
  21057. <CONDITIONLIST>
  21058. <CONDITION>FILELOCATION~system</CONDITION>
  21059. </CONDITIONLIST>
  21060. <OPERATOR>AND</OPERATOR>
  21061. <THREATLEVEL>10</THREATLEVEL>
  21062. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21063. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21064. </PROCESSDESCRIPTOR>
  21065. <PROCESSDESCRIPTOR>
  21066. <ID>2956</ID>
  21067. <PROCESSLIST>
  21068. <PROCESS>*</PROCESS>
  21069. <PROCESS>(YLKCDGM.EXE)</PROCESS>
  21070. </PROCESSLIST>
  21071. <CLSIDLIST>
  21072. </CLSIDLIST>
  21073. <SUMMARY>Undefined Process (YLKCDGM.EXE)</SUMMARY>
  21074. <DEFAULTINSTALLPATHLIST>
  21075. </DEFAULTINSTALLPATHLIST>
  21076. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21077. <CONDITIONLIST>
  21078. <CONDITION>MD5=3700C57866191D828608C80764778D88</CONDITION>
  21079. </CONDITIONLIST>
  21080. <OPERATOR>AND</OPERATOR>
  21081. <THREATLEVEL>10</THREATLEVEL>
  21082. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21083. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21084. </PROCESSDESCRIPTOR>
  21085. <PROCESSDESCRIPTOR>
  21086. <ID>2957</ID>
  21087. <PROCESSLIST>
  21088. <PROCESS>*</PROCESS>
  21089. <PROCESS>(ULYFLR.EXE)</PROCESS>
  21090. </PROCESSLIST>
  21091. <CLSIDLIST>
  21092. </CLSIDLIST>
  21093. <SUMMARY>Undefined Process (ULYFLR.EXE)</SUMMARY>
  21094. <DEFAULTINSTALLPATHLIST>
  21095. </DEFAULTINSTALLPATHLIST>
  21096. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21097. <CONDITIONLIST>
  21098. <CONDITION>MD5=40AE6B18731116AE6FB27FCE865F109F</CONDITION>
  21099. </CONDITIONLIST>
  21100. <OPERATOR>AND</OPERATOR>
  21101. <THREATLEVEL>10</THREATLEVEL>
  21102. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21103. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21104. </PROCESSDESCRIPTOR>
  21105. <PROCESSDESCRIPTOR>
  21106. <ID>2961</ID>
  21107. <PROCESSLIST>
  21108. <PROCESS>*</PROCESS>
  21109. <PROCESS>(ZAGQW.EXE)</PROCESS>
  21110. </PROCESSLIST>
  21111. <CLSIDLIST>
  21112. </CLSIDLIST>
  21113. <SUMMARY>Undefined Process (ZAGQW.EXE)</SUMMARY>
  21114. <DEFAULTINSTALLPATHLIST>
  21115. </DEFAULTINSTALLPATHLIST>
  21116. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21117. <CONDITIONLIST>
  21118. <CONDITION>MD5=1C0696823FF35DDEF38DAE157D48F585</CONDITION>
  21119. </CONDITIONLIST>
  21120. <OPERATOR>AND</OPERATOR>
  21121. <THREATLEVEL>10</THREATLEVEL>
  21122. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21123. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21124. </PROCESSDESCRIPTOR>
  21125. <PROCESSDESCRIPTOR>
  21126. <ID>2963</ID>
  21127. <PROCESSLIST>
  21128. <PROCESS>WINFORMKEEP.EXE</PROCESS>
  21129. <PROCESS>WINFORM.EXE</PROCESS>
  21130. </PROCESSLIST>
  21131. <CLSIDLIST>
  21132. </CLSIDLIST>
  21133. <SUMMARY>WINFORMKEEP.EXE, WINFORM.EXE</SUMMARY>
  21134. <DEFAULTINSTALLPATHLIST>
  21135. </DEFAULTINSTALLPATHLIST>
  21136. <CATEGORY>ADWARE</CATEGORY>
  21137. <CONDITIONLIST>
  21138. <CONDITION>FILELOCATION~FormatAd</CONDITION>
  21139. </CONDITIONLIST>
  21140. <OPERATOR>AND</OPERATOR>
  21141. <THREATLEVEL>10</THREATLEVEL>
  21142. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21143. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21144. </PROCESSDESCRIPTOR>
  21145. <PROCESSDESCRIPTOR>
  21146. <ID>2969</ID>
  21147. <PROCESSLIST>
  21148. <PROCESS>1379191.EXE</PROCESS>
  21149. </PROCESSLIST>
  21150. <CLSIDLIST>
  21151. </CLSIDLIST>
  21152. <SUMMARY>Haldex Dialer</SUMMARY>
  21153. <DEFAULTINSTALLPATHLIST>
  21154. </DEFAULTINSTALLPATHLIST>
  21155. <CATEGORY>DIALER</CATEGORY>
  21156. <CONDITIONLIST>
  21157. <CONDITION>FILELOCATION~HALDEXLTD</CONDITION>
  21158. </CONDITIONLIST>
  21159. <OPERATOR>AND</OPERATOR>
  21160. <THREATLEVEL>4</THREATLEVEL>
  21161. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21162. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21163. </PROCESSDESCRIPTOR>
  21164. <PROCESSDESCRIPTOR>
  21165. <ID>2972</ID>
  21166. <PROCESSLIST>
  21167. <PROCESS>*</PROCESS>
  21168. <PROCESS>(AATT.EXE)</PROCESS>
  21169. </PROCESSLIST>
  21170. <CLSIDLIST>
  21171. </CLSIDLIST>
  21172. <SUMMARY>Undefined Process (AATT.EXE)</SUMMARY>
  21173. <DEFAULTINSTALLPATHLIST>
  21174. </DEFAULTINSTALLPATHLIST>
  21175. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21176. <CONDITIONLIST>
  21177. <CONDITION>MD5=AC3B44B2335BBFCD14B7B24A15882F74</CONDITION>
  21178. <CONDITION>MD5=D0FF9ED933BFAB90033CA5F95CBEA857</CONDITION>
  21179. </CONDITIONLIST>
  21180. <OPERATOR>OR</OPERATOR>
  21181. <THREATLEVEL>10</THREATLEVEL>
  21182. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21183. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21184. </PROCESSDESCRIPTOR>
  21185. <PROCESSDESCRIPTOR>
  21186. <ID>2973</ID>
  21187. <PROCESSLIST>
  21188. <PROCESS>*</PROCESS>
  21189. <PROCESS>(ASTE.EXE)</PROCESS>
  21190. </PROCESSLIST>
  21191. <CLSIDLIST>
  21192. </CLSIDLIST>
  21193. <SUMMARY>Undefined Process (ASTE.EXE)</SUMMARY>
  21194. <DEFAULTINSTALLPATHLIST>
  21195. </DEFAULTINSTALLPATHLIST>
  21196. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21197. <CONDITIONLIST>
  21198. <CONDITION>MD5=35368BFC47F8144CB56F523B3152CA16</CONDITION>
  21199. </CONDITIONLIST>
  21200. <OPERATOR>AND</OPERATOR>
  21201. <THREATLEVEL>10</THREATLEVEL>
  21202. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21203. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21204. </PROCESSDESCRIPTOR>
  21205. <PROCESSDESCRIPTOR>
  21206. <ID>2975</ID>
  21207. <PROCESSLIST>
  21208. <PROCESS>*</PROCESS>
  21209. <PROCESS>(DENT PLAN FORK.EXE)</PROCESS>
  21210. </PROCESSLIST>
  21211. <CLSIDLIST>
  21212. </CLSIDLIST>
  21213. <SUMMARY>Adware.Lop.Process</SUMMARY>
  21214. <DEFAULTINSTALLPATHLIST>
  21215. </DEFAULTINSTALLPATHLIST>
  21216. <CATEGORY>ADWARE</CATEGORY>
  21217. <CONDITIONLIST>
  21218. <CONDITION>MD5=46C3DBE1955A0996A2497CD4286E1728</CONDITION>
  21219. </CONDITIONLIST>
  21220. <OPERATOR>AND</OPERATOR>
  21221. <THREATLEVEL>10</THREATLEVEL>
  21222. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21223. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21224. </PROCESSDESCRIPTOR>
  21225. <PROCESSDESCRIPTOR>
  21226. <ID>2976</ID>
  21227. <PROCESSLIST>
  21228. <PROCESS>*</PROCESS>
  21229. <PROCESS>(DRAWACID.EXE)</PROCESS>
  21230. </PROCESSLIST>
  21231. <CLSIDLIST>
  21232. </CLSIDLIST>
  21233. <SUMMARY>Adware.Lop.Process</SUMMARY>
  21234. <DEFAULTINSTALLPATHLIST>
  21235. </DEFAULTINSTALLPATHLIST>
  21236. <CATEGORY>ADWARE</CATEGORY>
  21237. <CONDITIONLIST>
  21238. <CONDITION>MD5=090D4AE239215C6BA0C2653E298360A4</CONDITION>
  21239. </CONDITIONLIST>
  21240. <OPERATOR>AND</OPERATOR>
  21241. <THREATLEVEL>10</THREATLEVEL>
  21242. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21243. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21244. </PROCESSDESCRIPTOR>
  21245. <PROCESSDESCRIPTOR>
  21246. <ID>2977</ID>
  21247. <PROCESSLIST>
  21248. <PROCESS>*</PROCESS>
  21249. <PROCESS>(DSPT.EXE)</PROCESS>
  21250. </PROCESSLIST>
  21251. <CLSIDLIST>
  21252. </CLSIDLIST>
  21253. <SUMMARY>Undefined Process (DSPT.EXE)</SUMMARY>
  21254. <DEFAULTINSTALLPATHLIST>
  21255. </DEFAULTINSTALLPATHLIST>
  21256. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21257. <CONDITIONLIST>
  21258. <CONDITION>MD5=EEDA8F7BF1D9A6878EE1E496890AE05F</CONDITION>
  21259. </CONDITIONLIST>
  21260. <OPERATOR>AND</OPERATOR>
  21261. <THREATLEVEL>10</THREATLEVEL>
  21262. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21263. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21264. </PROCESSDESCRIPTOR>
  21265. <PROCESSDESCRIPTOR>
  21266. <ID>2978</ID>
  21267. <PROCESSLIST>
  21268. <PROCESS>*</PROCESS>
  21269. <PROCESS>(EETU.EXE)</PROCESS>
  21270. </PROCESSLIST>
  21271. <CLSIDLIST>
  21272. </CLSIDLIST>
  21273. <SUMMARY>Undefined Process (EETU.EXE)</SUMMARY>
  21274. <DEFAULTINSTALLPATHLIST>
  21275. </DEFAULTINSTALLPATHLIST>
  21276. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21277. <CONDITIONLIST>
  21278. <CONDITION>MD5=16C56A86E9DA4E814E66F2C674544474</CONDITION>
  21279. </CONDITIONLIST>
  21280. <OPERATOR>AND</OPERATOR>
  21281. <THREATLEVEL>10</THREATLEVEL>
  21282. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21283. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21284. </PROCESSDESCRIPTOR>
  21285. <PROCESSDESCRIPTOR>
  21286. <ID>2979</ID>
  21287. <PROCESSLIST>
  21288. <PROCESS>*</PROCESS>
  21289. <PROCESS>(EMIA.EXE)</PROCESS>
  21290. </PROCESSLIST>
  21291. <CLSIDLIST>
  21292. </CLSIDLIST>
  21293. <SUMMARY>Undefined Process (EMIA.EXE)</SUMMARY>
  21294. <DEFAULTINSTALLPATHLIST>
  21295. </DEFAULTINSTALLPATHLIST>
  21296. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21297. <CONDITIONLIST>
  21298. <CONDITION>MD5=FF9EDCE8DD1F96F4C5F77905E0D0E300</CONDITION>
  21299. <CONDITION>MD5=2CD10A764CBAF071ACF9477627C26D06</CONDITION>
  21300. </CONDITIONLIST>
  21301. <OPERATOR>OR</OPERATOR>
  21302. <THREATLEVEL>10</THREATLEVEL>
  21303. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21304. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21305. </PROCESSDESCRIPTOR>
  21306. <PROCESSDESCRIPTOR>
  21307. <ID>2980</ID>
  21308. <PROCESSLIST>
  21309. <PROCESS>*</PROCESS>
  21310. <PROCESS>(ITCH PROGRAM.EXE)</PROCESS>
  21311. </PROCESSLIST>
  21312. <CLSIDLIST>
  21313. </CLSIDLIST>
  21314. <SUMMARY>Adware.Lop.Process</SUMMARY>
  21315. <DEFAULTINSTALLPATHLIST>
  21316. </DEFAULTINSTALLPATHLIST>
  21317. <CATEGORY>ADWARE</CATEGORY>
  21318. <CONDITIONLIST>
  21319. <CONDITION>MD5=CA84D5EC034E3418BB07D4F76CF164F9</CONDITION>
  21320. </CONDITIONLIST>
  21321. <OPERATOR>AND</OPERATOR>
  21322. <THREATLEVEL>10</THREATLEVEL>
  21323. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21324. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21325. </PROCESSDESCRIPTOR>
  21326. <PROCESSDESCRIPTOR>
  21327. <ID>2981</ID>
  21328. <PROCESSLIST>
  21329. <PROCESS>*</PROCESS>
  21330. <PROCESS>(HSTI.EXE)</PROCESS>
  21331. </PROCESSLIST>
  21332. <CLSIDLIST>
  21333. </CLSIDLIST>
  21334. <SUMMARY>Undefined Process (HSTI.EXE)</SUMMARY>
  21335. <DEFAULTINSTALLPATHLIST>
  21336. </DEFAULTINSTALLPATHLIST>
  21337. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21338. <CONDITIONLIST>
  21339. <CONDITION>MD5=3E125FC814A162B2A6BFD986E319D3B6</CONDITION>
  21340. </CONDITIONLIST>
  21341. <OPERATOR>AND</OPERATOR>
  21342. <THREATLEVEL>10</THREATLEVEL>
  21343. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21344. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21345. </PROCESSDESCRIPTOR>
  21346. <PROCESSDESCRIPTOR>
  21347. <ID>2983</ID>
  21348. <PROCESSLIST>
  21349. <PROCESS>*</PROCESS>
  21350. <PROCESS>(OSOO.EXE)</PROCESS>
  21351. </PROCESSLIST>
  21352. <CLSIDLIST>
  21353. </CLSIDLIST>
  21354. <SUMMARY>Undefined Process (OSOO.EXE)</SUMMARY>
  21355. <DEFAULTINSTALLPATHLIST>
  21356. </DEFAULTINSTALLPATHLIST>
  21357. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21358. <CONDITIONLIST>
  21359. <CONDITION>MD5=E7FC2D6CAA0608507E36BF3D337D88BE</CONDITION>
  21360. </CONDITIONLIST>
  21361. <OPERATOR>AND</OPERATOR>
  21362. <THREATLEVEL>10</THREATLEVEL>
  21363. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21364. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21365. </PROCESSDESCRIPTOR>
  21366. <PROCESSDESCRIPTOR>
  21367. <ID>2986</ID>
  21368. <PROCESSLIST>
  21369. <PROCESS>*</PROCESS>
  21370. <PROCESS>(BDUVKZ.EXE)</PROCESS>
  21371. </PROCESSLIST>
  21372. <CLSIDLIST>
  21373. </CLSIDLIST>
  21374. <SUMMARY>Undefined Process (BDUVKZ.EXE)</SUMMARY>
  21375. <DEFAULTINSTALLPATHLIST>
  21376. </DEFAULTINSTALLPATHLIST>
  21377. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21378. <CONDITIONLIST>
  21379. <CONDITION>MD5=BA63D606A2CA9C1B5EE2D8C3207DB896</CONDITION>
  21380. </CONDITIONLIST>
  21381. <OPERATOR>AND</OPERATOR>
  21382. <THREATLEVEL>10</THREATLEVEL>
  21383. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21384. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21385. </PROCESSDESCRIPTOR>
  21386. <PROCESSDESCRIPTOR>
  21387. <ID>2988</ID>
  21388. <PROCESSLIST>
  21389. <PROCESS>*</PROCESS>
  21390. <PROCESS>(ZMGCFCRN.EXE)</PROCESS>
  21391. </PROCESSLIST>
  21392. <CLSIDLIST>
  21393. </CLSIDLIST>
  21394. <SUMMARY>Undefined Process (ZMGCFCRN.EXE)</SUMMARY>
  21395. <DEFAULTINSTALLPATHLIST>
  21396. </DEFAULTINSTALLPATHLIST>
  21397. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21398. <CONDITIONLIST>
  21399. <CONDITION>MD5=27672D34A8BCFB293D85194B726D1CBA</CONDITION>
  21400. </CONDITIONLIST>
  21401. <OPERATOR>AND</OPERATOR>
  21402. <THREATLEVEL>10</THREATLEVEL>
  21403. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21404. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21405. </PROCESSDESCRIPTOR>
  21406. <PROCESSDESCRIPTOR>
  21407. <ID>2989</ID>
  21408. <PROCESSLIST>
  21409. <PROCESS>*</PROCESS>
  21410. <PROCESS>(NRCFCGMZ.EXE)</PROCESS>
  21411. <PROCESS>(NB4HCGYR.EXE)</PROCESS>
  21412. </PROCESSLIST>
  21413. <CLSIDLIST>
  21414. </CLSIDLIST>
  21415. <SUMMARY>Undefined Process (NRCFCGMZ.EXE)</SUMMARY>
  21416. <DEFAULTINSTALLPATHLIST>
  21417. </DEFAULTINSTALLPATHLIST>
  21418. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21419. <CONDITIONLIST>
  21420. <CONDITION>MD5=D0CB69ABC8B5788CA137D95B78B11046</CONDITION>
  21421. </CONDITIONLIST>
  21422. <OPERATOR>AND</OPERATOR>
  21423. <THREATLEVEL>10</THREATLEVEL>
  21424. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21425. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21426. </PROCESSDESCRIPTOR>
  21427. <PROCESSDESCRIPTOR>
  21428. <ID>2993</ID>
  21429. <PROCESSLIST>
  21430. <PROCESS>*</PROCESS>
  21431. <PROCESS>LLDBV.DAT</PROCESS>
  21432. <PROCESS>BACAGV.DAT</PROCESS>
  21433. <PROCESS>SARC.DAT</PROCESS>
  21434. <PROCESS>SARKAB.DAT</PROCESS>
  21435. <PROCESS>3PMTUN.DAT</PROCESS>
  21436. <PROCESS>TNOFYALP.DAT</PROCESS>
  21437. <PROCESS>TACBD.DAT</PROCESS>
  21438. <PROCESS>1INAV.DAT</PROCESS>
  21439. </PROCESSLIST>
  21440. <CLSIDLIST>
  21441. <CLSID>{3EC8E271-FAB9-418A-8A8E-65AEB4029E64}</CLSID>
  21442. <CLSID>{F32F8ECD-6CF3-459D-82F2-9738392C85A8}</CLSID>
  21443. <CLSID>{6A06CDAD-9D2D-42A0-9C91-C0CF7CB9971B}</CLSID>
  21444. <CLSID>{FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E}</CLSID>
  21445. <CLSID>{D487068E-9B04-4FE5-8A83-08344F800BF5}</CLSID>
  21446. <CLSID>{98BC949B-3D81-4750-836F-4BC57BD032EE}</CLSID>
  21447. <CLSID>{446CF8A5-617E-4D91-95AE-AE78CE0D06AF}</CLSID>
  21448. <CLSID>{0578917D-749F-4B12-ADB2-CF6BFDADB522}</CLSID>
  21449. </CLSIDLIST>
  21450. <SUMMARY>VirtuMonde Adware Browser Helper Object</SUMMARY>
  21451. <DEFAULTINSTALLPATHLIST>
  21452. </DEFAULTINSTALLPATHLIST>
  21453. <CATEGORY>ADWARE</CATEGORY>
  21454. <CONDITIONLIST>
  21455. </CONDITIONLIST>
  21456. <OPERATOR>AND</OPERATOR>
  21457. <THREATLEVEL>10</THREATLEVEL>
  21458. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21459. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21460. </PROCESSDESCRIPTOR>
  21461. <PROCESSDESCRIPTOR>
  21462. <ID>3067</ID>
  21463. <PROCESSLIST>
  21464. <PROCESS>*</PROCESS>
  21465. <PROCESS>(XUQKQ.EXE)</PROCESS>
  21466. <PROCESS>(WJDBWSV.EXE)</PROCESS>
  21467. </PROCESSLIST>
  21468. <CLSIDLIST>
  21469. </CLSIDLIST>
  21470. <SUMMARY>Unknown Process (XUQKQ.EXE)</SUMMARY>
  21471. <DEFAULTINSTALLPATHLIST>
  21472. </DEFAULTINSTALLPATHLIST>
  21473. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21474. <CONDITIONLIST>
  21475. <CONDITION>MD5=C8671C303BF493351963938383B3ED52</CONDITION>
  21476. </CONDITIONLIST>
  21477. <OPERATOR>AND</OPERATOR>
  21478. <THREATLEVEL>10</THREATLEVEL>
  21479. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21480. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21481. </PROCESSDESCRIPTOR>
  21482. <PROCESSDESCRIPTOR>
  21483. <ID>3069</ID>
  21484. <PROCESSLIST>
  21485. <PROCESS>*</PROCESS>
  21486. <PROCESS>(IWYBSU.EXE)</PROCESS>
  21487. <PROCESS>(IIIDVJ.EXE)</PROCESS>
  21488. </PROCESSLIST>
  21489. <CLSIDLIST>
  21490. </CLSIDLIST>
  21491. <SUMMARY>Unknown Process (IWYBSU.EXE)</SUMMARY>
  21492. <DEFAULTINSTALLPATHLIST>
  21493. </DEFAULTINSTALLPATHLIST>
  21494. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21495. <CONDITIONLIST>
  21496. <CONDITION>MD5=8B4D2C29BDBE95741036212B6F183488</CONDITION>
  21497. </CONDITIONLIST>
  21498. <OPERATOR>AND</OPERATOR>
  21499. <THREATLEVEL>10</THREATLEVEL>
  21500. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21501. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21502. </PROCESSDESCRIPTOR>
  21503. <PROCESSDESCRIPTOR>
  21504. <ID>3071</ID>
  21505. <PROCESSLIST>
  21506. <PROCESS>*</PROCESS>
  21507. <PROCESS>(CUQQDN.EXE)</PROCESS>
  21508. <PROCESS>(ARDWEE.EXE)</PROCESS>
  21509. <PROCESS>(SMBIUW.EXE)</PROCESS>
  21510. <PROCESS>(OASIMI.EXE)</PROCESS>
  21511. <PROCESS>(SUSVSP.EXE)</PROCESS>
  21512. </PROCESSLIST>
  21513. <CLSIDLIST>
  21514. </CLSIDLIST>
  21515. <SUMMARY>CUQQDN.EXE Redirector Adware</SUMMARY>
  21516. <DEFAULTINSTALLPATHLIST>
  21517. </DEFAULTINSTALLPATHLIST>
  21518. <CATEGORY>ADWARE</CATEGORY>
  21519. <CONDITIONLIST>
  21520. <CONDITION>FILELOCATION~system</CONDITION>
  21521. <CONDITION>INTERNALNAME~redirect</CONDITION>
  21522. <CONDITION>MD5=69EFD0148C914B38F84A469DB0AB975F</CONDITION>
  21523. </CONDITIONLIST>
  21524. <OPERATOR>AND</OPERATOR>
  21525. <THREATLEVEL>10</THREATLEVEL>
  21526. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21527. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21528. </PROCESSDESCRIPTOR>
  21529. <PROCESSDESCRIPTOR>
  21530. <ID>3072</ID>
  21531. <PROCESSLIST>
  21532. <PROCESS>*</PROCESS>
  21533. <PROCESS>(SAHAGE~1.EXE)</PROCESS>
  21534. </PROCESSLIST>
  21535. <CLSIDLIST>
  21536. </CLSIDLIST>
  21537. <SUMMARY>Spyware.ShopAtHomeSelect.Process</SUMMARY>
  21538. <DEFAULTINSTALLPATHLIST>
  21539. </DEFAULTINSTALLPATHLIST>
  21540. <CATEGORY>SPYWARE</CATEGORY>
  21541. <CONDITIONLIST>
  21542. <CONDITION>MD5=ABE36982590AD87EFBFB8B4FFCAEF103</CONDITION>
  21543. <CONDITION>MD5=1742B045130DA50096D9468F833D15A0</CONDITION>
  21544. </CONDITIONLIST>
  21545. <OPERATOR>OR</OPERATOR>
  21546. <THREATLEVEL>10</THREATLEVEL>
  21547. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21548. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21549. </PROCESSDESCRIPTOR>
  21550. <PROCESSDESCRIPTOR>
  21551. <ID>3073</ID>
  21552. <PROCESSLIST>
  21553. <PROCESS>*</PROCESS>
  21554. <PROCESS>(SPOOLSV.EXE)</PROCESS>
  21555. <PROCESS>(OOLSV~1.EXE)</PROCESS>
  21556. </PROCESSLIST>
  21557. <CLSIDLIST>
  21558. </CLSIDLIST>
  21559. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  21560. <DEFAULTINSTALLPATHLIST>
  21561. </DEFAULTINSTALLPATHLIST>
  21562. <CATEGORY>ADWARE</CATEGORY>
  21563. <CONDITIONLIST>
  21564. <CONDITION>MD5=450DA1384E4641B24B73D4EC8757FCC0</CONDITION>
  21565. </CONDITIONLIST>
  21566. <OPERATOR>AND</OPERATOR>
  21567. <THREATLEVEL>10</THREATLEVEL>
  21568. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21569. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21570. </PROCESSDESCRIPTOR>
  21571. <PROCESSDESCRIPTOR>
  21572. <ID>3082</ID>
  21573. <PROCESSLIST>
  21574. <PROCESS>*</PROCESS>
  21575. <PROCESS>(AJNVD.EXE)</PROCESS>
  21576. </PROCESSLIST>
  21577. <CLSIDLIST>
  21578. </CLSIDLIST>
  21579. <SUMMARY>Unknown Process (AJNVD.EXE)</SUMMARY>
  21580. <DEFAULTINSTALLPATHLIST>
  21581. </DEFAULTINSTALLPATHLIST>
  21582. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21583. <CONDITIONLIST>
  21584. <CONDITION>87A53F2B07AC7315C4443F41ABAD88A1</CONDITION>
  21585. </CONDITIONLIST>
  21586. <OPERATOR>AND</OPERATOR>
  21587. <THREATLEVEL>10</THREATLEVEL>
  21588. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21589. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21590. </PROCESSDESCRIPTOR>
  21591. <PROCESSDESCRIPTOR>
  21592. <ID>3093</ID>
  21593. <PROCESSLIST>
  21594. <PROCESS>*</PROCESS>
  21595. <PROCESS>(WOWEXEC.EXE)</PROCESS>
  21596. <PROCESS>(WWEXEC~1.EXE)</PROCESS>
  21597. </PROCESSLIST>
  21598. <CLSIDLIST>
  21599. </CLSIDLIST>
  21600. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  21601. <DEFAULTINSTALLPATHLIST>
  21602. </DEFAULTINSTALLPATHLIST>
  21603. <CATEGORY>ADWARE</CATEGORY>
  21604. <CONDITIONLIST>
  21605. <CONDITION>MD5=ff71169d01d9e328939a8713c89bbf0d</CONDITION>
  21606. </CONDITIONLIST>
  21607. <OPERATOR>AND</OPERATOR>
  21608. <THREATLEVEL>10</THREATLEVEL>
  21609. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21610. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21611. </PROCESSDESCRIPTOR>
  21612. <PROCESSDESCRIPTOR>
  21613. <ID>3096</ID>
  21614. <PROCESSLIST>
  21615. <PROCESS>*</PROCESS>
  21616. <PROCESS>(RTBA.EXE)</PROCESS>
  21617. </PROCESSLIST>
  21618. <CLSIDLIST>
  21619. </CLSIDLIST>
  21620. <SUMMARY>Undefined Process (RTBA.EXE)</SUMMARY>
  21621. <DEFAULTINSTALLPATHLIST>
  21622. </DEFAULTINSTALLPATHLIST>
  21623. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21624. <CONDITIONLIST>
  21625. <CONDITION>MD5=0c398aa35b715bb42ffb44512635866d</CONDITION>
  21626. </CONDITIONLIST>
  21627. <OPERATOR>AND</OPERATOR>
  21628. <THREATLEVEL>10</THREATLEVEL>
  21629. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21630. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21631. </PROCESSDESCRIPTOR>
  21632. <PROCESSDESCRIPTOR>
  21633. <ID>3097</ID>
  21634. <PROCESSLIST>
  21635. <PROCESS>*</PROCESS>
  21636. <PROCESS>INSTAF~1.DLL</PROCESS>
  21637. </PROCESSLIST>
  21638. <CLSIDLIST>
  21639. <CLSID>{4E7BD74F-2B8D-469E-90F0-F66AB581A933}</CLSID>
  21640. </CLSIDLIST>
  21641. <SUMMARY>InstaFinderK BHO</SUMMARY>
  21642. <DEFAULTINSTALLPATHLIST>
  21643. </DEFAULTINSTALLPATHLIST>
  21644. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21645. <CONDITIONLIST>
  21646. </CONDITIONLIST>
  21647. <OPERATOR>AND</OPERATOR>
  21648. <THREATLEVEL>5</THREATLEVEL>
  21649. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21650. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21651. </PROCESSDESCRIPTOR>
  21652. <PROCESSDESCRIPTOR>
  21653. <ID>3098</ID>
  21654. <PROCESSLIST>
  21655. <PROCESS>*</PROCESS>
  21656. <PROCESS>(WOWEXEC.EXE)</PROCESS>
  21657. <PROCESS>(WWEXEC~1.EXE)</PROCESS>
  21658. </PROCESSLIST>
  21659. <CLSIDLIST>
  21660. </CLSIDLIST>
  21661. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  21662. <DEFAULTINSTALLPATHLIST>
  21663. </DEFAULTINSTALLPATHLIST>
  21664. <CATEGORY>ADWARE</CATEGORY>
  21665. <CONDITIONLIST>
  21666. <CONDITION>MD5=ECE7A60B6A1F72A20C583F3687FC5D48</CONDITION>
  21667. </CONDITIONLIST>
  21668. <OPERATOR>AND</OPERATOR>
  21669. <THREATLEVEL>10</THREATLEVEL>
  21670. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21671. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21672. </PROCESSDESCRIPTOR>
  21673. <PROCESSDESCRIPTOR>
  21674. <ID>3150</ID>
  21675. <PROCESSLIST>
  21676. <PROCESS>BARHELP.DLL</PROCESS>
  21677. </PROCESSLIST>
  21678. <CLSIDLIST>
  21679. <CLSID>{B1D147E7-873E-4909-8127-695D9BB78728}</CLSID>
  21680. </CLSIDLIST>
  21681. <SUMMARY>DownloadBHO Module BHO</SUMMARY>
  21682. <DEFAULTINSTALLPATHLIST>
  21683. </DEFAULTINSTALLPATHLIST>
  21684. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21685. <CONDITIONLIST>
  21686. <CONDITION>COMPANYNAME~HDT</CONDITION>
  21687. </CONDITIONLIST>
  21688. <OPERATOR>AND</OPERATOR>
  21689. <THREATLEVEL>5</THREATLEVEL>
  21690. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21691. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21692. </PROCESSDESCRIPTOR>
  21693. <PROCESSDESCRIPTOR>
  21694. <ID>3172</ID>
  21695. <PROCESSLIST>
  21696. <PROCESS>DLOAD.EXE</PROCESS>
  21697. </PROCESSLIST>
  21698. <CLSIDLIST>
  21699. </CLSIDLIST>
  21700. <SUMMARY>Trojan Downloader (DLOAD.EXE)</SUMMARY>
  21701. <DEFAULTINSTALLPATHLIST>
  21702. </DEFAULTINSTALLPATHLIST>
  21703. <CATEGORY>TROJAN</CATEGORY>
  21704. <CONDITIONLIST>
  21705. <CONDITION>FILELOCATION~system</CONDITION>
  21706. </CONDITIONLIST>
  21707. <OPERATOR>AND</OPERATOR>
  21708. <THREATLEVEL>5</THREATLEVEL>
  21709. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21710. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21711. </PROCESSDESCRIPTOR>
  21712. <PROCESSDESCRIPTOR>
  21713. <ID>3351</ID>
  21714. <PROCESSLIST>
  21715. <PROCESS>*</PROCESS>
  21716. <PROCESS>(NSLOOKUP.EXE)</PROCESS>
  21717. <PROCESS>(NLOOKU~1.EXE)</PROCESS>
  21718. </PROCESSLIST>
  21719. <CLSIDLIST>
  21720. </CLSIDLIST>
  21721. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  21722. <DEFAULTINSTALLPATHLIST>
  21723. </DEFAULTINSTALLPATHLIST>
  21724. <CATEGORY>ADWARE</CATEGORY>
  21725. <CONDITIONLIST>
  21726. <CONDITION>MD5=1416FE13DF6A1998D9961424D6C07B8E</CONDITION>
  21727. </CONDITIONLIST>
  21728. <OPERATOR>AND</OPERATOR>
  21729. <THREATLEVEL>10</THREATLEVEL>
  21730. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21731. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21732. </PROCESSDESCRIPTOR>
  21733. <PROCESSDESCRIPTOR>
  21734. <ID>3352</ID>
  21735. <PROCESSLIST>
  21736. <PROCESS>*</PROCESS>
  21737. <PROCESS>(DVD AXIS.EXE)</PROCESS>
  21738. </PROCESSLIST>
  21739. <CLSIDLIST>
  21740. </CLSIDLIST>
  21741. <SUMMARY>Adware.Lop.Process</SUMMARY>
  21742. <DEFAULTINSTALLPATHLIST>
  21743. </DEFAULTINSTALLPATHLIST>
  21744. <CATEGORY>ADWARE</CATEGORY>
  21745. <CONDITIONLIST>
  21746. <CONDITION>MD5=30288EB0DD7D95CDE30930F05143E7E6</CONDITION>
  21747. </CONDITIONLIST>
  21748. <OPERATOR>AND</OPERATOR>
  21749. <THREATLEVEL>10</THREATLEVEL>
  21750. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21751. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21752. </PROCESSDESCRIPTOR>
  21753. <PROCESSDESCRIPTOR>
  21754. <ID>3353</ID>
  21755. <PROCESSLIST>
  21756. <PROCESS>*</PROCESS>
  21757. <PROCESS>(ATOMSETUP.EXE)</PROCESS>
  21758. <PROCESS>(VVMXKEXO.EXE)</PROCESS>
  21759. </PROCESSLIST>
  21760. <CLSIDLIST>
  21761. </CLSIDLIST>
  21762. <SUMMARY>Adware.Lop.Process</SUMMARY>
  21763. <DEFAULTINSTALLPATHLIST>
  21764. </DEFAULTINSTALLPATHLIST>
  21765. <CATEGORY>ADWARE</CATEGORY>
  21766. <CONDITIONLIST>
  21767. <CONDITION>MD5=991E0F9F1620DB87559E72C89FE82D1B</CONDITION>
  21768. </CONDITIONLIST>
  21769. <OPERATOR>AND</OPERATOR>
  21770. <THREATLEVEL>10</THREATLEVEL>
  21771. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21772. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21773. </PROCESSDESCRIPTOR>
  21774. <PROCESSDESCRIPTOR>
  21775. <ID>3355</ID>
  21776. <PROCESSLIST>
  21777. <PROCESS>SAVE.EXE</PROCESS>
  21778. </PROCESSLIST>
  21779. <CLSIDLIST>
  21780. </CLSIDLIST>
  21781. <SUMMARY>Adware.WhenU.Process</SUMMARY>
  21782. <DEFAULTINSTALLPATHLIST>
  21783. </DEFAULTINSTALLPATHLIST>
  21784. <CATEGORY>ADWARE</CATEGORY>
  21785. <CONDITIONLIST>
  21786. <CONDITION>COMPANYNAME^LEGATO</CONDITION>
  21787. </CONDITIONLIST>
  21788. <OPERATOR>AND</OPERATOR>
  21789. <THREATLEVEL>10</THREATLEVEL>
  21790. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21791. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21792. </PROCESSDESCRIPTOR>
  21793. <PROCESSDESCRIPTOR>
  21794. <ID>3361</ID>
  21795. <PROCESSLIST>
  21796. <PROCESS>*</PROCESS>
  21797. <PROCESS>2020SEARCH2.DLL</PROCESS>
  21798. <PROCESS>2020SE~1.DLL</PROCESS>
  21799. </PROCESSLIST>
  21800. <CLSIDLIST>
  21801. <CLSID>{4E7BD74F-2B8D-469E-92C6-CE7EB590A94D}</CLSID>
  21802. </CLSIDLIST>
  21803. <SUMMARY>2020Search Toolbar BHO</SUMMARY>
  21804. <DEFAULTINSTALLPATHLIST>
  21805. </DEFAULTINSTALLPATHLIST>
  21806. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  21807. <CONDITIONLIST>
  21808. </CONDITIONLIST>
  21809. <OPERATOR>AND</OPERATOR>
  21810. <THREATLEVEL>5</THREATLEVEL>
  21811. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21812. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21813. </PROCESSDESCRIPTOR>
  21814. <PROCESSDESCRIPTOR>
  21815. <ID>3363</ID>
  21816. <PROCESSLIST>
  21817. <PROCESS>*</PROCESS>
  21818. <PROCESS>(ZJQMLZ.EXE)</PROCESS>
  21819. </PROCESSLIST>
  21820. <CLSIDLIST>
  21821. </CLSIDLIST>
  21822. <SUMMARY>Unknown Process (ZJQMLZ.EXE)</SUMMARY>
  21823. <DEFAULTINSTALLPATHLIST>
  21824. </DEFAULTINSTALLPATHLIST>
  21825. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21826. <CONDITIONLIST>
  21827. <CONDITION>MD5=09350CE8CDEC02B0AC15D784284E4761</CONDITION>
  21828. </CONDITIONLIST>
  21829. <OPERATOR>AND</OPERATOR>
  21830. <THREATLEVEL>10</THREATLEVEL>
  21831. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21832. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21833. </PROCESSDESCRIPTOR>
  21834. <PROCESSDESCRIPTOR>
  21835. <ID>3365</ID>
  21836. <PROCESSLIST>
  21837. <PROCESS>CSRSSU.EXE</PROCESS>
  21838. <PROCESS>CTFMON32.EXE</PROCESS>
  21839. </PROCESSLIST>
  21840. <CLSIDLIST>
  21841. </CLSIDLIST>
  21842. <SUMMARY>CoolWebSearch Browser Hijacking Processes</SUMMARY>
  21843. <DEFAULTINSTALLPATHLIST>
  21844. </DEFAULTINSTALLPATHLIST>
  21845. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  21846. <CONDITIONLIST>
  21847. <CONDITION>FILELOCATION~system</CONDITION>
  21848. </CONDITIONLIST>
  21849. <OPERATOR>AND</OPERATOR>
  21850. <THREATLEVEL>10</THREATLEVEL>
  21851. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21852. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21853. </PROCESSDESCRIPTOR>
  21854. <PROCESSDESCRIPTOR>
  21855. <ID>3366</ID>
  21856. <PROCESSLIST>
  21857. <PROCESS>WINLOCK.EXE</PROCESS>
  21858. <PROCESS>WINCOMM.EXE</PROCESS>
  21859. </PROCESSLIST>
  21860. <CLSIDLIST>
  21861. </CLSIDLIST>
  21862. <SUMMARY>Win Comm Downloader Trojan</SUMMARY>
  21863. <DEFAULTINSTALLPATHLIST>
  21864. </DEFAULTINSTALLPATHLIST>
  21865. <CATEGORY>TROJAN</CATEGORY>
  21866. <CONDITIONLIST>
  21867. <CONDITION>FILELOCATION~COMM</CONDITION>
  21868. <CONDITION>FILELOCATION~WIN</CONDITION>
  21869. </CONDITIONLIST>
  21870. <OPERATOR>AND</OPERATOR>
  21871. <THREATLEVEL>7</THREATLEVEL>
  21872. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21873. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21874. </PROCESSDESCRIPTOR>
  21875. <PROCESSDESCRIPTOR>
  21876. <ID>3369</ID>
  21877. <PROCESSLIST>
  21878. <PROCESS>*</PROCESS>
  21879. <PROCESS>(TIBS5.EXE)</PROCESS>
  21880. </PROCESSLIST>
  21881. <CLSIDLIST>
  21882. </CLSIDLIST>
  21883. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  21884. <DEFAULTINSTALLPATHLIST>
  21885. </DEFAULTINSTALLPATHLIST>
  21886. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21887. <CONDITIONLIST>
  21888. <CONDITION>MD5=f081741557fb25f69ec45d24123a6659</CONDITION>
  21889. <CONDITION>MD5=0ACC07490A2F23321B6E2ED4FB74B9A7</CONDITION>
  21890. </CONDITIONLIST>
  21891. <OPERATOR>OR</OPERATOR>
  21892. <THREATLEVEL>10</THREATLEVEL>
  21893. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21894. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21895. </PROCESSDESCRIPTOR>
  21896. <PROCESSDESCRIPTOR>
  21897. <ID>3370</ID>
  21898. <PROCESSLIST>
  21899. <PROCESS>*</PROCESS>
  21900. <PROCESS>(SM.EXE)</PROCESS>
  21901. </PROCESSLIST>
  21902. <CLSIDLIST>
  21903. </CLSIDLIST>
  21904. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  21905. <DEFAULTINSTALLPATHLIST>
  21906. </DEFAULTINSTALLPATHLIST>
  21907. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21908. <CONDITIONLIST>
  21909. <CONDITION>MD5=38b55d265720b55a537cf2aac76419bf</CONDITION>
  21910. </CONDITIONLIST>
  21911. <OPERATOR>AND</OPERATOR>
  21912. <THREATLEVEL>10</THREATLEVEL>
  21913. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21914. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21915. </PROCESSDESCRIPTOR>
  21916. <PROCESSDESCRIPTOR>
  21917. <ID>3371</ID>
  21918. <PROCESSLIST>
  21919. <PROCESS>*</PROCESS>
  21920. <PROCESS>(DDDD.EXE)</PROCESS>
  21921. </PROCESSLIST>
  21922. <CLSIDLIST>
  21923. </CLSIDLIST>
  21924. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  21925. <DEFAULTINSTALLPATHLIST>
  21926. </DEFAULTINSTALLPATHLIST>
  21927. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21928. <CONDITIONLIST>
  21929. <CONDITION>MD5=fa09dbe7ccc1dd909b36298ec18dde8e</CONDITION>
  21930. </CONDITIONLIST>
  21931. <OPERATOR>AND</OPERATOR>
  21932. <THREATLEVEL>10</THREATLEVEL>
  21933. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21934. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21935. </PROCESSDESCRIPTOR>
  21936. <PROCESSDESCRIPTOR>
  21937. <ID>3372</ID>
  21938. <PROCESSLIST>
  21939. <PROCESS>*</PROCESS>
  21940. <PROCESS>(74825593.EXE)</PROCESS>
  21941. </PROCESSLIST>
  21942. <CLSIDLIST>
  21943. </CLSIDLIST>
  21944. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  21945. <DEFAULTINSTALLPATHLIST>
  21946. </DEFAULTINSTALLPATHLIST>
  21947. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21948. <CONDITIONLIST>
  21949. <CONDITION>MD5=a03183e900524d72cd9487f025ad37ba</CONDITION>
  21950. </CONDITIONLIST>
  21951. <OPERATOR>AND</OPERATOR>
  21952. <THREATLEVEL>10</THREATLEVEL>
  21953. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21954. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21955. </PROCESSDESCRIPTOR>
  21956. <PROCESSDESCRIPTOR>
  21957. <ID>3373</ID>
  21958. <PROCESSLIST>
  21959. <PROCESS>*</PROCESS>
  21960. <PROCESS>(F4.TMP.EXE)</PROCESS>
  21961. <PROCESS>(F4.TMP)</PROCESS>
  21962. </PROCESSLIST>
  21963. <CLSIDLIST>
  21964. </CLSIDLIST>
  21965. <SUMMARY>Unknown Threat</SUMMARY>
  21966. <DEFAULTINSTALLPATHLIST>
  21967. </DEFAULTINSTALLPATHLIST>
  21968. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21969. <CONDITIONLIST>
  21970. <CONDITION>MD5=2B82F987550622CF670AEC50FA26CEC4</CONDITION>
  21971. </CONDITIONLIST>
  21972. <OPERATOR>AND</OPERATOR>
  21973. <THREATLEVEL>10</THREATLEVEL>
  21974. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21975. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21976. </PROCESSDESCRIPTOR>
  21977. <PROCESSDESCRIPTOR>
  21978. <ID>3374</ID>
  21979. <PROCESSLIST>
  21980. <PROCESS>*</PROCESS>
  21981. <PROCESS>(NTEN32.EXE)</PROCESS>
  21982. </PROCESSLIST>
  21983. <CLSIDLIST>
  21984. </CLSIDLIST>
  21985. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  21986. <DEFAULTINSTALLPATHLIST>
  21987. </DEFAULTINSTALLPATHLIST>
  21988. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  21989. <CONDITIONLIST>
  21990. <CONDITION>MD5=052a25d8a7e059e135ba2ae1204a0bbc</CONDITION>
  21991. </CONDITIONLIST>
  21992. <OPERATOR>AND</OPERATOR>
  21993. <THREATLEVEL>10</THREATLEVEL>
  21994. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  21995. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  21996. </PROCESSDESCRIPTOR>
  21997. <PROCESSDESCRIPTOR>
  21998. <ID>3375</ID>
  21999. <PROCESSLIST>
  22000. <PROCESS>*</PROCESS>
  22001. <PROCESS>(127062.DLR)</PROCESS>
  22002. </PROCESSLIST>
  22003. <CLSIDLIST>
  22004. </CLSIDLIST>
  22005. <SUMMARY>WebsiteViewer Threat</SUMMARY>
  22006. <DEFAULTINSTALLPATHLIST>
  22007. </DEFAULTINSTALLPATHLIST>
  22008. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22009. <CONDITIONLIST>
  22010. <CONDITION>MD5=c8dddd357c3792b8702f278f015bb18c</CONDITION>
  22011. </CONDITIONLIST>
  22012. <OPERATOR>AND</OPERATOR>
  22013. <THREATLEVEL>10</THREATLEVEL>
  22014. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22015. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22016. </PROCESSDESCRIPTOR>
  22017. <PROCESSDESCRIPTOR>
  22018. <ID>3376</ID>
  22019. <PROCESSLIST>
  22020. <PROCESS>DESKTOP.EXE</PROCESS>
  22021. <PROCESS>FFISEARCH.EXE</PROCESS>
  22022. </PROCESSLIST>
  22023. <CLSIDLIST>
  22024. </CLSIDLIST>
  22025. <SUMMARY>Adware.iSearch.Process</SUMMARY>
  22026. <DEFAULTINSTALLPATHLIST>
  22027. </DEFAULTINSTALLPATHLIST>
  22028. <CATEGORY>ADWARE</CATEGORY>
  22029. <CONDITIONLIST>
  22030. <CONDITION>FILELOCATION~isrvs</CONDITION>
  22031. </CONDITIONLIST>
  22032. <OPERATOR>AND</OPERATOR>
  22033. <THREATLEVEL>10</THREATLEVEL>
  22034. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22035. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22036. </PROCESSDESCRIPTOR>
  22037. <PROCESSDESCRIPTOR>
  22038. <ID>3377</ID>
  22039. <PROCESSLIST>
  22040. <PROCESS>*</PROCESS>
  22041. <PROCESS>(ELITEGFK32.EXE)</PROCESS>
  22042. <PROCESS>(ELITEAYB32.EXE)</PROCESS>
  22043. <PROCESS>(ELITEFBH32.EXE)</PROCESS>
  22044. <PROCESS>(ELITEJWJ32.EXE)</PROCESS>
  22045. </PROCESSLIST>
  22046. <CLSIDLIST>
  22047. </CLSIDLIST>
  22048. <SUMMARY>Elite Threat</SUMMARY>
  22049. <DEFAULTINSTALLPATHLIST>
  22050. </DEFAULTINSTALLPATHLIST>
  22051. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22052. <CONDITIONLIST>
  22053. <CONDITION>MD5=BCCA7F61E2095E80521131C763DB3C46</CONDITION>
  22054. </CONDITIONLIST>
  22055. <OPERATOR>AND</OPERATOR>
  22056. <THREATLEVEL>10</THREATLEVEL>
  22057. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22058. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22059. </PROCESSDESCRIPTOR>
  22060. <PROCESSDESCRIPTOR>
  22061. <ID>3391</ID>
  22062. <PROCESSLIST>
  22063. <PROCESS>*</PROCESS>
  22064. <PROCESS>(127062.EXE)</PROCESS>
  22065. <PROCESS>(8920768TEMP.EXE)</PROCESS>
  22066. </PROCESSLIST>
  22067. <CLSIDLIST>
  22068. </CLSIDLIST>
  22069. <SUMMARY>WebsiteViewer Threat</SUMMARY>
  22070. <DEFAULTINSTALLPATHLIST>
  22071. </DEFAULTINSTALLPATHLIST>
  22072. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22073. <CONDITIONLIST>
  22074. <CONDITION>MD5=d17db81efd5906eebbbc05278505aa5c</CONDITION>
  22075. </CONDITIONLIST>
  22076. <OPERATOR>AND</OPERATOR>
  22077. <THREATLEVEL>10</THREATLEVEL>
  22078. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22079. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22080. </PROCESSDESCRIPTOR>
  22081. <PROCESSDESCRIPTOR>
  22082. <ID>3399</ID>
  22083. <PROCESSLIST>
  22084. <PROCESS>*</PROCESS>
  22085. <PROCESS>(SIDEBDD.EXE)</PROCESS>
  22086. </PROCESSLIST>
  22087. <CLSIDLIST>
  22088. </CLSIDLIST>
  22089. <SUMMARY>SIDEBDD.EXE</SUMMARY>
  22090. <DEFAULTINSTALLPATHLIST>
  22091. </DEFAULTINSTALLPATHLIST>
  22092. <CATEGORY>ADWARE</CATEGORY>
  22093. <CONDITIONLIST>
  22094. <CONDITION>MD5=92b035c1492b2e7e2f605cb111d774e4</CONDITION>
  22095. </CONDITIONLIST>
  22096. <OPERATOR>AND</OPERATOR>
  22097. <THREATLEVEL>10</THREATLEVEL>
  22098. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22099. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22100. </PROCESSDESCRIPTOR>
  22101. <PROCESSDESCRIPTOR>
  22102. <ID>3401</ID>
  22103. <PROCESSLIST>
  22104. <PROCESS>*</PROCESS>
  22105. <PROCESS>(DFE.EXE)</PROCESS>
  22106. </PROCESSLIST>
  22107. <CLSIDLIST>
  22108. </CLSIDLIST>
  22109. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22110. <DEFAULTINSTALLPATHLIST>
  22111. </DEFAULTINSTALLPATHLIST>
  22112. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22113. <CONDITIONLIST>
  22114. <CONDITION>MD5=5030be56075f6c89f7d1b46eb522afa8</CONDITION>
  22115. </CONDITIONLIST>
  22116. <OPERATOR>AND</OPERATOR>
  22117. <THREATLEVEL>10</THREATLEVEL>
  22118. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22119. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22120. </PROCESSDESCRIPTOR>
  22121. <PROCESSDESCRIPTOR>
  22122. <ID>3402</ID>
  22123. <PROCESSLIST>
  22124. <PROCESS>*</PROCESS>
  22125. <PROCESS>(DFSDF.EXE)</PROCESS>
  22126. </PROCESSLIST>
  22127. <CLSIDLIST>
  22128. </CLSIDLIST>
  22129. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22130. <DEFAULTINSTALLPATHLIST>
  22131. </DEFAULTINSTALLPATHLIST>
  22132. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22133. <CONDITIONLIST>
  22134. <CONDITION>MD5=dfebd24aaf260453b3797bcac3306789</CONDITION>
  22135. </CONDITIONLIST>
  22136. <OPERATOR>AND</OPERATOR>
  22137. <THREATLEVEL>10</THREATLEVEL>
  22138. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22139. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22140. </PROCESSDESCRIPTOR>
  22141. <PROCESSDESCRIPTOR>
  22142. <ID>3403</ID>
  22143. <PROCESSLIST>
  22144. <PROCESS>*</PROCESS>
  22145. <PROCESS>(EREE.EXE)</PROCESS>
  22146. </PROCESSLIST>
  22147. <CLSIDLIST>
  22148. </CLSIDLIST>
  22149. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22150. <DEFAULTINSTALLPATHLIST>
  22151. </DEFAULTINSTALLPATHLIST>
  22152. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22153. <CONDITIONLIST>
  22154. <CONDITION>MD5=3f253c8b8636f69d08414bfc8b1c82fe</CONDITION>
  22155. </CONDITIONLIST>
  22156. <OPERATOR>AND</OPERATOR>
  22157. <THREATLEVEL>10</THREATLEVEL>
  22158. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22159. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22160. </PROCESSDESCRIPTOR>
  22161. <PROCESSDESCRIPTOR>
  22162. <ID>3404</ID>
  22163. <PROCESSLIST>
  22164. <PROCESS>*</PROCESS>
  22165. <PROCESS>(EWHTT.EXE)</PROCESS>
  22166. </PROCESSLIST>
  22167. <CLSIDLIST>
  22168. </CLSIDLIST>
  22169. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22170. <DEFAULTINSTALLPATHLIST>
  22171. </DEFAULTINSTALLPATHLIST>
  22172. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22173. <CONDITIONLIST>
  22174. <CONDITION>MD5=84b3b740ae9aeeb31a844f31e88cb7e4</CONDITION>
  22175. </CONDITIONLIST>
  22176. <OPERATOR>AND</OPERATOR>
  22177. <THREATLEVEL>10</THREATLEVEL>
  22178. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22179. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22180. </PROCESSDESCRIPTOR>
  22181. <PROCESSDESCRIPTOR>
  22182. <ID>3405</ID>
  22183. <PROCESSLIST>
  22184. <PROCESS>SOMETHING.DLL</PROCESS>
  22185. </PROCESSLIST>
  22186. <CLSIDLIST>
  22187. <CLSID>{237AA178-C3BC-4F67-A8BB-D8BC14BA0B89}</CLSID>
  22188. </CLSIDLIST>
  22189. <SUMMARY>Something Home Page Hijacker</SUMMARY>
  22190. <DEFAULTINSTALLPATHLIST>
  22191. </DEFAULTINSTALLPATHLIST>
  22192. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  22193. <CONDITIONLIST>
  22194. </CONDITIONLIST>
  22195. <OPERATOR>AND</OPERATOR>
  22196. <THREATLEVEL>5</THREATLEVEL>
  22197. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22198. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22199. </PROCESSDESCRIPTOR>
  22200. <PROCESSDESCRIPTOR>
  22201. <ID>3406</ID>
  22202. <PROCESSLIST>
  22203. <PROCESS>MSOPT.DLL</PROCESS>
  22204. </PROCESSLIST>
  22205. <CLSIDLIST>
  22206. <CLSID>{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D}</CLSID>
  22207. </CLSIDLIST>
  22208. <SUMMARY>CoolWebSearch Parasite Variant BHO</SUMMARY>
  22209. <DEFAULTINSTALLPATHLIST>
  22210. </DEFAULTINSTALLPATHLIST>
  22211. <CATEGORY>SPYWARE</CATEGORY>
  22212. <CONDITIONLIST>
  22213. </CONDITIONLIST>
  22214. <OPERATOR>AND</OPERATOR>
  22215. <THREATLEVEL>10</THREATLEVEL>
  22216. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22217. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22218. </PROCESSDESCRIPTOR>
  22219. <PROCESSDESCRIPTOR>
  22220. <ID>3407</ID>
  22221. <PROCESSLIST>
  22222. <PROCESS>*</PROCESS>
  22223. <PROCESS>(EJRUTTM.EXE)</PROCESS>
  22224. </PROCESSLIST>
  22225. <CLSIDLIST>
  22226. </CLSIDLIST>
  22227. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22228. <DEFAULTINSTALLPATHLIST>
  22229. </DEFAULTINSTALLPATHLIST>
  22230. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22231. <CONDITIONLIST>
  22232. <CONDITION>MD5=A28088020C3EEA46B65B39877B8264AA</CONDITION>
  22233. </CONDITIONLIST>
  22234. <OPERATOR>AND</OPERATOR>
  22235. <THREATLEVEL>10</THREATLEVEL>
  22236. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22237. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22238. </PROCESSDESCRIPTOR>
  22239. <PROCESSDESCRIPTOR>
  22240. <ID>3408</ID>
  22241. <PROCESSLIST>
  22242. <PROCESS>*</PROCESS>
  22243. <PROCESS>(DFSDFHNB.EXE)</PROCESS>
  22244. </PROCESSLIST>
  22245. <CLSIDLIST>
  22246. </CLSIDLIST>
  22247. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22248. <DEFAULTINSTALLPATHLIST>
  22249. </DEFAULTINSTALLPATHLIST>
  22250. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22251. <CONDITIONLIST>
  22252. <CONDITION>MD5=f894c953c9b6eaafc502e4ad6e5a9795</CONDITION>
  22253. </CONDITIONLIST>
  22254. <OPERATOR>AND</OPERATOR>
  22255. <THREATLEVEL>10</THREATLEVEL>
  22256. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22257. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22258. </PROCESSDESCRIPTOR>
  22259. <PROCESSDESCRIPTOR>
  22260. <ID>3409</ID>
  22261. <PROCESSLIST>
  22262. <PROCESS>*</PROCESS>
  22263. <PROCESS>(FGSEG.EXE)</PROCESS>
  22264. </PROCESSLIST>
  22265. <CLSIDLIST>
  22266. </CLSIDLIST>
  22267. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22268. <DEFAULTINSTALLPATHLIST>
  22269. </DEFAULTINSTALLPATHLIST>
  22270. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22271. <CONDITIONLIST>
  22272. <CONDITION>MD5=264a35764908446931fd919a57040af4</CONDITION>
  22273. </CONDITIONLIST>
  22274. <OPERATOR>AND</OPERATOR>
  22275. <THREATLEVEL>10</THREATLEVEL>
  22276. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22277. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22278. </PROCESSDESCRIPTOR>
  22279. <PROCESSDESCRIPTOR>
  22280. <ID>3410</ID>
  22281. <PROCESSLIST>
  22282. <PROCESS>*</PROCESS>
  22283. <PROCESS>(BUILD2.EXE)</PROCESS>
  22284. </PROCESSLIST>
  22285. <CLSIDLIST>
  22286. </CLSIDLIST>
  22287. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22288. <DEFAULTINSTALLPATHLIST>
  22289. </DEFAULTINSTALLPATHLIST>
  22290. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22291. <CONDITIONLIST>
  22292. <CONDITION>MD5=da5fc22b72ef3ba156f96200d1305fb9</CONDITION>
  22293. </CONDITIONLIST>
  22294. <OPERATOR>AND</OPERATOR>
  22295. <THREATLEVEL>10</THREATLEVEL>
  22296. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22297. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22298. </PROCESSDESCRIPTOR>
  22299. <PROCESSDESCRIPTOR>
  22300. <ID>3413</ID>
  22301. <PROCESSLIST>
  22302. <PROCESS>*</PROCESS>
  22303. <PROCESS>(MSMC.EXE)</PROCESS>
  22304. </PROCESSLIST>
  22305. <CLSIDLIST>
  22306. </CLSIDLIST>
  22307. <SUMMARY>MSMC.EXE</SUMMARY>
  22308. <DEFAULTINSTALLPATHLIST>
  22309. </DEFAULTINSTALLPATHLIST>
  22310. <CATEGORY>ADWARE</CATEGORY>
  22311. <CONDITIONLIST>
  22312. <CONDITION>MD5=b877a00ed7eaee6d58ea20478e2c1390</CONDITION>
  22313. </CONDITIONLIST>
  22314. <OPERATOR>AND</OPERATOR>
  22315. <THREATLEVEL>10</THREATLEVEL>
  22316. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22317. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22318. </PROCESSDESCRIPTOR>
  22319. <PROCESSDESCRIPTOR>
  22320. <ID>3414</ID>
  22321. <PROCESSLIST>
  22322. <PROCESS>*</PROCESS>
  22323. <PROCESS>(D3NY.EXE)</PROCESS>
  22324. </PROCESSLIST>
  22325. <CLSIDLIST>
  22326. </CLSIDLIST>
  22327. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22328. <DEFAULTINSTALLPATHLIST>
  22329. </DEFAULTINSTALLPATHLIST>
  22330. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22331. <CONDITIONLIST>
  22332. <CONDITION>MD5=d3f31459c8e83604ebf018eff4b5d094</CONDITION>
  22333. </CONDITIONLIST>
  22334. <OPERATOR>AND</OPERATOR>
  22335. <THREATLEVEL>10</THREATLEVEL>
  22336. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22337. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22338. </PROCESSDESCRIPTOR>
  22339. <PROCESSDESCRIPTOR>
  22340. <ID>3415</ID>
  22341. <PROCESSLIST>
  22342. <PROCESS>*</PROCESS>
  22343. <PROCESS>(127062.EXE)</PROCESS>
  22344. </PROCESSLIST>
  22345. <CLSIDLIST>
  22346. </CLSIDLIST>
  22347. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22348. <DEFAULTINSTALLPATHLIST>
  22349. </DEFAULTINSTALLPATHLIST>
  22350. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22351. <CONDITIONLIST>
  22352. <CONDITION>MD5=eac06b67a147aa684e04341455b2dc4b</CONDITION>
  22353. </CONDITIONLIST>
  22354. <OPERATOR>AND</OPERATOR>
  22355. <THREATLEVEL>10</THREATLEVEL>
  22356. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22357. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22358. </PROCESSDESCRIPTOR>
  22359. <PROCESSDESCRIPTOR>
  22360. <ID>3416</ID>
  22361. <PROCESSLIST>
  22362. <PROCESS>*</PROCESS>
  22363. </PROCESSLIST>
  22364. <CLSIDLIST>
  22365. <CLSID>*</CLSID>
  22366. </CLSIDLIST>
  22367. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  22368. <DEFAULTINSTALLPATHLIST>
  22369. </DEFAULTINSTALLPATHLIST>
  22370. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22371. <CONDITIONLIST>
  22372. <CONDITION>MD5=a2a67785a73cce35e57d6cb298264b13</CONDITION>
  22373. </CONDITIONLIST>
  22374. <OPERATOR>AND</OPERATOR>
  22375. <THREATLEVEL>10</THREATLEVEL>
  22376. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22377. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22378. </PROCESSDESCRIPTOR>
  22379. <PROCESSDESCRIPTOR>
  22380. <ID>3433</ID>
  22381. <PROCESSLIST>
  22382. <PROCESS>*</PROCESS>
  22383. <PROCESS>(UMJOVCK.EXE)</PROCESS>
  22384. </PROCESSLIST>
  22385. <CLSIDLIST>
  22386. </CLSIDLIST>
  22387. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22388. <DEFAULTINSTALLPATHLIST>
  22389. </DEFAULTINSTALLPATHLIST>
  22390. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22391. <CONDITIONLIST>
  22392. <CONDITION>MD5=398FC904A3169E53D58E7F98AE5A33BD</CONDITION>
  22393. </CONDITIONLIST>
  22394. <OPERATOR>AND</OPERATOR>
  22395. <THREATLEVEL>10</THREATLEVEL>
  22396. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22397. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22398. </PROCESSDESCRIPTOR>
  22399. <PROCESSDESCRIPTOR>
  22400. <ID>3434</ID>
  22401. <PROCESSLIST>
  22402. <PROCESS>*</PROCESS>
  22403. <PROCESS>(VVFUCR.EXE)</PROCESS>
  22404. </PROCESSLIST>
  22405. <CLSIDLIST>
  22406. </CLSIDLIST>
  22407. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22408. <DEFAULTINSTALLPATHLIST>
  22409. </DEFAULTINSTALLPATHLIST>
  22410. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22411. <CONDITIONLIST>
  22412. <CONDITION>MD5=DFD0ED2831313EC301B2F37D434221F2</CONDITION>
  22413. </CONDITIONLIST>
  22414. <OPERATOR>AND</OPERATOR>
  22415. <THREATLEVEL>10</THREATLEVEL>
  22416. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22417. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22418. </PROCESSDESCRIPTOR>
  22419. <PROCESSDESCRIPTOR>
  22420. <ID>3441</ID>
  22421. <PROCESSLIST>
  22422. <PROCESS>SVMHOST.EXE</PROCESS>
  22423. </PROCESSLIST>
  22424. <CLSIDLIST>
  22425. </CLSIDLIST>
  22426. <SUMMARY>W32/Forbot-CH Worm</SUMMARY>
  22427. <DEFAULTINSTALLPATHLIST>
  22428. </DEFAULTINSTALLPATHLIST>
  22429. <CATEGORY>WORM</CATEGORY>
  22430. <CONDITIONLIST>
  22431. <CONDITION>FILELOCATION~System</CONDITION>
  22432. </CONDITIONLIST>
  22433. <OPERATOR>AND</OPERATOR>
  22434. <THREATLEVEL>10</THREATLEVEL>
  22435. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22436. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22437. </PROCESSDESCRIPTOR>
  22438. <PROCESSDESCRIPTOR>
  22439. <ID>3442</ID>
  22440. <PROCESSLIST>
  22441. <PROCESS>RUNDLI32.EXE</PROCESS>
  22442. </PROCESSLIST>
  22443. <CLSIDLIST>
  22444. </CLSIDLIST>
  22445. <SUMMARY>W32.Lade Worm / BackDoor IRC Worm</SUMMARY>
  22446. <DEFAULTINSTALLPATHLIST>
  22447. </DEFAULTINSTALLPATHLIST>
  22448. <CATEGORY>WORM</CATEGORY>
  22449. <CONDITIONLIST>
  22450. <CONDITION>FILELOCATION~System</CONDITION>
  22451. </CONDITIONLIST>
  22452. <OPERATOR>AND</OPERATOR>
  22453. <THREATLEVEL>10</THREATLEVEL>
  22454. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22455. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22456. </PROCESSDESCRIPTOR>
  22457. <PROCESSDESCRIPTOR>
  22458. <ID>3443</ID>
  22459. <PROCESSLIST>
  22460. <PROCESS>MSREPAIR.EXE</PROCESS>
  22461. </PROCESSLIST>
  22462. <CLSIDLIST>
  22463. </CLSIDLIST>
  22464. <SUMMARY>IRC Worm</SUMMARY>
  22465. <DEFAULTINSTALLPATHLIST>
  22466. </DEFAULTINSTALLPATHLIST>
  22467. <CATEGORY>WORM</CATEGORY>
  22468. <CONDITIONLIST>
  22469. <CONDITION>FILELOCATION~System</CONDITION>
  22470. </CONDITIONLIST>
  22471. <OPERATOR>AND</OPERATOR>
  22472. <THREATLEVEL>10</THREATLEVEL>
  22473. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22474. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22475. </PROCESSDESCRIPTOR>
  22476. <PROCESSDESCRIPTOR>
  22477. <ID>3446</ID>
  22478. <PROCESSLIST>
  22479. <PROCESS>*</PROCESS>
  22480. <PROCESS>(EETU.EXE)</PROCESS>
  22481. </PROCESSLIST>
  22482. <CLSIDLIST>
  22483. </CLSIDLIST>
  22484. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22485. <DEFAULTINSTALLPATHLIST>
  22486. </DEFAULTINSTALLPATHLIST>
  22487. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22488. <CONDITIONLIST>
  22489. <CONDITION>MD5=34f75030e669961da9ddff0e0961ed46</CONDITION>
  22490. <CONDITION>MD5=D7BC4DF170A964890BB73D9F678A3CA0</CONDITION>
  22491. <CONDITION>MD5=2CD10A764CBAF071ACF9477627C26D06</CONDITION>
  22492. <CONDITION>MD5=4225C76BD8D74E683166A69B71434673</CONDITION>
  22493. </CONDITIONLIST>
  22494. <OPERATOR>OR</OPERATOR>
  22495. <THREATLEVEL>10</THREATLEVEL>
  22496. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22497. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22498. </PROCESSDESCRIPTOR>
  22499. <PROCESSDESCRIPTOR>
  22500. <ID>3447</ID>
  22501. <PROCESSLIST>
  22502. <PROCESS>*</PROCESS>
  22503. <PROCESS>(DFE.EXE)</PROCESS>
  22504. </PROCESSLIST>
  22505. <CLSIDLIST>
  22506. </CLSIDLIST>
  22507. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22508. <DEFAULTINSTALLPATHLIST>
  22509. </DEFAULTINSTALLPATHLIST>
  22510. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22511. <CONDITIONLIST>
  22512. <CONDITION>MD5=fcb44a810c803e67e6037241a8626946</CONDITION>
  22513. </CONDITIONLIST>
  22514. <OPERATOR>AND</OPERATOR>
  22515. <THREATLEVEL>10</THREATLEVEL>
  22516. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22517. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22518. </PROCESSDESCRIPTOR>
  22519. <PROCESSDESCRIPTOR>
  22520. <ID>3448</ID>
  22521. <PROCESSLIST>
  22522. <PROCESS>*</PROCESS>
  22523. <PROCESS>(D15.EXE)</PROCESS>
  22524. </PROCESSLIST>
  22525. <CLSIDLIST>
  22526. </CLSIDLIST>
  22527. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  22528. <DEFAULTINSTALLPATHLIST>
  22529. </DEFAULTINSTALLPATHLIST>
  22530. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22531. <CONDITIONLIST>
  22532. <CONDITION>MD5=7240503672ee856cac52b6a2db6dc42c</CONDITION>
  22533. </CONDITIONLIST>
  22534. <OPERATOR>AND</OPERATOR>
  22535. <THREATLEVEL>10</THREATLEVEL>
  22536. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22537. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22538. </PROCESSDESCRIPTOR>
  22539. <PROCESSDESCRIPTOR>
  22540. <ID>3449</ID>
  22541. <PROCESSLIST>
  22542. <PROCESS>*</PROCESS>
  22543. <PROCESS>(IS-PFVRQ.TMP)</PROCESS>
  22544. </PROCESSLIST>
  22545. <CLSIDLIST>
  22546. </CLSIDLIST>
  22547. <SUMMARY>Inno Setup Temporary Installer Process</SUMMARY>
  22548. <DEFAULTINSTALLPATHLIST>
  22549. </DEFAULTINSTALLPATHLIST>
  22550. <CATEGORY>APPLICATION</CATEGORY>
  22551. <CONDITIONLIST>
  22552. <CONDITION>MD5=0d0622f7d2fd629455a028d7e1cb1c07</CONDITION>
  22553. </CONDITIONLIST>
  22554. <OPERATOR>AND</OPERATOR>
  22555. <THREATLEVEL>1</THREATLEVEL>
  22556. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  22557. <TERMINATIONMETHOD></TERMINATIONMETHOD>
  22558. </PROCESSDESCRIPTOR>
  22559. <PROCESSDESCRIPTOR>
  22560. <ID>3450</ID>
  22561. <PROCESSLIST>
  22562. <PROCESS>HLINSTALLER3.EXE</PROCESS>
  22563. </PROCESSLIST>
  22564. <CLSIDLIST>
  22565. </CLSIDLIST>
  22566. <SUMMARY>Adware Installer</SUMMARY>
  22567. <DEFAULTINSTALLPATHLIST>
  22568. </DEFAULTINSTALLPATHLIST>
  22569. <CATEGORY>TROJAN</CATEGORY>
  22570. <CONDITIONLIST>
  22571. </CONDITIONLIST>
  22572. <OPERATOR>AND</OPERATOR>
  22573. <THREATLEVEL>10</THREATLEVEL>
  22574. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22575. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22576. </PROCESSDESCRIPTOR>
  22577. <PROCESSDESCRIPTOR>
  22578. <ID>3451</ID>
  22579. <PROCESSLIST>
  22580. <PROCESS>CP.EXE</PROCESS>
  22581. </PROCESSLIST>
  22582. <CLSIDLIST>
  22583. </CLSIDLIST>
  22584. <SUMMARY>Comedy-Planet Installer/Setup</SUMMARY>
  22585. <DEFAULTINSTALLPATHLIST>
  22586. </DEFAULTINSTALLPATHLIST>
  22587. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22588. <CONDITIONLIST>
  22589. <CONDITION>MD5=5d3ef70df6da15504c8b49f77dbb6dc5</CONDITION>
  22590. </CONDITIONLIST>
  22591. <OPERATOR>AND</OPERATOR>
  22592. <THREATLEVEL>10</THREATLEVEL>
  22593. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22594. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22595. </PROCESSDESCRIPTOR>
  22596. <PROCESSDESCRIPTOR>
  22597. <ID>3452</ID>
  22598. <PROCESSLIST>
  22599. <PROCESS>COMEDY-PLANET.EXE</PROCESS>
  22600. </PROCESSLIST>
  22601. <CLSIDLIST>
  22602. </CLSIDLIST>
  22603. <SUMMARY>Comedy-Planet</SUMMARY>
  22604. <DEFAULTINSTALLPATHLIST>
  22605. </DEFAULTINSTALLPATHLIST>
  22606. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22607. <CONDITIONLIST>
  22608. </CONDITIONLIST>
  22609. <OPERATOR>AND</OPERATOR>
  22610. <THREATLEVEL>5</THREATLEVEL>
  22611. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22612. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22613. </PROCESSDESCRIPTOR>
  22614. <PROCESSDESCRIPTOR>
  22615. <ID>3453</ID>
  22616. <PROCESSLIST>
  22617. <PROCESS>MEGASEARCHBARSETUP.EXE</PROCESS>
  22618. </PROCESSLIST>
  22619. <CLSIDLIST>
  22620. </CLSIDLIST>
  22621. <SUMMARY>MegaSearchBar Installer</SUMMARY>
  22622. <DEFAULTINSTALLPATHLIST>
  22623. </DEFAULTINSTALLPATHLIST>
  22624. <CATEGORY>ADWARE</CATEGORY>
  22625. <CONDITIONLIST>
  22626. </CONDITIONLIST>
  22627. <OPERATOR>AND</OPERATOR>
  22628. <THREATLEVEL>8</THREATLEVEL>
  22629. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22630. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22631. </PROCESSDESCRIPTOR>
  22632. <PROCESSDESCRIPTOR>
  22633. <ID>3454</ID>
  22634. <PROCESSLIST>
  22635. <PROCESS>INSTAFINDER_INST.EXE</PROCESS>
  22636. </PROCESSLIST>
  22637. <CLSIDLIST>
  22638. </CLSIDLIST>
  22639. <SUMMARY>InstaFinder Installer</SUMMARY>
  22640. <DEFAULTINSTALLPATHLIST>
  22641. </DEFAULTINSTALLPATHLIST>
  22642. <CATEGORY>ADWARE</CATEGORY>
  22643. <CONDITIONLIST>
  22644. </CONDITIONLIST>
  22645. <OPERATOR>AND</OPERATOR>
  22646. <THREATLEVEL>10</THREATLEVEL>
  22647. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22648. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22649. </PROCESSDESCRIPTOR>
  22650. <PROCESSDESCRIPTOR>
  22651. <ID>3480</ID>
  22652. <PROCESSLIST>
  22653. <PROCESS>SVCSHOST.EXE</PROCESS>
  22654. </PROCESSLIST>
  22655. <CLSIDLIST>
  22656. </CLSIDLIST>
  22657. <SUMMARY>Forbot-CF Backdoor Trojan</SUMMARY>
  22658. <DEFAULTINSTALLPATHLIST>
  22659. </DEFAULTINSTALLPATHLIST>
  22660. <CATEGORY>TROJAN</CATEGORY>
  22661. <CONDITIONLIST>
  22662. <CONDITION>FILELOCATION~system</CONDITION>
  22663. </CONDITIONLIST>
  22664. <OPERATOR>AND</OPERATOR>
  22665. <THREATLEVEL>10</THREATLEVEL>
  22666. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22667. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22668. </PROCESSDESCRIPTOR>
  22669. <PROCESSDESCRIPTOR>
  22670. <ID>3496</ID>
  22671. <PROCESSLIST>
  22672. <PROCESS>SENDI.EXE</PROCESS>
  22673. </PROCESSLIST>
  22674. <CLSIDLIST>
  22675. </CLSIDLIST>
  22676. <SUMMARY>Gezda/Gaggle Variant Worm Component</SUMMARY>
  22677. <DEFAULTINSTALLPATHLIST>
  22678. </DEFAULTINSTALLPATHLIST>
  22679. <CATEGORY>WORM</CATEGORY>
  22680. <CONDITIONLIST>
  22681. <CONDITION>FILELOCATION~system</CONDITION>
  22682. </CONDITIONLIST>
  22683. <OPERATOR>AND</OPERATOR>
  22684. <THREATLEVEL>10</THREATLEVEL>
  22685. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22686. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22687. </PROCESSDESCRIPTOR>
  22688. <PROCESSDESCRIPTOR>
  22689. <ID>3497</ID>
  22690. <PROCESSLIST>
  22691. <PROCESS>REGSRV.EXE</PROCESS>
  22692. </PROCESSLIST>
  22693. <CLSIDLIST>
  22694. </CLSIDLIST>
  22695. <SUMMARY>Gezda/Gaggle Variant Worm Component</SUMMARY>
  22696. <DEFAULTINSTALLPATHLIST>
  22697. </DEFAULTINSTALLPATHLIST>
  22698. <CATEGORY>WORM</CATEGORY>
  22699. <CONDITIONLIST>
  22700. <CONDITION>FILELOCATION~system</CONDITION>
  22701. </CONDITIONLIST>
  22702. <OPERATOR>AND</OPERATOR>
  22703. <THREATLEVEL>10</THREATLEVEL>
  22704. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22705. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22706. </PROCESSDESCRIPTOR>
  22707. <PROCESSDESCRIPTOR>
  22708. <ID>3505</ID>
  22709. <PROCESSLIST>
  22710. <PROCESS>*</PROCESS>
  22711. <PROCESS>(TMPF00.EXE)</PROCESS>
  22712. <PROCESS>(TMPF01.EXE)</PROCESS>
  22713. </PROCESSLIST>
  22714. <CLSIDLIST>
  22715. </CLSIDLIST>
  22716. <SUMMARY>Unknown Processes (TMPF0X.EXE)</SUMMARY>
  22717. <DEFAULTINSTALLPATHLIST>
  22718. </DEFAULTINSTALLPATHLIST>
  22719. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  22720. <CONDITIONLIST>
  22721. <CONDITION>MD5=2500DC94E71E0591C182DB25F785B367</CONDITION>
  22722. </CONDITIONLIST>
  22723. <OPERATOR>AND</OPERATOR>
  22724. <THREATLEVEL>10</THREATLEVEL>
  22725. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22726. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22727. </PROCESSDESCRIPTOR>
  22728. <PROCESSDESCRIPTOR>
  22729. <ID>3529</ID>
  22730. <PROCESSLIST>
  22731. <PROCESS>ADENH.DLL</PROCESS>
  22732. <PROCESS>A+POPUPBLOCKER.DLL</PROCESS>
  22733. </PROCESSLIST>
  22734. <CLSIDLIST>
  22735. <CLSID>{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}</CLSID>
  22736. <CLSID>{C68AE9C0-0909-4DDC-B661-C1AFB9F5AE56}</CLSID>
  22737. </CLSIDLIST>
  22738. <SUMMARY>Adware.OnWebMedia.BHO</SUMMARY>
  22739. <DEFAULTINSTALLPATHLIST>
  22740. </DEFAULTINSTALLPATHLIST>
  22741. <CATEGORY>ADWARE</CATEGORY>
  22742. <CONDITIONLIST>
  22743. </CONDITIONLIST>
  22744. <OPERATOR>AND</OPERATOR>
  22745. <THREATLEVEL>5</THREATLEVEL>
  22746. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22747. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22748. </PROCESSDESCRIPTOR>
  22749. <PROCESSDESCRIPTOR>
  22750. <ID>3535</ID>
  22751. <PROCESSLIST>
  22752. <PROCESS>*</PROCESS>
  22753. <PROCESS>BHO010~1.DLL</PROCESS>
  22754. </PROCESSLIST>
  22755. <CLSIDLIST>
  22756. <CLSID>{00000185-C745-43D2-44F1-01A1C789C738}</CLSID>
  22757. </CLSIDLIST>
  22758. <SUMMARY>Smart-Browser Browser Helper Object</SUMMARY>
  22759. <DEFAULTINSTALLPATHLIST>
  22760. </DEFAULTINSTALLPATHLIST>
  22761. <CATEGORY>SPYWARE</CATEGORY>
  22762. <CONDITIONLIST>
  22763. </CONDITIONLIST>
  22764. <OPERATOR>AND</OPERATOR>
  22765. <THREATLEVEL>10</THREATLEVEL>
  22766. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22767. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22768. </PROCESSDESCRIPTOR>
  22769. <PROCESSDESCRIPTOR>
  22770. <ID>3537</ID>
  22771. <PROCESSLIST>
  22772. <PROCESS>GBIEH.DLL</PROCESS>
  22773. </PROCESSLIST>
  22774. <CLSIDLIST>
  22775. <CLSID>{E37CB5F0-51F5-4395-A808-5FA49E399F83}</CLSID>
  22776. </CLSIDLIST>
  22777. <SUMMARY>Banco do Brasil Trojan Shell Execute Hook</SUMMARY>
  22778. <DEFAULTINSTALLPATHLIST>
  22779. </DEFAULTINSTALLPATHLIST>
  22780. <CATEGORY>TROJAN</CATEGORY>
  22781. <CONDITIONLIST>
  22782. <CONDITION>COMPANYNAME~Banco</CONDITION>
  22783. </CONDITIONLIST>
  22784. <OPERATOR>AND</OPERATOR>
  22785. <THREATLEVEL>10</THREATLEVEL>
  22786. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22787. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22788. </PROCESSDESCRIPTOR>
  22789. <PROCESSDESCRIPTOR>
  22790. <ID>3540</ID>
  22791. <PROCESSLIST>
  22792. <PROCESS>SVHOST.EXE</PROCESS>
  22793. </PROCESSLIST>
  22794. <CLSIDLIST>
  22795. </CLSIDLIST>
  22796. <SUMMARY>W32.MyDoom.l@mm Virus/Worm</SUMMARY>
  22797. <DEFAULTINSTALLPATHLIST>
  22798. </DEFAULTINSTALLPATHLIST>
  22799. <CATEGORY>WORM</CATEGORY>
  22800. <CONDITIONLIST>
  22801. <CONDITION>FILELOCATION~System</CONDITION>
  22802. </CONDITIONLIST>
  22803. <OPERATOR>AND</OPERATOR>
  22804. <THREATLEVEL>10</THREATLEVEL>
  22805. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22806. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22807. </PROCESSDESCRIPTOR>
  22808. <PROCESSDESCRIPTOR>
  22809. <ID>3543</ID>
  22810. <PROCESSLIST>
  22811. <PROCESS>MSCD.DLL</PROCESS>
  22812. </PROCESSLIST>
  22813. <CLSIDLIST>
  22814. <CLSID>{7BE07C5F-7874-4F88-9142-3277394B4EC5}</CLSID>
  22815. </CLSIDLIST>
  22816. <SUMMARY>Unnamed Trojan Downloader Browser Helper Object</SUMMARY>
  22817. <DEFAULTINSTALLPATHLIST>
  22818. </DEFAULTINSTALLPATHLIST>
  22819. <CATEGORY>TROJAN</CATEGORY>
  22820. <CONDITIONLIST>
  22821. </CONDITIONLIST>
  22822. <OPERATOR>AND</OPERATOR>
  22823. <THREATLEVEL>10</THREATLEVEL>
  22824. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22825. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22826. </PROCESSDESCRIPTOR>
  22827. <PROCESSDESCRIPTOR>
  22828. <ID>3545</ID>
  22829. <PROCESSLIST>
  22830. <PROCESS>EZSTUB.EXE</PROCESS>
  22831. </PROCESSLIST>
  22832. <CLSIDLIST>
  22833. </CLSIDLIST>
  22834. <SUMMARY>Adware.eZula.Process</SUMMARY>
  22835. <DEFAULTINSTALLPATHLIST>
  22836. </DEFAULTINSTALLPATHLIST>
  22837. <CATEGORY>ADWARE</CATEGORY>
  22838. <CONDITIONLIST>
  22839. <CONDITION>COMPANYNAME~StatBlaster</CONDITION>
  22840. </CONDITIONLIST>
  22841. <OPERATOR>AND</OPERATOR>
  22842. <THREATLEVEL>5</THREATLEVEL>
  22843. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22844. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22845. </PROCESSDESCRIPTOR>
  22846. <PROCESSDESCRIPTOR>
  22847. <ID>3546</ID>
  22848. <PROCESSLIST>
  22849. <PROCESS>EZPOPSTUB.EXE</PROCESS>
  22850. </PROCESSLIST>
  22851. <CLSIDLIST>
  22852. </CLSIDLIST>
  22853. <SUMMARY>Adware.eZula.Process</SUMMARY>
  22854. <DEFAULTINSTALLPATHLIST>
  22855. </DEFAULTINSTALLPATHLIST>
  22856. <CATEGORY>ADWARE</CATEGORY>
  22857. <CONDITIONLIST>
  22858. <CONDITION>COMPANYNAME~StatBlaster</CONDITION>
  22859. <CONDITION>COMPANYNAME~WebDevWOUS</CONDITION>
  22860. </CONDITIONLIST>
  22861. <OPERATOR>OR</OPERATOR>
  22862. <THREATLEVEL>5</THREATLEVEL>
  22863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22865. </PROCESSDESCRIPTOR>
  22866. <PROCESSDESCRIPTOR>
  22867. <ID>3548</ID>
  22868. <PROCESSLIST>
  22869. <PROCESS>ADDNB32.DLL</PROCESS>
  22870. <PROCESS>ADDPX.DLL</PROCESS>
  22871. <PROCESS>HBNH.DLL</PROCESS>
  22872. <PROCESS>YYBHO.DLL</PROCESS>
  22873. <PROCESS>MOEI.DLL</PROCESS>
  22874. <PROCESS>CRRF32.DLL</PROCESS>
  22875. <PROCESS>SYSGH32.DLL</PROCESS>
  22876. <PROCESS>ATLES32.DLL</PROCESS>
  22877. </PROCESSLIST>
  22878. <CLSIDLIST>
  22879. <CLSID>{EC0DCF51-1005-877B-C873-10B3F0156A8C}</CLSID>
  22880. <CLSID>{7913BA64-727B-66BD-1BFC-D7C367B7E4D4}</CLSID>
  22881. <CLSID>{004D3581-7796-11D9-9D68-0002F8E66690}</CLSID>
  22882. <CLSID>{ADE50A7A-C3A1-4F2F-860A-89C7AC525213}</CLSID>
  22883. <CLSID>{F9BE3C0B-3ACC-4E08-A83A-4B7E14281DC0}</CLSID>
  22884. <CLSID>{C668EA18-2D58-B7FF-B81A-5DFB1E599256}</CLSID>
  22885. <CLSID>{95BAC7DA-0DDB-6F51-2538-D3418AE96254}</CLSID>
  22886. <CLSID>{9FD1C995-A5B4-6CF5-89E5-27E4347E4EF1}</CLSID>
  22887. </CLSIDLIST>
  22888. <SUMMARY>CoolWebSearch Parasite Variant BHO</SUMMARY>
  22889. <DEFAULTINSTALLPATHLIST>
  22890. </DEFAULTINSTALLPATHLIST>
  22891. <CATEGORY>SPYWARE</CATEGORY>
  22892. <CONDITIONLIST>
  22893. </CONDITIONLIST>
  22894. <OPERATOR>AND</OPERATOR>
  22895. <THREATLEVEL>10</THREATLEVEL>
  22896. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22897. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22898. </PROCESSDESCRIPTOR>
  22899. <PROCESSDESCRIPTOR>
  22900. <ID>3550</ID>
  22901. <PROCESSLIST>
  22902. <PROCESS>WEBCOMPASS.DLL</PROCESS>
  22903. </PROCESSLIST>
  22904. <CLSIDLIST>
  22905. <CLSID>{A28C2A31-3AB0-4118-922F-F6B3184F5495}</CLSID>
  22906. </CLSIDLIST>
  22907. <SUMMARY>Adware.BonziBuddy/WebCompass.BHO</SUMMARY>
  22908. <DEFAULTINSTALLPATHLIST>
  22909. </DEFAULTINSTALLPATHLIST>
  22910. <CATEGORY>ADWARE</CATEGORY>
  22911. <CONDITIONLIST>
  22912. </CONDITIONLIST>
  22913. <OPERATOR>AND</OPERATOR>
  22914. <THREATLEVEL>10</THREATLEVEL>
  22915. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22916. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22917. </PROCESSDESCRIPTOR>
  22918. <PROCESSDESCRIPTOR>
  22919. <ID>3556</ID>
  22920. <PROCESSLIST>
  22921. <PROCESS>CNSMIN.DLL</PROCESS>
  22922. </PROCESSLIST>
  22923. <CLSIDLIST>
  22924. <CLSID>{B83FC273-3522-4CC6-92EC-75CC86678DA4}</CLSID>
  22925. </CLSIDLIST>
  22926. <SUMMARY>Coolbar Shell Execute Hook by 3721.com</SUMMARY>
  22927. <DEFAULTINSTALLPATHLIST>
  22928. </DEFAULTINSTALLPATHLIST>
  22929. <CATEGORY>SPYWARE</CATEGORY>
  22930. <CONDITIONLIST>
  22931. </CONDITIONLIST>
  22932. <OPERATOR>AND</OPERATOR>
  22933. <THREATLEVEL>10</THREATLEVEL>
  22934. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22935. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22936. </PROCESSDESCRIPTOR>
  22937. <PROCESSDESCRIPTOR>
  22938. <ID>3575</ID>
  22939. <PROCESSLIST>
  22940. <PROCESS>*</PROCESS>
  22941. <PROCESS>MTSBAR.DLL</PROCESS>
  22942. </PROCESSLIST>
  22943. <CLSIDLIST>
  22944. <CLSID>{094176F9-BF35-4BCB-B68A-108DFB8C3825}</CLSID>
  22945. </CLSIDLIST>
  22946. <SUMMARY>My Total Search Toolbar for Internet Explorer</SUMMARY>
  22947. <DEFAULTINSTALLPATHLIST>
  22948. </DEFAULTINSTALLPATHLIST>
  22949. <CATEGORY>ADWARE</CATEGORY>
  22950. <CONDITIONLIST>
  22951. </CONDITIONLIST>
  22952. <OPERATOR>AND</OPERATOR>
  22953. <THREATLEVEL>10</THREATLEVEL>
  22954. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22955. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22956. </PROCESSDESCRIPTOR>
  22957. <PROCESSDESCRIPTOR>
  22958. <ID>3578</ID>
  22959. <PROCESSLIST>
  22960. <PROCESS>BHO2.DLL</PROCESS>
  22961. </PROCESSLIST>
  22962. <CLSIDLIST>
  22963. <CLSID>{53E10C2C-43B2-4657-BA29-AAE179E7D35C}</CLSID>
  22964. </CLSIDLIST>
  22965. <SUMMARY>HighTraffic/SubSearch Browser Helper Object</SUMMARY>
  22966. <DEFAULTINSTALLPATHLIST>
  22967. </DEFAULTINSTALLPATHLIST>
  22968. <CATEGORY>ADWARE</CATEGORY>
  22969. <CONDITIONLIST>
  22970. </CONDITIONLIST>
  22971. <OPERATOR>AND</OPERATOR>
  22972. <THREATLEVEL>6</THREATLEVEL>
  22973. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22974. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22975. </PROCESSDESCRIPTOR>
  22976. <PROCESSDESCRIPTOR>
  22977. <ID>3584</ID>
  22978. <PROCESSLIST>
  22979. <PROCESS>*</PROCESS>
  22980. <PROCESS>(SVCHST.EXE)</PROCESS>
  22981. </PROCESSLIST>
  22982. <CLSIDLIST>
  22983. </CLSIDLIST>
  22984. <SUMMARY>SVCHST.EXE Dialer Variant 1</SUMMARY>
  22985. <DEFAULTINSTALLPATHLIST>
  22986. </DEFAULTINSTALLPATHLIST>
  22987. <CATEGORY>DIALER</CATEGORY>
  22988. <CONDITIONLIST>
  22989. <CONDITION>MD5=D0EA31F0F303693D57F2C9EB5FB2F875</CONDITION>
  22990. <CONDITION>MD5=AECB580B5FCFC6D99C1FC0C4940F78EC</CONDITION>
  22991. <CONDITION>MD5=89A57848B9E8FE3A1CFCADF61E380BBC</CONDITION>
  22992. </CONDITIONLIST>
  22993. <OPERATOR>OR</OPERATOR>
  22994. <THREATLEVEL>10</THREATLEVEL>
  22995. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  22996. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  22997. </PROCESSDESCRIPTOR>
  22998. <PROCESSDESCRIPTOR>
  22999. <ID>3585</ID>
  23000. <PROCESSLIST>
  23001. <PROCESS>IESERVICE.DLL</PROCESS>
  23002. </PROCESSLIST>
  23003. <CLSIDLIST>
  23004. <CLSID>{9E992732-295F-4987-8BE3-16FAC1639198}</CLSID>
  23005. </CLSIDLIST>
  23006. <SUMMARY>FastFind.org/Trojan</SUMMARY>
  23007. <DEFAULTINSTALLPATHLIST>
  23008. </DEFAULTINSTALLPATHLIST>
  23009. <CATEGORY>ADWARE</CATEGORY>
  23010. <CONDITIONLIST>
  23011. </CONDITIONLIST>
  23012. <OPERATOR>AND</OPERATOR>
  23013. <THREATLEVEL>6</THREATLEVEL>
  23014. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23015. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23016. </PROCESSDESCRIPTOR>
  23017. <PROCESSDESCRIPTOR>
  23018. <ID>3602</ID>
  23019. <PROCESSLIST>
  23020. <PROCESS>*</PROCESS>
  23021. <PROCESS>(MSHTA.EXE)</PROCESS>
  23022. <PROCESS>(MHTA~1.EXE)</PROCESS>
  23023. </PROCESSLIST>
  23024. <CLSIDLIST>
  23025. </CLSIDLIST>
  23026. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  23027. <DEFAULTINSTALLPATHLIST>
  23028. </DEFAULTINSTALLPATHLIST>
  23029. <CATEGORY>ADWARE</CATEGORY>
  23030. <CONDITIONLIST>
  23031. <CONDITION>MD5=56B34A38B5730F712DABA7616C7BCE02</CONDITION>
  23032. </CONDITIONLIST>
  23033. <OPERATOR>AND</OPERATOR>
  23034. <THREATLEVEL>10</THREATLEVEL>
  23035. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23036. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23037. </PROCESSDESCRIPTOR>
  23038. <PROCESSDESCRIPTOR>
  23039. <ID>3639</ID>
  23040. <PROCESSLIST>
  23041. <PROCESS>*</PROCESS>
  23042. <PROCESS>(SPOOLSV.EXE)</PROCESS>
  23043. <PROCESS>(OOLSV~1.EXE)</PROCESS>
  23044. <PROCESS>(LASS~1.EXE)</PROCESS>
  23045. </PROCESSLIST>
  23046. <CLSIDLIST>
  23047. </CLSIDLIST>
  23048. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  23049. <DEFAULTINSTALLPATHLIST>
  23050. </DEFAULTINSTALLPATHLIST>
  23051. <CATEGORY>ADWARE</CATEGORY>
  23052. <CONDITIONLIST>
  23053. <CONDITION>MD5=8E8C71EB6C896031243C648F993D98D6</CONDITION>
  23054. <CONDITION>MD5=24F10531058F81EE69391B4744F6C510</CONDITION>
  23055. </CONDITIONLIST>
  23056. <OPERATOR>OR</OPERATOR>
  23057. <THREATLEVEL>10</THREATLEVEL>
  23058. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23059. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23060. </PROCESSDESCRIPTOR>
  23061. <PROCESSDESCRIPTOR>
  23062. <ID>3642</ID>
  23063. <PROCESSLIST>
  23064. <PROCESS>*</PROCESS>
  23065. <PROCESS>HQHT.EXE</PROCESS>
  23066. </PROCESSLIST>
  23067. <CLSIDLIST>
  23068. </CLSIDLIST>
  23069. <SUMMARY>Unamed Spyware/Adware Process</SUMMARY>
  23070. <DEFAULTINSTALLPATHLIST>
  23071. </DEFAULTINSTALLPATHLIST>
  23072. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23073. <CONDITIONLIST>
  23074. <CONDITION>MD5=26020705AF02408B18C964743F3163F6</CONDITION>
  23075. </CONDITIONLIST>
  23076. <OPERATOR>AND</OPERATOR>
  23077. <THREATLEVEL>10</THREATLEVEL>
  23078. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23079. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23080. </PROCESSDESCRIPTOR>
  23081. <PROCESSDESCRIPTOR>
  23082. <ID>3668</ID>
  23083. <PROCESSLIST>
  23084. <PROCESS>GIGASOFT.DLL</PROCESS>
  23085. </PROCESSLIST>
  23086. <CLSIDLIST>
  23087. <CLSID>{C1EA1782-8E6E-4EA4-9800-B68DE41F1A26}</CLSID>
  23088. </CLSIDLIST>
  23089. <SUMMARY>GagaBar Module Toolbar</SUMMARY>
  23090. <DEFAULTINSTALLPATHLIST>
  23091. </DEFAULTINSTALLPATHLIST>
  23092. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  23093. <CONDITIONLIST>
  23094. </CONDITIONLIST>
  23095. <OPERATOR>AND</OPERATOR>
  23096. <THREATLEVEL>5</THREATLEVEL>
  23097. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23098. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23099. </PROCESSDESCRIPTOR>
  23100. <PROCESSDESCRIPTOR>
  23101. <ID>3669</ID>
  23102. <PROCESSLIST>
  23103. <PROCESS>*</PROCESS>
  23104. <PROCESS>(MSCONFIG.EXE)</PROCESS>
  23105. <PROCESS>(MCONFI~1.EXE)</PROCESS>
  23106. </PROCESSLIST>
  23107. <CLSIDLIST>
  23108. </CLSIDLIST>
  23109. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  23110. <DEFAULTINSTALLPATHLIST>
  23111. </DEFAULTINSTALLPATHLIST>
  23112. <CATEGORY>ADWARE</CATEGORY>
  23113. <CONDITIONLIST>
  23114. <CONDITION>MD5=D4F6BA5C0385D11D793BDBE50E5B7A14</CONDITION>
  23115. </CONDITIONLIST>
  23116. <OPERATOR>AND</OPERATOR>
  23117. <THREATLEVEL>10</THREATLEVEL>
  23118. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23119. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23120. </PROCESSDESCRIPTOR>
  23121. <PROCESSDESCRIPTOR>
  23122. <ID>3670</ID>
  23123. <PROCESSLIST>
  23124. <PROCESS>XUDEXOLI.EXE</PROCESS>
  23125. </PROCESSLIST>
  23126. <CLSIDLIST>
  23127. </CLSIDLIST>
  23128. <SUMMARY>Sdbot-UW Worm</SUMMARY>
  23129. <DEFAULTINSTALLPATHLIST>
  23130. </DEFAULTINSTALLPATHLIST>
  23131. <CATEGORY>WORM</CATEGORY>
  23132. <CONDITIONLIST>
  23133. <CONDITION>FILELOCATION~system</CONDITION>
  23134. </CONDITIONLIST>
  23135. <OPERATOR>AND</OPERATOR>
  23136. <THREATLEVEL>10</THREATLEVEL>
  23137. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23138. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23139. </PROCESSDESCRIPTOR>
  23140. <PROCESSDESCRIPTOR>
  23141. <ID>3671</ID>
  23142. <PROCESSLIST>
  23143. <PROCESS>*</PROCESS>
  23144. <PROCESS>(D3RS.EXE)</PROCESS>
  23145. </PROCESSLIST>
  23146. <CLSIDLIST>
  23147. </CLSIDLIST>
  23148. <SUMMARY>Unnamed Threat</SUMMARY>
  23149. <DEFAULTINSTALLPATHLIST>
  23150. </DEFAULTINSTALLPATHLIST>
  23151. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23152. <CONDITIONLIST>
  23153. <CONDITION>MD5=0F7F389EFA630BCBED0DE6B60EF39B58</CONDITION>
  23154. </CONDITIONLIST>
  23155. <OPERATOR>AND</OPERATOR>
  23156. <THREATLEVEL>10</THREATLEVEL>
  23157. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23158. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23159. </PROCESSDESCRIPTOR>
  23160. <PROCESSDESCRIPTOR>
  23161. <ID>3672</ID>
  23162. <PROCESSLIST>
  23163. <PROCESS>NTLH32.DLL</PROCESS>
  23164. </PROCESSLIST>
  23165. <CLSIDLIST>
  23166. <CLSID>{44D535F2-FECD-125A-C19F-C5AAC1173651}</CLSID>
  23167. </CLSIDLIST>
  23168. <SUMMARY>Unnamed Browser Hijacker BHO</SUMMARY>
  23169. <DEFAULTINSTALLPATHLIST>
  23170. </DEFAULTINSTALLPATHLIST>
  23171. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  23172. <CONDITIONLIST>
  23173. </CONDITIONLIST>
  23174. <OPERATOR>AND</OPERATOR>
  23175. <THREATLEVEL>10</THREATLEVEL>
  23176. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23177. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23178. </PROCESSDESCRIPTOR>
  23179. <PROCESSDESCRIPTOR>
  23180. <ID>3673</ID>
  23181. <PROCESSLIST>
  23182. <PROCESS>*</PROCESS>
  23183. <PROCESS>(LOGONUI.EXE)</PROCESS>
  23184. <PROCESS>(LGONUI~1.EXE)</PROCESS>
  23185. </PROCESSLIST>
  23186. <CLSIDLIST>
  23187. </CLSIDLIST>
  23188. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  23189. <DEFAULTINSTALLPATHLIST>
  23190. </DEFAULTINSTALLPATHLIST>
  23191. <CATEGORY>ADWARE</CATEGORY>
  23192. <CONDITIONLIST>
  23193. <CONDITION>MD5=C4B37910D65D70314577F87F33C574FC</CONDITION>
  23194. </CONDITIONLIST>
  23195. <OPERATOR>AND</OPERATOR>
  23196. <THREATLEVEL>10</THREATLEVEL>
  23197. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23198. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23199. </PROCESSDESCRIPTOR>
  23200. <PROCESSDESCRIPTOR>
  23201. <ID>3674</ID>
  23202. <PROCESSLIST>
  23203. <PROCESS>*</PROCESS>
  23204. <PROCESS>NTLH32.DLL</PROCESS>
  23205. <PROCESS>JAVAXN32.DLL</PROCESS>
  23206. </PROCESSLIST>
  23207. <CLSIDLIST>
  23208. <CLSID>*</CLSID>
  23209. <CLSID>{44D535F2-FECD-125A-C19F-C5AAC1173651}</CLSID>
  23210. <CLSID>{80B57DB0-E5CF-E0CC-392C-02C300570864}</CLSID>
  23211. </CLSIDLIST>
  23212. <SUMMARY>Unnamed Browser Hijacker BHO</SUMMARY>
  23213. <DEFAULTINSTALLPATHLIST>
  23214. </DEFAULTINSTALLPATHLIST>
  23215. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  23216. <CONDITIONLIST>
  23217. <CONDITION>MD5=EB839B06723872FE100D5F0C11779898</CONDITION>
  23218. </CONDITIONLIST>
  23219. <OPERATOR>AND</OPERATOR>
  23220. <THREATLEVEL>10</THREATLEVEL>
  23221. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23222. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23223. </PROCESSDESCRIPTOR>
  23224. <PROCESSDESCRIPTOR>
  23225. <ID>3675</ID>
  23226. <PROCESSLIST>
  23227. <PROCESS>*</PROCESS>
  23228. <PROCESS>(EDOW.EXE)</PROCESS>
  23229. <PROCESS>(EDOW_AS2.EXE)</PROCESS>
  23230. </PROCESSLIST>
  23231. <CLSIDLIST>
  23232. </CLSIDLIST>
  23233. <SUMMARY>Spyware.WebSearch (WinTools/HuntBar).Installer</SUMMARY>
  23234. <DEFAULTINSTALLPATHLIST>
  23235. </DEFAULTINSTALLPATHLIST>
  23236. <CATEGORY>SPYWARE</CATEGORY>
  23237. <CONDITIONLIST>
  23238. <CONDITION>MD5=1B26E277F6F278DC8A693685FCF04D4D</CONDITION>
  23239. <CONDITION>MD5=a80c2e1c10a852dfb5371798afb965c8</CONDITION>
  23240. <CONDITION>MD5=1674f2de356fe1ea9dae0d1f1e0cb494</CONDITION>
  23241. <CONDITION>MD5=d7d3b54c8abc5a5d95e4cb29e20cbcd0</CONDITION>
  23242. </CONDITIONLIST>
  23243. <OPERATOR>OR</OPERATOR>
  23244. <THREATLEVEL>10</THREATLEVEL>
  23245. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23246. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23247. </PROCESSDESCRIPTOR>
  23248. <PROCESSDESCRIPTOR>
  23249. <ID>3676</ID>
  23250. <PROCESSLIST>
  23251. <PROCESS>*</PROCESS>
  23252. <PROCESS>(416984.EXE)</PROCESS>
  23253. </PROCESSLIST>
  23254. <CLSIDLIST>
  23255. </CLSIDLIST>
  23256. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  23257. <DEFAULTINSTALLPATHLIST>
  23258. </DEFAULTINSTALLPATHLIST>
  23259. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23260. <CONDITIONLIST>
  23261. <CONDITION>MD5=23B7BE6219308B664DA91A74536871F2</CONDITION>
  23262. </CONDITIONLIST>
  23263. <OPERATOR>AND</OPERATOR>
  23264. <THREATLEVEL>10</THREATLEVEL>
  23265. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23266. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23267. </PROCESSDESCRIPTOR>
  23268. <PROCESSDESCRIPTOR>
  23269. <ID>3677</ID>
  23270. <PROCESSLIST>
  23271. <PROCESS>*</PROCESS>
  23272. <PROCESS>(414531.EXE)</PROCESS>
  23273. <PROCESS>(418625.EXE)</PROCESS>
  23274. </PROCESSLIST>
  23275. <CLSIDLIST>
  23276. </CLSIDLIST>
  23277. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  23278. <DEFAULTINSTALLPATHLIST>
  23279. </DEFAULTINSTALLPATHLIST>
  23280. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23281. <CONDITIONLIST>
  23282. <CONDITION>MD5=042AEB67FED9EA080CA6840A2D5F5FB3</CONDITION>
  23283. </CONDITIONLIST>
  23284. <OPERATOR>AND</OPERATOR>
  23285. <THREATLEVEL>10</THREATLEVEL>
  23286. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23287. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23288. </PROCESSDESCRIPTOR>
  23289. <PROCESSDESCRIPTOR>
  23290. <ID>3678</ID>
  23291. <PROCESSLIST>
  23292. <PROCESS>*</PROCESS>
  23293. <PROCESS>(WEB.EXE)</PROCESS>
  23294. </PROCESSLIST>
  23295. <CLSIDLIST>
  23296. </CLSIDLIST>
  23297. <SUMMARY>WEB.EXE Threat</SUMMARY>
  23298. <DEFAULTINSTALLPATHLIST>
  23299. </DEFAULTINSTALLPATHLIST>
  23300. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23301. <CONDITIONLIST>
  23302. <CONDITION>MD5=1772B99ED58A12BF2BFAB036ABDAA07E</CONDITION>
  23303. </CONDITIONLIST>
  23304. <OPERATOR>AND</OPERATOR>
  23305. <THREATLEVEL>10</THREATLEVEL>
  23306. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23307. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23308. </PROCESSDESCRIPTOR>
  23309. <PROCESSDESCRIPTOR>
  23310. <ID>3679</ID>
  23311. <PROCESSLIST>
  23312. <PROCESS>*</PROCESS>
  23313. <PROCESS>MFCXB32.EXE</PROCESS>
  23314. </PROCESSLIST>
  23315. <CLSIDLIST>
  23316. </CLSIDLIST>
  23317. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  23318. <DEFAULTINSTALLPATHLIST>
  23319. </DEFAULTINSTALLPATHLIST>
  23320. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23321. <CONDITIONLIST>
  23322. <CONDITION>MD5=3FA36E68CC902946202DE9A7066ADE72</CONDITION>
  23323. </CONDITIONLIST>
  23324. <OPERATOR>AND</OPERATOR>
  23325. <THREATLEVEL>10</THREATLEVEL>
  23326. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23327. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23328. </PROCESSDESCRIPTOR>
  23329. <PROCESSDESCRIPTOR>
  23330. <ID>3680</ID>
  23331. <PROCESSLIST>
  23332. <PROCESS>*</PROCESS>
  23333. <PROCESS>(RVVQ.EXE)</PROCESS>
  23334. </PROCESSLIST>
  23335. <CLSIDLIST>
  23336. </CLSIDLIST>
  23337. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  23338. <DEFAULTINSTALLPATHLIST>
  23339. </DEFAULTINSTALLPATHLIST>
  23340. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23341. <CONDITIONLIST>
  23342. <CONDITION>MD5=72A2CCA15DD3346DE0FE7B4517BC3E6D</CONDITION>
  23343. </CONDITIONLIST>
  23344. <OPERATOR>AND</OPERATOR>
  23345. <THREATLEVEL>10</THREATLEVEL>
  23346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23348. </PROCESSDESCRIPTOR>
  23349. <PROCESSDESCRIPTOR>
  23350. <ID>3681</ID>
  23351. <PROCESSLIST>
  23352. <PROCESS>SYSREN.EXE</PROCESS>
  23353. </PROCESSLIST>
  23354. <CLSIDLIST>
  23355. </CLSIDLIST>
  23356. <SUMMARY>Sys Ren Threat</SUMMARY>
  23357. <DEFAULTINSTALLPATHLIST>
  23358. </DEFAULTINSTALLPATHLIST>
  23359. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23360. <CONDITIONLIST>
  23361. </CONDITIONLIST>
  23362. <OPERATOR>AND</OPERATOR>
  23363. <THREATLEVEL>6</THREATLEVEL>
  23364. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23365. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23366. </PROCESSDESCRIPTOR>
  23367. <PROCESSDESCRIPTOR>
  23368. <ID>3682</ID>
  23369. <PROCESSLIST>
  23370. <PROCESS>*</PROCESS>
  23371. <PROCESS>(IPTIDDHN6.EXE)</PROCESS>
  23372. <PROCESS>(6.EXE)</PROCESS>
  23373. </PROCESSLIST>
  23374. <CLSIDLIST>
  23375. </CLSIDLIST>
  23376. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  23377. <DEFAULTINSTALLPATHLIST>
  23378. </DEFAULTINSTALLPATHLIST>
  23379. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23380. <CONDITIONLIST>
  23381. <CONDITION>MD5=E6EEB97484E3235F40D5EDFE548E798A</CONDITION>
  23382. </CONDITIONLIST>
  23383. <OPERATOR>AND</OPERATOR>
  23384. <THREATLEVEL>10</THREATLEVEL>
  23385. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23386. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23387. </PROCESSDESCRIPTOR>
  23388. <PROCESSDESCRIPTOR>
  23389. <ID>3683</ID>
  23390. <PROCESSLIST>
  23391. <PROCESS>WINSVC32.EXE</PROCESS>
  23392. </PROCESSLIST>
  23393. <CLSIDLIST>
  23394. </CLSIDLIST>
  23395. <SUMMARY>Grepage Trojan</SUMMARY>
  23396. <DEFAULTINSTALLPATHLIST>
  23397. </DEFAULTINSTALLPATHLIST>
  23398. <CATEGORY>TROJAN</CATEGORY>
  23399. <CONDITIONLIST>
  23400. <CONDITION>FILELOCATION~system</CONDITION>
  23401. </CONDITIONLIST>
  23402. <OPERATOR>AND</OPERATOR>
  23403. <THREATLEVEL>7</THREATLEVEL>
  23404. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23405. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23406. </PROCESSDESCRIPTOR>
  23407. <PROCESSDESCRIPTOR>
  23408. <ID>3684</ID>
  23409. <PROCESSLIST>
  23410. <PROCESS>SYSCFG32.EXE</PROCESS>
  23411. </PROCESSLIST>
  23412. <CLSIDLIST>
  23413. </CLSIDLIST>
  23414. <SUMMARY>Sdbot Syscfg32 Trojan</SUMMARY>
  23415. <DEFAULTINSTALLPATHLIST>
  23416. </DEFAULTINSTALLPATHLIST>
  23417. <CATEGORY>TROJAN</CATEGORY>
  23418. <CONDITIONLIST>
  23419. </CONDITIONLIST>
  23420. <OPERATOR>AND</OPERATOR>
  23421. <THREATLEVEL>10</THREATLEVEL>
  23422. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23423. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23424. </PROCESSDESCRIPTOR>
  23425. <PROCESSDESCRIPTOR>
  23426. <ID>3685</ID>
  23427. <PROCESSLIST>
  23428. <PROCESS>*</PROCESS>
  23429. <PROCESS>TRAFFIX1.3.0.2.DLL</PROCESS>
  23430. </PROCESSLIST>
  23431. <CLSIDLIST>
  23432. <CLSID>{88DECE3E-B7BB-4B13-96FE-924AF77C3780}</CLSID>
  23433. </CLSIDLIST>
  23434. <SUMMARY>Traffix Toolbar Client Application</SUMMARY>
  23435. <DEFAULTINSTALLPATHLIST>
  23436. </DEFAULTINSTALLPATHLIST>
  23437. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23438. <CONDITIONLIST>
  23439. </CONDITIONLIST>
  23440. <OPERATOR>AND</OPERATOR>
  23441. <THREATLEVEL>5</THREATLEVEL>
  23442. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23443. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23444. </PROCESSDESCRIPTOR>
  23445. <PROCESSDESCRIPTOR>
  23446. <ID>3688</ID>
  23447. <PROCESSLIST>
  23448. <PROCESS>BROWSERACCELERATOR.DLL</PROCESS>
  23449. </PROCESSLIST>
  23450. <CLSIDLIST>
  23451. <CLSID>{074E3AA7-7718-4404-B3F8-FF8FB5414E0E}</CLSID>
  23452. </CLSIDLIST>
  23453. <SUMMARY>Browser Accelerator BHO</SUMMARY>
  23454. <DEFAULTINSTALLPATHLIST>
  23455. </DEFAULTINSTALLPATHLIST>
  23456. <CATEGORY>SPYWARE</CATEGORY>
  23457. <CONDITIONLIST>
  23458. </CONDITIONLIST>
  23459. <OPERATOR>AND</OPERATOR>
  23460. <THREATLEVEL>3</THREATLEVEL>
  23461. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23462. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23463. </PROCESSDESCRIPTOR>
  23464. <PROCESSDESCRIPTOR>
  23465. <ID>3689</ID>
  23466. <PROCESSLIST>
  23467. <PROCESS>*</PROCESS>
  23468. <PROCESS>(WEB.EXE)</PROCESS>
  23469. </PROCESSLIST>
  23470. <CLSIDLIST>
  23471. </CLSIDLIST>
  23472. <SUMMARY>WEB.EXE Threat</SUMMARY>
  23473. <DEFAULTINSTALLPATHLIST>
  23474. </DEFAULTINSTALLPATHLIST>
  23475. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23476. <CONDITIONLIST>
  23477. <CONDITION>MD5=BAAB46F217CF599ACD537FCB812D0A8C</CONDITION>
  23478. <CONDITION>MD5=CEEF4D40845245DE1558BBC31C7B41DE</CONDITION>
  23479. <CONDITION>MD5=6E72397E82EAC96769476F7A7C09E596</CONDITION>
  23480. </CONDITIONLIST>
  23481. <OPERATOR>OR</OPERATOR>
  23482. <THREATLEVEL>10</THREATLEVEL>
  23483. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23484. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23485. </PROCESSDESCRIPTOR>
  23486. <PROCESSDESCRIPTOR>
  23487. <ID>3690</ID>
  23488. <PROCESSLIST>
  23489. <PROCESS>EZSTUB22.EXE</PROCESS>
  23490. </PROCESSLIST>
  23491. <CLSIDLIST>
  23492. </CLSIDLIST>
  23493. <SUMMARY>Adware.eZula.Process</SUMMARY>
  23494. <DEFAULTINSTALLPATHLIST>
  23495. </DEFAULTINSTALLPATHLIST>
  23496. <CATEGORY>ADWARE</CATEGORY>
  23497. <CONDITIONLIST>
  23498. </CONDITIONLIST>
  23499. <OPERATOR>AND</OPERATOR>
  23500. <THREATLEVEL>5</THREATLEVEL>
  23501. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23502. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23503. </PROCESSDESCRIPTOR>
  23504. <PROCESSDESCRIPTOR>
  23505. <ID>3737</ID>
  23506. <PROCESSLIST>
  23507. <PROCESS>*</PROCESS>
  23508. </PROCESSLIST>
  23509. <CLSIDLIST>
  23510. <CLSID>*</CLSID>
  23511. </CLSIDLIST>
  23512. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  23513. <DEFAULTINSTALLPATHLIST>
  23514. </DEFAULTINSTALLPATHLIST>
  23515. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23516. <CONDITIONLIST>
  23517. <CONDITION>MD5=dbf40b5053abeee14277b3c4d086f8a8</CONDITION>
  23518. <CONDITION>MD5=2EC7363CBDB4A8FF62A763691A23B445</CONDITION>
  23519. <CONDITION>MD5=0081E6D576D69ABF3612791DF0208F68</CONDITION>
  23520. <CONDITION>MD5=4E917444C81798C4F758D8C7024F8320</CONDITION>
  23521. <CONDITION>MD5=29A2E9F3B313AAD7D9CB1B701794DD1E</CONDITION>
  23522. <CONDITION>MD5=5B73F44D3E0F4FA5FC4DA8C218142E0D</CONDITION>
  23523. <CONDITION>MD5=813CF0E7B5BE48C61FD5DEFAEF398966</CONDITION>
  23524. <CONDITION>MD5=B76DF76F0C22945214058FF2F729A28E</CONDITION>
  23525. <CONDITION>MD5=329659B72A8A23979A8E05900B451BDF</CONDITION>
  23526. <CONDITION>MD5=6952F134A09626E9BDAEA6FDE0AC121D</CONDITION>
  23527. <CONDITION>MD5=4734E0CFC3C82AB2739EA51D90C08388</CONDITION>
  23528. <CONDITION>MD5=E1E976CF148C607D5F05CDBD20F27CB3</CONDITION>
  23529. <CONDITION>MD5=2ED01295218208E657934DFA6D99228F</CONDITION>
  23530. <CONDITION>MD5=D63211B4B02FFE0295C9B43EA8B936EC</CONDITION>
  23531. <CONDITION>MD5=E7C52CEE1711CC2F7A0C99EFC0BEA938</CONDITION>
  23532. <CONDITION>MD5=3657063316A1A2E2B8F025E67B2CFD42</CONDITION>
  23533. <CONDITION>MD5=26275EED76A50168FB002096F57C2F2F</CONDITION>
  23534. <CONDITION>MD5=22368D3CE9A180821BAE9235C444376D</CONDITION>
  23535. <CONDITION>MD5=4D1F4ACF675413EA75F3DCABBF512E67</CONDITION>
  23536. <CONDITION>MD5=94189BAD6F64DDBFC3EF2EE08D1622EE</CONDITION>
  23537. <CONDITION>MD5=1A553B677041E5D5697FE8DE7CB946E9</CONDITION>
  23538. <CONDITION>MD5=1D425737221CE32C8E7766D8BE6ADC12</CONDITION>
  23539. <CONDITION>MD5=F2DD558AAE9A22E2C677AD74720676F0</CONDITION>
  23540. <CONDITION>MD5=B870E4B1928A7CFA0F5A33E8539F5D29</CONDITION>
  23541. <CONDITION>MD5=B06732E0E58F97E3EE0C3880FA6D7BB5</CONDITION>
  23542. <CONDITION>MD5=6DEE3174C3501A06E49F7C4FE934711A</CONDITION>
  23543. <CONDITION>MD5=6D2349E904E4D0B6E6B6D603DD0BFBF3</CONDITION>
  23544. <CONDITION>MD5=04D80409D33BFB477CAD74D158683041</CONDITION>
  23545. <CONDITION>MD5=B5D89046AE63E8FDD118FE962E659C0F</CONDITION>
  23546. <CONDITION>MD5=6DFE018BDB701ABB40D4CE55476F039F</CONDITION>
  23547. <CONDITION>MD5=8B36ACCF81C71E2AC455D9ABA0460033</CONDITION>
  23548. <CONDITION>MD5=2A52929CBD966B758A72A75267BE87BC</CONDITION>
  23549. <CONDITION>MD5=38E987F92D0257C8086686B42272EC71</CONDITION>
  23550. <CONDITION>MD5=4B1F20A11EB8AD68BBB2382CF9708AC1</CONDITION>
  23551. <CONDITION>MD5=94041A2976E9970777DB0062258D5FE0</CONDITION>
  23552. <CONDITION>MD5=D38553D03186FACF6AFD8724140EB68B</CONDITION>
  23553. <CONDITION>MD5=246A1923B4D6126BF25AD70E096FE702</CONDITION>
  23554. <CONDITION>MD5=5CE9D6829808EC04404C0BD214974A14</CONDITION>
  23555. <CONDITION>MD5=35EF6AB40875A7C32116BD179CD146B7</CONDITION>
  23556. <CONDITION>MD5=064828F96F39A00F685EA5B23890BC6D</CONDITION>
  23557. <CONDITION>MD5=479878A05206C88BB6641EF88986BB3D</CONDITION>
  23558. <CONDITION>MD5=81C85D793629BC184015DDE2FF4DA92E</CONDITION>
  23559. <CONDITION>MD5=5FCD5E8E4BB019AF96B6B4A0EEB54BED</CONDITION>
  23560. <CONDITION>MD5=0081E6D576D69ABF3612791DF0208F68</CONDITION>
  23561. <CONDITION>MD5=E1E976CF148C607D5F05CDBD20F27CB3</CONDITION>
  23562. <CONDITION>MD5=58ED61191AA586B2FAAB59A67633915E</CONDITION>
  23563. <CONDITION>MD5=DEE7C76B4F91CA39A321ECB6AAB9DEEE</CONDITION>
  23564. <CONDITION>MD5=94189BAD6F64DDBFC3EF2EE08D1622EE</CONDITION>
  23565. <CONDITION>MD5=0508762F2DAD2BE2C660DBE73CE87A0F</CONDITION>
  23566. <CONDITION>MD5=B65E68954A084250B3D9552CB1C2D3B4</CONDITION>
  23567. <CONDITION>MD5=A2A67785A73CCE35E57D6CB298264B13</CONDITION>
  23568. <CONDITION>MD5=5EF4C6194E340709D03335FCADEB9CB5</CONDITION>
  23569. <CONDITION>MD5=F7D1C9E35FC6ACAA00EED758543D844A</CONDITION>
  23570. <CONDITION>MD5=73AEAEE77EE9060A4CD39800798F436D</CONDITION>
  23571. <CONDITION>MD5=5E65F1C196245A64A1481E9093019FEE</CONDITION>
  23572. <CONDITION>MD5=0AD9CDD9115CEE4913E04B557621B908</CONDITION>
  23573. <CONDITION>MD5=94189BAD6F64DDBFC3EF2EE08D1622EE</CONDITION>
  23574. <CONDITION>MD5=5DAD67E41B1ABE8AD5C381A4D8B428B3</CONDITION>
  23575. <CONDITION>MD5=E26D01A656E7CC0655D5637FB1E573D5</CONDITION>
  23576. <CONDITION>MD5=95BFF80BFFDCAAFCFA8308F2ABB99640</CONDITION>
  23577. <CONDITION>MD5=11CFD09B8C7940B0543EA0D3A9D099BB</CONDITION>
  23578. <CONDITION>MD5=8D6DF4FF571A43B870DEA97F457E9BE9</CONDITION>
  23579. <CONDITION>MD5=D037BD66C6137EA4F568818141545DA0</CONDITION>
  23580. <CONDITION>MD5=E2825F9027913394B750A89182695186</CONDITION>
  23581. <CONDITION>MD5=44FCFF3220C1A667196106971DB1027A</CONDITION>
  23582. <CONDITION>MD5=F4ED25BC6236F1A382D64BDDA9DE49DE</CONDITION>
  23583. <CONDITION>MD5=DB3D7DDE60D8D8C58CE0DEFFF908E5F0</CONDITION>
  23584. <CONDITION>MD5=A36148C1BA869D8679FE71C97BEE829A</CONDITION>
  23585. <CONDITION>MD5=0DCA232CC09019919C80E50D357E3BF9</CONDITION>
  23586. <CONDITION>MD5=B9F56B70109636BF569691A849437AD2</CONDITION>
  23587. <CONDITION>MD5=D0E9FD2D9FDF0AC40ABA941313288842</CONDITION>
  23588. <CONDITION>MD5=827E527297D11212A8B511E36CD84C4D</CONDITION>
  23589. <CONDITION>MD5=EF361758CCAB7729017E7C567F738A78</CONDITION>
  23590. <CONDITION>MD5=BD94FF99A449590968103ADDFF3ADB7F</CONDITION>
  23591. <CONDITION>MD5=0185600DC2E1B6C473F2EBC595C0FAAA</CONDITION>
  23592. <CONDITION>MD5=994198A02319DEB605221FB010A403A3</CONDITION>
  23593. <CONDITION>MD5=4994B40D469D9908511E4EFB4D20925B</CONDITION>
  23594. <CONDITION>MD5=4D35933DDA87B5F4C48C435CB5EBF387</CONDITION>
  23595. <CONDITION>MD5=189290AEFE47F7570369CA0EB16513FC</CONDITION>
  23596. <CONDITION>MD5=5005FC23532EBEBE6CED670D7E97939B</CONDITION>
  23597. <CONDITION>MD5=9FBBD069F84D4592BF9B347EA45FF83D</CONDITION>
  23598. <CONDITION>MD5=0F5A1098231CA6A463666B67BC047A1A</CONDITION>
  23599. <CONDITION>MD5=FFC8ED7D1890BAB1208AC61A174EB865</CONDITION>
  23600. <CONDITION>MD5=4A8C85FFE73CA771AF310B7D02CF5A35</CONDITION>
  23601. <CONDITION>MD5=9556B40BCFA4B5C194A6A361782CBE29</CONDITION>
  23602. <CONDITION>MD5=A23273FE4AA6530564FE31611B045B69</CONDITION>
  23603. <CONDITION>MD5=4F38F9D921E7CEBDF18FD5DD4E96EE28</CONDITION>
  23604. <CONDITION>MD5=A432F83F41B0E513B8F14B99E579E5FB</CONDITION>
  23605. <CONDITION>MD5=58351FA3B361185744E2A2182FD84243</CONDITION>
  23606. <CONDITION>MD5=58D087D86FA5E910E42C5BF02C3C92E6</CONDITION>
  23607. <CONDITION>MD5=7A598E4B3E5E35490DC624AE3F728590</CONDITION>
  23608. <CONDITION>MD5=F6FFC8ED26312B5F5A19F175E90B687F</CONDITION>
  23609. <CONDITION>MD5=50B67029371F68D938831328CA79442D</CONDITION>
  23610. <CONDITION>MD5=800A84D0EE7074EF052E720410A8109A</CONDITION>
  23611. <CONDITION>MD5=DC9425FE6719D2C3183E333DDA4073A2</CONDITION>
  23612. <CONDITION>MD5=4FE11EEF4EF3D0541E52F271EF59B62C</CONDITION>
  23613. <CONDITION>MD5=03ECBBB6FB5214539333D16D7842A291</CONDITION>
  23614. <CONDITION>MD5=6CF702C5A797E4DE1872ADD9EA08E2F0</CONDITION>
  23615. <CONDITION>MD5=EB7C441F6D9CC39A2EE69FCAAA5FB195</CONDITION>
  23616. <CONDITION>MD5=3881199F8567FEAF7CB4E74EA87923B2</CONDITION>
  23617. <CONDITION>MD5=BAAEDC752D5BD31F98FD7DFD9492320A</CONDITION>
  23618. <CONDITION>MD5=775FC7CAB1ABA85D94BA7DB30C92591A</CONDITION>
  23619. <CONDITION>MD5=15E49C5D58989AB9196E68948EBDABF0</CONDITION>
  23620. <CONDITION>MD5=B1F97FB90B036ACCE55E91462A82104D</CONDITION>
  23621. <CONDITION>MD5=71C8EE3199D70225F7DAEC578DF037BA</CONDITION>
  23622. <CONDITION>MD5=31E64DA22E71871FE04591E6A55DBBAE</CONDITION>
  23623. <CONDITION>MD5=583B7A8CAEFCD6E018755A2CF361320A</CONDITION>
  23624. <CONDITION>MD5=703B40779B43260E81049B194902E6DC</CONDITION>
  23625. <CONDITION>MD5=C5CD7C159949B3677A77241488078784</CONDITION>
  23626. <CONDITION>MD5=4E229D7AE59FA249D8750899BCD770C8</CONDITION>
  23627. <CONDITION>MD5=542DE340F0DBD5EF2A0E5D029D31B8D9</CONDITION>
  23628. <CONDITION>MD5=1DDB7E9020C4DBBE5E56CD177A8CFF58</CONDITION>
  23629. <CONDITION>MD5=DB27DD62C0C628455E211159DEE3C86C</CONDITION>
  23630. <CONDITION>MD5=18549282E4A5F5F32B1E8E460C6E2046</CONDITION>
  23631. <CONDITION>MD5=1B33E338E5FA66E2981AB0CF0F46E783</CONDITION>
  23632. <CONDITION>MD5=DFE66A7805DF680E026ABBB5DFF8CA36</CONDITION>
  23633. <CONDITION>MD5=32AA159EB13968244EF1F62C231331C5</CONDITION>
  23634. <CONDITION>MD5=C537AABAE749AAA0B8147EE4D92003D7</CONDITION>
  23635. <CONDITION>MD5=8E547666145CD4F3E4E68DE1D225AC06</CONDITION>
  23636. <CONDITION>MD5=D853913F7EDA4B65C5D41EBC7A3068C4</CONDITION>
  23637. <CONDITION>MD5=58D1B1C5D0CDBBB13E55316C36D4D4F1</CONDITION>
  23638. <CONDITION>MD5=2C5088B8E4701E45649583F114D61A38</CONDITION>
  23639. <CONDITION>MD5=6E6FA6A2F5667EB47AC253383184216B</CONDITION>
  23640. <CONDITION>MD5=1ACDE77F647FE1C21D98C88E1A0A1C44</CONDITION>
  23641. <CONDITION>MD5=754E271B8F185066C26841D8375AF902</CONDITION>
  23642. <CONDITION>MD5=2914FA074DCAF47F768BCA6F032A9F8E</CONDITION>
  23643. <CONDITION>MD5=E4961D6EBC079555336C9DFB24FC2876</CONDITION>
  23644. <CONDITION>MD5=B5C667B68B91D47A425C57F6EAE8C527</CONDITION>
  23645. <CONDITION>MD5=40BA7ACA3A2F4192CC966AEFC6A7743C</CONDITION>
  23646. <CONDITION>MD5=306E8CC484D1F47F48F36A7559C7DFDF</CONDITION>
  23647. <CONDITION>MD5=DA3AF16D7AD867647EFBBBE2D530E282</CONDITION>
  23648. <CONDITION>MD5=9B07C1E40467216C02271654C250805B</CONDITION>
  23649. <CONDITION>MD5=CEF260334FE3BF2EC6B6E6E5B6EFC17C</CONDITION>
  23650. <CONDITION>MD5=983341E62C17A6B6B9B61A561B63671F</CONDITION>
  23651. <CONDITION>MD5=9D0AF2B4D64753AD522A02736897B0D5</CONDITION>
  23652. <CONDITION>MD5=FCBBFBE5D13F4FFFFD9F36639B413D55</CONDITION>
  23653. <CONDITION>MD5=59E234B5840D729488FE14420A301EDB</CONDITION>
  23654. <CONDITION>MD5=81C04B9B1AD00B955D5B252836BA0980</CONDITION>
  23655. <CONDITION>MD5=1838B7B237444D2C5EE36DF9470B8934</CONDITION>
  23656. <CONDITION>MD5=720925114ED4E8B09D61BD520DA0C6E1</CONDITION>
  23657. <CONDITION>MD5=9DFFA49EFD6D427335931731985B887B</CONDITION>
  23658. <CONDITION>MD5=0FFA201453B5BE9FF61928EAC4280356</CONDITION>
  23659. <CONDITION>MD5=38E6B6F723920B7C755F6B25BA0AE81E</CONDITION>
  23660. <CONDITION>MD5=203349866E31669E85B0CC036DF362D4</CONDITION>
  23661. <CONDITION>MD5=0D40EA21E0CB99BD94A4E16F75073A6E</CONDITION>
  23662. <CONDITION>MD5=5C8737332D7DA522418F8D9C762AF426</CONDITION>
  23663. <CONDITION>MD5=ABF54E6BF48528842EF345FEAD95DE5F</CONDITION>
  23664. <CONDITION>MD5=E95102CA178680EAD50BE7DCCA1F2FED</CONDITION>
  23665. <CONDITION>MD5=C1E6A2E5222375E943760BB3F90BE550</CONDITION>
  23666. <CONDITION>MD5=D39F6984010BA4B57FEA98F747D75E06</CONDITION>
  23667. <CONDITION>MD5=722E45B49658468E4F8FCF5D6C3C1BD2</CONDITION>
  23668. <CONDITION>MD5=A99C817E0E9167786F09A40B0EF9131A</CONDITION>
  23669. <CONDITION>MD5=6705DA92924E907FF84D0C50C752C820</CONDITION>
  23670. <CONDITION>MD5=044326377C749CC0B9CCDB10C4C146F3</CONDITION>
  23671. <CONDITION>MD5=5289D27FAB0957DA2F16FF708E4C523C</CONDITION>
  23672. <CONDITION>MD5=2BB81F2F600C268754B1767B3C3F4CE4</CONDITION>
  23673. <CONDITION>MD5=628355623CFAE0810B850480859837A5</CONDITION>
  23674. <CONDITION>MD5=2A56001BB116214897A610B1266D81E5</CONDITION>
  23675. <CONDITION>MD5=AA0DE09A387F58D1412A5173F9706209</CONDITION>
  23676. <CONDITION>MD5=EDC29423872FDC9357838E91DF82B34D</CONDITION>
  23677. <CONDITION>MD5=CDEE85FB45E360D03D1073A6F52B0163</CONDITION>
  23678. <CONDITION>MD5=8A83F41D7040F6F2C2375901DFED72EF</CONDITION>
  23679. <CONDITION>MD5=9A94CA2E4485A5C36210044DAEE59357</CONDITION>
  23680. <CONDITION>MD5=CC6444372183F14633D3FE6F17679766</CONDITION>
  23681. <CONDITION>MD5=8C154805A7F5FF2E0EE3E6D340F5CC77</CONDITION>
  23682. <CONDITION>MD5=F47FC90C4AC81A488D7E3BC085A345C0</CONDITION>
  23683. <CONDITION>MD5=09E623236E8D6A407F3992E5FA1F08B0</CONDITION>
  23684. <CONDITION>MD5=46DB8C1119A6EE147EF18EC614C5EC54</CONDITION>
  23685. <CONDITION>MD5=9DFC668CE6AFA628DA201A2F88BA20DB</CONDITION>
  23686. <CONDITION>MD5=75ED82C11D7ADB3143097FBE8DCBF511</CONDITION>
  23687. <CONDITION>MD5=93C65E2E0A875C9DC29213F650C166AC</CONDITION>
  23688. <CONDITION>MD5=73F8920DC7A6D5E02B3D3E1B2288AA13</CONDITION>
  23689. <CONDITION>MD5=45D1BAE3CC7FD7F58F5EA1B6AFC7D504</CONDITION>
  23690. <CONDITION>MD5=269F91C1BC22FB577FEFB01181317E43</CONDITION>
  23691. <CONDITION>MD5=61D93674A7DB36900E1C2BB6CEA8A2C7</CONDITION>
  23692. <CONDITION>MD5=44B4F35EE6EDA27718F2908A15EAE8F1</CONDITION>
  23693. <CONDITION>MD5=1AEE1C71837E5875E2B9114288E2EB82</CONDITION>
  23694. <CONDITION>MD5=19342C39C0828B57BF0D12D17453E53A</CONDITION>
  23695. <CONDITION>MD5=E2D198967F284C0F2A4E46C78094E8C1</CONDITION>
  23696. <CONDITION>MD5=1E8A57BB0D520805324A9F7620338EE0</CONDITION>
  23697. <CONDITION>MD5=E5433072A032ED608D56E8CD0D3E44BD</CONDITION>
  23698. <CONDITION>MD5=23705C5CA14FC2A527B9A6B47D55DE0B</CONDITION>
  23699. <CONDITION>MD5=5EFF2BCEED985A56CE7BFFBFB9788192</CONDITION>
  23700. <CONDITION>MD5=883053ADDAF274A808DB0CAC58A09084</CONDITION>
  23701. <CONDITION>MD5=929146FD2FDFD93E739219E9ACBB2563</CONDITION>
  23702. <CONDITION>MD5=BCAF58F04DDEA970E238E373D2927A0D</CONDITION>
  23703. <CONDITION>MD5=CD4FA23B5F9A37A6383DABA0ACFA7422</CONDITION>
  23704. <CONDITION>MD5=9260E595BF7112238B556FD6BD240D6C</CONDITION>
  23705. <CONDITION>MD5=5A13D00B1FBAB540110FA2D5830D0FA3</CONDITION>
  23706. <CONDITION>MD5=9CD717DFAB356D749620DC3CD74E274D</CONDITION>
  23707. <CONDITION>MD5=1A86C084ED3A808DE8CC63850932B2B1</CONDITION>
  23708. <CONDITION>MD5=6B2C644F69B15D57EE7698691B0E21C6</CONDITION>
  23709. <CONDITION>MD5=21018EAFE25659EFC471552BCD625546</CONDITION>
  23710. <CONDITION>MD5=FFCDA7F3BDD5C95136359A9EE7A21F72</CONDITION>
  23711. <CONDITION>MD5=4B09C83737DDB0A6AF349981D227F691</CONDITION>
  23712. <CONDITION>MD5=8FD340CAB4E35C85226EC4258ADDF29E</CONDITION>
  23713. </CONDITIONLIST>
  23714. <OPERATOR>OR</OPERATOR>
  23715. <THREATLEVEL>10</THREATLEVEL>
  23716. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23717. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23718. </PROCESSDESCRIPTOR>
  23719. <PROCESSDESCRIPTOR>
  23720. <ID>3738</ID>
  23721. <PROCESSLIST>
  23722. <PROCESS>*</PROCESS>
  23723. <PROCESS>(WAST2.EXE)</PROCESS>
  23724. </PROCESSLIST>
  23725. <CLSIDLIST>
  23726. </CLSIDLIST>
  23727. <SUMMARY>WAST2.EXE</SUMMARY>
  23728. <DEFAULTINSTALLPATHLIST>
  23729. </DEFAULTINSTALLPATHLIST>
  23730. <CATEGORY>ADWARE</CATEGORY>
  23731. <CONDITIONLIST>
  23732. <CONDITION>MD5=0D485A547B8ED2F6117EAB97E8AE1641</CONDITION>
  23733. </CONDITIONLIST>
  23734. <OPERATOR>AND</OPERATOR>
  23735. <THREATLEVEL>10</THREATLEVEL>
  23736. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23737. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23738. </PROCESSDESCRIPTOR>
  23739. <PROCESSDESCRIPTOR>
  23740. <ID>3741</ID>
  23741. <PROCESSLIST>
  23742. <PROCESS>MSSAMS.EXE</PROCESS>
  23743. </PROCESSLIST>
  23744. <CLSIDLIST>
  23745. </CLSIDLIST>
  23746. <SUMMARY>Rbot-SV Worm</SUMMARY>
  23747. <DEFAULTINSTALLPATHLIST>
  23748. </DEFAULTINSTALLPATHLIST>
  23749. <CATEGORY>WORM</CATEGORY>
  23750. <CONDITIONLIST>
  23751. <CONDITION>FILELOCATION~system</CONDITION>
  23752. </CONDITIONLIST>
  23753. <OPERATOR>AND</OPERATOR>
  23754. <THREATLEVEL>10</THREATLEVEL>
  23755. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23756. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23757. </PROCESSDESCRIPTOR>
  23758. <PROCESSDESCRIPTOR>
  23759. <ID>3743</ID>
  23760. <PROCESSLIST>
  23761. <PROCESS>NAVPROTECT.EXE</PROCESS>
  23762. </PROCESSLIST>
  23763. <CLSIDLIST>
  23764. </CLSIDLIST>
  23765. <SUMMARY>Rbot.AIJ and Rbot.AXF Worm Component</SUMMARY>
  23766. <DEFAULTINSTALLPATHLIST>
  23767. </DEFAULTINSTALLPATHLIST>
  23768. <CATEGORY>WORM</CATEGORY>
  23769. <CONDITIONLIST>
  23770. <CONDITION>FILELOCATION~system</CONDITION>
  23771. </CONDITIONLIST>
  23772. <OPERATOR>AND</OPERATOR>
  23773. <THREATLEVEL>10</THREATLEVEL>
  23774. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23775. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23776. </PROCESSDESCRIPTOR>
  23777. <PROCESSDESCRIPTOR>
  23778. <ID>3744</ID>
  23779. <PROCESSLIST>
  23780. <PROCESS>CP.EXE</PROCESS>
  23781. </PROCESSLIST>
  23782. <CLSIDLIST>
  23783. </CLSIDLIST>
  23784. <SUMMARY>Comedy-Planet Installer/Setup</SUMMARY>
  23785. <DEFAULTINSTALLPATHLIST>
  23786. </DEFAULTINSTALLPATHLIST>
  23787. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23788. <CONDITIONLIST>
  23789. <CONDITION>MD5=A3691894102F47051581DCEFD7B53CD3</CONDITION>
  23790. </CONDITIONLIST>
  23791. <OPERATOR>AND</OPERATOR>
  23792. <THREATLEVEL>10</THREATLEVEL>
  23793. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23794. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23795. </PROCESSDESCRIPTOR>
  23796. <PROCESSDESCRIPTOR>
  23797. <ID>3745</ID>
  23798. <PROCESSLIST>
  23799. <PROCESS>NAVUPDATERS.EXE</PROCESS>
  23800. </PROCESSLIST>
  23801. <CLSIDLIST>
  23802. </CLSIDLIST>
  23803. <SUMMARY>Rbot-UN Worm Component</SUMMARY>
  23804. <DEFAULTINSTALLPATHLIST>
  23805. </DEFAULTINSTALLPATHLIST>
  23806. <CATEGORY>WORM</CATEGORY>
  23807. <CONDITIONLIST>
  23808. <CONDITION>FILELOCATION~system</CONDITION>
  23809. </CONDITIONLIST>
  23810. <OPERATOR>AND</OPERATOR>
  23811. <THREATLEVEL>10</THREATLEVEL>
  23812. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23813. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23814. </PROCESSDESCRIPTOR>
  23815. <PROCESSDESCRIPTOR>
  23816. <ID>3746</ID>
  23817. <PROCESSLIST>
  23818. <PROCESS>WUAUMGR.EXE</PROCESS>
  23819. </PROCESSLIST>
  23820. <CLSIDLIST>
  23821. </CLSIDLIST>
  23822. <SUMMARY>Unnamed Worm Component</SUMMARY>
  23823. <DEFAULTINSTALLPATHLIST>
  23824. </DEFAULTINSTALLPATHLIST>
  23825. <CATEGORY>WORM</CATEGORY>
  23826. <CONDITIONLIST>
  23827. <CONDITION>FILELOCATION~system</CONDITION>
  23828. </CONDITIONLIST>
  23829. <OPERATOR>AND</OPERATOR>
  23830. <THREATLEVEL>10</THREATLEVEL>
  23831. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23832. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23833. </PROCESSDESCRIPTOR>
  23834. <PROCESSDESCRIPTOR>
  23835. <ID>3752</ID>
  23836. <PROCESSLIST>
  23837. <PROCESS>MADOPEW.DLL</PROCESS>
  23838. </PROCESSLIST>
  23839. <CLSIDLIST>
  23840. <CLSID>*</CLSID>
  23841. <CLSID>{275636E4-A535-4668-9FF1-86DC0C62D446}</CLSID>
  23842. </CLSIDLIST>
  23843. <SUMMARY>CoolWebSearch Variant BHO</SUMMARY>
  23844. <DEFAULTINSTALLPATHLIST>
  23845. </DEFAULTINSTALLPATHLIST>
  23846. <CATEGORY>PARASITE</CATEGORY>
  23847. <CONDITIONLIST>
  23848. </CONDITIONLIST>
  23849. <OPERATOR>AND</OPERATOR>
  23850. <THREATLEVEL>10</THREATLEVEL>
  23851. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23852. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23853. </PROCESSDESCRIPTOR>
  23854. <PROCESSDESCRIPTOR>
  23855. <ID>3753</ID>
  23856. <PROCESSLIST>
  23857. <PROCESS>*</PROCESS>
  23858. <PROCESS>SMCVS.DAT</PROCESS>
  23859. </PROCESSLIST>
  23860. <CLSIDLIST>
  23861. <CLSID>{30279F2D-1A38-4785-97D4-5C3508BDB289}</CLSID>
  23862. </CLSIDLIST>
  23863. <SUMMARY>VirtuMonde Adware Variant BHO</SUMMARY>
  23864. <DEFAULTINSTALLPATHLIST>
  23865. </DEFAULTINSTALLPATHLIST>
  23866. <CATEGORY>ADWARE</CATEGORY>
  23867. <CONDITIONLIST>
  23868. </CONDITIONLIST>
  23869. <OPERATOR>AND</OPERATOR>
  23870. <THREATLEVEL>10</THREATLEVEL>
  23871. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23872. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23873. </PROCESSDESCRIPTOR>
  23874. <PROCESSDESCRIPTOR>
  23875. <ID>3754</ID>
  23876. <PROCESSLIST>
  23877. <PROCESS>*</PROCESS>
  23878. <PROCESS>SMCVS.DAT</PROCESS>
  23879. <PROCESS>PTFCA.DAT</PROCESS>
  23880. <PROCESS>RBARC.DAT</PROCESS>
  23881. </PROCESSLIST>
  23882. <CLSIDLIST>
  23883. <CLSID>{30279F2D-1A38-4785-97D4-5C3508BDB289}</CLSID>
  23884. <CLSID>{2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0}</CLSID>
  23885. <CLSID>{68132581-10F2-416E-B188-4E648075325A}</CLSID>
  23886. </CLSIDLIST>
  23887. <SUMMARY>Adware.VirtuMonde Variant.BHO</SUMMARY>
  23888. <DEFAULTINSTALLPATHLIST>
  23889. </DEFAULTINSTALLPATHLIST>
  23890. <CATEGORY>ADWARE</CATEGORY>
  23891. <CONDITIONLIST>
  23892. </CONDITIONLIST>
  23893. <OPERATOR>AND</OPERATOR>
  23894. <THREATLEVEL>10</THREATLEVEL>
  23895. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23896. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23897. </PROCESSDESCRIPTOR>
  23898. <PROCESSDESCRIPTOR>
  23899. <ID>3755</ID>
  23900. <PROCESSLIST>
  23901. <PROCESS>*</PROCESS>
  23902. </PROCESSLIST>
  23903. <CLSIDLIST>
  23904. </CLSIDLIST>
  23905. <SUMMARY>Adware.Lop.Process</SUMMARY>
  23906. <DEFAULTINSTALLPATHLIST>
  23907. </DEFAULTINSTALLPATHLIST>
  23908. <CATEGORY>ADWARE</CATEGORY>
  23909. <CONDITIONLIST>
  23910. <CONDITION>MD5=7a3e86ff7c155338c00202a783962ad5</CONDITION>
  23911. <CONDITION>MD5=9ED6CE218CC8598DCBE114B02B911A6D</CONDITION>
  23912. <CONDITION>MD5=7FE84B339E4AF4684946AB405DC7DE9B</CONDITION>
  23913. <CONDITION>MD5=6E6668F1A2D632E416D20CFF410DD6A5</CONDITION>
  23914. <CONDITION>MD5=A2C4CA3E852CF798470294E7CE482B85</CONDITION>
  23915. <CONDITION>MD5=39020b04154d3e26be07afffa42ca6de</CONDITION>
  23916. <CONDITION>MD5=E489B105E13545CDC05173DA5A28222A</CONDITION>
  23917. <CONDITION>MD5=EDA6B14DF3258BF455B21AC0B2669B98</CONDITION>
  23918. <CONDITION>MD5=FE6469153BB1869BB814ECFFF7580547</CONDITION>
  23919. <CONDITION>MD5=65D79AF5076361CFF468A196CBF23C39</CONDITION>
  23920. <CONDITION>MD5=D8127ED00C6A7E65C82436C88448656E</CONDITION>
  23921. <CONDITION>MD5=A268106EDE31873C636B1519D9558AB9</CONDITION>
  23922. <CONDITION>MD5=C784B76D8AA07E3BD190901E2EB20966</CONDITION>
  23923. <CONDITION>MD5=40242C949ABFAF74F3C951C886A8ACAC</CONDITION>
  23924. <CONDITION>MD5=C63AD2174AC9BDA4CEBCB23F4B14FA0A</CONDITION>
  23925. <CONDITION>MD5=14725F4AC7B4EE0D74357F748EE212FD</CONDITION>
  23926. <CONDITION>MD5=F56F5D6EAD336ADA672A41A9941B7528</CONDITION>
  23927. <CONDITION>MD5=2D52AC9D2F154DE51025EEA6340F1FCB</CONDITION>
  23928. <CONDITION>MD5=6D3AD71DF93F23849ABEF0FC040A9318</CONDITION>
  23929. <CONDITION>MD5=0C021E606EB9DA9AEB7A4BA0E5DC0BF9</CONDITION>
  23930. <CONDITION>MD5=96F6CE4E53783A6AF034F14F1A42840C</CONDITION>
  23931. <CONDITION>MD5=91EF5280C40F86D569EC0E3587C71E3D</CONDITION>
  23932. <CONDITION>MD5=8EB34F434B15D306779BAED431534557</CONDITION>
  23933. <CONDITION>MD5=B8F80A5C998AA1C3B8E485F699865E1A</CONDITION>
  23934. <CONDITION>MD5=214AEB657D5C0144F47F453F3B32474A</CONDITION>
  23935. <CONDITION>MD5=B4D1E0EC388C2E3047FB7C5D1960732B</CONDITION>
  23936. <CONDITION>MD5=F0F19D0808633D3AC8071E85CE09D3FB</CONDITION>
  23937. <CONDITION>MD5=6579582971728CD815F53A070893AC35</CONDITION>
  23938. <CONDITION>MD5=09661153678D856AF36FADC92343A154</CONDITION>
  23939. <CONDITION>MD5=4F3FAF0AA1D98F105F8C9FDB39902B7C</CONDITION>
  23940. <CONDITION>MD5=B24095520EFB9D43D620D049391E5C62</CONDITION>
  23941. <CONDITION>MD5=D2CDE5ADE6BC729C9B24BDD9E2C56652</CONDITION>
  23942. <CONDITION>MD5=E0B58F47A1F05EE1424C9E146D63228E</CONDITION>
  23943. <CONDITION>MD5=48EFE69BC7EA6A6A095700D1D9E8DCA6</CONDITION>
  23944. <CONDITION>MD5=E411DE6136BC8467BBC1E42F1B4E7C0A</CONDITION>
  23945. <CONDITION>MD5=55A96F846EAE9D3756C06A9C2FABDBD3</CONDITION>
  23946. <CONDITION>MD5=4F1B55FBC549AE5FFF9EB34811431E3E</CONDITION>
  23947. <CONDITION>MD5=32EA25BDE2A449F03277278E57D954F6</CONDITION>
  23948. <CONDITION>MD5=60D95403DB0A2ED69EF5F2304C4642C2</CONDITION>
  23949. <CONDITION>MD5=44FC97EED87B303238BECC789D84092F</CONDITION>
  23950. <CONDITION>MD5=F75B2C92F8BC47C758DFB9203F1FD0FB</CONDITION>
  23951. <CONDITION>MD5=02F1E21A0A863AF455684324384553BA</CONDITION>
  23952. <CONDITION>MD5=2A03E6C6BC96F75E89165299EBD832DC</CONDITION>
  23953. <CONDITION>MD5=D49DCBA1C8175015464703B00FD691CE</CONDITION>
  23954. <CONDITION>MD5=C280B1CBB18732FDEA7DE408CA5FA015</CONDITION>
  23955. <CONDITION>MD5=D49DCBA1C8175015464703B00FD691CE</CONDITION>
  23956. <CONDITION>MD5=2CAB857D8F4E0A4DE7C9B1976293B7B0</CONDITION>
  23957. <CONDITION>MD5=0C00460598D90969907635564CA4B05C</CONDITION>
  23958. <CONDITION>MD5=38184C110325CAB554F0F140D72D94A3</CONDITION>
  23959. <CONDITION>MD5=1EEBBBBD05B54D46CD1013075379BA24</CONDITION>
  23960. <CONDITION>MD5=53865C8D99DA40FB20EC86DFCB4456C5</CONDITION>
  23961. <CONDITION>MD5=D7943FFD40E04E9FB342EE43934BAB63</CONDITION>
  23962. <CONDITION>MD5=CF0F6193E735628B0138375252936374</CONDITION>
  23963. <CONDITION>MD5=7394988BB68B4E6CA447F378D55D36E2</CONDITION>
  23964. <CONDITION>MD5=32AC065FC1F8BB84A373ED19B34C3AB3</CONDITION>
  23965. <CONDITION>MD5=EDF394BFEE11950765D53AC3F5A8E239</CONDITION>
  23966. <CONDITION>MD5=1383E1BE430DA383FCB9D6A0712EA76F</CONDITION>
  23967. <CONDITION>MD5=F96DC137AAE860EF0D871AB758F7B61A</CONDITION>
  23968. <CONDITION>MD5=D8F0DBA98E4DA966F05772BCCA106700</CONDITION>
  23969. <CONDITION>MD5=89348F89EDDB19EB5822596835D39959</CONDITION>
  23970. </CONDITIONLIST>
  23971. <OPERATOR>OR</OPERATOR>
  23972. <THREATLEVEL>10</THREATLEVEL>
  23973. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23974. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23975. </PROCESSDESCRIPTOR>
  23976. <PROCESSDESCRIPTOR>
  23977. <ID>3771</ID>
  23978. <PROCESSLIST>
  23979. <PROCESS>IEXPLORE.EXE</PROCESS>
  23980. </PROCESSLIST>
  23981. <CLSIDLIST>
  23982. </CLSIDLIST>
  23983. <SUMMARY>IExplore Stealth Redirector</SUMMARY>
  23984. <DEFAULTINSTALLPATHLIST>
  23985. </DEFAULTINSTALLPATHLIST>
  23986. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  23987. <CONDITIONLIST>
  23988. <CONDITION>ORIGINALFILENAME=Redirect.EXE</CONDITION>
  23989. </CONDITIONLIST>
  23990. <OPERATOR>AND</OPERATOR>
  23991. <THREATLEVEL>10</THREATLEVEL>
  23992. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  23993. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  23994. </PROCESSDESCRIPTOR>
  23995. <PROCESSDESCRIPTOR>
  23996. <ID>3780</ID>
  23997. <PROCESSLIST>
  23998. <PROCESS>*</PROCESS>
  23999. <PROCESS>(TIBS3.EXE)</PROCESS>
  24000. </PROCESSLIST>
  24001. <CLSIDLIST>
  24002. </CLSIDLIST>
  24003. <SUMMARY>TIBS3.EXE (Variant)</SUMMARY>
  24004. <DEFAULTINSTALLPATHLIST>
  24005. </DEFAULTINSTALLPATHLIST>
  24006. <CATEGORY>DIALER</CATEGORY>
  24007. <CONDITIONLIST>
  24008. <CONDITION>MD5=3331FDABA48994E4EA1CA3BA5827392C</CONDITION>
  24009. </CONDITIONLIST>
  24010. <OPERATOR>AND</OPERATOR>
  24011. <THREATLEVEL>10</THREATLEVEL>
  24012. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24013. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24014. </PROCESSDESCRIPTOR>
  24015. <PROCESSDESCRIPTOR>
  24016. <ID>3823</ID>
  24017. <PROCESSLIST>
  24018. <PROCESS>MOUSECNTL32.EXE</PROCESS>
  24019. <PROCESS>MSMON.EXE</PROCESS>
  24020. <PROCESS>FLPYCNTL.EXE</PROCESS>
  24021. </PROCESSLIST>
  24022. <CLSIDLIST>
  24023. </CLSIDLIST>
  24024. <SUMMARY>Gema Variant Trojan Components</SUMMARY>
  24025. <DEFAULTINSTALLPATHLIST>
  24026. </DEFAULTINSTALLPATHLIST>
  24027. <CATEGORY>TROJAN</CATEGORY>
  24028. <CONDITIONLIST>
  24029. <CONDITION>FILELOCATION~system</CONDITION>
  24030. <CONDITION>COMPANYNAME^Microsoft</CONDITION>
  24031. </CONDITIONLIST>
  24032. <OPERATOR>AND</OPERATOR>
  24033. <THREATLEVEL>10</THREATLEVEL>
  24034. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24035. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24036. </PROCESSDESCRIPTOR>
  24037. <PROCESSDESCRIPTOR>
  24038. <ID>3824</ID>
  24039. <PROCESSLIST>
  24040. <PROCESS>*</PROCESS>
  24041. </PROCESSLIST>
  24042. <CLSIDLIST>
  24043. </CLSIDLIST>
  24044. <SUMMARY>Gema Variant Trojan Components</SUMMARY>
  24045. <DEFAULTINSTALLPATHLIST>
  24046. </DEFAULTINSTALLPATHLIST>
  24047. <CATEGORY>TROJAN</CATEGORY>
  24048. <CONDITIONLIST>
  24049. <CONDITION>MD5=7F1256276482D5954E212BC813F05089</CONDITION>
  24050. </CONDITIONLIST>
  24051. <OPERATOR>AND</OPERATOR>
  24052. <THREATLEVEL>10</THREATLEVEL>
  24053. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24054. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24055. </PROCESSDESCRIPTOR>
  24056. <PROCESSDESCRIPTOR>
  24057. <ID>3825</ID>
  24058. <PROCESSLIST>
  24059. <PROCESS>*</PROCESS>
  24060. <PROCESS>(DDDD.EXE)</PROCESS>
  24061. </PROCESSLIST>
  24062. <CLSIDLIST>
  24063. </CLSIDLIST>
  24064. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24065. <DEFAULTINSTALLPATHLIST>
  24066. </DEFAULTINSTALLPATHLIST>
  24067. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24068. <CONDITIONLIST>
  24069. <CONDITION>MD5=33c8a40e289fefdad815daa9da5eac9f</CONDITION>
  24070. </CONDITIONLIST>
  24071. <OPERATOR>AND</OPERATOR>
  24072. <THREATLEVEL>10</THREATLEVEL>
  24073. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24074. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24075. </PROCESSDESCRIPTOR>
  24076. <PROCESSDESCRIPTOR>
  24077. <ID>3826</ID>
  24078. <PROCESSLIST>
  24079. <PROCESS>WINTITLE.DLL</PROCESS>
  24080. </PROCESSLIST>
  24081. <CLSIDLIST>
  24082. <CLSID>{F6053709-5723-454E-AB9D-7FC7E681AFA5}</CLSID>
  24083. </CLSIDLIST>
  24084. <SUMMARY>WinTitle Module BHO</SUMMARY>
  24085. <DEFAULTINSTALLPATHLIST>
  24086. </DEFAULTINSTALLPATHLIST>
  24087. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  24088. <CONDITIONLIST>
  24089. </CONDITIONLIST>
  24090. <OPERATOR>AND</OPERATOR>
  24091. <THREATLEVEL>10</THREATLEVEL>
  24092. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24093. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24094. </PROCESSDESCRIPTOR>
  24095. <PROCESSDESCRIPTOR>
  24096. <ID>3827</ID>
  24097. <PROCESSLIST>
  24098. <PROCESS>*</PROCESS>
  24099. <PROCESS>(SM.EXE)</PROCESS>
  24100. </PROCESSLIST>
  24101. <CLSIDLIST>
  24102. </CLSIDLIST>
  24103. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24104. <DEFAULTINSTALLPATHLIST>
  24105. </DEFAULTINSTALLPATHLIST>
  24106. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24107. <CONDITIONLIST>
  24108. <CONDITION>MD5=251849a6098262bdd3526258177d7161</CONDITION>
  24109. </CONDITIONLIST>
  24110. <OPERATOR>AND</OPERATOR>
  24111. <THREATLEVEL>10</THREATLEVEL>
  24112. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24113. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24114. </PROCESSDESCRIPTOR>
  24115. <PROCESSDESCRIPTOR>
  24116. <ID>3828</ID>
  24117. <PROCESSLIST>
  24118. <PROCESS>*</PROCESS>
  24119. <PROCESS>(BSUYDHJO.EXE)</PROCESS>
  24120. </PROCESSLIST>
  24121. <CLSIDLIST>
  24122. </CLSIDLIST>
  24123. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24124. <DEFAULTINSTALLPATHLIST>
  24125. </DEFAULTINSTALLPATHLIST>
  24126. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24127. <CONDITIONLIST>
  24128. <CONDITION>MD5=707EDFD34755CDFC85B7F3DE29E6F1E8</CONDITION>
  24129. </CONDITIONLIST>
  24130. <OPERATOR>AND</OPERATOR>
  24131. <THREATLEVEL>10</THREATLEVEL>
  24132. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24133. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24134. </PROCESSDESCRIPTOR>
  24135. <PROCESSDESCRIPTOR>
  24136. <ID>3831</ID>
  24137. <PROCESSLIST>
  24138. <PROCESS>WINIS.EXE</PROCESS>
  24139. </PROCESSLIST>
  24140. <CLSIDLIST>
  24141. </CLSIDLIST>
  24142. <SUMMARY>Rbot-VD Worm Component</SUMMARY>
  24143. <DEFAULTINSTALLPATHLIST>
  24144. </DEFAULTINSTALLPATHLIST>
  24145. <CATEGORY>WORM</CATEGORY>
  24146. <CONDITIONLIST>
  24147. <CONDITION>FILELOCATION~system</CONDITION>
  24148. </CONDITIONLIST>
  24149. <OPERATOR>AND</OPERATOR>
  24150. <THREATLEVEL>10</THREATLEVEL>
  24151. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24152. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24153. </PROCESSDESCRIPTOR>
  24154. <PROCESSDESCRIPTOR>
  24155. <ID>3833</ID>
  24156. <PROCESSLIST>
  24157. <PROCESS>*</PROCESS>
  24158. <PROCESS>(FFINST.EXE)</PROCESS>
  24159. </PROCESSLIST>
  24160. <CLSIDLIST>
  24161. </CLSIDLIST>
  24162. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24163. <DEFAULTINSTALLPATHLIST>
  24164. </DEFAULTINSTALLPATHLIST>
  24165. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24166. <CONDITIONLIST>
  24167. <CONDITION>MD5=8ee6ecc6abae5f4456fba57b7d1d3098</CONDITION>
  24168. </CONDITIONLIST>
  24169. <OPERATOR>AND</OPERATOR>
  24170. <THREATLEVEL>10</THREATLEVEL>
  24171. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24172. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24173. </PROCESSDESCRIPTOR>
  24174. <PROCESSDESCRIPTOR>
  24175. <ID>3834</ID>
  24176. <PROCESSLIST>
  24177. <PROCESS>*</PROCESS>
  24178. <PROCESS>(VT00.EXE)</PROCESS>
  24179. </PROCESSLIST>
  24180. <CLSIDLIST>
  24181. </CLSIDLIST>
  24182. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24183. <DEFAULTINSTALLPATHLIST>
  24184. </DEFAULTINSTALLPATHLIST>
  24185. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24186. <CONDITIONLIST>
  24187. <CONDITION>MD5=fdae4e35b6a1d0d641e6ece6da109152</CONDITION>
  24188. </CONDITIONLIST>
  24189. <OPERATOR>AND</OPERATOR>
  24190. <THREATLEVEL>10</THREATLEVEL>
  24191. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24192. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24193. </PROCESSDESCRIPTOR>
  24194. <PROCESSDESCRIPTOR>
  24195. <ID>3835</ID>
  24196. <PROCESSLIST>
  24197. <PROCESS>*</PROCESS>
  24198. <PROCESS>(I15.TMP)</PROCESS>
  24199. </PROCESSLIST>
  24200. <CLSIDLIST>
  24201. </CLSIDLIST>
  24202. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24203. <DEFAULTINSTALLPATHLIST>
  24204. </DEFAULTINSTALLPATHLIST>
  24205. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24206. <CONDITIONLIST>
  24207. <CONDITION>MD5=dab1336a8391a363d0f489c79ac8a019</CONDITION>
  24208. </CONDITIONLIST>
  24209. <OPERATOR>AND</OPERATOR>
  24210. <THREATLEVEL>10</THREATLEVEL>
  24211. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24212. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24213. </PROCESSDESCRIPTOR>
  24214. <PROCESSDESCRIPTOR>
  24215. <ID>3836</ID>
  24216. <PROCESSLIST>
  24217. <PROCESS>*</PROCESS>
  24218. <PROCESS>(SSK_B5.EXE)</PROCESS>
  24219. </PROCESSLIST>
  24220. <CLSIDLIST>
  24221. </CLSIDLIST>
  24222. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24223. <DEFAULTINSTALLPATHLIST>
  24224. </DEFAULTINSTALLPATHLIST>
  24225. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24226. <CONDITIONLIST>
  24227. <CONDITION>MD5=0508870ff6cf581d67bc1574c8305bbf</CONDITION>
  24228. </CONDITIONLIST>
  24229. <OPERATOR>AND</OPERATOR>
  24230. <THREATLEVEL>10</THREATLEVEL>
  24231. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24232. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24233. </PROCESSDESCRIPTOR>
  24234. <PROCESSDESCRIPTOR>
  24235. <ID>3837</ID>
  24236. <PROCESSLIST>
  24237. <PROCESS>*</PROCESS>
  24238. <PROCESS>(RXRTNQ.EXE)</PROCESS>
  24239. </PROCESSLIST>
  24240. <CLSIDLIST>
  24241. </CLSIDLIST>
  24242. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24243. <DEFAULTINSTALLPATHLIST>
  24244. </DEFAULTINSTALLPATHLIST>
  24245. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24246. <CONDITIONLIST>
  24247. <CONDITION>MD5=CAE5DAC951E13878FF3CA237AADE99FD</CONDITION>
  24248. </CONDITIONLIST>
  24249. <OPERATOR>AND</OPERATOR>
  24250. <THREATLEVEL>10</THREATLEVEL>
  24251. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24252. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24253. </PROCESSDESCRIPTOR>
  24254. <PROCESSDESCRIPTOR>
  24255. <ID>3838</ID>
  24256. <PROCESSLIST>
  24257. <PROCESS>*</PROCESS>
  24258. <PROCESS>1O579IM79GDEF.DLL</PROCESS>
  24259. <PROCESS>4ZB501FU8F8L.DLL</PROCESS>
  24260. <PROCESS>GK1G7TVUB4V5.DLL</PROCESS>
  24261. </PROCESSLIST>
  24262. <CLSIDLIST>
  24263. <CLSID>{0388EC16-BA98-416F-9D9B-B9A031E427AF}</CLSID>
  24264. </CLSIDLIST>
  24265. <SUMMARY>Small-CT Trojan BHO</SUMMARY>
  24266. <DEFAULTINSTALLPATHLIST>
  24267. </DEFAULTINSTALLPATHLIST>
  24268. <CATEGORY>SPYWARE</CATEGORY>
  24269. <CONDITIONLIST>
  24270. </CONDITIONLIST>
  24271. <OPERATOR>AND</OPERATOR>
  24272. <THREATLEVEL>10</THREATLEVEL>
  24273. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24274. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24275. </PROCESSDESCRIPTOR>
  24276. <PROCESSDESCRIPTOR>
  24277. <ID>3840</ID>
  24278. <PROCESSLIST>
  24279. <PROCESS>*</PROCESS>
  24280. <PROCESS>(MS486.TMP)</PROCESS>
  24281. </PROCESSLIST>
  24282. <CLSIDLIST>
  24283. </CLSIDLIST>
  24284. <SUMMARY>Adware.Apropos Media/CxtPls.Process</SUMMARY>
  24285. <DEFAULTINSTALLPATHLIST>
  24286. </DEFAULTINSTALLPATHLIST>
  24287. <CATEGORY>ADWARE</CATEGORY>
  24288. <CONDITIONLIST>
  24289. <CONDITION>MD5=262CF7EBD18BDBC6D08A0AFE1339B326</CONDITION>
  24290. </CONDITIONLIST>
  24291. <OPERATOR>AND</OPERATOR>
  24292. <THREATLEVEL>10</THREATLEVEL>
  24293. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24294. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24295. </PROCESSDESCRIPTOR>
  24296. <PROCESSDESCRIPTOR>
  24297. <ID>3842</ID>
  24298. <PROCESSLIST>
  24299. <PROCESS>BW2.COM</PROCESS>
  24300. </PROCESSLIST>
  24301. <CLSIDLIST>
  24302. </CLSIDLIST>
  24303. <SUMMARY>BW2.COM Loader Application (Variant 4)</SUMMARY>
  24304. <DEFAULTINSTALLPATHLIST>
  24305. </DEFAULTINSTALLPATHLIST>
  24306. <CATEGORY>ADWARE</CATEGORY>
  24307. <CONDITIONLIST>
  24308. <CONDITION>MD5=af2fb77f958b6339cbf3bbce9ccf748a</CONDITION>
  24309. </CONDITIONLIST>
  24310. <OPERATOR>AND</OPERATOR>
  24311. <THREATLEVEL>10</THREATLEVEL>
  24312. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24313. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24314. </PROCESSDESCRIPTOR>
  24315. <PROCESSDESCRIPTOR>
  24316. <ID>3843</ID>
  24317. <PROCESSLIST>
  24318. <PROCESS>BW2.COM</PROCESS>
  24319. </PROCESSLIST>
  24320. <CLSIDLIST>
  24321. </CLSIDLIST>
  24322. <SUMMARY>BW2.COM Loader Application (Variant 5)</SUMMARY>
  24323. <DEFAULTINSTALLPATHLIST>
  24324. </DEFAULTINSTALLPATHLIST>
  24325. <CATEGORY>ADWARE</CATEGORY>
  24326. <CONDITIONLIST>
  24327. <CONDITION>MD5=46f85ada7025373ec6223603e69c1ff1</CONDITION>
  24328. </CONDITIONLIST>
  24329. <OPERATOR>AND</OPERATOR>
  24330. <THREATLEVEL>10</THREATLEVEL>
  24331. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24332. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24333. </PROCESSDESCRIPTOR>
  24334. <PROCESSDESCRIPTOR>
  24335. <ID>3844</ID>
  24336. <PROCESSLIST>
  24337. <PROCESS>*</PROCESS>
  24338. <PROCESS>(INSTALLER.EXE)</PROCESS>
  24339. </PROCESSLIST>
  24340. <CLSIDLIST>
  24341. </CLSIDLIST>
  24342. <SUMMARY>INSTALLER.EXE Loader Application Variant</SUMMARY>
  24343. <DEFAULTINSTALLPATHLIST>
  24344. </DEFAULTINSTALLPATHLIST>
  24345. <CATEGORY>ADWARE</CATEGORY>
  24346. <CONDITIONLIST>
  24347. <CONDITION>MD5=ae3fa7a67dfb4fef43a87ad283554453</CONDITION>
  24348. </CONDITIONLIST>
  24349. <OPERATOR>AND</OPERATOR>
  24350. <THREATLEVEL>10</THREATLEVEL>
  24351. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24352. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24353. </PROCESSDESCRIPTOR>
  24354. <PROCESSDESCRIPTOR>
  24355. <ID>3845</ID>
  24356. <PROCESSLIST>
  24357. <PROCESS>BW2.COM</PROCESS>
  24358. </PROCESSLIST>
  24359. <CLSIDLIST>
  24360. </CLSIDLIST>
  24361. <SUMMARY>BW2.COM Loader Application</SUMMARY>
  24362. <DEFAULTINSTALLPATHLIST>
  24363. </DEFAULTINSTALLPATHLIST>
  24364. <CATEGORY>ADWARE</CATEGORY>
  24365. <CONDITIONLIST>
  24366. <CONDITION>FILELOCATION~TEMP</CONDITION>
  24367. </CONDITIONLIST>
  24368. <OPERATOR>AND</OPERATOR>
  24369. <THREATLEVEL>10</THREATLEVEL>
  24370. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24371. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24372. </PROCESSDESCRIPTOR>
  24373. <PROCESSDESCRIPTOR>
  24374. <ID>3852</ID>
  24375. <PROCESSLIST>
  24376. <PROCESS>VBOUNC~1.EXE</PROCESS>
  24377. </PROCESSLIST>
  24378. <CLSIDLIST>
  24379. </CLSIDLIST>
  24380. <SUMMARY>Adware.Spyware Labs/Virtual Bouncer.Process</SUMMARY>
  24381. <DEFAULTINSTALLPATHLIST>
  24382. </DEFAULTINSTALLPATHLIST>
  24383. <CATEGORY>ADWARE</CATEGORY>
  24384. <CONDITIONLIST>
  24385. <CONDITION>FILELOCATION~vbounce</CONDITION>
  24386. </CONDITIONLIST>
  24387. <OPERATOR>AND</OPERATOR>
  24388. <THREATLEVEL>10</THREATLEVEL>
  24389. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24390. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24391. </PROCESSDESCRIPTOR>
  24392. <PROCESSDESCRIPTOR>
  24393. <ID>3853</ID>
  24394. <PROCESSLIST>
  24395. <PROCESS>WINAMP.EXE</PROCESS>
  24396. </PROCESSLIST>
  24397. <CLSIDLIST>
  24398. </CLSIDLIST>
  24399. <SUMMARY>Gaobot.AFJ Virus Variant</SUMMARY>
  24400. <DEFAULTINSTALLPATHLIST>
  24401. </DEFAULTINSTALLPATHLIST>
  24402. <CATEGORY>VIRUS</CATEGORY>
  24403. <CONDITIONLIST>
  24404. <CONDITION>FILELOCATION~system</CONDITION>
  24405. <CONDITION>COMPANYNAME^Null</CONDITION>
  24406. </CONDITIONLIST>
  24407. <OPERATOR>AND</OPERATOR>
  24408. <THREATLEVEL>10</THREATLEVEL>
  24409. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24410. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24411. </PROCESSDESCRIPTOR>
  24412. <PROCESSDESCRIPTOR>
  24413. <ID>3855</ID>
  24414. <PROCESSLIST>
  24415. <PROCESS>WINAMP6.EXE</PROCESS>
  24416. </PROCESSLIST>
  24417. <CLSIDLIST>
  24418. </CLSIDLIST>
  24419. <SUMMARY>W32.Multex.B Worm</SUMMARY>
  24420. <DEFAULTINSTALLPATHLIST>
  24421. </DEFAULTINSTALLPATHLIST>
  24422. <CATEGORY>WORM</CATEGORY>
  24423. <CONDITIONLIST>
  24424. <CONDITION>FILELOCATION~system</CONDITION>
  24425. </CONDITIONLIST>
  24426. <OPERATOR>AND</OPERATOR>
  24427. <THREATLEVEL>10</THREATLEVEL>
  24428. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24429. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24430. </PROCESSDESCRIPTOR>
  24431. <PROCESSDESCRIPTOR>
  24432. <ID>3856</ID>
  24433. <PROCESSLIST>
  24434. <PROCESS>*</PROCESS>
  24435. <PROCESS>(56D28VJ7KZTHD.EXE)</PROCESS>
  24436. <PROCESS>(J3SC725LOJXTHD.EXE)</PROCESS>
  24437. <PROCESS>(UN475LP3K1THD.EXE)</PROCESS>
  24438. <PROCESS>(UXE35ZSBH3THD.EXE)</PROCESS>
  24439. <PROCESS>(FIU2D88956H9THD.EXE)</PROCESS>
  24440. <PROCESS>(XEN9K2CYWCHZTHD.EXE)</PROCESS>
  24441. </PROCESSLIST>
  24442. <CLSIDLIST>
  24443. </CLSIDLIST>
  24444. <SUMMARY>CoolWebSearch Variant</SUMMARY>
  24445. <DEFAULTINSTALLPATHLIST>
  24446. </DEFAULTINSTALLPATHLIST>
  24447. <CATEGORY>TROJAN</CATEGORY>
  24448. <CONDITIONLIST>
  24449. <CONDITION>MD5=60D2C7913E038FDE2A0614BA42DAB87E</CONDITION>
  24450. <CONDITION>MD5=9CB77B9F484305A7DA2E973BC5C9CA3C</CONDITION>
  24451. <CONDITION>MD5=4A9BBC17E3D98A36A0B442327498C126</CONDITION>
  24452. </CONDITIONLIST>
  24453. <OPERATOR>OR</OPERATOR>
  24454. <THREATLEVEL>10</THREATLEVEL>
  24455. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24456. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24457. </PROCESSDESCRIPTOR>
  24458. <PROCESSDESCRIPTOR>
  24459. <ID>3857</ID>
  24460. <PROCESSLIST>
  24461. <PROCESS>*</PROCESS>
  24462. <PROCESS>T1JKXT~1.DLL</PROCESS>
  24463. <PROCESS>W8C6S4~1.DLL</PROCESS>
  24464. </PROCESSLIST>
  24465. <CLSIDLIST>
  24466. <CLSID>*</CLSID>
  24467. <CLSID>{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}</CLSID>
  24468. </CLSIDLIST>
  24469. <SUMMARY>CoolWebSearch Variant</SUMMARY>
  24470. <DEFAULTINSTALLPATHLIST>
  24471. </DEFAULTINSTALLPATHLIST>
  24472. <CATEGORY>TROJAN</CATEGORY>
  24473. <CONDITIONLIST>
  24474. <CONDITION>MD5=60D2C7913E038FDE2A0614BA42DAB87E</CONDITION>
  24475. <CONDITION>MD5=9CB77B9F484305A7DA2E973BC5C9CA3C</CONDITION>
  24476. <CONDITION>MD5=4A9BBC17E3D98A36A0B442327498C126</CONDITION>
  24477. </CONDITIONLIST>
  24478. <OPERATOR>OR</OPERATOR>
  24479. <THREATLEVEL>10</THREATLEVEL>
  24480. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24481. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24482. </PROCESSDESCRIPTOR>
  24483. <PROCESSDESCRIPTOR>
  24484. <ID>3896</ID>
  24485. <PROCESSLIST>
  24486. <PROCESS>*</PROCESS>
  24487. <PROCESS>(SUPPORTINSTALL.EXE)</PROCESS>
  24488. </PROCESSLIST>
  24489. <CLSIDLIST>
  24490. </CLSIDLIST>
  24491. <SUMMARY>WebRebates Silent Installer</SUMMARY>
  24492. <DEFAULTINSTALLPATHLIST>
  24493. </DEFAULTINSTALLPATHLIST>
  24494. <CATEGORY>ADWARE</CATEGORY>
  24495. <CONDITIONLIST>
  24496. <CONDITION>MD5=c3378136b52cd66b353119e5eaa14db0</CONDITION>
  24497. </CONDITIONLIST>
  24498. <OPERATOR>AND</OPERATOR>
  24499. <THREATLEVEL>10</THREATLEVEL>
  24500. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24501. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24502. </PROCESSDESCRIPTOR>
  24503. <PROCESSDESCRIPTOR>
  24504. <ID>3897</ID>
  24505. <PROCESSLIST>
  24506. <PROCESS>INSTAFINDERK_INST.EXE</PROCESS>
  24507. </PROCESSLIST>
  24508. <CLSIDLIST>
  24509. </CLSIDLIST>
  24510. <SUMMARY>InstaFinder Installer</SUMMARY>
  24511. <DEFAULTINSTALLPATHLIST>
  24512. </DEFAULTINSTALLPATHLIST>
  24513. <CATEGORY>ADWARE</CATEGORY>
  24514. <CONDITIONLIST>
  24515. </CONDITIONLIST>
  24516. <OPERATOR>AND</OPERATOR>
  24517. <THREATLEVEL>10</THREATLEVEL>
  24518. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24519. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24520. </PROCESSDESCRIPTOR>
  24521. <PROCESSDESCRIPTOR>
  24522. <ID>3898</ID>
  24523. <PROCESSLIST>
  24524. <PROCESS>BREG.EXE</PROCESS>
  24525. <PROCESS>BPTRE.EXE</PROCESS>
  24526. <PROCESS>BPTRE_INST.EXE</PROCESS>
  24527. <PROCESS>XCPY1_INST.EXE</PROCESS>
  24528. <PROCESS>BPT_C.EXE</PROCESS>
  24529. <PROCESS>BPC_INST.EXE</PROCESS>
  24530. </PROCESSLIST>
  24531. <CLSIDLIST>
  24532. </CLSIDLIST>
  24533. <SUMMARY>Adware.BroadcastPC.Process</SUMMARY>
  24534. <DEFAULTINSTALLPATHLIST>
  24535. </DEFAULTINSTALLPATHLIST>
  24536. <CATEGORY>ADWARE</CATEGORY>
  24537. <CONDITIONLIST>
  24538. </CONDITIONLIST>
  24539. <OPERATOR>AND</OPERATOR>
  24540. <THREATLEVEL>7</THREATLEVEL>
  24541. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24542. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24543. </PROCESSDESCRIPTOR>
  24544. <PROCESSDESCRIPTOR>
  24545. <ID>3899</ID>
  24546. <PROCESSLIST>
  24547. <PROCESS>*</PROCESS>
  24548. <PROCESS>(NTBB.EXE)</PROCESS>
  24549. </PROCESSLIST>
  24550. <CLSIDLIST>
  24551. </CLSIDLIST>
  24552. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24553. <DEFAULTINSTALLPATHLIST>
  24554. </DEFAULTINSTALLPATHLIST>
  24555. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24556. <CONDITIONLIST>
  24557. <CONDITION>MD5=17BF2F9F63408A6FD3757A1AB8F311D9</CONDITION>
  24558. </CONDITIONLIST>
  24559. <OPERATOR>AND</OPERATOR>
  24560. <THREATLEVEL>10</THREATLEVEL>
  24561. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24562. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24563. </PROCESSDESCRIPTOR>
  24564. <PROCESSDESCRIPTOR>
  24565. <ID>3900</ID>
  24566. <PROCESSLIST>
  24567. <PROCESS>WEBREBATES_AUTO_INSTALLSILENT.EXE</PROCESS>
  24568. </PROCESSLIST>
  24569. <CLSIDLIST>
  24570. </CLSIDLIST>
  24571. <SUMMARY>WebRebates Silent Installer</SUMMARY>
  24572. <DEFAULTINSTALLPATHLIST>
  24573. </DEFAULTINSTALLPATHLIST>
  24574. <CATEGORY>ADWARE</CATEGORY>
  24575. <CONDITIONLIST>
  24576. </CONDITIONLIST>
  24577. <OPERATOR>AND</OPERATOR>
  24578. <THREATLEVEL>10</THREATLEVEL>
  24579. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24580. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24581. </PROCESSDESCRIPTOR>
  24582. <PROCESSDESCRIPTOR>
  24583. <ID>3901</ID>
  24584. <PROCESSLIST>
  24585. <PROCESS>*</PROCESS>
  24586. <PROCESS>(UVHV8UX4.EXE)</PROCESS>
  24587. </PROCESSLIST>
  24588. <CLSIDLIST>
  24589. </CLSIDLIST>
  24590. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24591. <DEFAULTINSTALLPATHLIST>
  24592. </DEFAULTINSTALLPATHLIST>
  24593. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24594. <CONDITIONLIST>
  24595. <CONDITION>MD5=268698C309466546AA060DF1F3A3785B</CONDITION>
  24596. </CONDITIONLIST>
  24597. <OPERATOR>AND</OPERATOR>
  24598. <THREATLEVEL>10</THREATLEVEL>
  24599. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24600. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24601. </PROCESSDESCRIPTOR>
  24602. <PROCESSDESCRIPTOR>
  24603. <ID>3902</ID>
  24604. <PROCESSLIST>
  24605. <PROCESS>*</PROCESS>
  24606. <PROCESS>(WINCHGK32.EXE)</PROCESS>
  24607. <PROCESS>(WINIDHK32.EXE)</PROCESS>
  24608. <PROCESS>(WINDCIK32.EXE)</PROCESS>
  24609. </PROCESSLIST>
  24610. <CLSIDLIST>
  24611. </CLSIDLIST>
  24612. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24613. <DEFAULTINSTALLPATHLIST>
  24614. </DEFAULTINSTALLPATHLIST>
  24615. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24616. <CONDITIONLIST>
  24617. <CONDITION>MD5=A4A3F64A3BABEBE3CE95DD432C4DACFD</CONDITION>
  24618. </CONDITIONLIST>
  24619. <OPERATOR>AND</OPERATOR>
  24620. <THREATLEVEL>10</THREATLEVEL>
  24621. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24622. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24623. </PROCESSDESCRIPTOR>
  24624. <PROCESSDESCRIPTOR>
  24625. <ID>3903</ID>
  24626. <PROCESSLIST>
  24627. <PROCESS>*</PROCESS>
  24628. <PROCESS>(WGYOMZBMQ.EXE)</PROCESS>
  24629. <PROCESS>(OQWTKC.EXE)</PROCESS>
  24630. <PROCESS>(VPZRVMJHE.EXE)</PROCESS>
  24631. </PROCESSLIST>
  24632. <CLSIDLIST>
  24633. </CLSIDLIST>
  24634. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24635. <DEFAULTINSTALLPATHLIST>
  24636. </DEFAULTINSTALLPATHLIST>
  24637. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24638. <CONDITIONLIST>
  24639. <CONDITION>MD5=96280ED5540A47B14522B549A0F26EB2</CONDITION>
  24640. </CONDITIONLIST>
  24641. <OPERATOR>AND</OPERATOR>
  24642. <THREATLEVEL>10</THREATLEVEL>
  24643. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24644. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24645. </PROCESSDESCRIPTOR>
  24646. <PROCESSDESCRIPTOR>
  24647. <ID>3904</ID>
  24648. <PROCESSLIST>
  24649. <PROCESS>*</PROCESS>
  24650. <PROCESS>(SM.EXE)</PROCESS>
  24651. </PROCESSLIST>
  24652. <CLSIDLIST>
  24653. </CLSIDLIST>
  24654. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24655. <DEFAULTINSTALLPATHLIST>
  24656. </DEFAULTINSTALLPATHLIST>
  24657. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24658. <CONDITIONLIST>
  24659. <CONDITION>MD5=36F27012FA5AE156176ADDD1AD76424B</CONDITION>
  24660. </CONDITIONLIST>
  24661. <OPERATOR>AND</OPERATOR>
  24662. <THREATLEVEL>10</THREATLEVEL>
  24663. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24664. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24665. </PROCESSDESCRIPTOR>
  24666. <PROCESSDESCRIPTOR>
  24667. <ID>3907</ID>
  24668. <PROCESSLIST>
  24669. <PROCESS>*</PROCESS>
  24670. <PROCESS>(313328.EXE)</PROCESS>
  24671. <PROCESS>(225968.EXE)</PROCESS>
  24672. </PROCESSLIST>
  24673. <CLSIDLIST>
  24674. </CLSIDLIST>
  24675. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24676. <DEFAULTINSTALLPATHLIST>
  24677. </DEFAULTINSTALLPATHLIST>
  24678. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24679. <CONDITIONLIST>
  24680. <CONDITION>MD5=7802C4AA3428B56A41A55191C3155C69</CONDITION>
  24681. </CONDITIONLIST>
  24682. <OPERATOR>AND</OPERATOR>
  24683. <THREATLEVEL>10</THREATLEVEL>
  24684. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24685. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24686. </PROCESSDESCRIPTOR>
  24687. <PROCESSDESCRIPTOR>
  24688. <ID>3908</ID>
  24689. <PROCESSLIST>
  24690. <PROCESS>*</PROCESS>
  24691. <PROCESS>(M80MGU.EXE)</PROCESS>
  24692. </PROCESSLIST>
  24693. <CLSIDLIST>
  24694. </CLSIDLIST>
  24695. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24696. <DEFAULTINSTALLPATHLIST>
  24697. </DEFAULTINSTALLPATHLIST>
  24698. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24699. <CONDITIONLIST>
  24700. <CONDITION>MD5=BF19E8CB0617E9554D93E38393624667</CONDITION>
  24701. </CONDITIONLIST>
  24702. <OPERATOR>AND</OPERATOR>
  24703. <THREATLEVEL>10</THREATLEVEL>
  24704. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24705. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24706. </PROCESSDESCRIPTOR>
  24707. <PROCESSDESCRIPTOR>
  24708. <ID>3909</ID>
  24709. <PROCESSLIST>
  24710. <PROCESS>*</PROCESS>
  24711. <PROCESS>(TZZDWEZE.EXE)</PROCESS>
  24712. </PROCESSLIST>
  24713. <CLSIDLIST>
  24714. </CLSIDLIST>
  24715. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24716. <DEFAULTINSTALLPATHLIST>
  24717. </DEFAULTINSTALLPATHLIST>
  24718. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24719. <CONDITIONLIST>
  24720. <CONDITION>MD5=B502F83A7C9B237018A9E24485AF2B79</CONDITION>
  24721. </CONDITIONLIST>
  24722. <OPERATOR>AND</OPERATOR>
  24723. <THREATLEVEL>10</THREATLEVEL>
  24724. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24725. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24726. </PROCESSDESCRIPTOR>
  24727. <PROCESSDESCRIPTOR>
  24728. <ID>3911</ID>
  24729. <PROCESSLIST>
  24730. <PROCESS>EXPLOER.EXE</PROCESS>
  24731. </PROCESSLIST>
  24732. <CLSIDLIST>
  24733. </CLSIDLIST>
  24734. <SUMMARY>Bogus MS EXPLORER.EXE</SUMMARY>
  24735. <DEFAULTINSTALLPATHLIST>
  24736. </DEFAULTINSTALLPATHLIST>
  24737. <CATEGORY>ADWARE</CATEGORY>
  24738. <CONDITIONLIST>
  24739. </CONDITIONLIST>
  24740. <OPERATOR>AND</OPERATOR>
  24741. <THREATLEVEL>10</THREATLEVEL>
  24742. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24743. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24744. </PROCESSDESCRIPTOR>
  24745. <PROCESSDESCRIPTOR>
  24746. <ID>3913</ID>
  24747. <PROCESSLIST>
  24748. <PROCESS>*</PROCESS>
  24749. <PROCESS>(BQUCGRRJU.EXE)</PROCESS>
  24750. </PROCESSLIST>
  24751. <CLSIDLIST>
  24752. </CLSIDLIST>
  24753. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24754. <DEFAULTINSTALLPATHLIST>
  24755. </DEFAULTINSTALLPATHLIST>
  24756. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24757. <CONDITIONLIST>
  24758. <CONDITION>MD5=21E5D955A7DFD76182BB7E2238C9A38E</CONDITION>
  24759. </CONDITIONLIST>
  24760. <OPERATOR>AND</OPERATOR>
  24761. <THREATLEVEL>10</THREATLEVEL>
  24762. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24763. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24764. </PROCESSDESCRIPTOR>
  24765. <PROCESSDESCRIPTOR>
  24766. <ID>3914</ID>
  24767. <PROCESSLIST>
  24768. <PROCESS>MSMSGSVC.EXE</PROCESS>
  24769. </PROCESSLIST>
  24770. <CLSIDLIST>
  24771. </CLSIDLIST>
  24772. <SUMMARY>Start Page Browser Hijacker</SUMMARY>
  24773. <DEFAULTINSTALLPATHLIST>
  24774. </DEFAULTINSTALLPATHLIST>
  24775. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  24776. <CONDITIONLIST>
  24777. <CONDITION>COMPANYNAME^Microsoft</CONDITION>
  24778. </CONDITIONLIST>
  24779. <OPERATOR>AND</OPERATOR>
  24780. <THREATLEVEL>10</THREATLEVEL>
  24781. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24782. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24783. </PROCESSDESCRIPTOR>
  24784. <PROCESSDESCRIPTOR>
  24785. <ID>3915</ID>
  24786. <PROCESSLIST>
  24787. <PROCESS>*</PROCESS>
  24788. <PROCESS>(SFITA.EXE)</PROCESS>
  24789. </PROCESSLIST>
  24790. <CLSIDLIST>
  24791. </CLSIDLIST>
  24792. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24793. <DEFAULTINSTALLPATHLIST>
  24794. </DEFAULTINSTALLPATHLIST>
  24795. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24796. <CONDITIONLIST>
  24797. <CONDITION>MD5=D2D41D8CAE7A8FA08531BCE29244FE7D</CONDITION>
  24798. <CONDITION>MD5=9989fefaa0f64030e02ac5f50536e971</CONDITION>
  24799. </CONDITIONLIST>
  24800. <OPERATOR>OR</OPERATOR>
  24801. <THREATLEVEL>10</THREATLEVEL>
  24802. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24803. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24804. </PROCESSDESCRIPTOR>
  24805. <PROCESSDESCRIPTOR>
  24806. <ID>3916</ID>
  24807. <PROCESSLIST>
  24808. <PROCESS>*</PROCESS>
  24809. <PROCESS>(IJJRP.EXE)</PROCESS>
  24810. </PROCESSLIST>
  24811. <CLSIDLIST>
  24812. </CLSIDLIST>
  24813. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24814. <DEFAULTINSTALLPATHLIST>
  24815. </DEFAULTINSTALLPATHLIST>
  24816. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24817. <CONDITIONLIST>
  24818. <CONDITION>MD5=FE91E3E582CBBE0D709FBB44A13555C1</CONDITION>
  24819. </CONDITIONLIST>
  24820. <OPERATOR>AND</OPERATOR>
  24821. <THREATLEVEL>10</THREATLEVEL>
  24822. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24823. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24824. </PROCESSDESCRIPTOR>
  24825. <PROCESSDESCRIPTOR>
  24826. <ID>3918</ID>
  24827. <PROCESSLIST>
  24828. <PROCESS>EMESX.DLL</PROCESS>
  24829. </PROCESSLIST>
  24830. <CLSIDLIST>
  24831. <CLSID>{000000DA-0786-4633-87C6-1AA7A4429EF1}</CLSID>
  24832. </CLSIDLIST>
  24833. <SUMMARY>FavoriteMan Downloader BHO</SUMMARY>
  24834. <DEFAULTINSTALLPATHLIST>
  24835. </DEFAULTINSTALLPATHLIST>
  24836. <CATEGORY>TROJAN</CATEGORY>
  24837. <CONDITIONLIST>
  24838. </CONDITIONLIST>
  24839. <OPERATOR>AND</OPERATOR>
  24840. <THREATLEVEL>8</THREATLEVEL>
  24841. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24842. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24843. </PROCESSDESCRIPTOR>
  24844. <PROCESSDESCRIPTOR>
  24845. <ID>3919</ID>
  24846. <PROCESSLIST>
  24847. <PROCESS>WO.EXE</PROCESS>
  24848. </PROCESSLIST>
  24849. <CLSIDLIST>
  24850. </CLSIDLIST>
  24851. <SUMMARY>WO.EXE (EARN)</SUMMARY>
  24852. <DEFAULTINSTALLPATHLIST>
  24853. </DEFAULTINSTALLPATHLIST>
  24854. <CATEGORY>ADWARE</CATEGORY>
  24855. <CONDITIONLIST>
  24856. <CONDITION>COMPANYNAME~Bundle</CONDITION>
  24857. </CONDITIONLIST>
  24858. <OPERATOR>AND</OPERATOR>
  24859. <THREATLEVEL>10</THREATLEVEL>
  24860. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24861. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24862. </PROCESSDESCRIPTOR>
  24863. <PROCESSDESCRIPTOR>
  24864. <ID>3920</ID>
  24865. <PROCESSLIST>
  24866. <PROCESS>*</PROCESS>
  24867. <PROCESS>(62656.EXE)</PROCESS>
  24868. <PROCESS>(50468.EXE)</PROCESS>
  24869. </PROCESSLIST>
  24870. <CLSIDLIST>
  24871. </CLSIDLIST>
  24872. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24873. <DEFAULTINSTALLPATHLIST>
  24874. </DEFAULTINSTALLPATHLIST>
  24875. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24876. <CONDITIONLIST>
  24877. <CONDITION>MD5=52C94254A03A85B5810F79003CF3DFCA</CONDITION>
  24878. </CONDITIONLIST>
  24879. <OPERATOR>AND</OPERATOR>
  24880. <THREATLEVEL>10</THREATLEVEL>
  24881. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24882. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24883. </PROCESSDESCRIPTOR>
  24884. <PROCESSDESCRIPTOR>
  24885. <ID>3921</ID>
  24886. <PROCESSLIST>
  24887. <PROCESS>*</PROCESS>
  24888. <PROCESS>(GX9FZJ83M9.EXE)</PROCESS>
  24889. </PROCESSLIST>
  24890. <CLSIDLIST>
  24891. </CLSIDLIST>
  24892. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24893. <DEFAULTINSTALLPATHLIST>
  24894. </DEFAULTINSTALLPATHLIST>
  24895. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24896. <CONDITIONLIST>
  24897. <CONDITION>MD5=e573a07eae1d8af7512a4a2e5f4e2b79</CONDITION>
  24898. </CONDITIONLIST>
  24899. <OPERATOR>AND</OPERATOR>
  24900. <THREATLEVEL>10</THREATLEVEL>
  24901. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24902. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24903. </PROCESSDESCRIPTOR>
  24904. <PROCESSDESCRIPTOR>
  24905. <ID>3922</ID>
  24906. <PROCESSLIST>
  24907. <PROCESS>*</PROCESS>
  24908. <PROCESS>(GPKWUUEW.EXE)</PROCESS>
  24909. </PROCESSLIST>
  24910. <CLSIDLIST>
  24911. </CLSIDLIST>
  24912. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  24913. <DEFAULTINSTALLPATHLIST>
  24914. </DEFAULTINSTALLPATHLIST>
  24915. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24916. <CONDITIONLIST>
  24917. <CONDITION>MD5=c9dec9330ffc26e3811a7089a9f8dc5a</CONDITION>
  24918. </CONDITIONLIST>
  24919. <OPERATOR>AND</OPERATOR>
  24920. <THREATLEVEL>10</THREATLEVEL>
  24921. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24922. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24923. </PROCESSDESCRIPTOR>
  24924. <PROCESSDESCRIPTOR>
  24925. <ID>3965</ID>
  24926. <PROCESSLIST>
  24927. <PROCESS>EXPLORER32.EXE</PROCESS>
  24928. </PROCESSLIST>
  24929. <CLSIDLIST>
  24930. </CLSIDLIST>
  24931. <SUMMARY>EXPLORER32.EXE Worm</SUMMARY>
  24932. <DEFAULTINSTALLPATHLIST>
  24933. </DEFAULTINSTALLPATHLIST>
  24934. <CATEGORY>WORM</CATEGORY>
  24935. <CONDITIONLIST>
  24936. </CONDITIONLIST>
  24937. <OPERATOR>AND</OPERATOR>
  24938. <THREATLEVEL>10</THREATLEVEL>
  24939. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24940. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24941. </PROCESSDESCRIPTOR>
  24942. <PROCESSDESCRIPTOR>
  24943. <ID>3966</ID>
  24944. <PROCESSLIST>
  24945. <PROCESS>ADTOOLSKEEP.EXE</PROCESS>
  24946. <PROCESS>ADTOOLS.EXE</PROCESS>
  24947. </PROCESSLIST>
  24948. <CLSIDLIST>
  24949. </CLSIDLIST>
  24950. <SUMMARY>Adtools Service Components</SUMMARY>
  24951. <DEFAULTINSTALLPATHLIST>
  24952. </DEFAULTINSTALLPATHLIST>
  24953. <CATEGORY>ADWARE</CATEGORY>
  24954. <CONDITIONLIST>
  24955. <CONDITION>FILELOCATION~ADTOOLS</CONDITION>
  24956. </CONDITIONLIST>
  24957. <OPERATOR>AND</OPERATOR>
  24958. <THREATLEVEL>10</THREATLEVEL>
  24959. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24960. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24961. </PROCESSDESCRIPTOR>
  24962. <PROCESSDESCRIPTOR>
  24963. <ID>3967</ID>
  24964. <PROCESSLIST>
  24965. <PROCESS>WZHELPER.DLL</PROCESS>
  24966. <PROCESS>WEBALIZE.DLL</PROCESS>
  24967. <PROCESS>BARBHO.DLL</PROCESS>
  24968. </PROCESSLIST>
  24969. <CLSIDLIST>
  24970. <CLSID>{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}</CLSID>
  24971. <CLSID>{4E7BD74F-2B8D-469E-D7E4-F660B597BF2A}</CLSID>
  24972. <CLSID>{CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8}</CLSID>
  24973. </CLSIDLIST>
  24974. <SUMMARY>SearchCentrix Adware BHO</SUMMARY>
  24975. <DEFAULTINSTALLPATHLIST>
  24976. </DEFAULTINSTALLPATHLIST>
  24977. <CATEGORY>ADWARE</CATEGORY>
  24978. <CONDITIONLIST>
  24979. </CONDITIONLIST>
  24980. <OPERATOR>AND</OPERATOR>
  24981. <THREATLEVEL>7</THREATLEVEL>
  24982. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  24983. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  24984. </PROCESSDESCRIPTOR>
  24985. <PROCESSDESCRIPTOR>
  24986. <ID>3968</ID>
  24987. <PROCESSLIST>
  24988. <PROCESS>*</PROCESS>
  24989. <PROCESS>WH5_1833003.DLL</PROCESS>
  24990. </PROCESSLIST>
  24991. <CLSIDLIST>
  24992. <CLSID>{1BDD55B8-3985-4E59-B906-5E0AD56D6710}</CLSID>
  24993. </CLSIDLIST>
  24994. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  24995. <DEFAULTINSTALLPATHLIST>
  24996. </DEFAULTINSTALLPATHLIST>
  24997. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  24998. <CONDITIONLIST>
  24999. </CONDITIONLIST>
  25000. <OPERATOR>AND</OPERATOR>
  25001. <THREATLEVEL>10</THREATLEVEL>
  25002. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25003. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25004. </PROCESSDESCRIPTOR>
  25005. <PROCESSDESCRIPTOR>
  25006. <ID>3969</ID>
  25007. <PROCESSLIST>
  25008. <PROCESS>MYGEEK.DLL</PROCESS>
  25009. </PROCESSLIST>
  25010. <CLSIDLIST>
  25011. <CLSID>*</CLSID>
  25012. <CLSID>{C431BF1E-9E71-4BB6-9C4E-8496D158DB1F}</CLSID>
  25013. </CLSIDLIST>
  25014. <SUMMARY>SearchCentrix Adware BHO</SUMMARY>
  25015. <DEFAULTINSTALLPATHLIST>
  25016. </DEFAULTINSTALLPATHLIST>
  25017. <CATEGORY>ADWARE</CATEGORY>
  25018. <CONDITIONLIST>
  25019. </CONDITIONLIST>
  25020. <OPERATOR>AND</OPERATOR>
  25021. <THREATLEVEL>7</THREATLEVEL>
  25022. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25023. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25024. </PROCESSDESCRIPTOR>
  25025. <PROCESSDESCRIPTOR>
  25026. <ID>3970</ID>
  25027. <PROCESSLIST>
  25028. <PROCESS>MSHELPER.DLL</PROCESS>
  25029. </PROCESSLIST>
  25030. <CLSIDLIST>
  25031. <CLSID>{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}</CLSID>
  25032. </CLSIDLIST>
  25033. <SUMMARY>CoolWebSearch Variant BHO</SUMMARY>
  25034. <DEFAULTINSTALLPATHLIST>
  25035. </DEFAULTINSTALLPATHLIST>
  25036. <CATEGORY>PARASITE</CATEGORY>
  25037. <CONDITIONLIST>
  25038. </CONDITIONLIST>
  25039. <OPERATOR>AND</OPERATOR>
  25040. <THREATLEVEL>10</THREATLEVEL>
  25041. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25042. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25043. </PROCESSDESCRIPTOR>
  25044. <PROCESSDESCRIPTOR>
  25045. <ID>3971</ID>
  25046. <PROCESSLIST>
  25047. <PROCESS>TVM.EXE</PROCESS>
  25048. </PROCESSLIST>
  25049. <CLSIDLIST>
  25050. </CLSIDLIST>
  25051. <SUMMARY>TV Media Adware</SUMMARY>
  25052. <DEFAULTINSTALLPATHLIST>
  25053. </DEFAULTINSTALLPATHLIST>
  25054. <CATEGORY>ADWARE</CATEGORY>
  25055. <CONDITIONLIST>
  25056. <CONDITION>FILELOCATION~TV</CONDITION>
  25057. </CONDITIONLIST>
  25058. <OPERATOR>AND</OPERATOR>
  25059. <THREATLEVEL>10</THREATLEVEL>
  25060. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25061. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25062. </PROCESSDESCRIPTOR>
  25063. <PROCESSDESCRIPTOR>
  25064. <ID>3976</ID>
  25065. <PROCESSLIST>
  25066. <PROCESS>*</PROCESS>
  25067. <PROCESS>(MKXVMIX.EXE)</PROCESS>
  25068. </PROCESSLIST>
  25069. <CLSIDLIST>
  25070. </CLSIDLIST>
  25071. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25072. <DEFAULTINSTALLPATHLIST>
  25073. </DEFAULTINSTALLPATHLIST>
  25074. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25075. <CONDITIONLIST>
  25076. <CONDITION>MD5=5DD3673B1F0CAF87900FAA63E17296F5</CONDITION>
  25077. </CONDITIONLIST>
  25078. <OPERATOR>AND</OPERATOR>
  25079. <THREATLEVEL>10</THREATLEVEL>
  25080. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25081. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25082. </PROCESSDESCRIPTOR>
  25083. <PROCESSDESCRIPTOR>
  25084. <ID>3978</ID>
  25085. <PROCESSLIST>
  25086. <PROCESS>PC32.EXE</PROCESS>
  25087. </PROCESSLIST>
  25088. <CLSIDLIST>
  25089. </CLSIDLIST>
  25090. <SUMMARY>MSNSysRestore Malware</SUMMARY>
  25091. <DEFAULTINSTALLPATHLIST>
  25092. </DEFAULTINSTALLPATHLIST>
  25093. <CATEGORY>VIRUS</CATEGORY>
  25094. <CONDITIONLIST>
  25095. <CONDITION>FILELOCATION~system</CONDITION>
  25096. </CONDITIONLIST>
  25097. <OPERATOR>AND</OPERATOR>
  25098. <THREATLEVEL>10</THREATLEVEL>
  25099. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25100. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25101. </PROCESSDESCRIPTOR>
  25102. <PROCESSDESCRIPTOR>
  25103. <ID>3982</ID>
  25104. <PROCESSLIST>
  25105. <PROCESS>*</PROCESS>
  25106. <PROCESS>(EYTVPJ.EXE)</PROCESS>
  25107. </PROCESSLIST>
  25108. <CLSIDLIST>
  25109. </CLSIDLIST>
  25110. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25111. <DEFAULTINSTALLPATHLIST>
  25112. </DEFAULTINSTALLPATHLIST>
  25113. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25114. <CONDITIONLIST>
  25115. <CONDITION>MD5=9B84980AF3CF2C678B5E2B9EF477B126</CONDITION>
  25116. </CONDITIONLIST>
  25117. <OPERATOR>AND</OPERATOR>
  25118. <THREATLEVEL>10</THREATLEVEL>
  25119. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25120. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25121. </PROCESSDESCRIPTOR>
  25122. <PROCESSDESCRIPTOR>
  25123. <ID>3983</ID>
  25124. <PROCESSLIST>
  25125. <PROCESS>*</PROCESS>
  25126. <PROCESS>(KUAQYU.EXE)</PROCESS>
  25127. <PROCESS>(XNVGWEY.EXE)</PROCESS>
  25128. <PROCESS>(UQLMBTEA.EXE)</PROCESS>
  25129. </PROCESSLIST>
  25130. <CLSIDLIST>
  25131. </CLSIDLIST>
  25132. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25133. <DEFAULTINSTALLPATHLIST>
  25134. </DEFAULTINSTALLPATHLIST>
  25135. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25136. <CONDITIONLIST>
  25137. <CONDITION>MD5=E9752207B7807DFEA9BFF1D9EEFE0A76</CONDITION>
  25138. </CONDITIONLIST>
  25139. <OPERATOR>AND</OPERATOR>
  25140. <THREATLEVEL>10</THREATLEVEL>
  25141. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25142. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25143. </PROCESSDESCRIPTOR>
  25144. <PROCESSDESCRIPTOR>
  25145. <ID>3986</ID>
  25146. <PROCESSLIST>
  25147. <PROCESS>SEARCH~1.DLL</PROCESS>
  25148. </PROCESSLIST>
  25149. <CLSIDLIST>
  25150. <CLSID>{76532682-A5C9-11D8-AE07-00D0591AB78A}</CLSID>
  25151. </CLSIDLIST>
  25152. <SUMMARY>SpecificMEDIA Toolbar</SUMMARY>
  25153. <DEFAULTINSTALLPATHLIST>
  25154. </DEFAULTINSTALLPATHLIST>
  25155. <CATEGORY>SPYWARE</CATEGORY>
  25156. <CONDITIONLIST>
  25157. </CONDITIONLIST>
  25158. <OPERATOR>AND</OPERATOR>
  25159. <THREATLEVEL>10</THREATLEVEL>
  25160. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25161. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25162. </PROCESSDESCRIPTOR>
  25163. <PROCESSDESCRIPTOR>
  25164. <ID>3991</ID>
  25165. <PROCESSLIST>
  25166. <PROCESS>GOGOFILESHARE.EXE</PROCESS>
  25167. </PROCESSLIST>
  25168. <CLSIDLIST>
  25169. </CLSIDLIST>
  25170. <SUMMARY>SpecificMEDIA GoGoTools FileShare</SUMMARY>
  25171. <DEFAULTINSTALLPATHLIST>
  25172. </DEFAULTINSTALLPATHLIST>
  25173. <CATEGORY>SPYWARE</CATEGORY>
  25174. <CONDITIONLIST>
  25175. </CONDITIONLIST>
  25176. <OPERATOR>AND</OPERATOR>
  25177. <THREATLEVEL>10</THREATLEVEL>
  25178. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25179. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25180. </PROCESSDESCRIPTOR>
  25181. <PROCESSDESCRIPTOR>
  25182. <ID>3993</ID>
  25183. <PROCESSLIST>
  25184. <PROCESS>DSLGEACCESS.EXE</PROCESS>
  25185. </PROCESSLIST>
  25186. <CLSIDLIST>
  25187. </CLSIDLIST>
  25188. <SUMMARY>Click Yes To Enter Ltd. Dialer</SUMMARY>
  25189. <DEFAULTINSTALLPATHLIST>
  25190. </DEFAULTINSTALLPATHLIST>
  25191. <CATEGORY>DIALER</CATEGORY>
  25192. <CONDITIONLIST>
  25193. <CONDITION>FILELOCATION~system</CONDITION>
  25194. </CONDITIONLIST>
  25195. <OPERATOR>AND</OPERATOR>
  25196. <THREATLEVEL>7</THREATLEVEL>
  25197. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25198. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25199. </PROCESSDESCRIPTOR>
  25200. <PROCESSDESCRIPTOR>
  25201. <ID>4003</ID>
  25202. <PROCESSLIST>
  25203. <PROCESS>WO.EXE</PROCESS>
  25204. </PROCESSLIST>
  25205. <CLSIDLIST>
  25206. </CLSIDLIST>
  25207. <SUMMARY>WO.EXE (SEEDCORN) ADWARE</SUMMARY>
  25208. <DEFAULTINSTALLPATHLIST>
  25209. </DEFAULTINSTALLPATHLIST>
  25210. <CATEGORY>ADWARE</CATEGORY>
  25211. <CONDITIONLIST>
  25212. <CONDITION>COMPANYNAME~SeedCorn</CONDITION>
  25213. </CONDITIONLIST>
  25214. <OPERATOR>AND</OPERATOR>
  25215. <THREATLEVEL>10</THREATLEVEL>
  25216. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25217. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25218. </PROCESSDESCRIPTOR>
  25219. <PROCESSDESCRIPTOR>
  25220. <ID>4007</ID>
  25221. <PROCESSLIST>
  25222. <PROCESS>WINDLLSYS32.EXE</PROCESS>
  25223. </PROCESSLIST>
  25224. <CLSIDLIST>
  25225. </CLSIDLIST>
  25226. <SUMMARY>Win32.Mitglieder Trojan</SUMMARY>
  25227. <DEFAULTINSTALLPATHLIST>
  25228. </DEFAULTINSTALLPATHLIST>
  25229. <CATEGORY>TROJAN</CATEGORY>
  25230. <CONDITIONLIST>
  25231. <CONDITION>FILELOCATION~system</CONDITION>
  25232. </CONDITIONLIST>
  25233. <OPERATOR>AND</OPERATOR>
  25234. <THREATLEVEL>10</THREATLEVEL>
  25235. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25236. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25237. </PROCESSDESCRIPTOR>
  25238. <PROCESSDESCRIPTOR>
  25239. <ID>4011</ID>
  25240. <PROCESSLIST>
  25241. <PROCESS>*</PROCESS>
  25242. <PROCESS>MSAXS.DLL</PROCESS>
  25243. <PROCESS>MSPUA.DLL</PROCESS>
  25244. <PROCESS>MSMIY.DLL</PROCESS>
  25245. </PROCESSLIST>
  25246. <CLSIDLIST>
  25247. <CLSID>*</CLSID>
  25248. <CLSID>{770C971E-08B7-497E-8F67-801EBA1ECC4D}</CLSID>
  25249. <CLSID>{EB77D262-F353-4AA9-B2BB-889660B0F5EA}</CLSID>
  25250. <CLSID>{0D095E08-3F89-4922-93C1-9AB21B5E37C0}</CLSID>
  25251. </CLSIDLIST>
  25252. <SUMMARY>Unclassified Browser Helper Object</SUMMARY>
  25253. <DEFAULTINSTALLPATHLIST>
  25254. </DEFAULTINSTALLPATHLIST>
  25255. <CATEGORY>ADWARE</CATEGORY>
  25256. <CONDITIONLIST>
  25257. <CONDITION>MD5=B38118DF4A04FD5BF3200BDDEF869682</CONDITION>
  25258. </CONDITIONLIST>
  25259. <OPERATOR>AND</OPERATOR>
  25260. <THREATLEVEL>10</THREATLEVEL>
  25261. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25262. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25263. </PROCESSDESCRIPTOR>
  25264. <PROCESSDESCRIPTOR>
  25265. <ID>4012</ID>
  25266. <PROCESSLIST>
  25267. <PROCESS>MEGATLBR.DLL</PROCESS>
  25268. <PROCESS>MEGAHOST.DLL</PROCESS>
  25269. </PROCESSLIST>
  25270. <CLSIDLIST>
  25271. <CLSID>{7FDCEDCF-77C8-46AE-B0E8-D40C6D1E5158}</CLSID>
  25272. <CLSID>{8BC6346B-FFB0-4435-ACE3-FACA6CD77816}</CLSID>
  25273. </CLSIDLIST>
  25274. <SUMMARY>Mega Search Browser Hijacker</SUMMARY>
  25275. <DEFAULTINSTALLPATHLIST>
  25276. </DEFAULTINSTALLPATHLIST>
  25277. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  25278. <CONDITIONLIST>
  25279. </CONDITIONLIST>
  25280. <OPERATOR>AND</OPERATOR>
  25281. <THREATLEVEL>8</THREATLEVEL>
  25282. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25283. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25284. </PROCESSDESCRIPTOR>
  25285. <PROCESSDESCRIPTOR>
  25286. <ID>4019</ID>
  25287. <PROCESSLIST>
  25288. <PROCESS>EZW.EXE</PROCESS>
  25289. </PROCESSLIST>
  25290. <CLSIDLIST>
  25291. </CLSIDLIST>
  25292. <SUMMARY>eZstub Module Adware</SUMMARY>
  25293. <DEFAULTINSTALLPATHLIST>
  25294. </DEFAULTINSTALLPATHLIST>
  25295. <CATEGORY>ADWARE</CATEGORY>
  25296. <CONDITIONLIST>
  25297. <CONDITION>COMPANYNAME~ClickSpringWO</CONDITION>
  25298. </CONDITIONLIST>
  25299. <OPERATOR>AND</OPERATOR>
  25300. <THREATLEVEL>7</THREATLEVEL>
  25301. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25302. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25303. </PROCESSDESCRIPTOR>
  25304. <PROCESSDESCRIPTOR>
  25305. <ID>4028</ID>
  25306. <PROCESSLIST>
  25307. <PROCESS>*</PROCESS>
  25308. <PROCESS>KBRPXAXP.DLL</PROCESS>
  25309. <PROCESS>JEWRDTIA.DLL</PROCESS>
  25310. <PROCESS>GZJHECZZ.DLL</PROCESS>
  25311. </PROCESSLIST>
  25312. <CLSIDLIST>
  25313. <CLSID>*</CLSID>
  25314. <CLSID>{00000000-0000-0000-0000-000000000000}</CLSID>
  25315. <CLSID>{233043EA-60CC-2BBE-60FF-08991175B7EE}</CLSID>
  25316. <CLSID>{CCE00551-E611-0BBC-6707-80AD2AF5A508}</CLSID>
  25317. </CLSIDLIST>
  25318. <SUMMARY>Unclassified Threat Browser Helper Object</SUMMARY>
  25319. <DEFAULTINSTALLPATHLIST>
  25320. </DEFAULTINSTALLPATHLIST>
  25321. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25322. <CONDITIONLIST>
  25323. <CONDITION>MD5=81B63B9D54B303EDEAF9765A6915EE13</CONDITION>
  25324. </CONDITIONLIST>
  25325. <OPERATOR>AND</OPERATOR>
  25326. <THREATLEVEL>8</THREATLEVEL>
  25327. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25328. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25329. </PROCESSDESCRIPTOR>
  25330. <PROCESSDESCRIPTOR>
  25331. <ID>4029</ID>
  25332. <PROCESSLIST>
  25333. <PROCESS>WO.EXE</PROCESS>
  25334. </PROCESSLIST>
  25335. <CLSIDLIST>
  25336. </CLSIDLIST>
  25337. <SUMMARY>WO.EXE (StatBlaster) ADWARE</SUMMARY>
  25338. <DEFAULTINSTALLPATHLIST>
  25339. </DEFAULTINSTALLPATHLIST>
  25340. <CATEGORY>ADWARE</CATEGORY>
  25341. <CONDITIONLIST>
  25342. <CONDITION>COMPANYNAME~StatBlaster</CONDITION>
  25343. </CONDITIONLIST>
  25344. <OPERATOR>AND</OPERATOR>
  25345. <THREATLEVEL>10</THREATLEVEL>
  25346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25348. </PROCESSDESCRIPTOR>
  25349. <PROCESSDESCRIPTOR>
  25350. <ID>4035</ID>
  25351. <PROCESSLIST>
  25352. <PROCESS>JAVAFIX3.DLL</PROCESS>
  25353. </PROCESSLIST>
  25354. <CLSIDLIST>
  25355. <CLSID>{A708A39C-8DA7-4E36-B3B0-0A1FFAFD4B6D}</CLSID>
  25356. </CLSIDLIST>
  25357. <SUMMARY>Trojan.KillAV.E Downloader</SUMMARY>
  25358. <DEFAULTINSTALLPATHLIST>
  25359. </DEFAULTINSTALLPATHLIST>
  25360. <CATEGORY>TROJAN</CATEGORY>
  25361. <CONDITIONLIST>
  25362. </CONDITIONLIST>
  25363. <OPERATOR>AND</OPERATOR>
  25364. <THREATLEVEL>6</THREATLEVEL>
  25365. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25366. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25367. </PROCESSDESCRIPTOR>
  25368. <PROCESSDESCRIPTOR>
  25369. <ID>4038</ID>
  25370. <PROCESSLIST>
  25371. <PROCESS>EZSTUB.EXE</PROCESS>
  25372. </PROCESSLIST>
  25373. <CLSIDLIST>
  25374. </CLSIDLIST>
  25375. <SUMMARY>Adware.eZula.Process</SUMMARY>
  25376. <DEFAULTINSTALLPATHLIST>
  25377. </DEFAULTINSTALLPATHLIST>
  25378. <CATEGORY>ADWARE</CATEGORY>
  25379. <CONDITIONLIST>
  25380. <CONDITION>PRODUCTNAME~eZstub</CONDITION>
  25381. <CONDITION>FILEDESCRIPTION~eZstub</CONDITION>
  25382. </CONDITIONLIST>
  25383. <OPERATOR>AND</OPERATOR>
  25384. <THREATLEVEL>5</THREATLEVEL>
  25385. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25386. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25387. </PROCESSDESCRIPTOR>
  25388. <PROCESSDESCRIPTOR>
  25389. <ID>4041</ID>
  25390. <PROCESSLIST>
  25391. <PROCESS>*</PROCESS>
  25392. <PROCESS>KABH7.DLL</PROCESS>
  25393. </PROCESSLIST>
  25394. <CLSIDLIST>
  25395. <CLSID>{EFF80427-F837-4B74-8834-BAF18E0553FD}</CLSID>
  25396. </CLSIDLIST>
  25397. <SUMMARY>Undefined Parasite</SUMMARY>
  25398. <DEFAULTINSTALLPATHLIST>
  25399. </DEFAULTINSTALLPATHLIST>
  25400. <CATEGORY>PARASITE</CATEGORY>
  25401. <CONDITIONLIST>
  25402. </CONDITIONLIST>
  25403. <OPERATOR>AND</OPERATOR>
  25404. <THREATLEVEL>7</THREATLEVEL>
  25405. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25406. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25407. </PROCESSDESCRIPTOR>
  25408. <PROCESSDESCRIPTOR>
  25409. <ID>4061</ID>
  25410. <PROCESSLIST>
  25411. <PROCESS>*</PROCESS>
  25412. <PROCESS>TRAFFIX1.1.0.25.DLL</PROCESS>
  25413. </PROCESSLIST>
  25414. <CLSIDLIST>
  25415. <CLSID>{3F68A524-6E47-44E6-9FE7-795EABFA3B36}</CLSID>
  25416. </CLSIDLIST>
  25417. <SUMMARY>Traffix Client Application/iMatchUp Adware</SUMMARY>
  25418. <DEFAULTINSTALLPATHLIST>
  25419. </DEFAULTINSTALLPATHLIST>
  25420. <CATEGORY>ADWARE</CATEGORY>
  25421. <CONDITIONLIST>
  25422. <CONDITION>COMPANYNAME~Traffix</CONDITION>
  25423. </CONDITIONLIST>
  25424. <OPERATOR>AND</OPERATOR>
  25425. <THREATLEVEL>5</THREATLEVEL>
  25426. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25427. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25428. </PROCESSDESCRIPTOR>
  25429. <PROCESSDESCRIPTOR>
  25430. <ID>4078</ID>
  25431. <PROCESSLIST>
  25432. <PROCESS>REGISTRATION.EXE</PROCESS>
  25433. </PROCESSLIST>
  25434. <CLSIDLIST>
  25435. </CLSIDLIST>
  25436. <SUMMARY>GogoWare Registration Application</SUMMARY>
  25437. <DEFAULTINSTALLPATHLIST>
  25438. </DEFAULTINSTALLPATHLIST>
  25439. <CATEGORY>ADWARE</CATEGORY>
  25440. <CONDITIONLIST>
  25441. <CONDITION>COMPANYNAME~SpecificMEDIA</CONDITION>
  25442. </CONDITIONLIST>
  25443. <OPERATOR>AND</OPERATOR>
  25444. <THREATLEVEL>3</THREATLEVEL>
  25445. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25446. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25447. </PROCESSDESCRIPTOR>
  25448. <PROCESSDESCRIPTOR>
  25449. <ID>4086</ID>
  25450. <PROCESSLIST>
  25451. <PROCESS>SCVHOST.EXE</PROCESS>
  25452. </PROCESSLIST>
  25453. <CLSIDLIST>
  25454. </CLSIDLIST>
  25455. <SUMMARY>Scvhost Worm (Variant)</SUMMARY>
  25456. <DEFAULTINSTALLPATHLIST>
  25457. </DEFAULTINSTALLPATHLIST>
  25458. <CATEGORY>VIRUS</CATEGORY>
  25459. <CONDITIONLIST>
  25460. <CONDITION>MD5=E2A12E3E6831248AD01A1C096CB1F970</CONDITION>
  25461. </CONDITIONLIST>
  25462. <OPERATOR>AND</OPERATOR>
  25463. <THREATLEVEL>10</THREATLEVEL>
  25464. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25465. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25466. </PROCESSDESCRIPTOR>
  25467. <PROCESSDESCRIPTOR>
  25468. <ID>4092</ID>
  25469. <PROCESSLIST>
  25470. <PROCESS>AVIFIL32.EXE</PROCESS>
  25471. </PROCESSLIST>
  25472. <CLSIDLIST>
  25473. </CLSIDLIST>
  25474. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25475. <DEFAULTINSTALLPATHLIST>
  25476. </DEFAULTINSTALLPATHLIST>
  25477. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25478. <CONDITIONLIST>
  25479. <CONDITION>FILELOCATION~system</CONDITION>
  25480. </CONDITIONLIST>
  25481. <OPERATOR>AND</OPERATOR>
  25482. <THREATLEVEL>10</THREATLEVEL>
  25483. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25484. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25485. </PROCESSDESCRIPTOR>
  25486. <PROCESSDESCRIPTOR>
  25487. <ID>4100</ID>
  25488. <PROCESSLIST>
  25489. <PROCESS>*</PROCESS>
  25490. <PROCESS>(ZRIH.EXE)</PROCESS>
  25491. </PROCESSLIST>
  25492. <CLSIDLIST>
  25493. </CLSIDLIST>
  25494. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25495. <DEFAULTINSTALLPATHLIST>
  25496. </DEFAULTINSTALLPATHLIST>
  25497. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25498. <CONDITIONLIST>
  25499. <CONDITION>MD5=E2BF5A11873DA031BA76DD874AF0AF42</CONDITION>
  25500. </CONDITIONLIST>
  25501. <OPERATOR>AND</OPERATOR>
  25502. <THREATLEVEL>10</THREATLEVEL>
  25503. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25504. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25505. </PROCESSDESCRIPTOR>
  25506. <PROCESSDESCRIPTOR>
  25507. <ID>4101</ID>
  25508. <PROCESSLIST>
  25509. <PROCESS>*</PROCESS>
  25510. <PROCESS>(XYBIRVA.EXE)</PROCESS>
  25511. </PROCESSLIST>
  25512. <CLSIDLIST>
  25513. </CLSIDLIST>
  25514. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25515. <DEFAULTINSTALLPATHLIST>
  25516. </DEFAULTINSTALLPATHLIST>
  25517. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25518. <CONDITIONLIST>
  25519. <CONDITION>MD5=A5ECCA22AE81E3210247AD8C417C5310</CONDITION>
  25520. </CONDITIONLIST>
  25521. <OPERATOR>AND</OPERATOR>
  25522. <THREATLEVEL>10</THREATLEVEL>
  25523. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25524. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25525. </PROCESSDESCRIPTOR>
  25526. <PROCESSDESCRIPTOR>
  25527. <ID>4102</ID>
  25528. <PROCESSLIST>
  25529. <PROCESS>*</PROCESS>
  25530. <PROCESS>(GQNMTL.EXE)</PROCESS>
  25531. </PROCESSLIST>
  25532. <CLSIDLIST>
  25533. </CLSIDLIST>
  25534. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25535. <DEFAULTINSTALLPATHLIST>
  25536. </DEFAULTINSTALLPATHLIST>
  25537. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25538. <CONDITIONLIST>
  25539. <CONDITION>MD5=952EFE24CD5220178BE045E859F70B6C</CONDITION>
  25540. </CONDITIONLIST>
  25541. <OPERATOR>AND</OPERATOR>
  25542. <THREATLEVEL>10</THREATLEVEL>
  25543. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25544. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25545. </PROCESSDESCRIPTOR>
  25546. <PROCESSDESCRIPTOR>
  25547. <ID>4103</ID>
  25548. <PROCESSLIST>
  25549. <PROCESS>PREVADSERV.EXE</PROCESS>
  25550. <PROCESS>PREVADKEEP.EXE</PROCESS>
  25551. </PROCESSLIST>
  25552. <CLSIDLIST>
  25553. </CLSIDLIST>
  25554. <SUMMARY>Preview AdService Components</SUMMARY>
  25555. <DEFAULTINSTALLPATHLIST>
  25556. </DEFAULTINSTALLPATHLIST>
  25557. <CATEGORY>ADWARE</CATEGORY>
  25558. <CONDITIONLIST>
  25559. </CONDITIONLIST>
  25560. <OPERATOR>AND</OPERATOR>
  25561. <THREATLEVEL>10</THREATLEVEL>
  25562. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25563. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25564. </PROCESSDESCRIPTOR>
  25565. <PROCESSDESCRIPTOR>
  25566. <ID>4106</ID>
  25567. <PROCESSLIST>
  25568. <PROCESS>FLT.DLL</PROCESS>
  25569. </PROCESSLIST>
  25570. <CLSIDLIST>
  25571. <CLSID>{665ACD90-4541-4836-9FE4-062386BB8F05}</CLSID>
  25572. </CLSIDLIST>
  25573. <SUMMARY>FlashTrack Adware Browser Helper Object</SUMMARY>
  25574. <DEFAULTINSTALLPATHLIST>
  25575. </DEFAULTINSTALLPATHLIST>
  25576. <CATEGORY>ADWARE</CATEGORY>
  25577. <CONDITIONLIST>
  25578. </CONDITIONLIST>
  25579. <OPERATOR>AND</OPERATOR>
  25580. <THREATLEVEL>5</THREATLEVEL>
  25581. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25582. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25583. </PROCESSDESCRIPTOR>
  25584. <PROCESSDESCRIPTOR>
  25585. <ID>4107</ID>
  25586. <PROCESSLIST>
  25587. <PROCESS>*</PROCESS>
  25588. <PROCESS>(D3DRM310.EXE)</PROCESS>
  25589. </PROCESSLIST>
  25590. <CLSIDLIST>
  25591. </CLSIDLIST>
  25592. <SUMMARY>iehost34 Browser Hijacker Variant</SUMMARY>
  25593. <DEFAULTINSTALLPATHLIST>
  25594. </DEFAULTINSTALLPATHLIST>
  25595. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  25596. <CONDITIONLIST>
  25597. <CONDITION>INTERNALNAME~iehost34</CONDITION>
  25598. <CONDITION>COMPANYNAME~CSL</CONDITION>
  25599. </CONDITIONLIST>
  25600. <OPERATOR>AND</OPERATOR>
  25601. <THREATLEVEL>10</THREATLEVEL>
  25602. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25603. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25604. </PROCESSDESCRIPTOR>
  25605. <PROCESSDESCRIPTOR>
  25606. <ID>4108</ID>
  25607. <PROCESSLIST>
  25608. <PROCESS>*</PROCESS>
  25609. <PROCESS>(DW5YYCG7.EXE)</PROCESS>
  25610. </PROCESSLIST>
  25611. <CLSIDLIST>
  25612. </CLSIDLIST>
  25613. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25614. <DEFAULTINSTALLPATHLIST>
  25615. </DEFAULTINSTALLPATHLIST>
  25616. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25617. <CONDITIONLIST>
  25618. <CONDITION>MD5=801AAB6765F026A4FF2E554FE8EEC166</CONDITION>
  25619. </CONDITIONLIST>
  25620. <OPERATOR>AND</OPERATOR>
  25621. <THREATLEVEL>10</THREATLEVEL>
  25622. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25623. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25624. </PROCESSDESCRIPTOR>
  25625. <PROCESSDESCRIPTOR>
  25626. <ID>4109</ID>
  25627. <PROCESSLIST>
  25628. <PROCESS>IEDRIVER.EXE</PROCESS>
  25629. </PROCESSLIST>
  25630. <CLSIDLIST>
  25631. </CLSIDLIST>
  25632. <SUMMARY>IEDriver (Cydoor) Stealth Redirector</SUMMARY>
  25633. <DEFAULTINSTALLPATHLIST>
  25634. </DEFAULTINSTALLPATHLIST>
  25635. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25636. <CONDITIONLIST>
  25637. <CONDITION>ORIGINALFILENAME=Redirect.EXE</CONDITION>
  25638. </CONDITIONLIST>
  25639. <OPERATOR>AND</OPERATOR>
  25640. <THREATLEVEL>10</THREATLEVEL>
  25641. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25642. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25643. </PROCESSDESCRIPTOR>
  25644. <PROCESSDESCRIPTOR>
  25645. <ID>4114</ID>
  25646. <PROCESSLIST>
  25647. <PROCESS>GOGODISPLAY.EXE</PROCESS>
  25648. </PROCESSLIST>
  25649. <CLSIDLIST>
  25650. </CLSIDLIST>
  25651. <SUMMARY>SpecificMEDIA GoGoTools AdDisplayWind</SUMMARY>
  25652. <DEFAULTINSTALLPATHLIST>
  25653. </DEFAULTINSTALLPATHLIST>
  25654. <CATEGORY>SPYWARE</CATEGORY>
  25655. <CONDITIONLIST>
  25656. </CONDITIONLIST>
  25657. <OPERATOR>AND</OPERATOR>
  25658. <THREATLEVEL>10</THREATLEVEL>
  25659. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25660. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25661. </PROCESSDESCRIPTOR>
  25662. <PROCESSDESCRIPTOR>
  25663. <ID>4115</ID>
  25664. <PROCESSLIST>
  25665. <PROCESS>*</PROCESS>
  25666. <PROCESS>(PSIF.EXE)</PROCESS>
  25667. </PROCESSLIST>
  25668. <CLSIDLIST>
  25669. </CLSIDLIST>
  25670. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25671. <DEFAULTINSTALLPATHLIST>
  25672. </DEFAULTINSTALLPATHLIST>
  25673. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25674. <CONDITIONLIST>
  25675. <CONDITION>MD5=B244E8EA013A309C58F75BE0CF195284</CONDITION>
  25676. </CONDITIONLIST>
  25677. <OPERATOR>AND</OPERATOR>
  25678. <THREATLEVEL>10</THREATLEVEL>
  25679. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25680. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25681. </PROCESSDESCRIPTOR>
  25682. <PROCESSDESCRIPTOR>
  25683. <ID>4118</ID>
  25684. <PROCESSLIST>
  25685. <PROCESS>*</PROCESS>
  25686. <PROCESS>(WRKPRK.EXE)</PROCESS>
  25687. <PROCESS>(TGTGVG.EXE)</PROCESS>
  25688. <PROCESS>(RARASA.EXE)</PROCESS>
  25689. </PROCESSLIST>
  25690. <CLSIDLIST>
  25691. </CLSIDLIST>
  25692. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25693. <DEFAULTINSTALLPATHLIST>
  25694. </DEFAULTINSTALLPATHLIST>
  25695. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25696. <CONDITIONLIST>
  25697. <CONDITION>MD5=C9DAD2A212E699B88CC3F2897A3F08BF</CONDITION>
  25698. </CONDITIONLIST>
  25699. <OPERATOR>AND</OPERATOR>
  25700. <THREATLEVEL>10</THREATLEVEL>
  25701. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25702. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25703. </PROCESSDESCRIPTOR>
  25704. <PROCESSDESCRIPTOR>
  25705. <ID>4120</ID>
  25706. <PROCESSLIST>
  25707. <PROCESS>*</PROCESS>
  25708. <PROCESS>(CMUTIL.EXE)</PROCESS>
  25709. </PROCESSLIST>
  25710. <CLSIDLIST>
  25711. </CLSIDLIST>
  25712. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25713. <DEFAULTINSTALLPATHLIST>
  25714. </DEFAULTINSTALLPATHLIST>
  25715. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25716. <CONDITIONLIST>
  25717. <CONDITION>MD5=81A1FB4172E302007CD3F2AC12D7ABA5</CONDITION>
  25718. </CONDITIONLIST>
  25719. <OPERATOR>AND</OPERATOR>
  25720. <THREATLEVEL>10</THREATLEVEL>
  25721. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25722. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25723. </PROCESSDESCRIPTOR>
  25724. <PROCESSDESCRIPTOR>
  25725. <ID>4121</ID>
  25726. <PROCESSLIST>
  25727. <PROCESS>*</PROCESS>
  25728. <PROCESS>(NWPXGSV.EXE)</PROCESS>
  25729. </PROCESSLIST>
  25730. <CLSIDLIST>
  25731. </CLSIDLIST>
  25732. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  25733. <DEFAULTINSTALLPATHLIST>
  25734. </DEFAULTINSTALLPATHLIST>
  25735. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25736. <CONDITIONLIST>
  25737. <CONDITION>MD5=7A6A56642E7FEC6A68B6B6173EBDE4CE</CONDITION>
  25738. </CONDITIONLIST>
  25739. <OPERATOR>AND</OPERATOR>
  25740. <THREATLEVEL>10</THREATLEVEL>
  25741. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25742. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25743. </PROCESSDESCRIPTOR>
  25744. <PROCESSDESCRIPTOR>
  25745. <ID>4122</ID>
  25746. <PROCESSLIST>
  25747. <PROCESS>LSVCHOST.EXE</PROCESS>
  25748. </PROCESSLIST>
  25749. <CLSIDLIST>
  25750. </CLSIDLIST>
  25751. <SUMMARY>Webus.D Trojan</SUMMARY>
  25752. <DEFAULTINSTALLPATHLIST>
  25753. </DEFAULTINSTALLPATHLIST>
  25754. <CATEGORY>TROJAN</CATEGORY>
  25755. <CONDITIONLIST>
  25756. <CONDITION>FILELOCATION~system</CONDITION>
  25757. </CONDITIONLIST>
  25758. <OPERATOR>AND</OPERATOR>
  25759. <THREATLEVEL>10</THREATLEVEL>
  25760. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25761. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25762. </PROCESSDESCRIPTOR>
  25763. <PROCESSDESCRIPTOR>
  25764. <ID>4123</ID>
  25765. <PROCESSLIST>
  25766. <PROCESS>WINXP.EXE</PROCESS>
  25767. </PROCESSLIST>
  25768. <CLSIDLIST>
  25769. </CLSIDLIST>
  25770. <SUMMARY>Bagle/Beagle Internet Worm Variant</SUMMARY>
  25771. <DEFAULTINSTALLPATHLIST>
  25772. </DEFAULTINSTALLPATHLIST>
  25773. <CATEGORY>WORM</CATEGORY>
  25774. <CONDITIONLIST>
  25775. <CONDITION>FILELOCATION~system</CONDITION>
  25776. </CONDITIONLIST>
  25777. <OPERATOR>AND</OPERATOR>
  25778. <THREATLEVEL>10</THREATLEVEL>
  25779. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25780. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25781. </PROCESSDESCRIPTOR>
  25782. <PROCESSDESCRIPTOR>
  25783. <ID>4124</ID>
  25784. <PROCESSLIST>
  25785. <PROCESS>*</PROCESS>
  25786. <PROCESS>BPBOH.DLL</PROCESS>
  25787. </PROCESSLIST>
  25788. <CLSIDLIST>
  25789. <CLSID>{40AC4D2D-491D-11D4-AAF2-0008C75DCD2B}</CLSID>
  25790. </CLSIDLIST>
  25791. <SUMMARY>WurldMedia Adware BHO</SUMMARY>
  25792. <DEFAULTINSTALLPATHLIST>
  25793. </DEFAULTINSTALLPATHLIST>
  25794. <CATEGORY>ADWARE</CATEGORY>
  25795. <CONDITIONLIST>
  25796. </CONDITIONLIST>
  25797. <OPERATOR>AND</OPERATOR>
  25798. <THREATLEVEL>9</THREATLEVEL>
  25799. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25800. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25801. </PROCESSDESCRIPTOR>
  25802. <PROCESSDESCRIPTOR>
  25803. <ID>4125</ID>
  25804. <PROCESSLIST>
  25805. <PROCESS>APPLJ32.DLL</PROCESS>
  25806. </PROCESSLIST>
  25807. <CLSIDLIST>
  25808. <CLSID>*</CLSID>
  25809. <CLSID>{B32D2588-F2B7-0679-4EC0-427E7F172FD3}</CLSID>
  25810. </CLSIDLIST>
  25811. <SUMMARY>CoolWebSearch Variant BHO</SUMMARY>
  25812. <DEFAULTINSTALLPATHLIST>
  25813. </DEFAULTINSTALLPATHLIST>
  25814. <CATEGORY>PARASITE</CATEGORY>
  25815. <CONDITIONLIST>
  25816. </CONDITIONLIST>
  25817. <OPERATOR>AND</OPERATOR>
  25818. <THREATLEVEL>10</THREATLEVEL>
  25819. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25820. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25821. </PROCESSDESCRIPTOR>
  25822. <PROCESSDESCRIPTOR>
  25823. <ID>4126</ID>
  25824. <PROCESSLIST>
  25825. <PROCESS>WINSHOST.EXE</PROCESS>
  25826. </PROCESSLIST>
  25827. <CLSIDLIST>
  25828. </CLSIDLIST>
  25829. <SUMMARY>Bagle/Beagle Internet Trojan Variant</SUMMARY>
  25830. <DEFAULTINSTALLPATHLIST>
  25831. </DEFAULTINSTALLPATHLIST>
  25832. <CATEGORY>TROJAN</CATEGORY>
  25833. <CONDITIONLIST>
  25834. <CONDITION>FILELOCATION~system</CONDITION>
  25835. </CONDITIONLIST>
  25836. <OPERATOR>AND</OPERATOR>
  25837. <THREATLEVEL>10</THREATLEVEL>
  25838. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25839. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25840. </PROCESSDESCRIPTOR>
  25841. <PROCESSDESCRIPTOR>
  25842. <ID>4127</ID>
  25843. <PROCESSLIST>
  25844. <PROCESS>HOSTREN.EXE</PROCESS>
  25845. </PROCESSLIST>
  25846. <CLSIDLIST>
  25847. </CLSIDLIST>
  25848. <SUMMARY>PWS.Banker.f Trojan</SUMMARY>
  25849. <DEFAULTINSTALLPATHLIST>
  25850. </DEFAULTINSTALLPATHLIST>
  25851. <CATEGORY>TROJAN</CATEGORY>
  25852. <CONDITIONLIST>
  25853. <CONDITION>FILELOCATION~WIN</CONDITION>
  25854. </CONDITIONLIST>
  25855. <OPERATOR>AND</OPERATOR>
  25856. <THREATLEVEL>10</THREATLEVEL>
  25857. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25858. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25859. </PROCESSDESCRIPTOR>
  25860. <PROCESSDESCRIPTOR>
  25861. <ID>4128</ID>
  25862. <PROCESSLIST>
  25863. <PROCESS>WINDIRECT.EXE</PROCESS>
  25864. </PROCESSLIST>
  25865. <CLSIDLIST>
  25866. </CLSIDLIST>
  25867. <SUMMARY>Bagle/Beagle Internet Trojan Variant</SUMMARY>
  25868. <DEFAULTINSTALLPATHLIST>
  25869. </DEFAULTINSTALLPATHLIST>
  25870. <CATEGORY>TROJAN</CATEGORY>
  25871. <CONDITIONLIST>
  25872. <CONDITION>FILELOCATION~system</CONDITION>
  25873. </CONDITIONLIST>
  25874. <OPERATOR>AND</OPERATOR>
  25875. <THREATLEVEL>10</THREATLEVEL>
  25876. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25877. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25878. </PROCESSDESCRIPTOR>
  25879. <PROCESSDESCRIPTOR>
  25880. <ID>4129</ID>
  25881. <PROCESSLIST>
  25882. <PROCESS>WINHLP.EXE</PROCESS>
  25883. </PROCESSLIST>
  25884. <CLSIDLIST>
  25885. </CLSIDLIST>
  25886. <SUMMARY>Generic.PWS.f Trojan</SUMMARY>
  25887. <DEFAULTINSTALLPATHLIST>
  25888. </DEFAULTINSTALLPATHLIST>
  25889. <CATEGORY>TROJAN</CATEGORY>
  25890. <CONDITIONLIST>
  25891. <CONDITION>FILELOCATION~WIN</CONDITION>
  25892. </CONDITIONLIST>
  25893. <OPERATOR>AND</OPERATOR>
  25894. <THREATLEVEL>10</THREATLEVEL>
  25895. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25896. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25897. </PROCESSDESCRIPTOR>
  25898. <PROCESSDESCRIPTOR>
  25899. <ID>4131</ID>
  25900. <PROCESSLIST>
  25901. <PROCESS>CSRSS.EXE</PROCESS>
  25902. </PROCESSLIST>
  25903. <CLSIDLIST>
  25904. </CLSIDLIST>
  25905. <SUMMARY>PWS-GetMail Trojan</SUMMARY>
  25906. <DEFAULTINSTALLPATHLIST>
  25907. </DEFAULTINSTALLPATHLIST>
  25908. <CATEGORY>TROJAN</CATEGORY>
  25909. <CONDITIONLIST>
  25910. <CONDITION>MD5=977C631432842E4C5F28C4B0D23677CA</CONDITION>
  25911. </CONDITIONLIST>
  25912. <OPERATOR>AND</OPERATOR>
  25913. <THREATLEVEL>10</THREATLEVEL>
  25914. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25915. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25916. </PROCESSDESCRIPTOR>
  25917. <PROCESSDESCRIPTOR>
  25918. <ID>4132</ID>
  25919. <PROCESSLIST>
  25920. <PROCESS>DORIOT.EXE</PROCESS>
  25921. </PROCESSLIST>
  25922. <CLSIDLIST>
  25923. </CLSIDLIST>
  25924. <SUMMARY>Bagle/Beagle Internet Worm Variant</SUMMARY>
  25925. <DEFAULTINSTALLPATHLIST>
  25926. </DEFAULTINSTALLPATHLIST>
  25927. <CATEGORY>WORM</CATEGORY>
  25928. <CONDITIONLIST>
  25929. <CONDITION>FILELOCATION~system</CONDITION>
  25930. </CONDITIONLIST>
  25931. <OPERATOR>AND</OPERATOR>
  25932. <THREATLEVEL>10</THREATLEVEL>
  25933. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25934. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25935. </PROCESSDESCRIPTOR>
  25936. <PROCESSDESCRIPTOR>
  25937. <ID>4133</ID>
  25938. <PROCESSLIST>
  25939. <PROCESS>*</PROCESS>
  25940. <PROCESS>(B9.TMP.EXE)</PROCESS>
  25941. <PROCESS>(B9.TMP)</PROCESS>
  25942. </PROCESSLIST>
  25943. <CLSIDLIST>
  25944. </CLSIDLIST>
  25945. <SUMMARY>Unknown Threat</SUMMARY>
  25946. <DEFAULTINSTALLPATHLIST>
  25947. </DEFAULTINSTALLPATHLIST>
  25948. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25949. <CONDITIONLIST>
  25950. <CONDITION>MD5=DE8BC3E7A738BCE9A785264D3A883F76</CONDITION>
  25951. </CONDITIONLIST>
  25952. <OPERATOR>AND</OPERATOR>
  25953. <THREATLEVEL>10</THREATLEVEL>
  25954. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25955. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25956. </PROCESSDESCRIPTOR>
  25957. <PROCESSDESCRIPTOR>
  25958. <ID>4135</ID>
  25959. <PROCESSLIST>
  25960. <PROCESS>*</PROCESS>
  25961. <PROCESS>(SST.DLL)</PROCESS>
  25962. </PROCESSLIST>
  25963. <CLSIDLIST>
  25964. <CLSID>{FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D}</CLSID>
  25965. </CLSIDLIST>
  25966. <SUMMARY>Adware.Lycos/SideSearch.BHO</SUMMARY>
  25967. <DEFAULTINSTALLPATHLIST>
  25968. </DEFAULTINSTALLPATHLIST>
  25969. <CATEGORY>ADWARE</CATEGORY>
  25970. <CONDITIONLIST>
  25971. </CONDITIONLIST>
  25972. <OPERATOR>AND</OPERATOR>
  25973. <THREATLEVEL>10</THREATLEVEL>
  25974. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25975. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25976. </PROCESSDESCRIPTOR>
  25977. <PROCESSDESCRIPTOR>
  25978. <ID>4136</ID>
  25979. <PROCESSLIST>
  25980. <PROCESS>*</PROCESS>
  25981. <PROCESS>(WIN9E.TMP)</PROCESS>
  25982. </PROCESSLIST>
  25983. <CLSIDLIST>
  25984. </CLSIDLIST>
  25985. <SUMMARY>Unknown Threat</SUMMARY>
  25986. <DEFAULTINSTALLPATHLIST>
  25987. </DEFAULTINSTALLPATHLIST>
  25988. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  25989. <CONDITIONLIST>
  25990. <CONDITION>MD5=86f0bdb25c5b8572573347c753dd1603</CONDITION>
  25991. </CONDITIONLIST>
  25992. <OPERATOR>AND</OPERATOR>
  25993. <THREATLEVEL>10</THREATLEVEL>
  25994. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  25995. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  25996. </PROCESSDESCRIPTOR>
  25997. <PROCESSDESCRIPTOR>
  25998. <ID>4137</ID>
  25999. <PROCESSLIST>
  26000. <PROCESS>*</PROCESS>
  26001. <PROCESS>(ML00!.EXE)</PROCESS>
  26002. </PROCESSLIST>
  26003. <CLSIDLIST>
  26004. </CLSIDLIST>
  26005. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  26006. <DEFAULTINSTALLPATHLIST>
  26007. </DEFAULTINSTALLPATHLIST>
  26008. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26009. <CONDITIONLIST>
  26010. <CONDITION>MD5=0b11b036bb5a746387b4d29da87cc29b</CONDITION>
  26011. </CONDITIONLIST>
  26012. <OPERATOR>AND</OPERATOR>
  26013. <THREATLEVEL>10</THREATLEVEL>
  26014. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26015. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26016. </PROCESSDESCRIPTOR>
  26017. <PROCESSDESCRIPTOR>
  26018. <ID>4138</ID>
  26019. <PROCESSLIST>
  26020. <PROCESS>MSACMX.DLL</PROCESS>
  26021. </PROCESSLIST>
  26022. <CLSIDLIST>
  26023. <CLSID>{A5366673-E8CA-11D3-9CD9-0090271D075B}</CLSID>
  26024. </CLSIDLIST>
  26025. <SUMMARY>CoolWebSearch Variant</SUMMARY>
  26026. <DEFAULTINSTALLPATHLIST>
  26027. </DEFAULTINSTALLPATHLIST>
  26028. <CATEGORY>SPYWARE</CATEGORY>
  26029. <CONDITIONLIST>
  26030. </CONDITIONLIST>
  26031. <OPERATOR>AND</OPERATOR>
  26032. <THREATLEVEL>8</THREATLEVEL>
  26033. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26034. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26035. </PROCESSDESCRIPTOR>
  26036. <PROCESSDESCRIPTOR>
  26037. <ID>4149</ID>
  26038. <PROCESSLIST>
  26039. <PROCESS>*</PROCESS>
  26040. <PROCESS>SYS85459.EXE</PROCESS>
  26041. <PROCESS>SYS33267.EXE</PROCESS>
  26042. <PROCESS>SYS24347.EXE</PROCESS>
  26043. </PROCESSLIST>
  26044. <CLSIDLIST>
  26045. </CLSIDLIST>
  26046. <SUMMARY>Loader32/Sysdown Variant Threat</SUMMARY>
  26047. <DEFAULTINSTALLPATHLIST>
  26048. </DEFAULTINSTALLPATHLIST>
  26049. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26050. <CONDITIONLIST>
  26051. <CONDITION>MD5=B2C00E3FA92CECA5060839A58F675CC3</CONDITION>
  26052. <CONDITION>FILELOCATION~SYSDOWN</CONDITION>
  26053. </CONDITIONLIST>
  26054. <OPERATOR>AND</OPERATOR>
  26055. <THREATLEVEL>10</THREATLEVEL>
  26056. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26057. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26058. </PROCESSDESCRIPTOR>
  26059. <PROCESSDESCRIPTOR>
  26060. <ID>4150</ID>
  26061. <PROCESSLIST>
  26062. <PROCESS>LSSAS6.EXE</PROCESS>
  26063. </PROCESSLIST>
  26064. <CLSIDLIST>
  26065. </CLSIDLIST>
  26066. <SUMMARY>Bogus MS LSASS.EXE</SUMMARY>
  26067. <DEFAULTINSTALLPATHLIST>
  26068. </DEFAULTINSTALLPATHLIST>
  26069. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26070. <CONDITIONLIST>
  26071. <CONDITION>FILELOCATION~system</CONDITION>
  26072. </CONDITIONLIST>
  26073. <OPERATOR>AND</OPERATOR>
  26074. <THREATLEVEL>10</THREATLEVEL>
  26075. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26076. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26077. </PROCESSDESCRIPTOR>
  26078. <PROCESSDESCRIPTOR>
  26079. <ID>4151</ID>
  26080. <PROCESSLIST>
  26081. <PROCESS>MPDAT.EXE</PROCESS>
  26082. </PROCESSLIST>
  26083. <CLSIDLIST>
  26084. </CLSIDLIST>
  26085. <SUMMARY>Rbot-WG Worm Component</SUMMARY>
  26086. <DEFAULTINSTALLPATHLIST>
  26087. </DEFAULTINSTALLPATHLIST>
  26088. <CATEGORY>WORM</CATEGORY>
  26089. <CONDITIONLIST>
  26090. <CONDITION>FILELOCATION~system</CONDITION>
  26091. </CONDITIONLIST>
  26092. <OPERATOR>AND</OPERATOR>
  26093. <THREATLEVEL>10</THREATLEVEL>
  26094. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26095. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26096. </PROCESSDESCRIPTOR>
  26097. <PROCESSDESCRIPTOR>
  26098. <ID>4152</ID>
  26099. <PROCESSLIST>
  26100. <PROCESS>SVAPACHE.EXE</PROCESS>
  26101. </PROCESSLIST>
  26102. <CLSIDLIST>
  26103. </CLSIDLIST>
  26104. <SUMMARY>SVAPACHE.EXE Worm Component</SUMMARY>
  26105. <DEFAULTINSTALLPATHLIST>
  26106. </DEFAULTINSTALLPATHLIST>
  26107. <CATEGORY>WORM</CATEGORY>
  26108. <CONDITIONLIST>
  26109. <CONDITION>FILELOCATION~system</CONDITION>
  26110. </CONDITIONLIST>
  26111. <OPERATOR>AND</OPERATOR>
  26112. <THREATLEVEL>10</THREATLEVEL>
  26113. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26114. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26115. </PROCESSDESCRIPTOR>
  26116. <PROCESSDESCRIPTOR>
  26117. <ID>4153</ID>
  26118. <PROCESSLIST>
  26119. <PROCESS>*</PROCESS>
  26120. <PROCESS>(CDQVWOQ.EXE)</PROCESS>
  26121. </PROCESSLIST>
  26122. <CLSIDLIST>
  26123. </CLSIDLIST>
  26124. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  26125. <DEFAULTINSTALLPATHLIST>
  26126. </DEFAULTINSTALLPATHLIST>
  26127. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26128. <CONDITIONLIST>
  26129. <CONDITION>MD5=37EEF1FD59D94043B1587785201F6C70</CONDITION>
  26130. </CONDITIONLIST>
  26131. <OPERATOR>AND</OPERATOR>
  26132. <THREATLEVEL>10</THREATLEVEL>
  26133. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26134. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26135. </PROCESSDESCRIPTOR>
  26136. <PROCESSDESCRIPTOR>
  26137. <ID>4154</ID>
  26138. <PROCESSLIST>
  26139. <PROCESS>CSRSSP.EXE</PROCESS>
  26140. </PROCESSLIST>
  26141. <CLSIDLIST>
  26142. </CLSIDLIST>
  26143. <SUMMARY>Bogus MS CSRSS.EXE</SUMMARY>
  26144. <DEFAULTINSTALLPATHLIST>
  26145. </DEFAULTINSTALLPATHLIST>
  26146. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26147. <CONDITIONLIST>
  26148. <CONDITION>FILELOCATION~system</CONDITION>
  26149. </CONDITIONLIST>
  26150. <OPERATOR>AND</OPERATOR>
  26151. <THREATLEVEL>10</THREATLEVEL>
  26152. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26153. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26154. </PROCESSDESCRIPTOR>
  26155. <PROCESSDESCRIPTOR>
  26156. <ID>4157</ID>
  26157. <PROCESSLIST>
  26158. <PROCESS>STLINKS2.DLL</PROCESS>
  26159. <PROCESS>STIEBAR2.DLL</PROCESS>
  26160. </PROCESSLIST>
  26161. <CLSIDLIST>
  26162. <CLSID>{B54BFA47-D897-49CA-9657-05EC9F80A32B}</CLSID>
  26163. <CLSID>{D797AD6C-6447-4DB4-91D0-090344408E72}</CLSID>
  26164. </CLSIDLIST>
  26165. <SUMMARY>Adware.Quickmetasearch.BHO</SUMMARY>
  26166. <DEFAULTINSTALLPATHLIST>
  26167. </DEFAULTINSTALLPATHLIST>
  26168. <CATEGORY>ADWARE</CATEGORY>
  26169. <CONDITIONLIST>
  26170. </CONDITIONLIST>
  26171. <OPERATOR>AND</OPERATOR>
  26172. <THREATLEVEL>10</THREATLEVEL>
  26173. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26174. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26175. </PROCESSDESCRIPTOR>
  26176. <PROCESSDESCRIPTOR>
  26177. <ID>4158</ID>
  26178. <PROCESSLIST>
  26179. <PROCESS>SYSLIBIE.DLL</PROCESS>
  26180. </PROCESSLIST>
  26181. <CLSIDLIST>
  26182. <CLSID>{F195A1A9-4033-4E5B-B85C-848C3E31A83A}</CLSID>
  26183. </CLSIDLIST>
  26184. <SUMMARY>Adware.Syslibie.BHO</SUMMARY>
  26185. <DEFAULTINSTALLPATHLIST>
  26186. </DEFAULTINSTALLPATHLIST>
  26187. <CATEGORY>ADWARE</CATEGORY>
  26188. <CONDITIONLIST>
  26189. </CONDITIONLIST>
  26190. <OPERATOR>AND</OPERATOR>
  26191. <THREATLEVEL>6</THREATLEVEL>
  26192. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26193. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26194. </PROCESSDESCRIPTOR>
  26195. <PROCESSDESCRIPTOR>
  26196. <ID>4160</ID>
  26197. <PROCESSLIST>
  26198. <PROCESS>*</PROCESS>
  26199. <PROCESS>CTPP7.DLL</PROCESS>
  26200. </PROCESSLIST>
  26201. <CLSIDLIST>
  26202. <CLSID>{4B021269-DD24-48B2-96B4-DA121E9C0502}</CLSID>
  26203. </CLSIDLIST>
  26204. <SUMMARY>Parasite.CTTP.BHO</SUMMARY>
  26205. <DEFAULTINSTALLPATHLIST>
  26206. </DEFAULTINSTALLPATHLIST>
  26207. <CATEGORY>PARASITE</CATEGORY>
  26208. <CONDITIONLIST>
  26209. </CONDITIONLIST>
  26210. <OPERATOR>AND</OPERATOR>
  26211. <THREATLEVEL>5</THREATLEVEL>
  26212. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26213. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26214. </PROCESSDESCRIPTOR>
  26215. <PROCESSDESCRIPTOR>
  26216. <ID>4166</ID>
  26217. <PROCESSLIST>
  26218. <PROCESS>PSCANW.EXE</PROCESS>
  26219. </PROCESSLIST>
  26220. <CLSIDLIST>
  26221. </CLSIDLIST>
  26222. <SUMMARY>Adware.ClickSpring/PuritySCAN.Installer</SUMMARY>
  26223. <DEFAULTINSTALLPATHLIST>
  26224. </DEFAULTINSTALLPATHLIST>
  26225. <CATEGORY>ADWARE</CATEGORY>
  26226. <CONDITIONLIST>
  26227. </CONDITIONLIST>
  26228. <OPERATOR>AND</OPERATOR>
  26229. <THREATLEVEL>10</THREATLEVEL>
  26230. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26231. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26232. </PROCESSDESCRIPTOR>
  26233. <PROCESSDESCRIPTOR>
  26234. <ID>4167</ID>
  26235. <PROCESSLIST>
  26236. <PROCESS>*</PROCESS>
  26237. <PROCESS>(WUPS.EXE)</PROCESS>
  26238. </PROCESSLIST>
  26239. <CLSIDLIST>
  26240. </CLSIDLIST>
  26241. <SUMMARY>Adware.ClickSpring/PuritySCAN.Process</SUMMARY>
  26242. <DEFAULTINSTALLPATHLIST>
  26243. </DEFAULTINSTALLPATHLIST>
  26244. <CATEGORY>ADWARE</CATEGORY>
  26245. <CONDITIONLIST>
  26246. <CONDITION>INTERNALNAME~sear1</CONDITION>
  26247. <CONDITION>PRODUCTNAME~sear1</CONDITION>
  26248. </CONDITIONLIST>
  26249. <OPERATOR>AND</OPERATOR>
  26250. <THREATLEVEL>10</THREATLEVEL>
  26251. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26252. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26253. </PROCESSDESCRIPTOR>
  26254. <PROCESSDESCRIPTOR>
  26255. <ID>4169</ID>
  26256. <PROCESSLIST>
  26257. <PROCESS>PURITYSCANUNINSTALL.EXE</PROCESS>
  26258. </PROCESSLIST>
  26259. <CLSIDLIST>
  26260. </CLSIDLIST>
  26261. <SUMMARY>Adware.ClickSpring/PuritySCAN.Uninstaller</SUMMARY>
  26262. <DEFAULTINSTALLPATHLIST>
  26263. </DEFAULTINSTALLPATHLIST>
  26264. <CATEGORY>ADWARE</CATEGORY>
  26265. <CONDITIONLIST>
  26266. </CONDITIONLIST>
  26267. <OPERATOR>AND</OPERATOR>
  26268. <THREATLEVEL>10</THREATLEVEL>
  26269. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  26270. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  26271. </PROCESSDESCRIPTOR>
  26272. <PROCESSDESCRIPTOR>
  26273. <ID>4171</ID>
  26274. <PROCESSLIST>
  26275. <PROCESS>ZIPPY.DLL</PROCESS>
  26276. </PROCESSLIST>
  26277. <CLSIDLIST>
  26278. <CLSID>{49256FE8-6394-4ACE-939C-22F35CA042AD}</CLSID>
  26279. </CLSIDLIST>
  26280. <SUMMARY>Adware.ZippyLookup.BHO</SUMMARY>
  26281. <DEFAULTINSTALLPATHLIST>
  26282. </DEFAULTINSTALLPATHLIST>
  26283. <CATEGORY>ADWARE</CATEGORY>
  26284. <CONDITIONLIST>
  26285. </CONDITIONLIST>
  26286. <OPERATOR>AND</OPERATOR>
  26287. <THREATLEVEL>7</THREATLEVEL>
  26288. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26289. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26290. </PROCESSDESCRIPTOR>
  26291. <PROCESSDESCRIPTOR>
  26292. <ID>4173</ID>
  26293. <PROCESSLIST>
  26294. <PROCESS>WEBCOMPASSBAR.DLL</PROCESS>
  26295. </PROCESSLIST>
  26296. <CLSIDLIST>
  26297. <CLSID>{71B8AB7E-CB3F-4471-878E-8E1DFDF49B8B}</CLSID>
  26298. </CLSIDLIST>
  26299. <SUMMARY>Adware.BonziBuddy/WebCompass.Toolbar</SUMMARY>
  26300. <DEFAULTINSTALLPATHLIST>
  26301. </DEFAULTINSTALLPATHLIST>
  26302. <CATEGORY>ADWARE</CATEGORY>
  26303. <CONDITIONLIST>
  26304. </CONDITIONLIST>
  26305. <OPERATOR>AND</OPERATOR>
  26306. <THREATLEVEL>10</THREATLEVEL>
  26307. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26308. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26309. </PROCESSDESCRIPTOR>
  26310. <PROCESSDESCRIPTOR>
  26311. <ID>4174</ID>
  26312. <PROCESSLIST>
  26313. <PROCESS>SBHOSTIE.DLL</PROCESS>
  26314. </PROCESSLIST>
  26315. <CLSIDLIST>
  26316. <CLSID>{74CC49F7-EB32-4A08-B204-948962A6E3DB}</CLSID>
  26317. </CLSIDLIST>
  26318. <SUMMARY>Adware.HotBar/SpamBlockerUtility.BHO</SUMMARY>
  26319. <DEFAULTINSTALLPATHLIST>
  26320. </DEFAULTINSTALLPATHLIST>
  26321. <CATEGORY>ADWARE</CATEGORY>
  26322. <CONDITIONLIST>
  26323. </CONDITIONLIST>
  26324. <OPERATOR>AND</OPERATOR>
  26325. <THREATLEVEL>10</THREATLEVEL>
  26326. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  26327. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  26328. </PROCESSDESCRIPTOR>
  26329. <PROCESSDESCRIPTOR>
  26330. <ID>4176</ID>
  26331. <PROCESSLIST>
  26332. <PROCESS>*</PROCESS>
  26333. <PROCESS>WCYG.DLL</PROCESS>
  26334. <PROCESS>QRQ.DLL</PROCESS>
  26335. <PROCESS>DCNJA.DLL</PROCESS>
  26336. <PROCESS>UWAGTD.DLL</PROCESS>
  26337. </PROCESSLIST>
  26338. <CLSIDLIST>
  26339. <CLSID>*</CLSID>
  26340. <CLSID>{0C65C3EE-2922-09AF-2CF4-25879EF7E8CB}</CLSID>
  26341. <CLSID>{FC6016D0-A94A-DDC1-10A2-F53A95474392}</CLSID>
  26342. <CLSID>{05F5BF54-51C1-2249-C108-0A15071EB6CB}</CLSID>
  26343. <CLSID>{24B56A04-809E-F645-9748-DE7841BA9F9E}</CLSID>
  26344. <CLSID>{A9453A6D-D3DC-8527-AF0E-FD5AC77241E1}</CLSID>
  26345. </CLSIDLIST>
  26346. <SUMMARY>Adware.ClickSpring.BHO</SUMMARY>
  26347. <DEFAULTINSTALLPATHLIST>
  26348. </DEFAULTINSTALLPATHLIST>
  26349. <CATEGORY>ADWARE</CATEGORY>
  26350. <CONDITIONLIST>
  26351. <CONDITION>MD5=8F6CAA278C718DEA27ACF73EC0852B45</CONDITION>
  26352. <CONDITION>MD5=E647CF6E82F71D71B76044FD89F31925</CONDITION>
  26353. <CONDITION>MD5=627CBEB5ECD550F9FD447956C131E808</CONDITION>
  26354. <CONDITION>MD5=AE6E833DFE90EAB4E4AA00C73CCE2B58</CONDITION>
  26355. <CONDITION>MD5=C95469C94E1BA723AFBE3704AFCC718F</CONDITION>
  26356. </CONDITIONLIST>
  26357. <OPERATOR>OR</OPERATOR>
  26358. <THREATLEVEL>10</THREATLEVEL>
  26359. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26360. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26361. </PROCESSDESCRIPTOR>
  26362. <PROCESSDESCRIPTOR>
  26363. <ID>4180</ID>
  26364. <PROCESSLIST>
  26365. <PROCESS>*</PROCESS>
  26366. <PROCESS>(FUWWWAL.EXE)</PROCESS>
  26367. <PROCESS>(KKVYBM.EXE)</PROCESS>
  26368. <PROCESS>(CRTD.EXE)</PROCESS>
  26369. <PROCESS>(NETUI32.EXE)</PROCESS>
  26370. <PROCESS>(AAQW.EXE)</PROCESS>
  26371. <PROCESS>(SDKGC32.EXE)</PROCESS>
  26372. <PROCESS>(9URA.EXE)</PROCESS>
  26373. <PROCESS>(MMFNCV9K.EXE)</PROCESS>
  26374. <PROCESS>(93KWIF.EXE)</PROCESS>
  26375. <PROCESS>(XLWLODVM.EXE)</PROCESS>
  26376. <PROCESS>(PJLUESNM.EXE)</PROCESS>
  26377. <PROCESS>(OWUJSLR.EXE)</PROCESS>
  26378. <PROCESS>(YLCHBBF.EXE)</PROCESS>
  26379. <PROCESS>(VAXBDNGH.EXE)</PROCESS>
  26380. <PROCESS>(DGRLNZ.EXE)</PROCESS>
  26381. <PROCESS>(2NU0BQF6.EXE)</PROCESS>
  26382. <PROCESS>(BGYHE.EXE)</PROCESS>
  26383. <PROCESS>(FJLFYMT.EXE)</PROCESS>
  26384. <PROCESS>(JPMSK.EXE)</PROCESS>
  26385. <PROCESS>(SONX.EXE)</PROCESS>
  26386. <PROCESS>(XWMGTMW.EXE)</PROCESS>
  26387. <PROCESS>(GGIP.EXE)</PROCESS>
  26388. <PROCESS>(NPPWL.EXE)</PROCESS>
  26389. <PROCESS>(GS0H6CWF.EXE)</PROCESS>
  26390. <PROCESS>(GS0H6CWF1.EXE)</PROCESS>
  26391. <PROCESS>(YTQZATYKZINB.EXE)</PROCESS>
  26392. <PROCESS>(MZRZM.EXE)</PROCESS>
  26393. <PROCESS>(OYRCKBIU.EXE)</PROCESS>
  26394. <PROCESS>(RGFXXDE.EXE)</PROCESS>
  26395. <PROCESS>(LWIRJUC.EXE)</PROCESS>
  26396. <PROCESS>(ZIWZM.EXE)</PROCESS>
  26397. <PROCESS>(ZIWZL.EXE)</PROCESS>
  26398. <PROCESS>(NTBGR1.EXE)</PROCESS>
  26399. <PROCESS>(NEWRT.EXE)</PROCESS>
  26400. <PROCESS>(AEIAR.EXE)</PROCESS>
  26401. <PROCESS>(RRWKWO.EXE)</PROCESS>
  26402. <PROCESS>(YFWC.EXE)</PROCESS>
  26403. <PROCESS>(GMGLI.EXE)</PROCESS>
  26404. <PROCESS>(GCBT9.EXE)</PROCESS>
  26405. <PROCESS>(YSVUW.EXE)</PROCESS>
  26406. <PROCESS>(WUFGZTU.EXE)</PROCESS>
  26407. <PROCESS>(LSWXC.EXE)</PROCESS>
  26408. <PROCESS>(YLHPY.EXE)</PROCESS>
  26409. <PROCESS>(THRUL.EXE)</PROCESS>
  26410. <PROCESS>(SNWLITSU.EXE)</PROCESS>
  26411. <PROCESS>(RFBJ.EXE)</PROCESS>
  26412. <PROCESS>(OOQF.EXE)</PROCESS>
  26413. <PROCESS>(MOEU.EXE)</PROCESS>
  26414. <PROCESS>(LXYKI.EXE)</PROCESS>
  26415. <PROCESS>(LNKL.EXE)</PROCESS>
  26416. <PROCESS>(KWITBXVA.EXE)</PROCESS>
  26417. <PROCESS>(JBTYB.EXE)</PROCESS>
  26418. <PROCESS>(EFNH.EXE)</PROCESS>
  26419. <PROCESS>(YHJEHNQX.EXE)</PROCESS>
  26420. <PROCESS>(SDKJO32.EXE)</PROCESS>
  26421. <PROCESS>(JAVAAS32.EXE)</PROCESS>
  26422. <PROCESS>(ATLUK32.EXE)</PROCESS>
  26423. <PROCESS>(ATLHZ.EXE)</PROCESS>
  26424. <PROCESS>(IPOK.EXE)</PROCESS>
  26425. <PROCESS>(IEXY.EXE)</PROCESS>
  26426. <PROCESS>(X1002142005.EXE)</PROCESS>
  26427. <PROCESS>(Z0E46JR4.EXE)</PROCESS>
  26428. <PROCESS>(WJAJW.EXE)</PROCESS>
  26429. <PROCESS>(FWMTW4MO.EXE)</PROCESS>
  26430. <PROCESS>(OOC.EXE)</PROCESS>
  26431. <PROCESS>(TII.EXE)</PROCESS>
  26432. <PROCESS>(125777.EXE)</PROCESS>
  26433. <PROCESS>(MTE1NDM6ODOXMG.EXE)</PROCESS>
  26434. <PROCESS>(XCCU7APIK.EXE)</PROCESS>
  26435. <PROCESS>(T1UL.EXE)</PROCESS>
  26436. <PROCESS>(R47Y.EXE)</PROCESS>
  26437. <PROCESS>(PCRHOJY.EXE)</PROCESS>
  26438. <PROCESS>(NTRAWS.EXE)</PROCESS>
  26439. <PROCESS>(BQDXUED.EXE)</PROCESS>
  26440. <PROCESS>(ADDJRBVY2.EXE)</PROCESS>
  26441. <PROCESS>(MTE1MZC6ODOXMG.EXE)</PROCESS>
  26442. <PROCESS>(2.EXE)</PROCESS>
  26443. <PROCESS>(J.EXE)</PROCESS>
  26444. <PROCESS>(GCOCZZU.EXE)</PROCESS>
  26445. <PROCESS>(WUCXT.EXE)</PROCESS>
  26446. <PROCESS>(ESAT.EXE)</PROCESS>
  26447. <PROCESS>(MOIQRPBY.EXE)</PROCESS>
  26448. <PROCESS>(NJFPU.EXE)</PROCESS>
  26449. <PROCESS>(SSRZJV.EXE)</PROCESS>
  26450. <PROCESS>(DMHP.EXE)</PROCESS>
  26451. <PROCESS>(RRUP.EXE)</PROCESS>
  26452. <PROCESS>(K5.EXE)</PROCESS>
  26453. <PROCESS>(VZZJY.EXE)</PROCESS>
  26454. <PROCESS>(APP160.TMP)</PROCESS>
  26455. <PROCESS>(PBQAVK.EXE)</PROCESS>
  26456. <PROCESS>(CV0N6U.EXE)</PROCESS>
  26457. <PROCESS>(GTLTHT.EXE)</PROCESS>
  26458. <PROCESS>(DBRLC1.EXE)</PROCESS>
  26459. <PROCESS>(QI7IF2.EXE)</PROCESS>
  26460. <PROCESS>(VOVPOU.EXE)</PROCESS>
  26461. <PROCESS>(WNVDK.EXE)</PROCESS>
  26462. <PROCESS>(GWWAN.EXE)</PROCESS>
  26463. <PROCESS>(BU3CGTV.EXE)</PROCESS>
  26464. <PROCESS>(HHNLZXL.EXE)</PROCESS>
  26465. <PROCESS>(IBHJPDUN.EXE)</PROCESS>
  26466. <PROCESS>(VGGJDJ.EXE)</PROCESS>
  26467. <PROCESS>(3B74F42F.EXE)</PROCESS>
  26468. <PROCESS>(PALDBB.EXE)</PROCESS>
  26469. <PROCESS>(IHEE.EXE)</PROCESS>
  26470. <PROCESS>(2.EXE)</PROCESS>
  26471. <PROCESS>(LKEQAMY.EXE)</PROCESS>
  26472. <PROCESS>(HBQG.EXE)</PROCESS>
  26473. <PROCESS>(SRAR.EXE)</PROCESS>
  26474. <PROCESS>(QTBT.EXE)</PROCESS>
  26475. <PROCESS>(ZVERVF.EXE)</PROCESS>
  26476. <PROCESS>(WINPRXE32.EXE)</PROCESS>
  26477. <PROCESS>(QXKSVUOGF.EXE)</PROCESS>
  26478. <PROCESS>(LJJOOW.EXE)</PROCESS>
  26479. <PROCESS>(IIJYXZWS.EXE)</PROCESS>
  26480. <PROCESS>(RPYGPIJV.EXE)</PROCESS>
  26481. <PROCESS>(NYILVC.EXE)</PROCESS>
  26482. <PROCESS>(RURQA.EXE)</PROCESS>
  26483. <PROCESS>(SF.EXE)</PROCESS>
  26484. <PROCESS>(KWROA.EXE)</PROCESS>
  26485. <PROCESS>(YSHR.EXE)</PROCESS>
  26486. <PROCESS>(YBDCIBXA.EXE)</PROCESS>
  26487. <PROCESS>(MXOLRY.EXE)</PROCESS>
  26488. <PROCESS>(JVJQKW.EXE)</PROCESS>
  26489. <PROCESS>(AEHFBJVR.EXE)</PROCESS>
  26490. <PROCESS>(YSSCNV.EXE)</PROCESS>
  26491. <PROCESS>(XJUTJJ.EXE)</PROCESS>
  26492. <PROCESS>(XCVUNPK.EXE)</PROCESS>
  26493. <PROCESS>(VWNAFYIU.EXE)</PROCESS>
  26494. <PROCESS>(TXFA.EXE)</PROCESS>
  26495. <PROCESS>(POACJ.EXE)</PROCESS>
  26496. <PROCESS>(NYIDP.EXE)</PROCESS>
  26497. <PROCESS>(MSONPPLS.EXE)</PROCESS>
  26498. <PROCESS>(KRWCIV.EXE)</PROCESS>
  26499. <PROCESS>(KMFRM.EXE)</PROCESS>
  26500. <PROCESS>(ITEDIB.EXE)</PROCESS>
  26501. <PROCESS>(HOTXR.EXE)</PROCESS>
  26502. <PROCESS>(HHPSJANK.EXE)</PROCESS>
  26503. <PROCESS>(FTAPFOOV.EXE)</PROCESS>
  26504. <PROCESS>(DNIU.EXE)</PROCESS>
  26505. <PROCESS>(DLNGR.EXE)</PROCESS>
  26506. <PROCESS>(DAJS.EXE)</PROCESS>
  26507. <PROCESS>(BEUHOU.EXE)</PROCESS>
  26508. <PROCESS>(BCLGA.EXE)</PROCESS>
  26509. <PROCESS>(ATOVR.EXE)</PROCESS>
  26510. <PROCESS>(AMMFJIY.EXE)</PROCESS>
  26511. <PROCESS>(CUOAC.EXE)</PROCESS>
  26512. <PROCESS>(GJMCIVR.EXE)</PROCESS>
  26513. <PROCESS>(RKSLFSD.EXE)</PROCESS>
  26514. <PROCESS>(2AK641B6.EXE)</PROCESS>
  26515. <PROCESS>(1DWPCG.EXE)</PROCESS>
  26516. <PROCESS>(1PA8ZXU.EXE)</PROCESS>
  26517. <PROCESS>(4UDFSP.EXE)</PROCESS>
  26518. <PROCESS>(5ZBQSL.EXE)</PROCESS>
  26519. <PROCESS>(ATZRVRW.EXE)</PROCESS>
  26520. <PROCESS>(XATUX.EXE)</PROCESS>
  26521. <PROCESS>(OEUE.EXE)</PROCESS>
  26522. <PROCESS>(PUBDLG48.EXE)</PROCESS>
  26523. <PROCESS>(IEUI32.EXE)</PROCESS>
  26524. <PROCESS>(WUYTC.EXE)</PROCESS>
  26525. <PROCESS>(CVQARVOJK.EXE)</PROCESS>
  26526. <PROCESS>(SQXGDZ.EXE)</PROCESS>
  26527. <PROCESS>(239454.EXE)</PROCESS>
  26528. <PROCESS>(EWIARY.EXE)</PROCESS>
  26529. <PROCESS>(MTE1NTA6ODOXMG.EXE)</PROCESS>
  26530. <PROCESS>(AUAAPX.EXE)</PROCESS>
  26531. <PROCESS>(ASPI.EXE)</PROCESS>
  26532. <PROCESS>(CHLP.EXE)</PROCESS>
  26533. <PROCESS>(PKSDTLGK.EXE)</PROCESS>
  26534. <PROCESS>(COLBACT1.EXE)</PROCESS>
  26535. <PROCESS>(CNBJMON0.EXE)</PROCESS>
  26536. <PROCESS>(CCFGNT75.EXE)</PROCESS>
  26537. <PROCESS>(ZPPK.EXE)</PROCESS>
  26538. <PROCESS>(OOCNVOS.EXE)</PROCESS>
  26539. <PROCESS>(MTE1NJE6ODOXMG.EXE)</PROCESS>
  26540. <PROCESS>(FFUQIRPPAK.EXE)</PROCESS>
  26541. <PROCESS>(IMISYSI6.EXE)</PROCESS>
  26542. <PROCESS>(PMOC.EXE)</PROCESS>
  26543. <PROCESS>(PJMGG.EXE)</PROCESS>
  26544. <PROCESS>(TBONRGEZJ.EXE)</PROCESS>
  26545. <PROCESS>(XAAV.EXE)</PROCESS>
  26546. <PROCESS>(FUKRMU.EXE)</PROCESS>
  26547. <PROCESS>(WCPIDCTL.EXE)</PROCESS>
  26548. <PROCESS>(WIFCKBOX.EXE)</PROCESS>
  26549. <PROCESS>(XSHNQSPC.EXE)</PROCESS>
  26550. <PROCESS>(RULRDCQ.EXE)</PROCESS>
  26551. <PROCESS>(ILOI.EXE)</PROCESS>
  26552. <PROCESS>(AEIT.EXE)</PROCESS>
  26553. <PROCESS>(EBGINP32.EXE)</PROCESS>
  26554. <PROCESS>(D3SL.EXE)</PROCESS>
  26555. <PROCESS>(APIWE32.EXE)</PROCESS>
  26556. <PROCESS>(MSLTUS40.EXE)</PROCESS>
  26557. <PROCESS>(JAVAMK.EXE)</PROCESS>
  26558. <PROCESS>(APPPH.EXE)</PROCESS>
  26559. <PROCESS>(NTJD.EXE)</PROCESS>
  26560. <PROCESS>(UECPCXBMVF.EXE)</PROCESS>
  26561. <PROCESS>(ULGCOXVTB.EXE)</PROCESS>
  26562. <PROCESS>(FTQYWCQI.EXE)</PROCESS>
  26563. <PROCESS>(TDXREGWR.EXE)</PROCESS>
  26564. <PROCESS>(SDXREGOS.EXE)</PROCESS>
  26565. <PROCESS>(HARJTEY.EXE)</PROCESS>
  26566. <PROCESS>(XTZRIVW.EXE)</PROCESS>
  26567. <PROCESS>(ADPTIF.EXE)</PROCESS>
  26568. <PROCESS>(ADPTIF44.EXE)</PROCESS>
  26569. <PROCESS>(OREN.EXE)</PROCESS>
  26570. <PROCESS>(RIRR.EXE)</PROCESS>
  26571. <PROCESS>(OIDDNAHA.EXE)</PROCESS>
  26572. <PROCESS>(LGFX.EXE)</PROCESS>
  26573. <PROCESS>(ODKSBM.EXE)</PROCESS>
  26574. <PROCESS>(GB3.EXE)</PROCESS>
  26575. <PROCESS>(QRKU.EXE)</PROCESS>
  26576. <PROCESS>(ZYIITFA.EXE)</PROCESS>
  26577. <PROCESS>(BJLBZZ.EXE)</PROCESS>
  26578. <PROCESS>(RPEN.EXE)</PROCESS>
  26579. <PROCESS>(60665.EXE)</PROCESS>
  26580. <PROCESS>(1943.EXE)</PROCESS>
  26581. <PROCESS>(93810.EXE)</PROCESS>
  26582. <PROCESS>(89861.EXE)</PROCESS>
  26583. <PROCESS>(GTMD.EXE)</PROCESS>
  26584. <PROCESS>(91232.EXE)</PROCESS>
  26585. <PROCESS>(HH091.EXE)</PROCESS>
  26586. <PROCESS>(OWAFTJ.EXE)</PROCESS>
  26587. <PROCESS>(HHQ.EXE)</PROCESS>
  26588. <PROCESS>(DHKXGDOE.EXE)</PROCESS>
  26589. <PROCESS>(YIKYLOHI.EXE)</PROCESS>
  26590. <PROCESS>(WYCIR.EXE)</PROCESS>
  26591. <PROCESS>(ICQUZ.EXE)</PROCESS>
  26592. <PROCESS>(BLIERXM.EXE)</PROCESS>
  26593. <PROCESS>(BPVAG.EXE)</PROCESS>
  26594. <PROCESS>(ABVAPI32.EXE)</PROCESS>
  26595. <PROCESS>(LRGXYOA.EXE)</PROCESS>
  26596. <PROCESS>(JALCKZ.EXE)</PROCESS>
  26597. <PROCESS>(WINQJ32.EXE)</PROCESS>
  26598. <PROCESS>(CUJYVQGKH.EXE)</PROCESS>
  26599. <PROCESS>(CUHSICJCL.EXE)</PROCESS>
  26600. <PROCESS>(SDJODJXTH.EXE)</PROCESS>
  26601. <PROCESS>(QVPLEGLJ.EXE)</PROCESS>
  26602. <PROCESS>(AVQYSDKJ.EXE)</PROCESS>
  26603. <PROCESS>(WCQJQRT.EXE)</PROCESS>
  26604. <PROCESS>(CQKJPVDWR.EXE)</PROCESS>
  26605. <PROCESS>(GQJC.EXE)</PROCESS>
  26606. <PROCESS>(FJCEEG.EXE)</PROCESS>
  26607. <PROCESS>(JCM32.EXE)</PROCESS>
  26608. <PROCESS>(KFOJ.EXE)</PROCESS>
  26609. <PROCESS>(HUJCEVT.EXE)</PROCESS>
  26610. <PROCESS>(ZTXB.EXE)</PROCESS>
  26611. <PROCESS>(CHJQZE.EXE)</PROCESS>
  26612. <PROCESS>(BZBEJUZH.EXE)</PROCESS>
  26613. <PROCESS>(JGMTPVE.EXE)</PROCESS>
  26614. <PROCESS>(FSFHPUYJJ.EXE)</PROCESS>
  26615. <PROCESS>(IJ5YKIBS1.EXE)</PROCESS>
  26616. <PROCESS>(ZRCE.EXE)</PROCESS>
  26617. <PROCESS>(MSPU32.EXE)</PROCESS>
  26618. <PROCESS>(RPCD2X40.EXE)</PROCESS>
  26619. <PROCESS>(WIRVL.EXE)</PROCESS>
  26620. <PROCESS>(UKELYP.EXE)</PROCESS>
  26621. <PROCESS>(RCBDYCTL.EXE)</PROCESS>
  26622. <PROCESS>(IBEL.EXE)</PROCESS>
  26623. <PROCESS>(CKBMKQGU.EXE)</PROCESS>
  26624. <PROCESS>(KJYLZG.EXE)</PROCESS>
  26625. <PROCESS>(ADTB.EXE)</PROCESS>
  26626. <PROCESS>(SYSTEMREG166B.EXE)</PROCESS>
  26627. <PROCESS>(SSZG.EXE)</PROCESS>
  26628. </PROCESSLIST>
  26629. <CLSIDLIST>
  26630. </CLSIDLIST>
  26631. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  26632. <DEFAULTINSTALLPATHLIST>
  26633. </DEFAULTINSTALLPATHLIST>
  26634. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26635. <CONDITIONLIST>
  26636. <CONDITION>MD5=CFDC2F43AB01645051EBAA1F16B3BCC9</CONDITION>
  26637. <CONDITION>MD5=AB81E56AC786C5C1FBB9F19EE8A2FE1D</CONDITION>
  26638. <CONDITION>MD5=69627AE0B3F5E7D97DD40BDFE718A4DC</CONDITION>
  26639. <CONDITION>MD5=7B64C9A2C886120B1590B6257F5BA496</CONDITION>
  26640. <CONDITION>MD5=DDD6EDAB4978F4BA998C0B527E55F6F3</CONDITION>
  26641. <CONDITION>MD5=80F05984C0D4184B25BDF2D76EE41787</CONDITION>
  26642. <CONDITION>MD5=C9460A705E5C76A22795E6AB8A1476F9</CONDITION>
  26643. <CONDITION>MD5=7F90139B7DD3A26615945BBC04A71CD5</CONDITION>
  26644. <CONDITION>MD5=9AF67F300FF44A7350624F8445D16750</CONDITION>
  26645. <CONDITION>MD5=ACDBFF3AAAD1A208E91C34E35852C705</CONDITION>
  26646. <CONDITION>MD5=9A5FDC9383C878187ECDB328359C62FB</CONDITION>
  26647. <CONDITION>MD5=89FA37CAA647C6E4789AC1EBD04562CB</CONDITION>
  26648. <CONDITION>MD5=DFCFCA40D6F707C2D25CD1BC7B6E2438</CONDITION>
  26649. <CONDITION>MD5=ED6047074152EC34D803853FA07F1B04</CONDITION>
  26650. <CONDITION>MD5=7AC91EF946906C6004FD642E3A6FBF51</CONDITION>
  26651. <CONDITION>MD5=3DCC07CA772921CB7035A500BC5D044B</CONDITION>
  26652. <CONDITION>MD5=DBF74C5D16B2BFDB770F8F4971BC09B8</CONDITION>
  26653. <CONDITION>MD5=9F807E2ADF8C95094E7F460B97CA0EE0</CONDITION>
  26654. <CONDITION>MD5=51E643BADB171492B718222CA5ED0DE3</CONDITION>
  26655. <CONDITION>MD5=C0D4DF3E8871F75A33F777EFF162BC46</CONDITION>
  26656. <CONDITION>MD5=D1645A1168CCC53643E4C50EA2A3152E</CONDITION>
  26657. <CONDITION>MD5=159296D23D4CD49785F7902114EE9ADA</CONDITION>
  26658. <CONDITION>MD5=8C9040687C7EB237AA458D94DC8784CF</CONDITION>
  26659. <CONDITION>MD5=931803421FB5D37F3C37D6C2F6E94A3C</CONDITION>
  26660. <CONDITION>MD5=9B1CE860C9F486FA344622A70641746F</CONDITION>
  26661. <CONDITION>MD5=AD77D78F34CD4A4357AD2E848560105D</CONDITION>
  26662. <CONDITION>MD5=367F3948B096B05D5BA82B60765D6FA6</CONDITION>
  26663. <CONDITION>MD5=7618220C69C124A709AA1D55643B4871</CONDITION>
  26664. <CONDITION>MD5=99598CC79886A584B43714E34024B5C8</CONDITION>
  26665. <CONDITION>MD5=C4D2A21D5F94E3E5683115FEFBC34092</CONDITION>
  26666. <CONDITION>MD5=8EFCD7C46F56E1A35082544D67B8F871</CONDITION>
  26667. <CONDITION>MD5=064BC66B38554B1612CE0F5D7D2D0595</CONDITION>
  26668. <CONDITION>MD5=051AF2E6289DBEB218B01AE06101E2DE</CONDITION>
  26669. <CONDITION>MD5=411DD7FA3DD1AAC4141ACF9A83F50791</CONDITION>
  26670. <CONDITION>MD5=142715D077C1B42A3F5F8EA299EB3676</CONDITION>
  26671. <CONDITION>MD5=2FE8A3034EF4FF396F7DF062134EF0AA</CONDITION>
  26672. <CONDITION>MD5=b0b22ea1251b917717de309cf2c9727c</CONDITION>
  26673. <CONDITION>MD5=13E932C0349C16253321CCB043078874</CONDITION>
  26674. <CONDITION>MD5=0BD22E4DE16B60F56E0CB39272C278B8</CONDITION>
  26675. <CONDITION>MD5=32C0F66649B2A4116902CF01DCDE7A75</CONDITION>
  26676. <CONDITION>MD5=90DBB70124B80F90974BFAC38D711E53</CONDITION>
  26677. <CONDITION>MD5=07B4650663E4812B1576081697F4D7CE</CONDITION>
  26678. <CONDITION>MD5=C2008F6E8F736CB9529C50ACF935D9B0</CONDITION>
  26679. <CONDITION>MD5=E3931EE8BE6F07E4771F03B12F3AA5E8</CONDITION>
  26680. <CONDITION>MD5=276BC788A673FE0E67D17CC8597A773D</CONDITION>
  26681. <CONDITION>MD5=1173C58A35EE374B96BCC21BD7421B44</CONDITION>
  26682. <CONDITION>MD5=EC7E1906AA8336CFD4AD1231161A5A76</CONDITION>
  26683. <CONDITION>MD5=adc0dc6787044fd904ae6ef6d577e066</CONDITION>
  26684. <CONDITION>MD5=077A4455946A2E9EC5134682D3B7757C</CONDITION>
  26685. <CONDITION>MD5=E88CAFD97F9896D0BA108058DE07CF58</CONDITION>
  26686. <CONDITION>MD5=6512F86A2E667DDDB736244193D00FE0</CONDITION>
  26687. <CONDITION>MD5=250585B8778EB2FB352115B14A27E78D</CONDITION>
  26688. <CONDITION>MD5=9BAF9654D8BCF3AF430D7377DAA17A8F</CONDITION>
  26689. <CONDITION>MD5=835073449B6E14C99E56ACAE31EC5D59</CONDITION>
  26690. <CONDITION>MD5=5AE938E6A3F8140555FCDC99530D031E</CONDITION>
  26691. <CONDITION>MD5=EFB84941D763258FC6E7AC64A47E933A</CONDITION>
  26692. <CONDITION>MD5=8F01FE63D262C2D01E8211500BF63FD4</CONDITION>
  26693. <CONDITION>MD5=34E1677D011DD7504FD9D06E3840168F</CONDITION>
  26694. <CONDITION>MD5=8C8004A14E774B2F62BFB31A0D6AEFE7</CONDITION>
  26695. <CONDITION>MD5=3BD841BA5149BC954ADAF5DDED40818A</CONDITION>
  26696. <CONDITION>MD5=2D810D431B173617D2EC63660340E152</CONDITION>
  26697. <CONDITION>MD5=5C33106FC5563CA1B52EC7E6C3AFFD36</CONDITION>
  26698. <CONDITION>MD5=EDE83B0BF565CB85A0F4664E3DF523DE</CONDITION>
  26699. <CONDITION>MD5=62840BD3E3D46DA2F7E356769210955A</CONDITION>
  26700. <CONDITION>MD5=0041316B39FDC8F772E8CE6B7FF524E5</CONDITION>
  26701. <CONDITION>MD5=08E003E4E62BF031E61AD9C68E35C17F</CONDITION>
  26702. <CONDITION>MD5=32209F502C8D67464E7414FC1C53CAA4</CONDITION>
  26703. <CONDITION>MD5=4CA2C18160B4BFA7FDED689EB2F8110B</CONDITION>
  26704. <CONDITION>MD5=98FFF824104385D1A4C3D0EA5B08FE37</CONDITION>
  26705. <CONDITION>MD5=847A84E9E735B37B2E74F789CC80E410</CONDITION>
  26706. <CONDITION>MD5=69A35A2192F2D0BC709D829436BA816B</CONDITION>
  26707. <CONDITION>MD5=0A1BEEAE3A321D28ACCEB8E787F39768</CONDITION>
  26708. <CONDITION>MD5=84BB9D731A4D6B1983E1A3DD4A881AF4</CONDITION>
  26709. <CONDITION>MD5=18F82246F7316EF8897E679BD542309C</CONDITION>
  26710. <CONDITION>MD5=4D80FEAF5C2969758863C923E95D1965</CONDITION>
  26711. <CONDITION>MD5=817D5B5180136A3E190B3806FDAE0D8B</CONDITION>
  26712. <CONDITION>MD5=1AE224BB96F55D6A686A465DB4FEA8A7</CONDITION>
  26713. <CONDITION>MD5=53783421EAE04D7E0580F975DF387697</CONDITION>
  26714. <CONDITION>MD5=B4E43C826D061441D61D2B3917A34B4C</CONDITION>
  26715. <CONDITION>MD5=EC50DED661471C5F1E00F05D8B6C8D36</CONDITION>
  26716. <CONDITION>MD5=D3FFDB1B42B0FC4C046312DE739AEC00</CONDITION>
  26717. <CONDITION>MD5=1A036B9C2FD123A447DD5F4EEF05900B</CONDITION>
  26718. <CONDITION>MD5=06FFF74E7B6403F0607305625E89A458</CONDITION>
  26719. <CONDITION>MD5=DF20E20BCF57A4E4BA4F0C73C73FDE6B</CONDITION>
  26720. <CONDITION>MD5=9E7C4B6731EB07DF293303150AC139AB</CONDITION>
  26721. <CONDITION>MD5=F2A80383AC1F2506FA81B3992BC1C61F</CONDITION>
  26722. <CONDITION>MD5=3876212D7DEC354BF78D6F426BDF94E5</CONDITION>
  26723. <CONDITION>MD5=5A43AEEBB0EDE2090B4EEDE30A221853</CONDITION>
  26724. <CONDITION>MD5=A56086713CC5CDF90B6B0746A1BC9C57</CONDITION>
  26725. <CONDITION>MD5=F47CDD71F583450AE2530C7CB047B334</CONDITION>
  26726. <CONDITION>MD5=2ED38C5340797A621220EB6B9FEDE621</CONDITION>
  26727. <CONDITION>MD5=701D897AF53ED0ECBEAE2BC57CB9C8C7</CONDITION>
  26728. <CONDITION>MD5=1288E3AC72DDD9DC69D2DC75E69265DC</CONDITION>
  26729. <CONDITION>MD5=266A19056A30C946957D456E021F3230</CONDITION>
  26730. <CONDITION>MD5=1226FD29F35DF547D413DE0D2AC2BBDB</CONDITION>
  26731. <CONDITION>MD5=70E2D9852E2CED01C8B626E9C70777D3</CONDITION>
  26732. <CONDITION>MD5=210125A92F387799A9DE79B0801B70D5</CONDITION>
  26733. <CONDITION>MD5=C4D2A235923ADDABE46BBF99ED8A5DA2</CONDITION>
  26734. <CONDITION>MD5=B972BCE44A84A999CCD4A086AC3A5EE0</CONDITION>
  26735. <CONDITION>MD5=58c674b371512f2ac73d1fa11370f8ed</CONDITION>
  26736. <CONDITION>MD5=7F25B5FCD69D919C7469BE011F2B6BCC</CONDITION>
  26737. <CONDITION>MD5=337E0AD583F40A772B04E202C501A270</CONDITION>
  26738. <CONDITION>MD5=54BB2440C04013B8AD5E2428BB3578B4</CONDITION>
  26739. <CONDITION>MD5=9F35C375DBB7F79B12F48ACFEEB5605D</CONDITION>
  26740. <CONDITION>MD5=946A998BF4EF053DC1B49FCA0FB1C0FB</CONDITION>
  26741. <CONDITION>MD5=1F76A4FF8266578EE5EBFC858DDD81D8</CONDITION>
  26742. <CONDITION>MD5=630C5C0F5D85F0150E62DD306EFA4BCC</CONDITION>
  26743. <CONDITION>MD5=9F35C375DBB7F79B12F48ACFEEB5605D</CONDITION>
  26744. <CONDITION>MD5=1F76A4FF8266578EE5EBFC858DDD81D8</CONDITION>
  26745. <CONDITION>MD5=B3CA933826C87ECB9FED3EBFE0063E5A</CONDITION>
  26746. <CONDITION>MD5=A3777215AF593CFEFFB817C8B9EFAAA2</CONDITION>
  26747. <CONDITION>MD5=35255C705D3B3E78B62339DA16267AB6</CONDITION>
  26748. <CONDITION>MD5=8C30135E57A129D09CB42AB351CED9AF</CONDITION>
  26749. <CONDITION>MD5=8B1E44001F91345AF15D28E44E89E404</CONDITION>
  26750. <CONDITION>MD5=0008CB3E53C0E9C4EC3733D1D9E38B52</CONDITION>
  26751. <CONDITION>MD5=4DA8E0D16D8DFD8A44DFAAA1781F0A0D</CONDITION>
  26752. <CONDITION>MD5=95173E4DB2827E9D8FA5E260A73D9882</CONDITION>
  26753. <CONDITION>MD5=52F924B711DF07579239994D78513F92</CONDITION>
  26754. <CONDITION>MD5=FC93C3347245EEDEEC717D75617A30A4</CONDITION>
  26755. <CONDITION>MD5=66A32D068F2313D22F38131C581ECE52</CONDITION>
  26756. <CONDITION>MD5=03107871C2436D963C79FD27CFD80B6F</CONDITION>
  26757. <CONDITION>MD5=B8BB97B03415356ED11A3B6D70A9A1B7</CONDITION>
  26758. <CONDITION>MD5=925D05C0050FA496005D3F9B0C6632B5</CONDITION>
  26759. <CONDITION>MD5=B60166286BEC9689AD912CD16C26F374</CONDITION>
  26760. <CONDITION>MD5=AA487009D90D95222C55B88005FD6A57</CONDITION>
  26761. <CONDITION>MD5=89B0C7661559260F86FE67FBCABD5F1E</CONDITION>
  26762. <CONDITION>MD5=EC83012600F32073E42883C5FB20DB99</CONDITION>
  26763. <CONDITION>MD5=1D583593C2E5DD828288D40635A6172A</CONDITION>
  26764. <CONDITION>MD5=C1B746CFC68EB77A2B1E2ACFE422ECFD</CONDITION>
  26765. <CONDITION>MD5=341FFBE84BDDDDB802B5B2AC4F834E18</CONDITION>
  26766. <CONDITION>MD5=A284D0BC6E6E5860880072C54513C173</CONDITION>
  26767. <CONDITION>MD5=054F0A9B670456B2B60DD6FAD148ADDC</CONDITION>
  26768. <CONDITION>MD5=11D3245FC0F8AA8F0107963349528890</CONDITION>
  26769. <CONDITION>MD5=5C830F0F1D8C73E51C28F40597602B25</CONDITION>
  26770. <CONDITION>MD5=EB1E109832EC5CD8508A5CD2DAA6094B</CONDITION>
  26771. <CONDITION>MD5=C8EC5745E1E6C4EB0375234D551E2517</CONDITION>
  26772. <CONDITION>MD5=CF14C109BF38CAA22CC49A77A56C2667</CONDITION>
  26773. <CONDITION>MD5=3F7D4E02E30105178318E16DBD4170AA</CONDITION>
  26774. <CONDITION>MD5=C0F9EEB22B16210E37AB5D3297C490AB</CONDITION>
  26775. <CONDITION>MD5=CB0B9A33307E60B91CE6EDCB5112FFA5</CONDITION>
  26776. <CONDITION>MD5=33A67379067A07C0B1724320A64C8456</CONDITION>
  26777. <CONDITION>MD5=36BCB2FF7213C6B8E452DF15AA74D4AC</CONDITION>
  26778. <CONDITION>MD5=C9CA4F97892625766D7828A5A4C3191D</CONDITION>
  26779. <CONDITION>MD5=99598CC79886A584B43714E34024B5C8</CONDITION>
  26780. <CONDITION>MD5=D12128A0540F7871BC9012B115B5E7A8</CONDITION>
  26781. <CONDITION>MD5=B15AFEA4C2B54A92FC06E8BE983F803D</CONDITION>
  26782. <CONDITION>MD5=E5D7315AF002F94C9E76D58A1ADF1D09</CONDITION>
  26783. <CONDITION>MD5=F2269D57007B1083B552687C041B40A4</CONDITION>
  26784. <CONDITION>MD5=93975A48788EEAD53EDE40599CFEAB8E</CONDITION>
  26785. <CONDITION>MD5=4811D6A69860E6B6B587C5FF0C67CCB3</CONDITION>
  26786. <CONDITION>MD5=5D5A12E26F5CC510250DE3ECA39E626E</CONDITION>
  26787. <CONDITION>MD5=12371CDE963679ABC5240FA32ECEA25A</CONDITION>
  26788. <CONDITION>MD5=E316B302C6A5EF96C877B05E5AAEDAEB</CONDITION>
  26789. <CONDITION>MD5=038F5CA3CA08B37105AEFC1780035BF5</CONDITION>
  26790. <CONDITION>MD5=E90475F3681D0FA5FE9E544D902455E7</CONDITION>
  26791. <CONDITION>MD5=977CB2B7BCD5AA59034541D26DDA36F2</CONDITION>
  26792. <CONDITION>MD5=55946FAAC774912974C6A01F6BE194A6</CONDITION>
  26793. <CONDITION>MD5=493A9271A7CADE2D31B79EA94FCE4EF6</CONDITION>
  26794. <CONDITION>MD5=505D7AB5FA9B69296541B45C4AE0F01E</CONDITION>
  26795. <CONDITION>MD5=476474EDFD1240E3FC73770D623CB331</CONDITION>
  26796. <CONDITION>MD5=B5E64043AD802DAED82A9E1A94C83661</CONDITION>
  26797. <CONDITION>MD5=5A2688417B19F13726206841AACE1E33</CONDITION>
  26798. <CONDITION>MD5=A4F37B3DCF7511DFFC5AE436D8170E66</CONDITION>
  26799. <CONDITION>MD5=DE77DEB6B28CB4C31313B968CB9A99F8</CONDITION>
  26800. <CONDITION>MD5=96E261D4A44FDBE54E72860DD04CED07</CONDITION>
  26801. <CONDITION>MD5=5364B38B6A50768EEA18F428058EED47</CONDITION>
  26802. <CONDITION>MD5=995105EDBA807F5381D39F80868C0EF8</CONDITION>
  26803. <CONDITION>MD5=5F7B4848802CB422A7F2F1747680D925</CONDITION>
  26804. <CONDITION>MD5=7FFD062DE2641C856FC180BABBF4A3EB</CONDITION>
  26805. <CONDITION>MD5=9C64AD64A0B2FF71B990203E0EDA04ED</CONDITION>
  26806. <CONDITION>MD5=85252332F36CFB27DF705E52D93BE6A2</CONDITION>
  26807. <CONDITION>MD5=17FCED19CC85F67373BAFA0043F56A38</CONDITION>
  26808. <CONDITION>MD5=67F81F1960BBD876B7F65F5B615C7D7B</CONDITION>
  26809. <CONDITION>MD5=64DF0A60E84EB1362C0A5C072AC516CB</CONDITION>
  26810. <CONDITION>MD5=C2EBA321F904A44EC6471D40CAE6265F</CONDITION>
  26811. <CONDITION>MD5=10134E570EAF4147FB1F099665856409</CONDITION>
  26812. <CONDITION>MD5=9A69309AD32C4BEC20D63A9034D42445</CONDITION>
  26813. <CONDITION>MD5=3F4489A2E29B0002ABA3F2DF3AAF3B69</CONDITION>
  26814. <CONDITION>MD5=B83E339C7D62E91FA90E4CE3BCADDE35</CONDITION>
  26815. <CONDITION>MD5=242897AAC49A46D4EC521E5379252835</CONDITION>
  26816. <CONDITION>MD5=ECDB5C1B1A702DEDF03D6248CF6F6FF1</CONDITION>
  26817. <CONDITION>MD5=6C1F85709A4DDD2364E64E621AE40502</CONDITION>
  26818. <CONDITION>MD5=3B6D4A3E7A19384AE9ACDAC3FBE8A464</CONDITION>
  26819. <CONDITION>MD5=C487080836CD3AEF48BBE2DAA540C954</CONDITION>
  26820. <CONDITION>MD5=A42CBEF1C8EA0712C698A3CD8BC93098</CONDITION>
  26821. <CONDITION>MD5=7AA1C76647E3D9A4A961A34583A195FF</CONDITION>
  26822. <CONDITION>MD5=1EBAD53A88ADAFB65E56E6DEF8462C51</CONDITION>
  26823. <CONDITION>MD5=DDCF499F093A6C03E826AEB65FEC0E0D</CONDITION>
  26824. <CONDITION>MD5=B38BD6EDC0F42133F11E8B7EC3A6D4E0</CONDITION>
  26825. <CONDITION>MD5=FC53DD4BDC7F7E18352FDC70B735102D</CONDITION>
  26826. <CONDITION>MD5=A886C8CA6F90B0A5574F145D9C1A6E64</CONDITION>
  26827. <CONDITION>MD5=3F1A39111089CE323CA1F12138B16F7A</CONDITION>
  26828. <CONDITION>MD5=73798BEFA1743DBF4D8CD9A512B898AC</CONDITION>
  26829. <CONDITION>MD5=3CD9207A12A0FFA8F562CCAF999AFD0C</CONDITION>
  26830. <CONDITION>MD5=E66EA59DCAFBDD4C656FE2D57A2DE9CE</CONDITION>
  26831. <CONDITION>MD5=E8DBE8DD3F8AA4EC7F5F11B489B1B3F1</CONDITION>
  26832. <CONDITION>MD5=D7A8E6C7BE47E39AE5DEA5C97B6BE30D</CONDITION>
  26833. <CONDITION>MD5=7EEC7BF62C6DDB9227CBD50629759A80</CONDITION>
  26834. <CONDITION>MD5=0A2E12739876DE92B4BA4AC3D94C6B38</CONDITION>
  26835. <CONDITION>MD5=86671287A8D093F21145368236F67AAD</CONDITION>
  26836. <CONDITION>MD5=FC1C2E4E64328472FC79752A8FEF864A</CONDITION>
  26837. <CONDITION>MD5=B1DC360E345FD8039E3A4FF00E95A65E</CONDITION>
  26838. <CONDITION>MD5=61AF3A179B5A7E6BA23952B0F0700799</CONDITION>
  26839. <CONDITION>MD5=194FA40D93CFE1F0EF828D24237DA722</CONDITION>
  26840. <CONDITION>MD5=403C78A45F13337B2A7E776082E01E2B</CONDITION>
  26841. </CONDITIONLIST>
  26842. <OPERATOR>OR</OPERATOR>
  26843. <THREATLEVEL>10</THREATLEVEL>
  26844. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26845. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26846. </PROCESSDESCRIPTOR>
  26847. <PROCESSDESCRIPTOR>
  26848. <ID>4181</ID>
  26849. <PROCESSLIST>
  26850. <PROCESS>MFCFQ.EXE</PROCESS>
  26851. </PROCESSLIST>
  26852. <CLSIDLIST>
  26853. </CLSIDLIST>
  26854. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  26855. <DEFAULTINSTALLPATHLIST>
  26856. </DEFAULTINSTALLPATHLIST>
  26857. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  26858. <CONDITIONLIST>
  26859. <CONDITION>COMPANYNAME^Microsoft</CONDITION>
  26860. </CONDITIONLIST>
  26861. <OPERATOR>AND</OPERATOR>
  26862. <THREATLEVEL>10</THREATLEVEL>
  26863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26865. </PROCESSDESCRIPTOR>
  26866. <PROCESSDESCRIPTOR>
  26867. <ID>4182</ID>
  26868. <PROCESSLIST>
  26869. <PROCESS>SBSRV.EXE</PROCESS>
  26870. <PROCESS>SBINST.EXE</PROCESS>
  26871. <PROCESS>SBOEADDON.EXE</PROCESS>
  26872. <PROCESS>SBWEATHERONTRAY.EXE</PROCESS>
  26873. </PROCESSLIST>
  26874. <CLSIDLIST>
  26875. </CLSIDLIST>
  26876. <SUMMARY>Adware.HotBar/SpamBlockerUtility.Process</SUMMARY>
  26877. <DEFAULTINSTALLPATHLIST>
  26878. </DEFAULTINSTALLPATHLIST>
  26879. <CATEGORY>ADWARE</CATEGORY>
  26880. <CONDITIONLIST>
  26881. </CONDITIONLIST>
  26882. <OPERATOR>AND</OPERATOR>
  26883. <THREATLEVEL>10</THREATLEVEL>
  26884. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  26885. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  26886. </PROCESSDESCRIPTOR>
  26887. <PROCESSDESCRIPTOR>
  26888. <ID>4183</ID>
  26889. <PROCESSLIST>
  26890. <PROCESS>SBHOSTIE.DLL</PROCESS>
  26891. </PROCESSLIST>
  26892. <CLSIDLIST>
  26893. <CLSID>{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}</CLSID>
  26894. <CLSID>{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}</CLSID>
  26895. </CLSIDLIST>
  26896. <SUMMARY>Adware.HotBar/SpamBlockerUtility.Explorer Bar</SUMMARY>
  26897. <DEFAULTINSTALLPATHLIST>
  26898. </DEFAULTINSTALLPATHLIST>
  26899. <CATEGORY>ADWARE</CATEGORY>
  26900. <CONDITIONLIST>
  26901. </CONDITIONLIST>
  26902. <OPERATOR>AND</OPERATOR>
  26903. <THREATLEVEL>10</THREATLEVEL>
  26904. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  26905. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  26906. </PROCESSDESCRIPTOR>
  26907. <PROCESSDESCRIPTOR>
  26908. <ID>4184</ID>
  26909. <PROCESSLIST>
  26910. <PROCESS>*</PROCESS>
  26911. <PROCESS>(WAUCLT~1.EXE)</PROCESS>
  26912. </PROCESSLIST>
  26913. <CLSIDLIST>
  26914. </CLSIDLIST>
  26915. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  26916. <DEFAULTINSTALLPATHLIST>
  26917. </DEFAULTINSTALLPATHLIST>
  26918. <CATEGORY>ADWARE</CATEGORY>
  26919. <CONDITIONLIST>
  26920. <CONDITION>MD5=459AC8EF83898533B94785BBA38FEFBE</CONDITION>
  26921. </CONDITIONLIST>
  26922. <OPERATOR>AND</OPERATOR>
  26923. <THREATLEVEL>10</THREATLEVEL>
  26924. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26925. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26926. </PROCESSDESCRIPTOR>
  26927. <PROCESSDESCRIPTOR>
  26928. <ID>4187</ID>
  26929. <PROCESSLIST>
  26930. <PROCESS>*</PROCESS>
  26931. <PROCESS>(RVICES~1.EXE)</PROCESS>
  26932. </PROCESSLIST>
  26933. <CLSIDLIST>
  26934. </CLSIDLIST>
  26935. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  26936. <DEFAULTINSTALLPATHLIST>
  26937. </DEFAULTINSTALLPATHLIST>
  26938. <CATEGORY>ADWARE</CATEGORY>
  26939. <CONDITIONLIST>
  26940. <CONDITION>MD5=89EF5E5222BF109895C2A22D958E155D</CONDITION>
  26941. </CONDITIONLIST>
  26942. <OPERATOR>AND</OPERATOR>
  26943. <THREATLEVEL>10</THREATLEVEL>
  26944. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26945. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26946. </PROCESSDESCRIPTOR>
  26947. <PROCESSDESCRIPTOR>
  26948. <ID>4188</ID>
  26949. <PROCESSLIST>
  26950. <PROCESS>*</PROCESS>
  26951. <PROCESS>WPJBZOSX.EXE</PROCESS>
  26952. <PROCESS>TMWRIUQD.EXE</PROCESS>
  26953. <PROCESS>PLFZIGBD.EXE</PROCESS>
  26954. </PROCESSLIST>
  26955. <CLSIDLIST>
  26956. </CLSIDLIST>
  26957. <SUMMARY>Adware.HotBar.Process</SUMMARY>
  26958. <DEFAULTINSTALLPATHLIST>
  26959. </DEFAULTINSTALLPATHLIST>
  26960. <CATEGORY>ADWARE</CATEGORY>
  26961. <CONDITIONLIST>
  26962. <CONDITION>MD5=B119A414D5481E6F062038016CBCB738</CONDITION>
  26963. </CONDITIONLIST>
  26964. <OPERATOR>OR</OPERATOR>
  26965. <THREATLEVEL>10</THREATLEVEL>
  26966. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  26967. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  26968. </PROCESSDESCRIPTOR>
  26969. <PROCESSDESCRIPTOR>
  26970. <ID>4189</ID>
  26971. <PROCESSLIST>
  26972. <PROCESS>*</PROCESS>
  26973. <PROCESS>SHPRRPRT.DLL</PROCESS>
  26974. </PROCESSLIST>
  26975. <CLSIDLIST>
  26976. <CLSID>{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}</CLSID>
  26977. </CLSIDLIST>
  26978. <SUMMARY>Adware.HotBar/ShopperReports.Explorer Bar</SUMMARY>
  26979. <DEFAULTINSTALLPATHLIST>
  26980. </DEFAULTINSTALLPATHLIST>
  26981. <CATEGORY>ADWARE</CATEGORY>
  26982. <CONDITIONLIST>
  26983. </CONDITIONLIST>
  26984. <OPERATOR>AND</OPERATOR>
  26985. <THREATLEVEL>10</THREATLEVEL>
  26986. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  26987. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  26988. </PROCESSDESCRIPTOR>
  26989. <PROCESSDESCRIPTOR>
  26990. <ID>4198</ID>
  26991. <PROCESSLIST>
  26992. <PROCESS>DLMAX.DLL</PROCESS>
  26993. </PROCESSLIST>
  26994. <CLSIDLIST>
  26995. <CLSID>{00000000-59D4-4008-9058-080011001200}</CLSID>
  26996. </CLSIDLIST>
  26997. <SUMMARY>Adware.Transponder Variant.BHO</SUMMARY>
  26998. <DEFAULTINSTALLPATHLIST>
  26999. </DEFAULTINSTALLPATHLIST>
  27000. <CATEGORY>ADWARE</CATEGORY>
  27001. <CONDITIONLIST>
  27002. </CONDITIONLIST>
  27003. <OPERATOR>AND</OPERATOR>
  27004. <THREATLEVEL>7</THREATLEVEL>
  27005. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27006. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27007. </PROCESSDESCRIPTOR>
  27008. <PROCESSDESCRIPTOR>
  27009. <ID>4199</ID>
  27010. <PROCESSLIST>
  27011. <PROCESS>RSYNCMON.DLL</PROCESS>
  27012. </PROCESSLIST>
  27013. <CLSIDLIST>
  27014. <CLSID>{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}</CLSID>
  27015. </CLSIDLIST>
  27016. <SUMMARY>Adware.RsyncMon.BHO</SUMMARY>
  27017. <DEFAULTINSTALLPATHLIST>
  27018. </DEFAULTINSTALLPATHLIST>
  27019. <CATEGORY>ADWARE</CATEGORY>
  27020. <CONDITIONLIST>
  27021. </CONDITIONLIST>
  27022. <OPERATOR>AND</OPERATOR>
  27023. <THREATLEVEL>7</THREATLEVEL>
  27024. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27025. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27026. </PROCESSDESCRIPTOR>
  27027. <PROCESSDESCRIPTOR>
  27028. <ID>4201</ID>
  27029. <PROCESSLIST>
  27030. <PROCESS>*</PROCESS>
  27031. <PROCESS>PPDISP10.DLL</PROCESS>
  27032. <PROCESS>PSICS3.DLL</PROCESS>
  27033. <PROCESS>REGNEW~1.DLL</PROCESS>
  27034. <PROCESS>KEYWORDZ3.DLL</PROCESS>
  27035. <PROCESS>DSV5.DLL</PROCESS>
  27036. <PROCESS>CTSR5.DLL</PROCESS>
  27037. </PROCESSLIST>
  27038. <CLSIDLIST>
  27039. <CLSID>{DB0018A2-F7D9-4B71-9651-640143DF23F9}</CLSID>
  27040. <CLSID>{B6598677-4B54-42A9-BA67-8B64E3FCD92D}</CLSID>
  27041. <CLSID>{AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41}</CLSID>
  27042. <CLSID>{858126B0-3708-4051-AE8E-B48521401CA2}</CLSID>
  27043. <CLSID>{573E8D87-26A8-4FC3-8C89-2792E39F22C8}</CLSID>
  27044. </CLSIDLIST>
  27045. <SUMMARY>Adware.EZSearching.BHO</SUMMARY>
  27046. <DEFAULTINSTALLPATHLIST>
  27047. </DEFAULTINSTALLPATHLIST>
  27048. <CATEGORY>ADWARE</CATEGORY>
  27049. <CONDITIONLIST>
  27050. </CONDITIONLIST>
  27051. <OPERATOR>AND</OPERATOR>
  27052. <THREATLEVEL>9</THREATLEVEL>
  27053. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27054. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27055. </PROCESSDESCRIPTOR>
  27056. <PROCESSDESCRIPTOR>
  27057. <ID>4202</ID>
  27058. <PROCESSLIST>
  27059. <PROCESS>*</PROCESS>
  27060. <PROCESS>(NPDB~1.EXE)</PROCESS>
  27061. </PROCESSLIST>
  27062. <CLSIDLIST>
  27063. </CLSIDLIST>
  27064. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  27065. <DEFAULTINSTALLPATHLIST>
  27066. </DEFAULTINSTALLPATHLIST>
  27067. <CATEGORY>ADWARE</CATEGORY>
  27068. <CONDITIONLIST>
  27069. <CONDITION>MD5=CB6B95EBD3899A60C72EC5A14DDA3EBA</CONDITION>
  27070. </CONDITIONLIST>
  27071. <OPERATOR>AND</OPERATOR>
  27072. <THREATLEVEL>10</THREATLEVEL>
  27073. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27074. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27075. </PROCESSDESCRIPTOR>
  27076. <PROCESSDESCRIPTOR>
  27077. <ID>4203</ID>
  27078. <PROCESSLIST>
  27079. <PROCESS>WINCLT.EXE</PROCESS>
  27080. <PROCESS>WINAD.EXE</PROCESS>
  27081. </PROCESSLIST>
  27082. <CLSIDLIST>
  27083. </CLSIDLIST>
  27084. <SUMMARY>Adware.WinAd Client.Process</SUMMARY>
  27085. <DEFAULTINSTALLPATHLIST>
  27086. </DEFAULTINSTALLPATHLIST>
  27087. <CATEGORY>ADWARE</CATEGORY>
  27088. <CONDITIONLIST>
  27089. <CONDITION>FILELOCATION~WINAD</CONDITION>
  27090. </CONDITIONLIST>
  27091. <OPERATOR>AND</OPERATOR>
  27092. <THREATLEVEL>10</THREATLEVEL>
  27093. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27094. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27095. </PROCESSDESCRIPTOR>
  27096. <PROCESSDESCRIPTOR>
  27097. <ID>4204</ID>
  27098. <PROCESSLIST>
  27099. <PROCESS>WINSX.DLL</PROCESS>
  27100. </PROCESSLIST>
  27101. <CLSIDLIST>
  27102. <CLSID>{A9AEE0DD-89E1-40EE-8749-A18650CC2175}</CLSID>
  27103. </CLSIDLIST>
  27104. <SUMMARY>Adware.Popup Module.BHO</SUMMARY>
  27105. <DEFAULTINSTALLPATHLIST>
  27106. </DEFAULTINSTALLPATHLIST>
  27107. <CATEGORY>ADWARE</CATEGORY>
  27108. <CONDITIONLIST>
  27109. </CONDITIONLIST>
  27110. <OPERATOR>AND</OPERATOR>
  27111. <THREATLEVEL>7</THREATLEVEL>
  27112. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27113. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27114. </PROCESSDESCRIPTOR>
  27115. <PROCESSDESCRIPTOR>
  27116. <ID>4214</ID>
  27117. <PROCESSLIST>
  27118. <PROCESS>DSKMGR32.EXE</PROCESS>
  27119. </PROCESSLIST>
  27120. <CLSIDLIST>
  27121. </CLSIDLIST>
  27122. <SUMMARY>Uncategorized.Dskmgr32.Process</SUMMARY>
  27123. <DEFAULTINSTALLPATHLIST>
  27124. </DEFAULTINSTALLPATHLIST>
  27125. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  27126. <CONDITIONLIST>
  27127. <CONDITION>INTERNALNAME~dskmgr32</CONDITION>
  27128. <CONDITION>FILELOCATION~system</CONDITION>
  27129. </CONDITIONLIST>
  27130. <OPERATOR>AND</OPERATOR>
  27131. <THREATLEVEL>10</THREATLEVEL>
  27132. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27133. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27134. </PROCESSDESCRIPTOR>
  27135. <PROCESSDESCRIPTOR>
  27136. <ID>4215</ID>
  27137. <PROCESSLIST>
  27138. <PROCESS>*</PROCESS>
  27139. <PROCESS>PRUTRCT.EXE</PROCESS>
  27140. <PROCESS>PRUTQCT.EXE</PROCESS>
  27141. <PROCESS>PRUTPCT.EXE</PROCESS>
  27142. <PROCESS>PRUTOCT.EXE</PROCESS>
  27143. <PROCESS>PRUTNCT.EXE</PROCESS>
  27144. <PROCESS>PRUTMCT.EXE</PROCESS>
  27145. <PROCESS>PRUTSCT.EXE</PROCESS>
  27146. <PROCESS>PRUTTCT.EXE</PROCESS>
  27147. </PROCESSLIST>
  27148. <CLSIDLIST>
  27149. </CLSIDLIST>
  27150. <SUMMARY>Adware.PTech.Process</SUMMARY>
  27151. <DEFAULTINSTALLPATHLIST>
  27152. </DEFAULTINSTALLPATHLIST>
  27153. <CATEGORY>ADWARE</CATEGORY>
  27154. <CONDITIONLIST>
  27155. <CONDITION>COMPANYNAME~PTech</CONDITION>
  27156. <CONDITION>MD5=82AF1FCBE157EBA3498CD97F8D6D2358</CONDITION>
  27157. <CONDITION>MD5=70955E7B3E4C462D06F56584F6CDF785</CONDITION>
  27158. <CONDITION>MD5=A2177885D0184798B2436526AA757344</CONDITION>
  27159. <CONDITION>MD5=F258A63EB0970925781BB48585589139</CONDITION>
  27160. <CONDITION>MD5=7FBE8FE7DEF209E84796981E4038C347</CONDITION>
  27161. <CONDITION>MD5=BB01DC49079B3FA2E2DCF8E54EBEF30C</CONDITION>
  27162. <CONDITION>MD5=F097001A129545C626DE4C64C93DDD32</CONDITION>
  27163. <CONDITION>MD5=700BECACFBA5F50676C00CA2BF751201</CONDITION>
  27164. </CONDITIONLIST>
  27165. <OPERATOR>OR</OPERATOR>
  27166. <THREATLEVEL>7</THREATLEVEL>
  27167. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27168. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27169. </PROCESSDESCRIPTOR>
  27170. <PROCESSDESCRIPTOR>
  27171. <ID>4217</ID>
  27172. <PROCESSLIST>
  27173. <PROCESS>PRGSYS0984.DLL</PROCESS>
  27174. <PROCESS>SDKIR.DLL</PROCESS>
  27175. <PROCESS>APPTB.DLL</PROCESS>
  27176. <PROCESS>METEVUT.EXE</PROCESS>
  27177. <PROCESS>IEAZ32.DLL</PROCESS>
  27178. <PROCESS>NETHP.DLL</PROCESS>
  27179. <PROCESS>APITM.DLL</PROCESS>
  27180. <PROCESS>APIZN32.DLL</PROCESS>
  27181. <PROCESS>ATLBA.DLL</PROCESS>
  27182. <PROCESS>CMON14.DLL</PROCESS>
  27183. <PROCESS>CONTROL64.DLL</PROCESS>
  27184. <PROCESS>D3HX32.DLL</PROCESS>
  27185. <PROCESS>D3MO32.DLL</PROCESS>
  27186. <PROCESS>CRPB32.DLL</PROCESS>
  27187. <PROCESS>MSSF.DLL</PROCESS>
  27188. <PROCESS>IPIC32.DLL</PROCESS>
  27189. <PROCESS>XXTOOLBAR.DLL</PROCESS>
  27190. <PROCESS>AAAVICA.EXE</PROCESS>
  27191. </PROCESSLIST>
  27192. <CLSIDLIST>
  27193. <CLSID>{A0C11525-6C6C-8D6E-342F-4EBBC2B6FDAF}</CLSID>
  27194. <CLSID>{6172A751-F518-736A-C48A-B6E0875958BD}</CLSID>
  27195. <CLSID>{729C8736-0F18-3F7A-E5BB-A9B57E2CDBEC}</CLSID>
  27196. <CLSID>{F5D6CF24-9209-B523-45E8-76F500B344BD}</CLSID>
  27197. <CLSID>{964E2124-4EFC-8478-D558-FA3F46CA1604}</CLSID>
  27198. <CLSID>{E2D18933-6CA1-461A-2D30-CC986B408A2C}</CLSID>
  27199. <CLSID>{BBF5E38D-037F-77FE-1BD4-D0175630EF03}</CLSID>
  27200. <CLSID>{481958D3-16E4-9C16-944F-E7FE88EE3515}</CLSID>
  27201. <CLSID>{2044C94E-DD20-CD28-309F-B10CD072EDA6}</CLSID>
  27202. <CLSID>{C47E6E10-C0C5-AEF2-931D-EF6F0A8C9297}</CLSID>
  27203. <CLSID>{873B0274-4BA2-74B9-39E1-DF2C9CB405F8}</CLSID>
  27204. <CLSID>{9A9D9913-F539-B818-1427-A8E89535E89C}</CLSID>
  27205. <CLSID>{F7AD1C87-A22D-2ADE-8709-D877F23F4F05}</CLSID>
  27206. <CLSID>{5C72B122-9904-E5BD-4093-348A5AD1BEF5}</CLSID>
  27207. <CLSID>{1894A818-B4B1-10DE-96D0-57373BDB407E}</CLSID>
  27208. <CLSID>{0B478A5F-80D3-2FF6-AF0E-5653B825ADD2}</CLSID>
  27209. <CLSID>{0A02863D-F686-31D4-9AE0-525F10771D21}</CLSID>
  27210. <CLSID>{8AE3AEDB-B735-4883-DCF6-362F310E5CA7}</CLSID>
  27211. </CLSIDLIST>
  27212. <SUMMARY>Unclassified.Unknown Origin.URL Search Hook</SUMMARY>
  27213. <DEFAULTINSTALLPATHLIST>
  27214. </DEFAULTINSTALLPATHLIST>
  27215. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  27216. <CONDITIONLIST>
  27217. </CONDITIONLIST>
  27218. <OPERATOR>AND</OPERATOR>
  27219. <THREATLEVEL>5</THREATLEVEL>
  27220. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27221. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27222. </PROCESSDESCRIPTOR>
  27223. <PROCESSDESCRIPTOR>
  27224. <ID>4232</ID>
  27225. <PROCESSLIST>
  27226. <PROCESS>*</PROCESS>
  27227. <PROCESS>(OOL32~1.EXE)</PROCESS>
  27228. </PROCESSLIST>
  27229. <CLSIDLIST>
  27230. </CLSIDLIST>
  27231. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  27232. <DEFAULTINSTALLPATHLIST>
  27233. </DEFAULTINSTALLPATHLIST>
  27234. <CATEGORY>ADWARE</CATEGORY>
  27235. <CONDITIONLIST>
  27236. <CONDITION>MD5=07F5C534814BE004F5B13F18337F664E</CONDITION>
  27237. </CONDITIONLIST>
  27238. <OPERATOR>AND</OPERATOR>
  27239. <THREATLEVEL>10</THREATLEVEL>
  27240. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27241. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27242. </PROCESSDESCRIPTOR>
  27243. <PROCESSDESCRIPTOR>
  27244. <ID>4233</ID>
  27245. <PROCESSLIST>
  27246. <PROCESS>*</PROCESS>
  27247. <PROCESS>NE.DLL</PROCESS>
  27248. </PROCESSLIST>
  27249. <CLSIDLIST>
  27250. <CLSID>{D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}</CLSID>
  27251. </CLSIDLIST>
  27252. <SUMMARY>Adware.SmartPops.BHO</SUMMARY>
  27253. <DEFAULTINSTALLPATHLIST>
  27254. </DEFAULTINSTALLPATHLIST>
  27255. <CATEGORY>ADWARE</CATEGORY>
  27256. <CONDITIONLIST>
  27257. </CONDITIONLIST>
  27258. <OPERATOR>AND</OPERATOR>
  27259. <THREATLEVEL>10</THREATLEVEL>
  27260. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27261. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27262. </PROCESSDESCRIPTOR>
  27263. <PROCESSDESCRIPTOR>
  27264. <ID>4234</ID>
  27265. <PROCESSLIST>
  27266. <PROCESS>*</PROCESS>
  27267. <PROCESS>PERFEC~1.DLL</PROCESS>
  27268. </PROCESSLIST>
  27269. <CLSIDLIST>
  27270. <CLSID>{A045DC85-FC44-45BE-8A50-E4F9C62C9A84}</CLSID>
  27271. </CLSIDLIST>
  27272. <SUMMARY>Adware.IncrediFind.BHO</SUMMARY>
  27273. <DEFAULTINSTALLPATHLIST>
  27274. </DEFAULTINSTALLPATHLIST>
  27275. <CATEGORY>ADWARE</CATEGORY>
  27276. <CONDITIONLIST>
  27277. </CONDITIONLIST>
  27278. <OPERATOR>AND</OPERATOR>
  27279. <THREATLEVEL>10</THREATLEVEL>
  27280. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27281. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27282. </PROCESSDESCRIPTOR>
  27283. <PROCESSDESCRIPTOR>
  27284. <ID>4235</ID>
  27285. <PROCESSLIST>
  27286. <PROCESS>SVCHOSTA.EXE</PROCESS>
  27287. </PROCESSLIST>
  27288. <CLSIDLIST>
  27289. </CLSIDLIST>
  27290. <SUMMARY>Worm.Spybot Variant.Process</SUMMARY>
  27291. <DEFAULTINSTALLPATHLIST>
  27292. </DEFAULTINSTALLPATHLIST>
  27293. <CATEGORY>WORM</CATEGORY>
  27294. <CONDITIONLIST>
  27295. <CONDITION>FILELOCATION~system</CONDITION>
  27296. </CONDITIONLIST>
  27297. <OPERATOR>AND</OPERATOR>
  27298. <THREATLEVEL>10</THREATLEVEL>
  27299. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27300. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27301. </PROCESSDESCRIPTOR>
  27302. <PROCESSDESCRIPTOR>
  27303. <ID>4236</ID>
  27304. <PROCESSLIST>
  27305. <PROCESS>*</PROCESS>
  27306. <PROCESS>(RNDLL~1.EXE)</PROCESS>
  27307. </PROCESSLIST>
  27308. <CLSIDLIST>
  27309. </CLSIDLIST>
  27310. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  27311. <DEFAULTINSTALLPATHLIST>
  27312. </DEFAULTINSTALLPATHLIST>
  27313. <CATEGORY>ADWARE</CATEGORY>
  27314. <CONDITIONLIST>
  27315. <CONDITION>MD5=E2AED400C7754B98C378F8262DFFBBE2</CONDITION>
  27316. </CONDITIONLIST>
  27317. <OPERATOR>AND</OPERATOR>
  27318. <THREATLEVEL>10</THREATLEVEL>
  27319. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27320. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27321. </PROCESSDESCRIPTOR>
  27322. <PROCESSDESCRIPTOR>
  27323. <ID>4237</ID>
  27324. <PROCESSLIST>
  27325. <PROCESS>MANAGE.EXE</PROCESS>
  27326. </PROCESSLIST>
  27327. <CLSIDLIST>
  27328. </CLSIDLIST>
  27329. <SUMMARY>Adware.Jraun/WinEssential.Process</SUMMARY>
  27330. <DEFAULTINSTALLPATHLIST>
  27331. </DEFAULTINSTALLPATHLIST>
  27332. <CATEGORY>ADWARE</CATEGORY>
  27333. <CONDITIONLIST>
  27334. <CONDITION>FILELOCATION~system</CONDITION>
  27335. <CONDITION>FILEDESCRIPTION~version</CONDITION>
  27336. </CONDITIONLIST>
  27337. <OPERATOR>AND</OPERATOR>
  27338. <THREATLEVEL>10</THREATLEVEL>
  27339. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27340. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27341. </PROCESSDESCRIPTOR>
  27342. <PROCESSDESCRIPTOR>
  27343. <ID>4238</ID>
  27344. <PROCESSLIST>
  27345. <PROCESS>EZSYS.EXE</PROCESS>
  27346. </PROCESSLIST>
  27347. <CLSIDLIST>
  27348. </CLSIDLIST>
  27349. <SUMMARY>Adware.eZula.Process</SUMMARY>
  27350. <DEFAULTINSTALLPATHLIST>
  27351. </DEFAULTINSTALLPATHLIST>
  27352. <CATEGORY>ADWARE</CATEGORY>
  27353. <CONDITIONLIST>
  27354. <CONDITION>COMPANYNAME~WebOffer</CONDITION>
  27355. </CONDITIONLIST>
  27356. <OPERATOR>AND</OPERATOR>
  27357. <THREATLEVEL>7</THREATLEVEL>
  27358. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27359. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27360. </PROCESSDESCRIPTOR>
  27361. <PROCESSDESCRIPTOR>
  27362. <ID>4239</ID>
  27363. <PROCESSLIST>
  27364. <PROCESS>YMSNGR.EXE</PROCESS>
  27365. </PROCESSLIST>
  27366. <CLSIDLIST>
  27367. </CLSIDLIST>
  27368. <SUMMARY>Worm.Spybot Variant.Process</SUMMARY>
  27369. <DEFAULTINSTALLPATHLIST>
  27370. </DEFAULTINSTALLPATHLIST>
  27371. <CATEGORY>WORM</CATEGORY>
  27372. <CONDITIONLIST>
  27373. <CONDITION>FILELOCATION~system</CONDITION>
  27374. </CONDITIONLIST>
  27375. <OPERATOR>AND</OPERATOR>
  27376. <THREATLEVEL>10</THREATLEVEL>
  27377. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27378. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27379. </PROCESSDESCRIPTOR>
  27380. <PROCESSDESCRIPTOR>
  27381. <ID>4243</ID>
  27382. <PROCESSLIST>
  27383. <PROCESS>HYPERBARSS3.DLL</PROCESS>
  27384. </PROCESSLIST>
  27385. <CLSIDLIST>
  27386. <CLSID>*</CLSID>
  27387. </CLSIDLIST>
  27388. <SUMMARY>HyperSearchHook URL Search Hook Variant</SUMMARY>
  27389. <DEFAULTINSTALLPATHLIST>
  27390. </DEFAULTINSTALLPATHLIST>
  27391. <CATEGORY>ADWARE</CATEGORY>
  27392. <CONDITIONLIST>
  27393. </CONDITIONLIST>
  27394. <OPERATOR>AND</OPERATOR>
  27395. <THREATLEVEL>10</THREATLEVEL>
  27396. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27397. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27398. </PROCESSDESCRIPTOR>
  27399. <PROCESSDESCRIPTOR>
  27400. <ID>4244</ID>
  27401. <PROCESSLIST>
  27402. <PROCESS>*</PROCESS>
  27403. </PROCESSLIST>
  27404. <CLSIDLIST>
  27405. </CLSIDLIST>
  27406. <SUMMARY>Adware.Lop.Process</SUMMARY>
  27407. <DEFAULTINSTALLPATHLIST>
  27408. </DEFAULTINSTALLPATHLIST>
  27409. <CATEGORY>ADWARE</CATEGORY>
  27410. <CONDITIONLIST>
  27411. <CONDITION>MD5=B556FE5A548379B9FEC866900BE9A0DB</CONDITION>
  27412. </CONDITIONLIST>
  27413. <OPERATOR>AND</OPERATOR>
  27414. <THREATLEVEL>10</THREATLEVEL>
  27415. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27416. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27417. </PROCESSDESCRIPTOR>
  27418. <PROCESSDESCRIPTOR>
  27419. <ID>4245</ID>
  27420. <PROCESSLIST>
  27421. <PROCESS>IEXPLORR24.DLL</PROCESS>
  27422. <PROCESS>IEXPLORR23.DLL</PROCESS>
  27423. </PROCESSLIST>
  27424. <CLSIDLIST>
  27425. <CLSID>{6B12DABB-0B7C-44FA-B0B3-4BAFF3790256}</CLSID>
  27426. <CLSID>{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}</CLSID>
  27427. </CLSIDLIST>
  27428. <SUMMARY>Adware.IExplorr.BHO</SUMMARY>
  27429. <DEFAULTINSTALLPATHLIST>
  27430. </DEFAULTINSTALLPATHLIST>
  27431. <CATEGORY>ADWARE</CATEGORY>
  27432. <CONDITIONLIST>
  27433. </CONDITIONLIST>
  27434. <OPERATOR>AND</OPERATOR>
  27435. <THREATLEVEL>6</THREATLEVEL>
  27436. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27437. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27438. </PROCESSDESCRIPTOR>
  27439. <PROCESSDESCRIPTOR>
  27440. <ID>4246</ID>
  27441. <PROCESSLIST>
  27442. <PROCESS>X2FF.DLL</PROCESS>
  27443. <PROCESS>X0FF.DLL</PROCESS>
  27444. <PROCESS>CSA.DLL</PROCESS>
  27445. </PROCESSLIST>
  27446. <CLSIDLIST>
  27447. <CLSID>*</CLSID>
  27448. <CLSID>{AC109D01-32D6-4EB5-8300-D3C5EBAC7C83}</CLSID>
  27449. </CLSIDLIST>
  27450. <SUMMARY>Adware.ClearStream Accelerator (Riversoft).BHO</SUMMARY>
  27451. <DEFAULTINSTALLPATHLIST>
  27452. </DEFAULTINSTALLPATHLIST>
  27453. <CATEGORY>ADWARE</CATEGORY>
  27454. <CONDITIONLIST>
  27455. </CONDITIONLIST>
  27456. <OPERATOR>AND</OPERATOR>
  27457. <THREATLEVEL>7</THREATLEVEL>
  27458. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27459. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27460. </PROCESSDESCRIPTOR>
  27461. <PROCESSDESCRIPTOR>
  27462. <ID>4251</ID>
  27463. <PROCESSLIST>
  27464. <PROCESS>RUNDLL32.EXE</PROCESS>
  27465. </PROCESSLIST>
  27466. <CLSIDLIST>
  27467. </CLSIDLIST>
  27468. <SUMMARY>Adware.Rundll32/ewizard.cc.Process</SUMMARY>
  27469. <DEFAULTINSTALLPATHLIST>
  27470. </DEFAULTINSTALLPATHLIST>
  27471. <CATEGORY>ADWARE</CATEGORY>
  27472. <CONDITIONLIST>
  27473. <CONDITION>COMMANDLINE~SE.DLL</CONDITION>
  27474. <CONDITION>COMMANDLINE~DllInstall</CONDITION>
  27475. </CONDITIONLIST>
  27476. <OPERATOR>AND</OPERATOR>
  27477. <THREATLEVEL>10</THREATLEVEL>
  27478. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27479. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27480. </PROCESSDESCRIPTOR>
  27481. <PROCESSDESCRIPTOR>
  27482. <ID>4252</ID>
  27483. <PROCESSLIST>
  27484. <PROCESS>SE.DLL</PROCESS>
  27485. </PROCESSLIST>
  27486. <CLSIDLIST>
  27487. </CLSIDLIST>
  27488. <SUMMARY>Adware.Rundll32/ewizard.cc.Process</SUMMARY>
  27489. <DEFAULTINSTALLPATHLIST>
  27490. </DEFAULTINSTALLPATHLIST>
  27491. <CATEGORY>ADWARE</CATEGORY>
  27492. <CONDITIONLIST>
  27493. <CONDITION>MD5=2e8ff8927c53f9852a4293d8223727e5</CONDITION>
  27494. </CONDITIONLIST>
  27495. <OPERATOR>OR</OPERATOR>
  27496. <THREATLEVEL>10</THREATLEVEL>
  27497. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27498. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27499. </PROCESSDESCRIPTOR>
  27500. <PROCESSDESCRIPTOR>
  27501. <ID>4254</ID>
  27502. <PROCESSLIST>
  27503. <PROCESS>*</PROCESS>
  27504. </PROCESSLIST>
  27505. <CLSIDLIST>
  27506. </CLSIDLIST>
  27507. <SUMMARY>Adware.ClearSearch.Process</SUMMARY>
  27508. <DEFAULTINSTALLPATHLIST>
  27509. </DEFAULTINSTALLPATHLIST>
  27510. <CATEGORY>ADWARE</CATEGORY>
  27511. <CONDITIONLIST>
  27512. <CONDITION>INTERNALNAME~LoaderUpdater</CONDITION>
  27513. <CONDITION>PRODUCTNAME~ClearSearch</CONDITION>
  27514. </CONDITIONLIST>
  27515. <OPERATOR>AND</OPERATOR>
  27516. <THREATLEVEL>10</THREATLEVEL>
  27517. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27518. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27519. </PROCESSDESCRIPTOR>
  27520. <PROCESSDESCRIPTOR>
  27521. <ID>4255</ID>
  27522. <PROCESSLIST>
  27523. <PROCESS>*</PROCESS>
  27524. </PROCESSLIST>
  27525. <CLSIDLIST>
  27526. <CLSID>*</CLSID>
  27527. </CLSIDLIST>
  27528. <SUMMARY>Adware.ClearSearch.Browser Extension</SUMMARY>
  27529. <DEFAULTINSTALLPATHLIST>
  27530. </DEFAULTINSTALLPATHLIST>
  27531. <CATEGORY>ADWARE</CATEGORY>
  27532. <CONDITIONLIST>
  27533. <CONDITION>MD5=056aa09a76cdc2f3872fe44a1508cdf7</CONDITION>
  27534. <CONDITION>MD5=31d98ad4b5d82fe353d294e965ff28eb</CONDITION>
  27535. <CONDITION>MD5=374dc8f65d881f534c5d92f84e2b493c</CONDITION>
  27536. <CONDITION>MD5=78c3432dfa6c02e58cebaeefd7b13d65</CONDITION>
  27537. <CONDITION>MD5=88442aa69f04b79cb53e46cae032ef56</CONDITION>
  27538. <CONDITION>MD5=b7632d36abd9e440f87c4171ca2bb3e1</CONDITION>
  27539. <CONDITION>MD5=be7a499e4ca8cdd4b1b8e42e1371cd74</CONDITION>
  27540. <CONDITION>MD5=c90758f507aac9e54b4ae599c2a30591</CONDITION>
  27541. <CONDITION>MD5=d1645a1168ccc53643e4c50ea2a3152e</CONDITION>
  27542. <CONDITION>MD5=d8569e0a499d4260b3dcc2b9698c62f9</CONDITION>
  27543. <CONDITION>MD5=dcb235a98bfef12e1e8cf2eb991deef9</CONDITION>
  27544. <CONDITION>MD5=e280063a5d40be6394685d1b7ac2e874</CONDITION>
  27545. <CONDITION>MD5=f7fa1f2a3ac046e4ab678a685fb1ee1f</CONDITION>
  27546. <CONDITION>MD5=D1D57D7D3BD3845EFA6FB13D4739CFC1</CONDITION>
  27547. <CONDITION>MD5=EA4ABA2B73AF78A3D033ADFF406662A5</CONDITION>
  27548. <CONDITION>MD5=76A1C1173B17AAB5ABBA88C89684609E</CONDITION>
  27549. <CONDITION>MD5=C983217EEF5BB3F097FA71DE00C87A25</CONDITION>
  27550. <CONDITION>MD5=49D255EAFC3D418FFA7BCFC69451829E</CONDITION>
  27551. <CONDITION>MD5=6DF9D89DBC66474DCCE3AC4C5CA9A3F1</CONDITION>
  27552. <CONDITION>MD5=11D19B2A3603F929495AC0D4C07FF834</CONDITION>
  27553. <CONDITION>MD5=BA856E4E3C32BFB790F045D2EDAB6FA5</CONDITION>
  27554. <CONDITION>MD5=FB1ECDA90A4A5FA56FA66FD537819F0C</CONDITION>
  27555. <CONDITION>MD5=E132E227D1693224C819EDB848B62C6D</CONDITION>
  27556. <CONDITION>MD5=FDA0C89EC91676F3D456253C6FF78E3F</CONDITION>
  27557. <CONDITION>MD5=70DE6B567737F35E0AC2FABF78F8F988</CONDITION>
  27558. <CONDITION>MD5=EA8BE6444E3E9ED5BF1419727FE04F32</CONDITION>
  27559. <CONDITION>MD5=BEBF234359020665C7912C0B05D79F44</CONDITION>
  27560. <CONDITION>MD5=12975846794976ACDF9661CCAB385F89</CONDITION>
  27561. <CONDITION>MD5=DAE25AFBA1EF979CD3DAD6E2E8585298</CONDITION>
  27562. <CONDITION>MD5=984A1A552E49A92CB4E01F40222CF29B</CONDITION>
  27563. <CONDITION>MD5=B360B92F1AE5A5E4298B7128921B69E9</CONDITION>
  27564. <CONDITION>MD5=D983FECF5C0D2EA0C0CAE2B251F5C1CB</CONDITION>
  27565. <CONDITION>MD5=056FC291F011B44F307338B65D05F6CF</CONDITION>
  27566. <CONDITION>MD5=0A984C84570C8CCF2C23168A0222C1F7</CONDITION>
  27567. <CONDITION>MD5=540B4CB7D9B3275DC47E140807BB6A6C</CONDITION>
  27568. <CONDITION>MD5=044A1C5AED8AA776CFC248C6BD14B88A</CONDITION>
  27569. <CONDITION>MD5=CAF687FCDB536BE5D2705DFB47A45A4E</CONDITION>
  27570. <CONDITION>MD5=D1C099DA6E1BDD6E3C860DE8AA302894</CONDITION>
  27571. <CONDITION>MD5=1D28AA1B699CA6F39BD59AC49A47AD0D</CONDITION>
  27572. <CONDITION>MD5=F631111E0FB259C96A90C52E22553E3E</CONDITION>
  27573. <CONDITION>MD5=86C2B313F7D0DFFA747FEA26A1D35C51</CONDITION>
  27574. <CONDITION>MD5=5695EFB8E1A1DA18B876F5D3EE382118</CONDITION>
  27575. <CONDITION>MD5=4CB7D7F783205218BA334FA9F66DB4F8</CONDITION>
  27576. <CONDITION>MD5=7B9124E96804A3148A20A7B31749D642</CONDITION>
  27577. <CONDITION>MD5=CCD0C6AA81409C2F7F39E7D379B4A9F4</CONDITION>
  27578. <CONDITION>MD5=94847DE05B438674C7A791BB80483BAC</CONDITION>
  27579. <CONDITION>MD5=4774B47E7502D651E4714158B8394FA4</CONDITION>
  27580. </CONDITIONLIST>
  27581. <OPERATOR>OR</OPERATOR>
  27582. <THREATLEVEL>10</THREATLEVEL>
  27583. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27584. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27585. </PROCESSDESCRIPTOR>
  27586. <PROCESSDESCRIPTOR>
  27587. <ID>4256</ID>
  27588. <PROCESSLIST>
  27589. <PROCESS>*</PROCESS>
  27590. </PROCESSLIST>
  27591. <CLSIDLIST>
  27592. </CLSIDLIST>
  27593. <SUMMARY>Adware.ClearSearch.Process</SUMMARY>
  27594. <DEFAULTINSTALLPATHLIST>
  27595. </DEFAULTINSTALLPATHLIST>
  27596. <CATEGORY>ADWARE</CATEGORY>
  27597. <CONDITIONLIST>
  27598. <CONDITION>MD5=056aa09a76cdc2f3872fe44a1508cdf7</CONDITION>
  27599. <CONDITION>MD5=31d98ad4b5d82fe353d294e965ff28eb</CONDITION>
  27600. <CONDITION>MD5=374dc8f65d881f534c5d92f84e2b493c</CONDITION>
  27601. <CONDITION>MD5=78c3432dfa6c02e58cebaeefd7b13d65</CONDITION>
  27602. <CONDITION>MD5=88442aa69f04b79cb53e46cae032ef56</CONDITION>
  27603. <CONDITION>MD5=b7632d36abd9e440f87c4171ca2bb3e1</CONDITION>
  27604. <CONDITION>MD5=be7a499e4ca8cdd4b1b8e42e1371cd74</CONDITION>
  27605. <CONDITION>MD5=c90758f507aac9e54b4ae599c2a30591</CONDITION>
  27606. <CONDITION>MD5=d1645a1168ccc53643e4c50ea2a3152e</CONDITION>
  27607. <CONDITION>MD5=d8569e0a499d4260b3dcc2b9698c62f9</CONDITION>
  27608. <CONDITION>MD5=dcb235a98bfef12e1e8cf2eb991deef9</CONDITION>
  27609. <CONDITION>MD5=e280063a5d40be6394685d1b7ac2e874</CONDITION>
  27610. <CONDITION>MD5=f7fa1f2a3ac046e4ab678a685fb1ee1f</CONDITION>
  27611. <CONDITION>MD5=D1D57D7D3BD3845EFA6FB13D4739CFC1</CONDITION>
  27612. <CONDITION>MD5=AF1C1EA26B136782791F8788C3589787</CONDITION>
  27613. <CONDITION>MD5=FDCAF93CFFB6ADD5FD0A55C86E352E45</CONDITION>
  27614. <CONDITION>MD5=E3E9537283AF06648A6A6F0F9D201B88</CONDITION>
  27615. <CONDITION>MD5=E0DF2BB3568CBDAEAC223444B495508D</CONDITION>
  27616. <CONDITION>MD5=F2C70D0BB07D318D2F264994D33803C1</CONDITION>
  27617. <CONDITION>MD5=04C926F8F4FB856C9E4BF964C752177B</CONDITION>
  27618. <CONDITION>MD5=D22CFF420BF21DF72C5ADB5F3C5DCCB6</CONDITION>
  27619. <CONDITION>MD5=6BD9F90D75AC62A8294EB55A0ADB1207</CONDITION>
  27620. <CONDITION>MD5=82F0217A522F66EEB936FCEC0C559F00</CONDITION>
  27621. <CONDITION>MD5=3E51E3559F08FBDE08B521F7738D2D54</CONDITION>
  27622. <CONDITION>MD5=519CC30817C90033CBF340F9E73085CA</CONDITION>
  27623. <CONDITION>MD5=B78618C53048ECCE428136FA2203895A</CONDITION>
  27624. <CONDITION>MD5=D211656A6D8B608B8B4D2B2D5817E8DF</CONDITION>
  27625. <CONDITION>MD5=B689BBF2DF9F1E2F77B9AD595FDC351E</CONDITION>
  27626. <CONDITION>MD5=8345CD6A81062C824CC81DB742FC0252</CONDITION>
  27627. <CONDITION>MD5=DF5829AB7AA5C01C59A4E6F724EAD9F2</CONDITION>
  27628. <CONDITION>MD5=8DD59D4D8F1186C4690207376C42585F</CONDITION>
  27629. <CONDITION>MD5=0F646EEB870B524DBA9E543A77D78F15</CONDITION>
  27630. <CONDITION>MD5=3EE2D713A82598D723480A7E0DDFD07E</CONDITION>
  27631. <CONDITION>MD5=2D1E8844484C95D1538AB50410CD8374</CONDITION>
  27632. <CONDITION>MD5=1CC030F1ED3C31C2FDBFEED8E533C4F8</CONDITION>
  27633. <CONDITION>MD5=D10C463AF17E3D7132B11F3DE86E65FC</CONDITION>
  27634. <CONDITION>MD5=5A66087A032EAAA9E08F08981C0EF9AF</CONDITION>
  27635. <CONDITION>MD5=05C780107BAC553669B52D1552927773</CONDITION>
  27636. <CONDITION>MD5=5F811909E605759A5A97C673C060EE1B</CONDITION>
  27637. <CONDITION>MD5=BE7E5BD48357090E740943C8A42A96CD</CONDITION>
  27638. <CONDITION>MD5=B837A7DF4EB61123501A12DCEFF05997</CONDITION>
  27639. <CONDITION>MD5=01B6E2DF0F1EF7C622D9613F4F5C2C4D</CONDITION>
  27640. <CONDITION>MD5=E42432AD10CB93FF28A99551AA6CF9C2</CONDITION>
  27641. <CONDITION>MD5=FFD05DBC6DC79402336DF929F6EAD5B5</CONDITION>
  27642. <CONDITION>MD5=C34645FA5C2D8D75A892CA974508CB4C</CONDITION>
  27643. <CONDITION>MD5=C6129C27536598A0CD523ED0EF054C4E</CONDITION>
  27644. <CONDITION>MD5=93870F15FF55E5930D402820CF85F121</CONDITION>
  27645. <CONDITION>MD5=2750E09F684E42B2BD81066218324515</CONDITION>
  27646. <CONDITION>MD5=AB9A209B6076186408D043D3E963B654</CONDITION>
  27647. <CONDITION>MD5=CA6A59F194C1ACAADF2C1850F46854E3</CONDITION>
  27648. <CONDITION>MD5=ACDA4A5B5C6114A0D9D2D5FA21FC5267</CONDITION>
  27649. <CONDITION>MD5=558AB13E63627CEEB4DA0B81903E5C3A</CONDITION>
  27650. <CONDITION>MD5=6A1CDDD01AECF494A42659E9D559F0E8</CONDITION>
  27651. <CONDITION>MD5=08EA364AB946A3DB89C81F683A9007A3</CONDITION>
  27652. <CONDITION>MD5=FEB0A3CE2018630FBFE804BBE85440BE</CONDITION>
  27653. <CONDITION>MD5=8069FEAF5114F2C5F14E3F37BF8D0A96</CONDITION>
  27654. <CONDITION>MD5=C096722FE2B27B8F21980BEE19AFB382</CONDITION>
  27655. <CONDITION>MD5=4DA76CD2ACF0ED48D8D6502B6346EAD4</CONDITION>
  27656. <CONDITION>MD5=941F14F388A787D5B469B0B74B4818E0</CONDITION>
  27657. <CONDITION>MD5=D951DE82A903E2220346233246A4D423</CONDITION>
  27658. <CONDITION>MD5=FBB6BD565ACA02D58D9ED8CF42C54560</CONDITION>
  27659. <CONDITION>MD5=23CF0BBAC10E24EE396083FFDA63F6E4</CONDITION>
  27660. </CONDITIONLIST>
  27661. <OPERATOR>OR</OPERATOR>
  27662. <THREATLEVEL>10</THREATLEVEL>
  27663. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27664. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27665. </PROCESSDESCRIPTOR>
  27666. <PROCESSDESCRIPTOR>
  27667. <ID>4258</ID>
  27668. <PROCESSLIST>
  27669. <PROCESS>MEDIAPASSK.EXE</PROCESS>
  27670. <PROCESS>MEDIAPASS.EXE</PROCESS>
  27671. </PROCESSLIST>
  27672. <CLSIDLIST>
  27673. </CLSIDLIST>
  27674. <SUMMARY>Adware.Media Pass.Process</SUMMARY>
  27675. <DEFAULTINSTALLPATHLIST>
  27676. </DEFAULTINSTALLPATHLIST>
  27677. <CATEGORY>ADWARE</CATEGORY>
  27678. <CONDITIONLIST>
  27679. <CONDITION>FILELOCATION~Media</CONDITION>
  27680. </CONDITIONLIST>
  27681. <OPERATOR>AND</OPERATOR>
  27682. <THREATLEVEL>7</THREATLEVEL>
  27683. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27684. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27685. </PROCESSDESCRIPTOR>
  27686. <PROCESSDESCRIPTOR>
  27687. <ID>4259</ID>
  27688. <PROCESSLIST>
  27689. <PROCESS>ZETA.EXE</PROCESS>
  27690. </PROCESSLIST>
  27691. <CLSIDLIST>
  27692. </CLSIDLIST>
  27693. <SUMMARY>Adware.Zesoft.Process</SUMMARY>
  27694. <DEFAULTINSTALLPATHLIST>
  27695. </DEFAULTINSTALLPATHLIST>
  27696. <CATEGORY>ADWARE</CATEGORY>
  27697. <CONDITIONLIST>
  27698. <CONDITION>FILELOCATION~WINDOWS</CONDITION>
  27699. <CONDITION>FILELOCATION~WINNT</CONDITION>
  27700. </CONDITIONLIST>
  27701. <OPERATOR>OR</OPERATOR>
  27702. <THREATLEVEL>9</THREATLEVEL>
  27703. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27704. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27705. </PROCESSDESCRIPTOR>
  27706. <PROCESSDESCRIPTOR>
  27707. <ID>4262</ID>
  27708. <PROCESSLIST>
  27709. <PROCESS>MSCONFG.EXE</PROCESS>
  27710. </PROCESSLIST>
  27711. <CLSIDLIST>
  27712. </CLSIDLIST>
  27713. <SUMMARY>Worm.Rbot.H.Process</SUMMARY>
  27714. <DEFAULTINSTALLPATHLIST>
  27715. </DEFAULTINSTALLPATHLIST>
  27716. <CATEGORY>WORM</CATEGORY>
  27717. <CONDITIONLIST>
  27718. <CONDITION>FILELOCATION~system</CONDITION>
  27719. </CONDITIONLIST>
  27720. <OPERATOR>AND</OPERATOR>
  27721. <THREATLEVEL>10</THREATLEVEL>
  27722. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27723. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27724. </PROCESSDESCRIPTOR>
  27725. <PROCESSDESCRIPTOR>
  27726. <ID>4263</ID>
  27727. <PROCESSLIST>
  27728. <PROCESS>WINSYSTEM32.EXE</PROCESS>
  27729. </PROCESSLIST>
  27730. <CLSIDLIST>
  27731. </CLSIDLIST>
  27732. <SUMMARY>Worm.Rbot-UO.Process</SUMMARY>
  27733. <DEFAULTINSTALLPATHLIST>
  27734. </DEFAULTINSTALLPATHLIST>
  27735. <CATEGORY>WORM</CATEGORY>
  27736. <CONDITIONLIST>
  27737. <CONDITION>FILELOCATION~system</CONDITION>
  27738. </CONDITIONLIST>
  27739. <OPERATOR>AND</OPERATOR>
  27740. <THREATLEVEL>10</THREATLEVEL>
  27741. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27742. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27743. </PROCESSDESCRIPTOR>
  27744. <PROCESSDESCRIPTOR>
  27745. <ID>4264</ID>
  27746. <PROCESSLIST>
  27747. <PROCESS>*</PROCESS>
  27748. <PROCESS>(YWXBHL.EXE)</PROCESS>
  27749. <PROCESS>(YEMAUN.EXE)</PROCESS>
  27750. <PROCESS>(AUGYGE.EXE)</PROCESS>
  27751. <PROCESS>(UCHQKF.EXE)</PROCESS>
  27752. <PROCESS>(PEZUML.EXE)</PROCESS>
  27753. </PROCESSLIST>
  27754. <CLSIDLIST>
  27755. </CLSIDLIST>
  27756. <SUMMARY>Unclassified.Redirect.Process</SUMMARY>
  27757. <DEFAULTINSTALLPATHLIST>
  27758. </DEFAULTINSTALLPATHLIST>
  27759. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  27760. <CONDITIONLIST>
  27761. <CONDITION>FILEDESCRIPTION~Redirect MFC Application</CONDITION>
  27762. <CONDITION>PRODUCTNAME~Redirect Application</CONDITION>
  27763. <CONDITION>ORIGINALFILENAME~Redirect.EXE</CONDITION>
  27764. </CONDITIONLIST>
  27765. <OPERATOR>AND</OPERATOR>
  27766. <THREATLEVEL>10</THREATLEVEL>
  27767. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27768. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27769. </PROCESSDESCRIPTOR>
  27770. <PROCESSDESCRIPTOR>
  27771. <ID>4282</ID>
  27772. <PROCESSLIST>
  27773. <PROCESS>*</PROCESS>
  27774. <PROCESS>TRGEN.DLL</PROCESS>
  27775. </PROCESSLIST>
  27776. <CLSIDLIST>
  27777. <CLSID>{22B720C7-5FA6-40A8-9F8F-8584BF669690}</CLSID>
  27778. </CLSIDLIST>
  27779. <SUMMARY>Browser Hijacker.Begin2Search.BHO</SUMMARY>
  27780. <DEFAULTINSTALLPATHLIST>
  27781. </DEFAULTINSTALLPATHLIST>
  27782. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  27783. <CONDITIONLIST>
  27784. </CONDITIONLIST>
  27785. <OPERATOR>AND</OPERATOR>
  27786. <THREATLEVEL>10</THREATLEVEL>
  27787. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27788. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27789. </PROCESSDESCRIPTOR>
  27790. <PROCESSDESCRIPTOR>
  27791. <ID>4283</ID>
  27792. <PROCESSLIST>
  27793. <PROCESS>USERINIT32.EXE</PROCESS>
  27794. </PROCESSLIST>
  27795. <CLSIDLIST>
  27796. </CLSIDLIST>
  27797. <SUMMARY>Worm.Petch.Process</SUMMARY>
  27798. <DEFAULTINSTALLPATHLIST>
  27799. </DEFAULTINSTALLPATHLIST>
  27800. <CATEGORY>WORM</CATEGORY>
  27801. <CONDITIONLIST>
  27802. <CONDITION>FILELOCATION~system</CONDITION>
  27803. </CONDITIONLIST>
  27804. <OPERATOR>AND</OPERATOR>
  27805. <THREATLEVEL>10</THREATLEVEL>
  27806. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27807. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27808. </PROCESSDESCRIPTOR>
  27809. <PROCESSDESCRIPTOR>
  27810. <ID>4284</ID>
  27811. <PROCESSLIST>
  27812. <PROCESS>OPEN32.EXE</PROCESS>
  27813. </PROCESSLIST>
  27814. <CLSIDLIST>
  27815. </CLSIDLIST>
  27816. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  27817. <DEFAULTINSTALLPATHLIST>
  27818. </DEFAULTINSTALLPATHLIST>
  27819. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  27820. <CONDITIONLIST>
  27821. <CONDITION>FILELOCATION~system</CONDITION>
  27822. </CONDITIONLIST>
  27823. <OPERATOR>AND</OPERATOR>
  27824. <THREATLEVEL>10</THREATLEVEL>
  27825. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27826. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27827. </PROCESSDESCRIPTOR>
  27828. <PROCESSDESCRIPTOR>
  27829. <ID>4285</ID>
  27830. <PROCESSLIST>
  27831. <PROCESS>AUF0.EXE</PROCESS>
  27832. </PROCESSLIST>
  27833. <CLSIDLIST>
  27834. </CLSIDLIST>
  27835. <SUMMARY>Adware.Apropos Media.Process</SUMMARY>
  27836. <DEFAULTINSTALLPATHLIST>
  27837. </DEFAULTINSTALLPATHLIST>
  27838. <CATEGORY>ADWARE</CATEGORY>
  27839. <CONDITIONLIST>
  27840. <CONDITION>FILELOCATION~Temp</CONDITION>
  27841. </CONDITIONLIST>
  27842. <OPERATOR>AND</OPERATOR>
  27843. <THREATLEVEL>10</THREATLEVEL>
  27844. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27845. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27846. </PROCESSDESCRIPTOR>
  27847. <PROCESSDESCRIPTOR>
  27848. <ID>4286</ID>
  27849. <PROCESSLIST>
  27850. <PROCESS>SUBMITHOOK.DLL</PROCESS>
  27851. </PROCESSLIST>
  27852. <CLSIDLIST>
  27853. <CLSID>{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}</CLSID>
  27854. </CLSIDLIST>
  27855. <SUMMARY>Adware.Submithook.BHO</SUMMARY>
  27856. <DEFAULTINSTALLPATHLIST>
  27857. </DEFAULTINSTALLPATHLIST>
  27858. <CATEGORY>ADWARE</CATEGORY>
  27859. <CONDITIONLIST>
  27860. </CONDITIONLIST>
  27861. <OPERATOR>AND</OPERATOR>
  27862. <THREATLEVEL>10</THREATLEVEL>
  27863. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27864. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27865. </PROCESSDESCRIPTOR>
  27866. <PROCESSDESCRIPTOR>
  27867. <ID>4288</ID>
  27868. <PROCESSLIST>
  27869. <PROCESS>IEXPLORERRS.EXE</PROCESS>
  27870. </PROCESSLIST>
  27871. <CLSIDLIST>
  27872. </CLSIDLIST>
  27873. <SUMMARY>Worm.Rbot-TN.Process</SUMMARY>
  27874. <DEFAULTINSTALLPATHLIST>
  27875. </DEFAULTINSTALLPATHLIST>
  27876. <CATEGORY>WORM</CATEGORY>
  27877. <CONDITIONLIST>
  27878. <CONDITION>FILELOCATION~system</CONDITION>
  27879. </CONDITIONLIST>
  27880. <OPERATOR>AND</OPERATOR>
  27881. <THREATLEVEL>10</THREATLEVEL>
  27882. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27883. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27884. </PROCESSDESCRIPTOR>
  27885. <PROCESSDESCRIPTOR>
  27886. <ID>4289</ID>
  27887. <PROCESSLIST>
  27888. <PROCESS>*</PROCESS>
  27889. </PROCESSLIST>
  27890. <CLSIDLIST>
  27891. </CLSIDLIST>
  27892. <SUMMARY>Adware.180solutions/Search Assistant.Component</SUMMARY>
  27893. <DEFAULTINSTALLPATHLIST>
  27894. </DEFAULTINSTALLPATHLIST>
  27895. <CATEGORY>ADWARE</CATEGORY>
  27896. <CONDITIONLIST>
  27897. <CONDITION>MD5=299797b006b10852fc9d32fae70509ee</CONDITION>
  27898. <CONDITION>MD5=16b594abb8cd7dc37e8313303ad2ab00</CONDITION>
  27899. <CONDITION>MD5=7a14373df7aabdb7137a5f5d5e179bc5</CONDITION>
  27900. <CONDITION>MD5=2f4b431446173bf74fd01a4a3198ad12</CONDITION>
  27901. <CONDITION>MD5=1700207bbbeb7057ceeae01fcf975915</CONDITION>
  27902. </CONDITIONLIST>
  27903. <OPERATOR>OR</OPERATOR>
  27904. <THREATLEVEL>10</THREATLEVEL>
  27905. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27906. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27907. </PROCESSDESCRIPTOR>
  27908. <PROCESSDESCRIPTOR>
  27909. <ID>4290</ID>
  27910. <PROCESSLIST>
  27911. <PROCESS>SIDEFIND.EXE</PROCESS>
  27912. </PROCESSLIST>
  27913. <CLSIDLIST>
  27914. </CLSIDLIST>
  27915. <SUMMARY>Adware.IST/SideFind.Process</SUMMARY>
  27916. <DEFAULTINSTALLPATHLIST>
  27917. </DEFAULTINSTALLPATHLIST>
  27918. <CATEGORY>ADWARE</CATEGORY>
  27919. <CONDITIONLIST>
  27920. <CONDITION>FILELOCATION~sidefind</CONDITION>
  27921. </CONDITIONLIST>
  27922. <OPERATOR>AND</OPERATOR>
  27923. <THREATLEVEL>10</THREATLEVEL>
  27924. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27925. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27926. </PROCESSDESCRIPTOR>
  27927. <PROCESSDESCRIPTOR>
  27928. <ID>4291</ID>
  27929. <PROCESSLIST>
  27930. <PROCESS>*</PROCESS>
  27931. </PROCESSLIST>
  27932. <CLSIDLIST>
  27933. </CLSIDLIST>
  27934. <SUMMARY>Adware.IST/SideFind.Component</SUMMARY>
  27935. <DEFAULTINSTALLPATHLIST>
  27936. </DEFAULTINSTALLPATHLIST>
  27937. <CATEGORY>ADWARE</CATEGORY>
  27938. <CONDITIONLIST>
  27939. <CONDITION>MD5=7baa8e57c95df9993dcc0d5022f9bf72</CONDITION>
  27940. <CONDITION>MD5=0afa4352f84e9ac3d8d3b2159ebbdb49</CONDITION>
  27941. </CONDITIONLIST>
  27942. <OPERATOR>OR</OPERATOR>
  27943. <THREATLEVEL>10</THREATLEVEL>
  27944. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27945. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27946. </PROCESSDESCRIPTOR>
  27947. <PROCESSDESCRIPTOR>
  27948. <ID>4293</ID>
  27949. <PROCESSLIST>
  27950. <PROCESS>*</PROCESS>
  27951. <PROCESS>DESKWA~1.DLL</PROCESS>
  27952. <PROCESS>DESKWAREDOWNLOADER.DLL</PROCESS>
  27953. </PROCESSLIST>
  27954. <CLSIDLIST>
  27955. <CLSID>{88F0297D-A046-4942-B6B9-03D8939E92D5}</CLSID>
  27956. </CLSIDLIST>
  27957. <SUMMARY>Unclassified.Deskware.BHO</SUMMARY>
  27958. <DEFAULTINSTALLPATHLIST>
  27959. </DEFAULTINSTALLPATHLIST>
  27960. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  27961. <CONDITIONLIST>
  27962. </CONDITIONLIST>
  27963. <OPERATOR>AND</OPERATOR>
  27964. <THREATLEVEL>8</THREATLEVEL>
  27965. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27966. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27967. </PROCESSDESCRIPTOR>
  27968. <PROCESSDESCRIPTOR>
  27969. <ID>4295</ID>
  27970. <PROCESSLIST>
  27971. <PROCESS>*</PROCESS>
  27972. <PROCESS>FYS153E.DLL</PROCESS>
  27973. </PROCESSLIST>
  27974. <CLSIDLIST>
  27975. <CLSID>{88CC91DE-5930-45AD-9E04-6B1233609FEA}</CLSID>
  27976. </CLSIDLIST>
  27977. <SUMMARY>Adware.Appolinaria Media.BHO</SUMMARY>
  27978. <DEFAULTINSTALLPATHLIST>
  27979. </DEFAULTINSTALLPATHLIST>
  27980. <CATEGORY>ADWARE</CATEGORY>
  27981. <CONDITIONLIST>
  27982. </CONDITIONLIST>
  27983. <OPERATOR>AND</OPERATOR>
  27984. <THREATLEVEL>7</THREATLEVEL>
  27985. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  27986. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  27987. </PROCESSDESCRIPTOR>
  27988. <PROCESSDESCRIPTOR>
  27989. <ID>4296</ID>
  27990. <PROCESSLIST>
  27991. <PROCESS>*</PROCESS>
  27992. <PROCESS>IC2_WIN.DLL</PROCESS>
  27993. </PROCESSLIST>
  27994. <CLSIDLIST>
  27995. <CLSID>{988CAFC4-DC0D-4D8C-A35E-5028ABE9E641}</CLSID>
  27996. </CLSIDLIST>
  27997. <SUMMARY>Browser Hijacker.Begin2Search.BHO</SUMMARY>
  27998. <DEFAULTINSTALLPATHLIST>
  27999. </DEFAULTINSTALLPATHLIST>
  28000. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28001. <CONDITIONLIST>
  28002. </CONDITIONLIST>
  28003. <OPERATOR>AND</OPERATOR>
  28004. <THREATLEVEL>10</THREATLEVEL>
  28005. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28006. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28007. </PROCESSDESCRIPTOR>
  28008. <PROCESSDESCRIPTOR>
  28009. <ID>4298</ID>
  28010. <PROCESSLIST>
  28011. <PROCESS>SRNG.EXE</PROCESS>
  28012. </PROCESSLIST>
  28013. <CLSIDLIST>
  28014. </CLSIDLIST>
  28015. <SUMMARY>Browser Hijacker.Srng/ShopNav.Process</SUMMARY>
  28016. <DEFAULTINSTALLPATHLIST>
  28017. </DEFAULTINSTALLPATHLIST>
  28018. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28019. <CONDITIONLIST>
  28020. <CONDITION>FILELOCATION~SRNG</CONDITION>
  28021. </CONDITIONLIST>
  28022. <OPERATOR>AND</OPERATOR>
  28023. <THREATLEVEL>10</THREATLEVEL>
  28024. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28025. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28026. </PROCESSDESCRIPTOR>
  28027. <PROCESSDESCRIPTOR>
  28028. <ID>4299</ID>
  28029. <PROCESSLIST>
  28030. <PROCESS>SVCHOST.EXE</PROCESS>
  28031. </PROCESSLIST>
  28032. <CLSIDLIST>
  28033. </CLSIDLIST>
  28034. <SUMMARY>Unclassified.Svchost.Process</SUMMARY>
  28035. <DEFAULTINSTALLPATHLIST>
  28036. </DEFAULTINSTALLPATHLIST>
  28037. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28038. <CONDITIONLIST>
  28039. <CONDITION>MD5=EF05DCCC255103750092F5FCB7E47D30</CONDITION>
  28040. <CONDITION>MD5=2AB3890B262269B36DE92340E3468A05</CONDITION>
  28041. <CONDITION>MD5=371D4EA00B8422DBDE293DAE90ACF698</CONDITION>
  28042. <CONDITION>MD5=438741660A5A78C60DF49FF5334D0B76</CONDITION>
  28043. <CONDITION>MD5=86E38397751C41748ECD47094A274369</CONDITION>
  28044. <CONDITION>MD5=EE8990B5D076A7ED601A30EB677CC9BE</CONDITION>
  28045. <CONDITION>MD5=45912A9CCE2F1F9A252E0AECDF605C4D</CONDITION>
  28046. <CONDITION>MD5=F5C7F75369632DD41D80BFF03C0B514B</CONDITION>
  28047. <CONDITION>MD5=C33AB66C9C72D1F40357BDB80E51F28F</CONDITION>
  28048. </CONDITIONLIST>
  28049. <OPERATOR>OR</OPERATOR>
  28050. <THREATLEVEL>10</THREATLEVEL>
  28051. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28052. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28053. </PROCESSDESCRIPTOR>
  28054. <PROCESSDESCRIPTOR>
  28055. <ID>4300</ID>
  28056. <PROCESSLIST>
  28057. <PROCESS>*</PROCESS>
  28058. </PROCESSLIST>
  28059. <CLSIDLIST>
  28060. </CLSIDLIST>
  28061. <SUMMARY>Adware.Lop.Component</SUMMARY>
  28062. <DEFAULTINSTALLPATHLIST>
  28063. </DEFAULTINSTALLPATHLIST>
  28064. <CATEGORY>ADWARE</CATEGORY>
  28065. <CONDITIONLIST>
  28066. <CONDITION>MD5=ef5ff3569b3470bbc6d685a94ac0cc64</CONDITION>
  28067. <CONDITION>MD5=62228a4130589eadc5c2a3d9924eea71</CONDITION>
  28068. <CONDITION>MD5=8a371bb9939c3ff6f50bbc1d5172456c</CONDITION>
  28069. <CONDITION>MD5=6639789dfb899f5d956f2a77926c25cd</CONDITION>
  28070. <CONDITION>MD5=7651c44a511641e4b525bfa5f00c362b</CONDITION>
  28071. <CONDITION>MD5=6639789dfb899f5d956f2a77926c25cd</CONDITION>
  28072. <CONDITION>MD5=90ff61349861c680cb03c54fb7a3a7d9</CONDITION>
  28073. <CONDITION>MD5=62228a4130589eadc5c2a3d9924eea71</CONDITION>
  28074. </CONDITIONLIST>
  28075. <OPERATOR>OR</OPERATOR>
  28076. <THREATLEVEL>10</THREATLEVEL>
  28077. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28078. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28079. </PROCESSDESCRIPTOR>
  28080. <PROCESSDESCRIPTOR>
  28081. <ID>4305</ID>
  28082. <PROCESSLIST>
  28083. <PROCESS>WINSRVS_1.DLL</PROCESS>
  28084. </PROCESSLIST>
  28085. <CLSIDLIST>
  28086. <CLSID>{00000015-A527-34E7-25C2-03A4E313B2E9}</CLSID>
  28087. </CLSIDLIST>
  28088. <SUMMARY>Adware.WinSrvs.BHO</SUMMARY>
  28089. <DEFAULTINSTALLPATHLIST>
  28090. </DEFAULTINSTALLPATHLIST>
  28091. <CATEGORY>ADWARE</CATEGORY>
  28092. <CONDITIONLIST>
  28093. </CONDITIONLIST>
  28094. <OPERATOR>AND</OPERATOR>
  28095. <THREATLEVEL>5</THREATLEVEL>
  28096. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28097. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28098. </PROCESSDESCRIPTOR>
  28099. <PROCESSDESCRIPTOR>
  28100. <ID>4308</ID>
  28101. <PROCESSLIST>
  28102. <PROCESS>*</PROCESS>
  28103. <PROCESS>IC2_WIN.DLL</PROCESS>
  28104. </PROCESSLIST>
  28105. <CLSIDLIST>
  28106. <CLSID>{207AEF46-0596-4966-A7BF-098F247E85BB}</CLSID>
  28107. </CLSIDLIST>
  28108. <SUMMARY>Browser Hijacker.Begin2Search.Toolbar</SUMMARY>
  28109. <DEFAULTINSTALLPATHLIST>
  28110. </DEFAULTINSTALLPATHLIST>
  28111. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28112. <CONDITIONLIST>
  28113. </CONDITIONLIST>
  28114. <OPERATOR>AND</OPERATOR>
  28115. <THREATLEVEL>10</THREATLEVEL>
  28116. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28117. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28118. </PROCESSDESCRIPTOR>
  28119. <PROCESSDESCRIPTOR>
  28120. <ID>4309</ID>
  28121. <PROCESSLIST>
  28122. <PROCESS>CLEARSEARCH.DLL</PROCESS>
  28123. </PROCESSLIST>
  28124. <CLSIDLIST>
  28125. <CLSID>*</CLSID>
  28126. <CLSID>{0466BEC3-BA38-4350-B03F-8B952E3D56F3}</CLSID>
  28127. </CLSIDLIST>
  28128. <SUMMARY>Adware.ClearSearch.Browser Extension</SUMMARY>
  28129. <DEFAULTINSTALLPATHLIST>
  28130. </DEFAULTINSTALLPATHLIST>
  28131. <CATEGORY>ADWARE</CATEGORY>
  28132. <CONDITIONLIST>
  28133. <CONDITION>FILELOCATION~CLEAR</CONDITION>
  28134. </CONDITIONLIST>
  28135. <OPERATOR>OR</OPERATOR>
  28136. <THREATLEVEL>10</THREATLEVEL>
  28137. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28138. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28139. </PROCESSDESCRIPTOR>
  28140. <PROCESSDESCRIPTOR>
  28141. <ID>4310</ID>
  28142. <PROCESSLIST>
  28143. <PROCESS>MEDIAACCESS.EXE</PROCESS>
  28144. <PROCESS>MEDIAACCK.EXE</PROCESS>
  28145. </PROCESSLIST>
  28146. <CLSIDLIST>
  28147. </CLSIDLIST>
  28148. <SUMMARY>Adware.Media Access.Process</SUMMARY>
  28149. <DEFAULTINSTALLPATHLIST>
  28150. </DEFAULTINSTALLPATHLIST>
  28151. <CATEGORY>ADWARE</CATEGORY>
  28152. <CONDITIONLIST>
  28153. <CONDITION>FILELOCATION~Media</CONDITION>
  28154. </CONDITIONLIST>
  28155. <OPERATOR>AND</OPERATOR>
  28156. <THREATLEVEL>7</THREATLEVEL>
  28157. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28158. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28159. </PROCESSDESCRIPTOR>
  28160. <PROCESSDESCRIPTOR>
  28161. <ID>4312</ID>
  28162. <PROCESSLIST>
  28163. <PROCESS>WINLINK.DLL</PROCESS>
  28164. </PROCESSLIST>
  28165. <CLSIDLIST>
  28166. <CLSID>{6CC1C91A-AE8B-4373-A5B4-28BA1851E39A}</CLSID>
  28167. </CLSIDLIST>
  28168. <SUMMARY>Parasite.CoolWebSearch Variant.BHO</SUMMARY>
  28169. <DEFAULTINSTALLPATHLIST>
  28170. </DEFAULTINSTALLPATHLIST>
  28171. <CATEGORY>PARASITE</CATEGORY>
  28172. <CONDITIONLIST>
  28173. </CONDITIONLIST>
  28174. <OPERATOR>AND</OPERATOR>
  28175. <THREATLEVEL>10</THREATLEVEL>
  28176. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28177. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28178. </PROCESSDESCRIPTOR>
  28179. <PROCESSDESCRIPTOR>
  28180. <ID>4313</ID>
  28181. <PROCESSLIST>
  28182. <PROCESS>SHELLEXP.EXE</PROCESS>
  28183. <PROCESS>SHELLEXPL.EXE</PROCESS>
  28184. </PROCESSLIST>
  28185. <CLSIDLIST>
  28186. </CLSIDLIST>
  28187. <SUMMARY>Adware.Sheldor.Process</SUMMARY>
  28188. <DEFAULTINSTALLPATHLIST>
  28189. </DEFAULTINSTALLPATHLIST>
  28190. <CATEGORY>ADWARE</CATEGORY>
  28191. <CONDITIONLIST>
  28192. <CONDITION>FILELOCATION~system</CONDITION>
  28193. </CONDITIONLIST>
  28194. <OPERATOR>AND</OPERATOR>
  28195. <THREATLEVEL>7</THREATLEVEL>
  28196. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28197. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28198. </PROCESSDESCRIPTOR>
  28199. <PROCESSDESCRIPTOR>
  28200. <ID>4314</ID>
  28201. <PROCESSLIST>
  28202. <PROCESS>RUNDLL32M.EXE</PROCESS>
  28203. </PROCESSLIST>
  28204. <CLSIDLIST>
  28205. </CLSIDLIST>
  28206. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  28207. <DEFAULTINSTALLPATHLIST>
  28208. </DEFAULTINSTALLPATHLIST>
  28209. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28210. <CONDITIONLIST>
  28211. <CONDITION>FILELOCATION~system</CONDITION>
  28212. <CONDITION>COMPANYNAME^Microsoft</CONDITION>
  28213. </CONDITIONLIST>
  28214. <OPERATOR>AND</OPERATOR>
  28215. <THREATLEVEL>10</THREATLEVEL>
  28216. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28217. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28218. </PROCESSDESCRIPTOR>
  28219. <PROCESSDESCRIPTOR>
  28220. <ID>4315</ID>
  28221. <PROCESSLIST>
  28222. <PROCESS>REGISTRY.PIF</PROCESS>
  28223. <PROCESS>CRITICALUPDATE.EXE</PROCESS>
  28224. </PROCESSLIST>
  28225. <CLSIDLIST>
  28226. </CLSIDLIST>
  28227. <SUMMARY>Browser Hijacker.Affilred.Process</SUMMARY>
  28228. <DEFAULTINSTALLPATHLIST>
  28229. </DEFAULTINSTALLPATHLIST>
  28230. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28231. <CONDITIONLIST>
  28232. <CONDITION>MD5=787A7432FD4C6331264FE7C5466DC09B</CONDITION>
  28233. </CONDITIONLIST>
  28234. <OPERATOR>AND</OPERATOR>
  28235. <THREATLEVEL>7</THREATLEVEL>
  28236. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28237. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28238. </PROCESSDESCRIPTOR>
  28239. <PROCESSDESCRIPTOR>
  28240. <ID>4317</ID>
  28241. <PROCESSLIST>
  28242. <PROCESS>SPEERYOX.DLL</PROCESS>
  28243. </PROCESSLIST>
  28244. <CLSIDLIST>
  28245. <CLSID>{00000097-7C67-4BA6-8B42-05128941688A}</CLSID>
  28246. </CLSIDLIST>
  28247. <SUMMARY>Unclassified.Unknown Origin.BHO</SUMMARY>
  28248. <DEFAULTINSTALLPATHLIST>
  28249. </DEFAULTINSTALLPATHLIST>
  28250. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28251. <CONDITIONLIST>
  28252. </CONDITIONLIST>
  28253. <OPERATOR>AND</OPERATOR>
  28254. <THREATLEVEL>7</THREATLEVEL>
  28255. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28256. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28257. </PROCESSDESCRIPTOR>
  28258. <PROCESSDESCRIPTOR>
  28259. <ID>4320</ID>
  28260. <PROCESSLIST>
  28261. <PROCESS>*</PROCESS>
  28262. </PROCESSLIST>
  28263. <CLSIDLIST>
  28264. </CLSIDLIST>
  28265. <SUMMARY>Adware.DealsOnline.Component</SUMMARY>
  28266. <DEFAULTINSTALLPATHLIST>
  28267. </DEFAULTINSTALLPATHLIST>
  28268. <CATEGORY>ADWARE</CATEGORY>
  28269. <CONDITIONLIST>
  28270. <CONDITION>FILELOCATION~system</CONDITION>
  28271. <CONDITION>PRODUCTNAME~DealsOnline</CONDITION>
  28272. </CONDITIONLIST>
  28273. <OPERATOR>AND</OPERATOR>
  28274. <THREATLEVEL>5</THREATLEVEL>
  28275. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28276. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28277. </PROCESSDESCRIPTOR>
  28278. <PROCESSDESCRIPTOR>
  28279. <ID>4321</ID>
  28280. <PROCESSLIST>
  28281. <PROCESS>*</PROCESS>
  28282. <PROCESS>DLL.DLL</PROCESS>
  28283. <PROCESS>QWE1316.DLL</PROCESS>
  28284. </PROCESSLIST>
  28285. <CLSIDLIST>
  28286. <CLSID>{9EAC0102-5E61-2312-BC2D-444C4C4F5552}</CLSID>
  28287. <CLSID>{CF021F40-3E14-23A5-CBA2-717177651316}</CLSID>
  28288. </CLSIDLIST>
  28289. <SUMMARY>Browser Hijacker.Tubby.BHO</SUMMARY>
  28290. <DEFAULTINSTALLPATHLIST>
  28291. </DEFAULTINSTALLPATHLIST>
  28292. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28293. <CONDITIONLIST>
  28294. </CONDITIONLIST>
  28295. <OPERATOR>AND</OPERATOR>
  28296. <THREATLEVEL>10</THREATLEVEL>
  28297. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28298. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28299. </PROCESSDESCRIPTOR>
  28300. <PROCESSDESCRIPTOR>
  28301. <ID>4322</ID>
  28302. <PROCESSLIST>
  28303. <PROCESS>*</PROCESS>
  28304. <PROCESS>ELITEOWM32.EXE</PROCESS>
  28305. <PROCESS>ELITEDUH32.EXE</PROCESS>
  28306. <PROCESS>ELITEIEZ32.EXE</PROCESS>
  28307. <PROCESS>ELITEUHN32.EXE</PROCESS>
  28308. <PROCESS>ELITEZEZ32.EXE</PROCESS>
  28309. <PROCESS>ELITEGSX32.EXE</PROCESS>
  28310. <PROCESS>ELITEXOM32.EXE</PROCESS>
  28311. <PROCESS>ELITEUEJ32.EXE</PROCESS>
  28312. <PROCESS>ELITEUWW32.EXE</PROCESS>
  28313. </PROCESSLIST>
  28314. <CLSIDLIST>
  28315. </CLSIDLIST>
  28316. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  28317. <DEFAULTINSTALLPATHLIST>
  28318. </DEFAULTINSTALLPATHLIST>
  28319. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28320. <CONDITIONLIST>
  28321. <CONDITION>MD5=A648B15E377AD3A001DC0F89FA81DF09</CONDITION>
  28322. <CONDITION>MD5=39EB6705EF3936D61E168ABDE344BF98</CONDITION>
  28323. <CONDITION>FILELOCATION~system</CONDITION>
  28324. </CONDITIONLIST>
  28325. <OPERATOR>OR</OPERATOR>
  28326. <THREATLEVEL>7</THREATLEVEL>
  28327. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28328. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28329. </PROCESSDESCRIPTOR>
  28330. <PROCESSDESCRIPTOR>
  28331. <ID>4324</ID>
  28332. <PROCESSLIST>
  28333. <PROCESS>SYSPRINTER.EXE</PROCESS>
  28334. </PROCESSLIST>
  28335. <CLSIDLIST>
  28336. </CLSIDLIST>
  28337. <SUMMARY>Trojan.SMALL_ZY.Process</SUMMARY>
  28338. <DEFAULTINSTALLPATHLIST>
  28339. </DEFAULTINSTALLPATHLIST>
  28340. <CATEGORY>TROJAN</CATEGORY>
  28341. <CONDITIONLIST>
  28342. <CONDITION>FILELOCATION~system</CONDITION>
  28343. </CONDITIONLIST>
  28344. <OPERATOR>AND</OPERATOR>
  28345. <THREATLEVEL>10</THREATLEVEL>
  28346. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28347. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28348. </PROCESSDESCRIPTOR>
  28349. <PROCESSDESCRIPTOR>
  28350. <ID>4325</ID>
  28351. <PROCESSLIST>
  28352. <PROCESS>WEBSECUREALERT.EXE</PROCESS>
  28353. </PROCESSLIST>
  28354. <CLSIDLIST>
  28355. </CLSIDLIST>
  28356. <SUMMARY>GAIN WebSecureAlert</SUMMARY>
  28357. <DEFAULTINSTALLPATHLIST>
  28358. </DEFAULTINSTALLPATHLIST>
  28359. <CATEGORY>ADWARE</CATEGORY>
  28360. <CONDITIONLIST>
  28361. <CONDITION>COMPANYNAME~GAIN</CONDITION>
  28362. </CONDITIONLIST>
  28363. <OPERATOR>AND</OPERATOR>
  28364. <THREATLEVEL>3</THREATLEVEL>
  28365. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  28366. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  28367. </PROCESSDESCRIPTOR>
  28368. <PROCESSDESCRIPTOR>
  28369. <ID>4326</ID>
  28370. <PROCESSLIST>
  28371. <PROCESS>MSLAUGH.EXE</PROCESS>
  28372. </PROCESSLIST>
  28373. <CLSIDLIST>
  28374. </CLSIDLIST>
  28375. <SUMMARY>Worm.Blaster Variant.Process</SUMMARY>
  28376. <DEFAULTINSTALLPATHLIST>
  28377. </DEFAULTINSTALLPATHLIST>
  28378. <CATEGORY>WORM</CATEGORY>
  28379. <CONDITIONLIST>
  28380. <CONDITION>FILELOCATION~system</CONDITION>
  28381. </CONDITIONLIST>
  28382. <OPERATOR>AND</OPERATOR>
  28383. <THREATLEVEL>10</THREATLEVEL>
  28384. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28385. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28386. </PROCESSDESCRIPTOR>
  28387. <PROCESSDESCRIPTOR>
  28388. <ID>4327</ID>
  28389. <PROCESSLIST>
  28390. <PROCESS>*</PROCESS>
  28391. <PROCESS>VERNN16.DLL</PROCESS>
  28392. </PROCESSLIST>
  28393. <CLSIDLIST>
  28394. <CLSID>{7DD896A9-7AEB-430F-955B-CD125604FDCB}</CLSID>
  28395. </CLSIDLIST>
  28396. <SUMMARY>Adware.DailyWinner.BHO</SUMMARY>
  28397. <DEFAULTINSTALLPATHLIST>
  28398. </DEFAULTINSTALLPATHLIST>
  28399. <CATEGORY>ADWARE</CATEGORY>
  28400. <CONDITIONLIST>
  28401. </CONDITIONLIST>
  28402. <OPERATOR>AND</OPERATOR>
  28403. <THREATLEVEL>7</THREATLEVEL>
  28404. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28405. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28406. </PROCESSDESCRIPTOR>
  28407. <PROCESSDESCRIPTOR>
  28408. <ID>4331</ID>
  28409. <PROCESSLIST>
  28410. <PROCESS>BPCV2.EXE</PROCESS>
  28411. </PROCESSLIST>
  28412. <CLSIDLIST>
  28413. </CLSIDLIST>
  28414. <SUMMARY>Adware.BroadcastPC.Process</SUMMARY>
  28415. <DEFAULTINSTALLPATHLIST>
  28416. </DEFAULTINSTALLPATHLIST>
  28417. <CATEGORY>ADWARE</CATEGORY>
  28418. <CONDITIONLIST>
  28419. <CONDITION>FILELOCATION~BPC</CONDITION>
  28420. </CONDITIONLIST>
  28421. <OPERATOR>AND</OPERATOR>
  28422. <THREATLEVEL>7</THREATLEVEL>
  28423. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28424. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28425. </PROCESSDESCRIPTOR>
  28426. <PROCESSDESCRIPTOR>
  28427. <ID>4336</ID>
  28428. <PROCESSLIST>
  28429. <PROCESS>*</PROCESS>
  28430. <PROCESS>HALFLE~1.DLL</PROCESS>
  28431. <PROCESS>HALFLEMON.DLL</PROCESS>
  28432. </PROCESSLIST>
  28433. <CLSIDLIST>
  28434. <CLSID>{D94AAA2A-C415-42E3-82B6-49FAB4EBFFE9}</CLSID>
  28435. </CLSIDLIST>
  28436. <SUMMARY>Browser Hijacker.HalfLemon.URL Search Hook</SUMMARY>
  28437. <DEFAULTINSTALLPATHLIST>
  28438. </DEFAULTINSTALLPATHLIST>
  28439. <CATEGORY>BROWSERHIJACKER</CATEGORY>
  28440. <CONDITIONLIST>
  28441. </CONDITIONLIST>
  28442. <OPERATOR>AND</OPERATOR>
  28443. <THREATLEVEL>7</THREATLEVEL>
  28444. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28445. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28446. </PROCESSDESCRIPTOR>
  28447. <PROCESSDESCRIPTOR>
  28448. <ID>4337</ID>
  28449. <PROCESSLIST>
  28450. <PROCESS>DXCONF.EXE</PROCESS>
  28451. <PROCESS>TRUETTF.EXE</PROCESS>
  28452. <PROCESS>CONNMIE.EXE</PROCESS>
  28453. </PROCESSLIST>
  28454. <CLSIDLIST>
  28455. </CLSIDLIST>
  28456. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  28457. <DEFAULTINSTALLPATHLIST>
  28458. </DEFAULTINSTALLPATHLIST>
  28459. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28460. <CONDITIONLIST>
  28461. <CONDITION>FILELOCATION~system</CONDITION>
  28462. </CONDITIONLIST>
  28463. <OPERATOR>OR</OPERATOR>
  28464. <THREATLEVEL>7</THREATLEVEL>
  28465. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28466. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28467. </PROCESSDESCRIPTOR>
  28468. <PROCESSDESCRIPTOR>
  28469. <ID>4338</ID>
  28470. <PROCESSLIST>
  28471. <PROCESS>*</PROCESS>
  28472. <PROCESS>DXCONF.EXE</PROCESS>
  28473. <PROCESS>TRUETTF.EXE</PROCESS>
  28474. <PROCESS>CONNMIE.EXE</PROCESS>
  28475. </PROCESSLIST>
  28476. <CLSIDLIST>
  28477. </CLSIDLIST>
  28478. <SUMMARY>Unclassified.Unknown Origin.Process</SUMMARY>
  28479. <DEFAULTINSTALLPATHLIST>
  28480. </DEFAULTINSTALLPATHLIST>
  28481. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28482. <CONDITIONLIST>
  28483. <CONDITION>MD5=BEF7FB508CB8BE08E89E0EE6200EA8F9</CONDITION>
  28484. <CONDITION>MD5=D3820577DA862323FA5BC23AEFEC2D45</CONDITION>
  28485. <CONDITION>MD5=DD75326DE47306EA2BE7715BAD4695A4</CONDITION>
  28486. <CONDITION>MD5=0097552C8CC92E05FD0C82850D2E47C2</CONDITION>
  28487. </CONDITIONLIST>
  28488. <OPERATOR>OR</OPERATOR>
  28489. <THREATLEVEL>7</THREATLEVEL>
  28490. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28491. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28492. </PROCESSDESCRIPTOR>
  28493. <PROCESSDESCRIPTOR>
  28494. <ID>4339</ID>
  28495. <PROCESSLIST>
  28496. <PROCESS>*</PROCESS>
  28497. <PROCESS>(GFXRRUSI.EXE)</PROCESS>
  28498. <PROCESS>(YSPRINTS.EXE)</PROCESS>
  28499. <PROCESS>(SMYPICSS.EXE)</PROCESS>
  28500. <PROCESS>(DXOFD3.EXE)</PROCESS>
  28501. <PROCESS>(UAUENGW.EXE)</PROCESS>
  28502. <PROCESS>(_950C.EXE)</PROCESS>
  28503. <PROCESS>(PLAY32M.EXE)</PROCESS>
  28504. <PROCESS>(REDUIC.EXE)</PROCESS>
  28505. <PROCESS>(QTRIGM.EXE)</PROCESS>
  28506. <PROCESS>(MLOGCFGS.EXE)</PROCESS>
  28507. <PROCESS>(ERFFILTP.EXE)</PROCESS>
  28508. </PROCESSLIST>
  28509. <CLSIDLIST>
  28510. </CLSIDLIST>
  28511. <SUMMARY>Unclassified.Thumbviewer/Rico.Process</SUMMARY>
  28512. <DEFAULTINSTALLPATHLIST>
  28513. </DEFAULTINSTALLPATHLIST>
  28514. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28515. <CONDITIONLIST>
  28516. <CONDITION>MD5=370EEDD2B785210973647AF5B3C21459</CONDITION>
  28517. </CONDITIONLIST>
  28518. <OPERATOR>AND</OPERATOR>
  28519. <THREATLEVEL>10</THREATLEVEL>
  28520. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28521. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28522. </PROCESSDESCRIPTOR>
  28523. <PROCESSDESCRIPTOR>
  28524. <ID>4340</ID>
  28525. <PROCESSLIST>
  28526. <PROCESS>*</PROCESS>
  28527. <PROCESS>(KILLUSA.EXE)</PROCESS>
  28528. <PROCESS>(CDTWTOURDLL.SCR)</PROCESS>
  28529. <PROCESS>(DOSAPLOGDRV.BAT)</PROCESS>
  28530. </PROCESSLIST>
  28531. <CLSIDLIST>
  28532. </CLSIDLIST>
  28533. <SUMMARY>Worm.Darby/KillUSA.Process</SUMMARY>
  28534. <DEFAULTINSTALLPATHLIST>
  28535. </DEFAULTINSTALLPATHLIST>
  28536. <CATEGORY>WORM</CATEGORY>
  28537. <CONDITIONLIST>
  28538. <CONDITION>MD5=C7A286A790FCB6B93264B2CC26522CF3</CONDITION>
  28539. </CONDITIONLIST>
  28540. <OPERATOR>AND</OPERATOR>
  28541. <THREATLEVEL>10</THREATLEVEL>
  28542. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28543. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28544. </PROCESSDESCRIPTOR>
  28545. <PROCESSDESCRIPTOR>
  28546. <ID>4342</ID>
  28547. <PROCESSLIST>
  28548. <PROCESS>ADSERVERNOW.EXE</PROCESS>
  28549. </PROCESSLIST>
  28550. <CLSIDLIST>
  28551. </CLSIDLIST>
  28552. <SUMMARY>Adware.AdServerNow.Process</SUMMARY>
  28553. <DEFAULTINSTALLPATHLIST>
  28554. </DEFAULTINSTALLPATHLIST>
  28555. <CATEGORY>ADWARE</CATEGORY>
  28556. <CONDITIONLIST>
  28557. <CONDITION>FILELOCATION~system</CONDITION>
  28558. </CONDITIONLIST>
  28559. <OPERATOR>AND</OPERATOR>
  28560. <THREATLEVEL>7</THREATLEVEL>
  28561. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28562. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28563. </PROCESSDESCRIPTOR>
  28564. <PROCESSDESCRIPTOR>
  28565. <ID>4343</ID>
  28566. <PROCESSLIST>
  28567. <PROCESS>DOSXPD.EXE</PROCESS>
  28568. </PROCESSLIST>
  28569. <CLSIDLIST>
  28570. </CLSIDLIST>
  28571. <SUMMARY>Adware.Dosxpd.Process</SUMMARY>
  28572. <DEFAULTINSTALLPATHLIST>
  28573. </DEFAULTINSTALLPATHLIST>
  28574. <CATEGORY>ADWARE</CATEGORY>
  28575. <CONDITIONLIST>
  28576. <CONDITION>FILELOCATION~system</CONDITION>
  28577. </CONDITIONLIST>
  28578. <OPERATOR>AND</OPERATOR>
  28579. <THREATLEVEL>7</THREATLEVEL>
  28580. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28581. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28582. </PROCESSDESCRIPTOR>
  28583. <PROCESSDESCRIPTOR>
  28584. <ID>4345</ID>
  28585. <PROCESSLIST>
  28586. <PROCESS>*</PROCESS>
  28587. <PROCESS>(DXPLOR~1.EXE)</PROCESS>
  28588. </PROCESSLIST>
  28589. <CLSIDLIST>
  28590. </CLSIDLIST>
  28591. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  28592. <DEFAULTINSTALLPATHLIST>
  28593. </DEFAULTINSTALLPATHLIST>
  28594. <CATEGORY>ADWARE</CATEGORY>
  28595. <CONDITIONLIST>
  28596. <CONDITION>MD5=480D8DD4F61ECFEC8DD8FC5851FF85F1</CONDITION>
  28597. </CONDITIONLIST>
  28598. <OPERATOR>AND</OPERATOR>
  28599. <THREATLEVEL>10</THREATLEVEL>
  28600. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28601. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28602. </PROCESSDESCRIPTOR>
  28603. <PROCESSDESCRIPTOR>
  28604. <ID>4346</ID>
  28605. <PROCESSLIST>
  28606. <PROCESS>*</PROCESS>
  28607. <PROCESS>(RGEDIT~1.EXE)</PROCESS>
  28608. </PROCESSLIST>
  28609. <CLSIDLIST>
  28610. </CLSIDLIST>
  28611. <SUMMARY>Adware.ClickSpring.Process</SUMMARY>
  28612. <DEFAULTINSTALLPATHLIST>
  28613. </DEFAULTINSTALLPATHLIST>
  28614. <CATEGORY>ADWARE</CATEGORY>
  28615. <CONDITIONLIST>
  28616. <CONDITION>MD5=9D037FB229BC215C18C9B19C00E01AD6</CONDITION>
  28617. </CONDITIONLIST>
  28618. <OPERATOR>AND</OPERATOR>
  28619. <THREATLEVEL>10</THREATLEVEL>
  28620. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28621. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28622. </PROCESSDESCRIPTOR>
  28623. <PROCESSDESCRIPTOR>
  28624. <ID>4347</ID>
  28625. <PROCESSLIST>
  28626. <PROCESS>MSW.EXE</PROCESS>
  28627. </PROCESSLIST>
  28628. <CLSIDLIST>
  28629. </CLSIDLIST>
  28630. <SUMMARY>Unclassified.MSW.Process</SUMMARY>
  28631. <DEFAULTINSTALLPATHLIST>
  28632. </DEFAULTINSTALLPATHLIST>
  28633. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28634. <CONDITIONLIST>
  28635. <CONDITION>ORIGINALFILENAME~MSW.exe</CONDITION>
  28636. </CONDITIONLIST>
  28637. <OPERATOR>AND</OPERATOR>
  28638. <THREATLEVEL>8</THREATLEVEL>
  28639. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28640. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28641. </PROCESSDESCRIPTOR>
  28642. <PROCESSDESCRIPTOR>
  28643. <ID>4348</ID>
  28644. <PROCESSLIST>
  28645. <PROCESS>EMSW.EXE</PROCESS>
  28646. </PROCESSLIST>
  28647. <CLSIDLIST>
  28648. </CLSIDLIST>
  28649. <SUMMARY>Spyware.Alset/Emsw.Process</SUMMARY>
  28650. <DEFAULTINSTALLPATHLIST>
  28651. </DEFAULTINSTALLPATHLIST>
  28652. <CATEGORY>SPYWARE</CATEGORY>
  28653. <CONDITIONLIST>
  28654. <CONDITION>ORIGINALFILENAME~emsw.exe</CONDITION>
  28655. </CONDITIONLIST>
  28656. <OPERATOR>AND</OPERATOR>
  28657. <THREATLEVEL>8</THREATLEVEL>
  28658. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28659. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28660. </PROCESSDESCRIPTOR>
  28661. <PROCESSDESCRIPTOR>
  28662. <ID>4349</ID>
  28663. <PROCESSLIST>
  28664. <PROCESS>MSW.DLL</PROCESS>
  28665. </PROCESSLIST>
  28666. <CLSIDLIST>
  28667. <CLSID>{4B57B77A-B130-4EB8-8CFB-42B880F6D311}</CLSID>
  28668. </CLSIDLIST>
  28669. <SUMMARY>Unclassified.MSW.BHO</SUMMARY>
  28670. <DEFAULTINSTALLPATHLIST>
  28671. </DEFAULTINSTALLPATHLIST>
  28672. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28673. <CONDITIONLIST>
  28674. </CONDITIONLIST>
  28675. <OPERATOR>AND</OPERATOR>
  28676. <THREATLEVEL>8</THREATLEVEL>
  28677. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28678. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28679. </PROCESSDESCRIPTOR>
  28680. <PROCESSDESCRIPTOR>
  28681. <ID>4350</ID>
  28682. <PROCESSLIST>
  28683. <PROCESS>MSWEBHLP.DLL</PROCESS>
  28684. </PROCESSLIST>
  28685. <CLSIDLIST>
  28686. <CLSID>{DECA39C1-F713-11D2-BA99-0080C8E9491A}</CLSID>
  28687. </CLSIDLIST>
  28688. <SUMMARY>Keylogger.SpectorSoft/eBlaster.Shell Execute Hook</SUMMARY>
  28689. <DEFAULTINSTALLPATHLIST>
  28690. </DEFAULTINSTALLPATHLIST>
  28691. <CATEGORY>KEYLOGGER</CATEGORY>
  28692. <CONDITIONLIST>
  28693. </CONDITIONLIST>
  28694. <OPERATOR>AND</OPERATOR>
  28695. <THREATLEVEL>7</THREATLEVEL>
  28696. <TERMINATEACTION>NOTIFY</TERMINATEACTION>
  28697. <TERMINATIONMETHOD>---------</TERMINATIONMETHOD>
  28698. </PROCESSDESCRIPTOR>
  28699. <PROCESSDESCRIPTOR>
  28700. <ID>4351</ID>
  28701. <PROCESSLIST>
  28702. <PROCESS>XPJAVA.EXE</PROCESS>
  28703. </PROCESSLIST>
  28704. <CLSIDLIST>
  28705. </CLSIDLIST>
  28706. <SUMMARY>Worm.Rbot-YC.Process</SUMMARY>
  28707. <DEFAULTINSTALLPATHLIST>
  28708. </DEFAULTINSTALLPATHLIST>
  28709. <CATEGORY>WORM</CATEGORY>
  28710. <CONDITIONLIST>
  28711. <CONDITION>FILELOCATION~system</CONDITION>
  28712. </CONDITIONLIST>
  28713. <OPERATOR>AND</OPERATOR>
  28714. <THREATLEVEL>10</THREATLEVEL>
  28715. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28716. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28717. </PROCESSDESCRIPTOR>
  28718. <PROCESSDESCRIPTOR>
  28719. <ID>4361</ID>
  28720. <PROCESSLIST>
  28721. <PROCESS>PWRSCZNC.DLL</PROCESS>
  28722. </PROCESSLIST>
  28723. <CLSIDLIST>
  28724. <CLSID>{4E7BD74F-2B8D-469E-D1F0-E56FA787AD2D}</CLSID>
  28725. </CLSIDLIST>
  28726. <SUMMARY>Adware.KeenValue(PowerSearch).Toolbar</SUMMARY>
  28727. <DEFAULTINSTALLPATHLIST>
  28728. </DEFAULTINSTALLPATHLIST>
  28729. <CATEGORY>ADWARE</CATEGORY>
  28730. <CONDITIONLIST>
  28731. </CONDITIONLIST>
  28732. <OPERATOR>AND</OPERATOR>
  28733. <THREATLEVEL>10</THREATLEVEL>
  28734. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28735. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28736. </PROCESSDESCRIPTOR>
  28737. <PROCESSDESCRIPTOR>
  28738. <ID>4384</ID>
  28739. <PROCESSLIST>
  28740. <PROCESS>WINRES.DLL</PROCESS>
  28741. </PROCESSLIST>
  28742. <CLSIDLIST>
  28743. <CLSID>{2D38A51A-23C9-48A1-A33C-48675AA2B494}</CLSID>
  28744. </CLSIDLIST>
  28745. <SUMMARY>Adware.CoolWebSearch.Variant.BHO</SUMMARY>
  28746. <DEFAULTINSTALLPATHLIST>
  28747. </DEFAULTINSTALLPATHLIST>
  28748. <CATEGORY>ADWARE</CATEGORY>
  28749. <CONDITIONLIST>
  28750. </CONDITIONLIST>
  28751. <OPERATOR>AND</OPERATOR>
  28752. <THREATLEVEL>10</THREATLEVEL>
  28753. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28754. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28755. </PROCESSDESCRIPTOR>
  28756. <PROCESSDESCRIPTOR>
  28757. <ID>4386</ID>
  28758. <PROCESSLIST>
  28759. <PROCESS>*</PROCESS>
  28760. <PROCESS>CMD32.EXE</PROCESS>
  28761. <PROCESS>LOADCLEAN.EXE</PROCESS>
  28762. </PROCESSLIST>
  28763. <CLSIDLIST>
  28764. </CLSIDLIST>
  28765. <SUMMARY>Unclassified.Cmd32.Process</SUMMARY>
  28766. <DEFAULTINSTALLPATHLIST>
  28767. </DEFAULTINSTALLPATHLIST>
  28768. <CATEGORY>UNDEFINEDTHREAT</CATEGORY>
  28769. <CONDITIONLIST>
  28770. <CONDITION>MD5=4D4A4D3126D360102D2F688D38DA4EFF</CONDITION>
  28771. <CONDITION>MD5=22908E27499048EE5F3E86BBB67E1BC8</CONDITION>
  28772. <CONDITION>MD5=656A12741EB0B593772FBF5B0870A8F3</CONDITION>
  28773. <CONDITION>MD5=F82DE4ADD0EA20B99F8323529EC07696</CONDITION>
  28774. <CONDITION>MD5=4DF55EC2027B8BF1DB213A107698336F</CONDITION>
  28775. </CONDITIONLIST>
  28776. <OPERATOR>AND</OPERATOR>
  28777. <THREATLEVEL>10</THREATLEVEL>
  28778. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28779. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28780. </PROCESSDESCRIPTOR>
  28781. <PROCESSDESCRIPTOR>
  28782. <ID>4387</ID>
  28783. <PROCESSLIST>
  28784. <PROCESS>WUAMGRDS.EXE</PROCESS>
  28785. </PROCESSLIST>
  28786. <CLSIDLIST>
  28787. </CLSIDLIST>
  28788. <SUMMARY>Worm.Sdbot-AWP.Process</SUMMARY>
  28789. <DEFAULTINSTALLPATHLIST>
  28790. </DEFAULTINSTALLPATHLIST>
  28791. <CATEGORY>WORM</CATEGORY>
  28792. <CONDITIONLIST>
  28793. <CONDITION>FILELOCATION~system</CONDITION>
  28794. </CONDITIONLIST>
  28795. <OPERATOR>AND</OPERATOR>
  28796. <THREATLEVEL>10</THREATLEVEL>
  28797. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28798. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28799. </PROCESSDESCRIPTOR>
  28800. <PROCESSDESCRIPTOR>
  28801. <ID>4388</ID>
  28802. <PROCESSLIST>
  28803. <PROCESS>*</PROCESS>
  28804. </PROCESSLIST>
  28805. <CLSIDLIST>
  28806. </CLSIDLIST>
  28807. <SUMMARY>Adware.OfferAgent.Process</SUMMARY>
  28808. <DEFAULTINSTALLPATHLIST>
  28809. </DEFAULTINSTALLPATHLIST>
  28810. <CATEGORY>ADWARE</CATEGORY>
  28811. <CONDITIONLIST>
  28812. <CONDITION>MD5=F0BBBFFD97D436FF1032C50038D23337</CONDITION>
  28813. </CONDITIONLIST>
  28814. <OPERATOR>AND</OPERATOR>
  28815. <THREATLEVEL>10</THREATLEVEL>
  28816. <TERMINATEACTION>TERMINATE</TERMINATEACTION>
  28817. <TERMINATIONMETHOD>KILLPROCESS</TERMINATIONMETHOD>
  28818. </PROCESSDESCRIPTOR>
  28819. </SABSCRIPT>