;******************************************************************************** ******************************************************************************** ******************* ANALYSIS: 2010-03-09 01:07:09 PROTECTIONS: 1 MALWARE: 42 SUSPECTS: 12 ;******************************************************************************* ******************************************************************************** ******************** PROTECTIONS Description Version

Activ e Updated ;=============================================================================== ================================================================================ ==================== ESET NOD32 antivirus system 2.70 2.70 Yes Yes ;=============================================================================== ================================================================================ ==================== MALWARE Id Description Type Active Sever ity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ ==================== 00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @casalemedia[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @doubleclick[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @atdmt[2].txt 00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @tradedoubler[1].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @247realmedia[1].txt 00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @fastclick[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @mediaplex[1].txt 00159564 Cookie/WUpd TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @revenue[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @com[1].txt 00167647 Cookie/Yadro TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @yadro[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @xiti[1].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @statcounter[1].txt 00167760 Cookie/Hitslink TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @counter.hitslink[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @ad.yieldmanager[1].txt 00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @apmebf[2].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @burstnet[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @serving-sys[2].txt 00168095 Cookie/888 TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @888[2].txt 00168106 Cookie/Weborama TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @weborama[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @adtech[1].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @server.iad.liveperson[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @advertising[2].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @statse.webtrendslive[1].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @overture[1].txt 00170557 Cookie/Com.com TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @terra.com[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @zedo[1].txt 00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @bluestreak[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @searchportal.information[2].txt

00263780 w32/bagle.hx.worm Virus/Worm No 1 Yes No hkey_current_user\software\datetime4 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @smartadserver[2].txt 00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\documents and settings\carlos\cookies\carlos @www1.addfreestats[1].txt 00954094 Rootkit/Bagle.UV Virus/Worm Yes 2 Yes No c:\windows\system32\srosa2.sys 02898935 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\windows\system32\wfsintwq.sys 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/nero 9 activa tor (best).exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\google_e arth_pro_gold_edition_2009_full.rar[google_earth_pro_gold_edition_2009_full\goog le earth pro gold edition 2009 full\crack.exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/xp/xp, vista and office 2007 activation.exe][xp, vista or office 2007 activation\xp pro\xp ke y changer v2.0 (use key - v2c47-mk7jd-3r89f-d2kxw-vpk3j).exe][xpkeychanger.exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/xp/xp, vista and office 2007 activation.exe][xp, vista or office 2007 activation\xp pro\xp ke y changer v2.0 (use key - v2c47-mk7jd-3r89f-d2kxw-vpk3j).exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/xp/xp key cha nger v2.0.exe][xpkeychanger.exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/xp/xp key cha nger v2.0.exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/windows genui ne advantage fix (wga) v1.9.40.exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/vista/xp, vis ta and office 2007 activation.exe][xp, vista or office 2007 activation\xp pro\xp key changer v2.0 (use key - v2c47-mk7jd-3r89f-d2kxw-vpk3j).exe][xpkeychanger.ex e] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/vista/xp, vis ta and office 2007 activation.exe][xp, vista or office 2007 activation\xp pro\xp

key changer v2.0 (use key - v2c47-mk7jd-3r89f-d2kxw-vpk3j).exe] 03074964 Trj/CI.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/adobe all pro ducts keymaker 2009 v1.02.exe] 03432206 Trj/Downloader.MDW Virus/Trojan No 1 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/1click dvd pr oducts patcher.rar][1click dvd products patcher\patcher.exe] 03738695 Generic Malware Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\nero 8 u ltra edition 8.2.8.0-multilanguaje-psicotropia.rar[nero 8 ultra edition 8.2.8.0multilanguaje-psicotropia\nero_8_keymaker_only-embrace.rar][keymaker.exe] 03880324 Generic Malware Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/xp/xp, vista and office 2007 activation.exe][xp, vista or office 2007 activation\office 2007\ applications keygen.exe] 03880324 Generic Malware Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/vista/xp, vis ta and office 2007 activation.exe][xp, vista or office 2007 activation\office 20 07\applications keygen.exe] 03880324 Generic Malware Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/office 2007 a ctivation.exe][office 2007 activation\office 2007 applications keygen.exe] 05000346 Generic Trojan Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\all in o ne activator www.emuleprogramas.com.rar[all in one activator www.emuleprogramas. com\all in one activator www.emuleprogramas.com.exe][autoplay/docs/raxco perfect disk 10 multi-keygen.exe] 05779225 Trj/Thed.A Virus/Trojan No 0 No No c:\archivos de programa\emule\incoming\google e arth pro.2007.espaol.crack.+.keys.gps.correcto..rar[googleearthwinprosetup.+.key\ googleearthwinprosetup.exe] 05779225 Trj/Thed.A Virus/Trojan No 0 Yes No c:\documents and settings\carlos\configuracin lo cal\temp\rar$ex00.312\keygen.exe 05779225 Trj/Thed.A Virus/Trojan Yes 0 Yes No c:\archivos de programa\windows live\messenger\ msnmsgr.exe 05779225 Trj/Thed.A Virus/Trojan Yes 0 Yes No c:\windows\wintems.exe 05779225 Trj/Thed.A Virus/Trojan No 0 Yes No c:\documents and settings\carlos\datos de progr ama\drivers\downld\91171.exe 05779225 Trj/Thed.A Virus/Trojan No 0 Yes No c:\windows\mdelk.exe 05779225 Trj/Thed.A Virus/Trojan Yes 0 Yes No c:\documents and settings\carlos\datos de progr ama\drivers\winupgro.exe ;=============================================================================== ================================================================================ ====================

SUSPECTS Sent Location ;=============================================================================== ================================================================================ ==================== No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/adobe master suite cs4 activation.ex e] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/voatk tools v2.5.exe] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/voatk tools v2.5.exe][data\voa tkdata25.000] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/voatk tools v2.5.exe][data\voa tktoolsstart.exe] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/voatk tools v2.5.exe][data\voa tkdata29.000] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/voatk tools v2.5.exe][data\voa tkdata29.000][start report.exe] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/vista/xp, vista and office 2007 acti vation.exe][xp, vista or office 2007 activation\xp-vista-office genuine maker v2 .6.exe][xp.exe] No c:\archivos de programa\emule\incoming\all in one activator www.emulep rogramas.com.rar[all in one activator www.emuleprogramas.com\all in one activato r www.emuleprogramas.com.exe][autoplay/docs/xp/xp, vista and office 2007 activat ion.exe][xp, vista or office 2007 activation\xp-vista-office genuine maker v2.6. exe][xp.exe] No c:\archivos de programa\stoik\mm4trial\crack.exe No c:\documents and settings\carlos\configuracin local\datos de programa\d ownloaded installations\{0f92d651-5b39-4ddc-86c2-9a5ebeafb1c7}\hdd regenerator.m si[unk_0069][hdd_regenerator_1.61.exe] No c:\documents and settings\carlos\escritorio\visual s@c\pinnacle studio 14\complementos\14_collection.ro_dri.part1.rar[14_collection\plugins_update\her oglyph-25-service.exe] No c:\documents and settings\carlos\escritorio\visual s@c\pinnacle studio 14\complementos\14_collection.ro_dri.part1.rar[14_collection\plugins_update\her oglyph-25-service.exe][14_collection\plugins_update\heroglyph-25-service.exe][he roglyph-setup.exe] ;=============================================================================== ================================================================================ ==================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ ==================== 203505 HIGH MS08-071 201258 HIGH MS08-066 196455 MEDIUM MS08-037

;=============================================================================== ================================================================================ ====================