Tech Support Forum - View Single Post

christinelydia · 02-09-2007, 04:08 PM

I have been having all sorts of problems with my computer, and it just seems to be getting worse. I apologize if I'm not posting this in the right spot, but I honestly don't know where to start because there seems to be a variety of issues, and I don't know where they are all stemming from. I know I have a trojan virus because I have AVG on my computer and the system scan seems to pick up 1 or 2 everytime I run it. My computer has been shutting down unexpectedly, amongst other issues. I have tried to update my operating system, but the computer shut down in the middle of it. I have also tried to do a McAfee Scan, but it would not load. The following is what I was able to come up with:

Here is a bitdefender report I got yesterday:
BitDefender Online Scanner

Scan report generated at: Thu, Feb 08, 2007 - 21:52:02

Scan path: C:\;D:\;

Statistics

Time
01:43:22

Files
477078

Folders
4759

Boot Sectors
2

Archives
2047

Packed Files
69024

Results

Identified Viruses
6

Infected Files
10

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
10

Engines Info

Virus Definitions

419487

Engine build

AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File

Status

C:\$VAULT$.AVG\05282531.FIL

Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\05282531.FIL

Disinfection failed

C:\$VAULT$.AVG\05282531.FIL

Deleted

C:\$VAULT$.AVG\42130297.FIL

Infected with: Exploit.Win32.WMF-PFV.C

C:\$VAULT$.AVG\42130297.FIL

Disinfection failed

C:\$VAULT$.AVG\42130297.FIL

Deleted

C:\$VAULT$.AVG\61658765.FIL

Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\61658765.FIL

Disinfection failed

C:\$VAULT$.AVG\61658765.FIL

Deleted

C:\$VAULT$.AVG\83043546.FIL

Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\83043546.FIL

Disinfection failed

C:\$VAULT$.AVG\83043546.FIL

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe

Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001

Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)

Update failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe

Infected with: Backdoor.Agent.SO

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll

Infected with: Trojan.Juan.E

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll

Infected with: Trojan.Juan.E

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll

Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe

Infected with: Trojan.Dropper.EP

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe

Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe

Deleted

C:\WINDOWS\system32\jkkli.dll

Infected with: MemScan:Trojan.Vundo.W

C:\WINDOWS\system32\jkkli.dll

Disinfection failed

C:\WINDOWS\system32\jkkli.dll

Delete failed

C:\WINDOWS\system32\livwgchk.dll

Infected with: Trojan.Juan.E

C:\WINDOWS\system32\livwgchk.dll

Disinfection failed

C:\WINDOWS\system32\livwgchk.dll

Delete failed

_________________________________________________________________

Here is a logfile from HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 4:31:04 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Kyle Hicks\Local Settings\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uqgkxtim.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Generic ChkMail.lnk = C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

_________________________________________________________________

And here's a spyware doctor report:

can Results:
scan start: 2/9/2007 4:21:59 PM
scan stop: 2/9/2007 4:51:46 PM
scanned items: 97309
found items: 468
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Elevated
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@adlegend[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@bravenet[2].txt (Remnant) Low
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@drivecleaner[1].txt Medium
Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@errorsafe[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@m.webtrends[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@netster[1].txt Low
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@stats.drivecleaner[2].txt Medium
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@winantispyware[2].txt Low
Known Bad Sites C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.amaena[2].txt High
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.drivecleaner[1].txt Medium
Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.errorsafe[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[2].txt Low
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.winantispyware[1].txt Low
Trojan.Popuper C:\Documents and Settings\Kyle Hicks\Favorites\online security test.url High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt High
Network Monitor C:\Program Files\Network Monitor High
Common Components for Dialers C:\WINDOWS\pcconfig.dat Elevated
Virtumonde C:\WINDOWS\system32\jkkli.dll Elevated
Trojan.Muquest.A C:\WINDOWS\system32\system.req.11 Medium
Instant Access C:\WINDOWS\tmlpcert2007 High
Virtumonde Explorer.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Virtumonde FIREFOX.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90} Medium
Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90}## Medium
Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4} Medium
Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4}## Medium
Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26} Medium
Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26}## Medium
Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D} Medium
Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}## Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE## Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE##AppID Medium
Weird On The Web HKCR\AppID\MPAgent.DLL Medium
Weird On The Web HKCR\AppID\MPAgent.DLL## Medium
Weird On The Web HKCR\AppID\MPAgent.DLL##AppID Medium
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738} Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32 Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib##Version Elevated
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482} High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32 High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib##Version High
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC} Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32 Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib##Version Medium
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738} Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR## Elevated
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E} Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR## Medium
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047} High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR## High
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5} Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR## Medium
Trojan.Mailskinner HKCU\Software\exts High
Trojan.Mailskinner HKCU\Software\exts## High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472} High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}## High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##ft High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##rt High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A## High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A##Blob High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000} High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}## High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore## High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Count High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Flags High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Time High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Type High
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03} Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Count Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Flags Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Time Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Type Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452} Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Count Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Flags Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Time Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Type Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}## Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore## Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Blocked Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Count Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Flags Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Time Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Type Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore## Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Count Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Flags Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Time Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Type Elevated
Trojan.Mailskinner HKCU\Software\Microsoft\Windows\CurrentVersion\Run##MailSkinner High
VSToolbar HKCU\Software\Search Toolbar Corp Elevated
VSToolbar HKCU\Software\Search Toolbar Corp## Elevated
VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision Elevated
VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision## Elevated
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BPTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Virtumonde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkli##DllName Elevated
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Startup High
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll## High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##.Owner High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##{11F1D260-129E-4EB7-B37E-57E3D97A3DF1} High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll## High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##.Owner High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} High
Common Components Unrelated HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##svchost.exe Medium
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}## Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##Contact Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayVersion Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoModify Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRemove Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRepair Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##UninstallString Elevated
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}## High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##Contact High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayName High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayVersion High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoModify High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRemove High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRepair High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##UninstallString High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{645FF040-5081-101B-9F08-00AA002F954E} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{6BF52A52-394A-11D3-B153-00C04F79FAA6} Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security##Security Elevated
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##0 High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##Count High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security##Security Elevated
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC##NextInstance High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000 High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Class High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ClassGUID High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ConfigFlags High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##DeviceDesc High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Legacy High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Service High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\COM+ Messages##ImagePath Medium
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Description High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##DisplayName High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ErrorControl High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ImagePath High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ObjectName High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Start High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Type High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##0 High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##Count High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##NextInstance High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security##Security High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##0 High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##Count High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##NextInstance High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security##Security High
Virtumonde iexplore.exe (C:\WINDOWS\system32\jkkli.dll)
_______________________________________________________________

Looks like a complete mess!

I've tried to run my computer in safe mode to run though a few steps I've seen in various threads, but it will not let me do anything in safe mode. I have a ton of pop ups that keep coming with various spyware removal programs and registry cleaners, and a pop up from "songset" that comes up any time I visit sites like msn, etc., offering free ring tones. My system overall is running extremely slow, and I especially notice it when typing in Microsoft Word, and things of that nature. If you could give me some help I would really appreciate it!

02-09-2007, 04:08 PM	#1 (permalink)
christinelydia Registered User Join Date: Feb 2007 Posts: 13 OS: Windows XP Professional	Where to begin? I have been having all sorts of problems with my computer, and it just seems to be getting worse. I apologize if I'm not posting this in the right spot, but I honestly don't know where to start because there seems to be a variety of issues, and I don't know where they are all stemming from. I know I have a trojan virus because I have AVG on my computer and the system scan seems to pick up 1 or 2 everytime I run it. My computer has been shutting down unexpectedly, amongst other issues. I have tried to update my operating system, but the computer shut down in the middle of it. I have also tried to do a McAfee Scan, but it would not load. The following is what I was able to come up with: Here is a bitdefender report I got yesterday: BitDefender Online Scanner Scan report generated at: Thu, Feb 08, 2007 - 21:52:02 Scan path: C:\;D:\; Statistics Time 01:43:22 Files 477078 Folders 4759 Boot Sectors 2 Archives 2047 Packed Files 69024 Results Identified Viruses 6 Infected Files 10 Suspect Files 2 Warnings 0 Disinfected 0 Deleted Files 10 Engines Info Virus Definitions 419487 Engine build AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions ; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\$VAULT$.AVG\05282531.FIL Infected with: Trojan.SpySheriff.C C:\$VAULT$.AVG\05282531.FIL Disinfection failed C:\$VAULT$.AVG\05282531.FIL Deleted C:\$VAULT$.AVG\42130297.FIL Infected with: Exploit.Win32.WMF-PFV.C C:\$VAULT$.AVG\42130297.FIL Disinfection failed C:\$VAULT$.AVG\42130297.FIL Deleted C:\$VAULT$.AVG\61658765.FIL Infected with: Trojan.SpySheriff.C C:\$VAULT$.AVG\61658765.FIL Disinfection failed C:\$VAULT$.AVG\61658765.FIL Deleted C:\$VAULT$.AVG\83043546.FIL Infected with: Trojan.SpySheriff.C C:\$VAULT$.AVG\83043546.FIL Disinfection failed C:\$VAULT$.AVG\83043546.FIL Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe Suspected of: BehavesLike:Trojan.Downloader C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001 Suspected of: BehavesLike:Trojan.Downloader C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001 Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001 Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o) Update failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe Infected with: Backdoor.Agent.SO C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll Infected with: Trojan.Juan.E C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll Infected with: Trojan.Juan.E C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll Deleted C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe Infected with: Trojan.Dropper.EP C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe Disinfection failed C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe Deleted C:\WINDOWS\system32\jkkli.dll Infected with: MemScan:Trojan.Vundo.W C:\WINDOWS\system32\jkkli.dll Disinfection failed C:\WINDOWS\system32\jkkli.dll Delete failed C:\WINDOWS\system32\livwgchk.dll Infected with: Trojan.Juan.E C:\WINDOWS\system32\livwgchk.dll Disinfection failed C:\WINDOWS\system32\livwgchk.dll Delete failed _________________________________________________________________ Here is a logfile from HijackThis Logfile of HijackThis v1.99.1 Scan saved at 4:31:04 PM, on 2/9/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\1XConfig.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Documents and Settings\Kyle Hicks\Local Settings\Temp\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uqgkxtim.dll",setvm O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Generic ChkMail.lnk = C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe (file missing) O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe _________________________________________________________________ And here's a spyware doctor report: can Results: scan start: 2/9/2007 4:21:59 PM scan stop: 2/9/2007 4:51:46 PM scanned items: 97309 found items: 468 found and ignored: 0 tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner Infection Name Location Risk VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp Elevated VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision Elevated VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Elevated VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Elevated Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@adlegend[2].txt Low Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@bravenet[2].txt (Remnant) Low Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@drivecleaner[1].txt Medium Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@errorsafe[2].txt Elevated Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@m.webtrends[2].txt Low Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@netster[1].txt Low Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@stats.drivecleaner[2].txt Medium Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@winantispyware[2].txt Low Known Bad Sites C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.amaena[2].txt High Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.drivecleaner[1].txt Medium Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.errorsafe[1].txt Elevated Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[1].txt Low Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[2].txt Low Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.winantispyware[1].txt Low Trojan.Popuper C:\Documents and Settings\Kyle Hicks\Favorites\online security test.url High Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon High Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt High Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt High Network Monitor C:\Program Files\Network Monitor High Common Components for Dialers C:\WINDOWS\pcconfig.dat Elevated Virtumonde C:\WINDOWS\system32\jkkli.dll Elevated Trojan.Muquest.A C:\WINDOWS\system32\system.req.11 Medium Instant Access C:\WINDOWS\tmlpcert2007 High Virtumonde Explorer.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated Virtumonde FIREFOX.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90} Medium Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90}## Medium Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4} Medium Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4}## Medium Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26} Medium Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26}## Medium Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D} Medium Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}## Medium Weird On The Web HKCR\AppID\AMNotifier.EXE Medium Weird On The Web HKCR\AppID\AMNotifier.EXE## Medium Weird On The Web HKCR\AppID\AMNotifier.EXE##AppID Medium Weird On The Web HKCR\AppID\MPAgent.DLL Medium Weird On The Web HKCR\AppID\MPAgent.DLL## Medium Weird On The Web HKCR\AppID\MPAgent.DLL##AppID Medium Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738} Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}## Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid## Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32 Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32## Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib## Elevated SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib##Version Elevated Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482} High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}## High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid## High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32 High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32## High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib## High Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib##Version High Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC} Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}## Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid## Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32 Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32## Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib## Medium Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib##Version Medium SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738} Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}## Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0 Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0## Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0 Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0## Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32 Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32## Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS## Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR Elevated SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR## Elevated Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E} Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}## Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0 Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0## Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0 Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0## Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32 Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32## Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS## Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR Medium Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR## Medium Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047} High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}## High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0 High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0## High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0 High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0## High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32 High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32## High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS## High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR High Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR## High Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5} Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}## Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0 Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0## Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0 Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0## Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32 Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32## Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS## Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR Medium Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0 Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS## Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR Medium Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR## Medium Trojan.Mailskinner HKCU\Software\exts High Trojan.Mailskinner HKCU\Software\exts## High Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472} High Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}## High Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##ft High Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##rt High Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A High Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A## High Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A##Blob High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000} High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}## High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore## High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Count High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Flags High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Time High CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Type High VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03} Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}## Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore## Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Count Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Flags Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Time Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Type Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452} Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}## Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore## Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Count Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Flags Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Time Elevated VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Type Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}## Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore## Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Blocked Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Count Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Flags Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Time Elevated WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Type Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore## Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Count Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Flags Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Time Elevated Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Type Elevated Trojan.Mailskinner HKCU\Software\Microsoft\Windows\CurrentVersion\Run##MailSkinner High VSToolbar HKCU\Software\Search Toolbar Corp Elevated VSToolbar HKCU\Software\Search Toolbar Corp## Elevated VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision Elevated VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision## Elevated Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BPTV High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LID High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PID High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High Virtumonde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkli##DllName Elevated Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32## High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Asynchronous High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##DllName High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Impersonate High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Shutdown High Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Startup High Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll## High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##.Owner High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##{11F1D260-129E-4EB7-B37E-57E3D97A3DF1} High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll## High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##.Owner High Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} High Common Components Unrelated HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##svchost.exe Medium I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}## Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##Contact Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayName Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayVersion Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoModify Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRemove Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRepair Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##UninstallString Elevated Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}## High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##Contact High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayName High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayVersion High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoModify High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRemove High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRepair High Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##UninstallString High I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{645FF040-5081-101B-9F08-00AA002F954E} Elevated I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{6BF52A52-394A-11D3-B153-00C04F79FAA6} Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR## High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##DisplayName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ErrorControl Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ImagePath Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ObjectName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Start Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Type Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##0 Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##Count Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##NextInstance Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security##Security Elevated Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor## High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##DisplayName High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ErrorControl High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ImagePath High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ObjectName High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Start High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Type High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum## High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##0 High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##Count High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##NextInstance High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security## High Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security##Security High I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR## High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##DisplayName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ErrorControl Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ImagePath Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ObjectName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Start Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Type Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security##Security Elevated Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor## High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##DisplayName High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ErrorControl High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ImagePath High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ObjectName High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Start High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Type High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security## High Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security##Security High I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC## High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC##NextInstance High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000 High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000## High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Class High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ClassGUID High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ConfigFlags High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##DeviceDesc High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Legacy High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Service High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR## High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##DisplayName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ErrorControl Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ImagePath Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ObjectName Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Start Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Type Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##0 Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##Count Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##NextInstance Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security## Elevated I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security##Security Elevated Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\COM+ Messages##ImagePath Medium Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc## High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Description High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##DisplayName High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ErrorControl High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ImagePath High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ObjectName High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Start High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Type High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum## High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##0 High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##Count High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##NextInstance High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security## High Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security##Security High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor## High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##DisplayName High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ErrorControl High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ImagePath High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ObjectName High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Start High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Type High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum## High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##0 High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##Count High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##NextInstance High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security## High Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security##Security High Virtumonde iexplore.exe (C:\WINDOWS\system32\jkkli.dll) _______________________________________________________________ Looks like a complete mess! I've tried to run my computer in safe mode to run though a few steps I've seen in various threads, but it will not let me do anything in safe mode. I have a ton of pop ups that keep coming with various spyware removal programs and registry cleaners, and a pop up from "songset" that comes up any time I visit sites like msn, etc., offering free ring tones. My system overall is running extremely slow, and I especially notice it when typing in Microsoft Word, and things of that nature. If you could give me some help I would really appreciate it! Last edited by christinelydia; 02-09-2007 at 04:30 PM. Reason: Title Change, Windows Update failure