Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Where to begin? Where to begin?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 02-09-2007, 04:08 PM   #1 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 13
OS: Windows XP Professional


Where to begin?
I have been having all sorts of problems with my computer, and it just seems to be getting worse. I apologize if I'm not posting this in the right spot, but I honestly don't know where to start because there seems to be a variety of issues, and I don't know where they are all stemming from. I know I have a trojan virus because I have AVG on my computer and the system scan seems to pick up 1 or 2 everytime I run it. My computer has been shutting down unexpectedly, amongst other issues. I have tried to update my operating system, but the computer shut down in the middle of it. I have also tried to do a McAfee Scan, but it would not load. The following is what I was able to come up with:

Here is a bitdefender report I got yesterday:
BitDefender Online Scanner

Scan report generated at: Thu, Feb 08, 2007 - 21:52:02


Scan path: C:\;D:\;



Statistics

Time
01:43:22

Files
477078

Folders
4759

Boot Sectors
2

Archives
2047

Packed Files
69024

Results

Identified Viruses
6

Infected Files
10

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
10

Engines Info

Virus Definitions

419487

Engine build

AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File


Status

C:\$VAULT$.AVG\05282531.FIL


Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\05282531.FIL


Disinfection failed

C:\$VAULT$.AVG\05282531.FIL


Deleted

C:\$VAULT$.AVG\42130297.FIL


Infected with: Exploit.Win32.WMF-PFV.C

C:\$VAULT$.AVG\42130297.FIL


Disinfection failed

C:\$VAULT$.AVG\42130297.FIL


Deleted

C:\$VAULT$.AVG\61658765.FIL


Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\61658765.FIL


Disinfection failed

C:\$VAULT$.AVG\61658765.FIL


Deleted

C:\$VAULT$.AVG\83043546.FIL


Infected with: Trojan.SpySheriff.C

C:\$VAULT$.AVG\83043546.FIL


Disinfection failed

C:\$VAULT$.AVG\83043546.FIL


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP354\A0064445.exe


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001


Suspected of: BehavesLike:Trojan.Downloader

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP369\A0071497.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe


Infected with: Backdoor.Agent.SO

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP388\A0079344.exe


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll


Infected with: Trojan.Juan.E

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP390\A0079751.dll


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll


Infected with: Trojan.Juan.E

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP391\A0079787.dll


Deleted

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe


Infected with: Trojan.Dropper.EP

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe


Disinfection failed

C:\System Volume Information\_restore{0D907B9E-ABF7-488B-8D5D-666236B7BA4E}\RP395\A0082125.exe


Deleted

C:\WINDOWS\system32\jkkli.dll


Infected with: MemScan:Trojan.Vundo.W

C:\WINDOWS\system32\jkkli.dll


Disinfection failed

C:\WINDOWS\system32\jkkli.dll


Delete failed

C:\WINDOWS\system32\livwgchk.dll


Infected with: Trojan.Juan.E

C:\WINDOWS\system32\livwgchk.dll


Disinfection failed

C:\WINDOWS\system32\livwgchk.dll


Delete failed

_________________________________________________________________

Here is a logfile from HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 4:31:04 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Kyle Hicks\Local Settings\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\uqgkxtim.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Generic ChkMail.lnk = C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

_________________________________________________________________

And here's a spyware doctor report:

can Results:
scan start: 2/9/2007 4:21:59 PM
scan stop: 2/9/2007 4:51:46 PM
scanned items: 97309
found items: 468
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Elevated
VSToolbar C:\Documents and Settings\Kyle Hicks\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Elevated
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@adlegend[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@bravenet[2].txt (Remnant) Low
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@drivecleaner[1].txt Medium
Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@errorsafe[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@m.webtrends[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@netster[1].txt Low
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@stats.drivecleaner[2].txt Medium
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@winantispyware[2].txt Low
Known Bad Sites C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.amaena[2].txt High
Drive Cleaner C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.drivecleaner[1].txt Medium
Affiliated with Browser Hijackers C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.errorsafe[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.netster[2].txt Low
Advertising C:\Documents and Settings\Kyle Hicks\Cookies\kyle__hicks@www.winantispyware[1].txt Low
Trojan.Popuper C:\Documents and Settings\Kyle Hicks\Favorites\online security test.url High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt High
Network Monitor C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt High
Network Monitor C:\Program Files\Network Monitor High
Common Components for Dialers C:\WINDOWS\pcconfig.dat Elevated
Virtumonde C:\WINDOWS\system32\jkkli.dll Elevated
Trojan.Muquest.A C:\WINDOWS\system32\system.req.11 Medium
Instant Access C:\WINDOWS\tmlpcert2007 High
Virtumonde Explorer.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Virtumonde FIREFOX.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90} Medium
Weird On The Web HKCR\AppID\{4C0B0548-AE0B-4008-999D-DB33B8B2EB90}## Medium
Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4} Medium
Weird On The Web HKCR\AppID\{7911272A-A32A-404E-8A51-EE18B99B18C4}## Medium
Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26} Medium
Weird On The Web HKCR\AppID\{99C4F93D-42A7-478D-8746-4AFB6C10BC26}## Medium
Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D} Medium
Weird On The Web HKCR\AppID\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}## Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE## Medium
Weird On The Web HKCR\AppID\AMNotifier.EXE##AppID Medium
Weird On The Web HKCR\AppID\MPAgent.DLL Medium
Weird On The Web HKCR\AppID\MPAgent.DLL## Medium
Weird On The Web HKCR\AppID\MPAgent.DLL##AppID Medium
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High
Trojan.Mailskinner HKCR\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High
Instant Access HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated
Virtumonde HKCR\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738} Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32 Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\ProxyStubClsid32## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib## Elevated
SmartBrowser HKCR\Interface\{00000183-C745-43D2-44F1-01A1C789C738}\TypeLib##Version Elevated
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482} High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32 High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\ProxyStubClsid32## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib## High
Trojan.Mailskinner HKCR\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}\TypeLib##Version High
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC} Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32 Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\ProxyStubClsid32## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib## Medium
Weird On The Web HKCR\Interface\{CF1E4638-637F-499D-8309-FD71B9750ABC}\TypeLib##Version Medium
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738} Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32 Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\0\win32## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\FLAGS## Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR Elevated
SmartBrowser HKCR\TypeLib\{00000182-C745-43D2-44F1-01A1C789C738}\1.0\HELPDIR## Elevated
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E} Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{555FB512-9F3B-4359-9D2A-3C10E750CE5E}\1.0\HELPDIR## Medium
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047} High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32 High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\0\win32## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\FLAGS## High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR High
Trojan.Mailskinner HKCR\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}\1.0\HELPDIR## High
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5} Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{AB3B59A5-8BB4-46AB-A878-DFDB237D5BD5}\1.0\HELPDIR## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE} Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32 Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\0\win32## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\FLAGS## Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR Medium
Weird On The Web HKCR\TypeLib\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}\1.0\HELPDIR## Medium
Trojan.Mailskinner HKCU\Software\exts High
Trojan.Mailskinner HKCU\Software\exts## High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472} High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}## High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##ft High
Trojan.Mailskinner HKCU\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}##rt High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A## High
Instant Access HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A##Blob High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000} High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}## High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore## High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Count High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Flags High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Time High
CommonName HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore##Type High
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03} Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Count Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Flags Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Time Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}\iexplore##Type Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452} Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore## Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Count Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Flags Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Time Elevated
VSToolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74DD705D-6834-439C-A735-A6DBE2677452}\iexplore##Type Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}## Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore## Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Blocked Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Count Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Flags Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Time Elevated
WinFixer HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}\iexplore##Type Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore## Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Count Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Flags Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Time Elevated
Virtumonde HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\iexplore##Type Elevated
Trojan.Mailskinner HKCU\Software\Microsoft\Windows\CurrentVersion\Run##MailSkinner High
VSToolbar HKCU\Software\Search Toolbar Corp Elevated
VSToolbar HKCU\Software\Search Toolbar Corp## Elevated
VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision Elevated
VSToolbar HKCU\Software\Search Toolbar Corp\Toolbar Vision## Elevated
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D} High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32 High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\InprocServer32##ThreadingModel High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\ProgID## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\Programmable## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\TypeLib## High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID High
Trojan.Mailskinner HKLM\Software\Classes\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}\VersionIndependentProgID## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32 High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32## High
Instant Access HKLM\Software\Classes\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}\InprocServer32##ThreadingModel High
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32 Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{F8917B2A-5FEE-431D-A680-96F8C34E427D}\InprocServer32##ThreadingModel Elevated
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BPTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PID High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##PSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Rid High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Virtumonde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkli##DllName Elevated
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzlo32##Startup High
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D} Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8917B2A-5FEE-431D-A680-96F8C34E427D}## Elevated
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll## High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##.Owner High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1044.dll##{11F1D260-129E-4EB7-B37E-57E3D97A3DF1} High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll## High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##.Owner High
Instant Access HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/eg_auth_1046.dll##{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} High
Common Components Unrelated HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run##svchost.exe Medium
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}## Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##Contact Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##DisplayVersion Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoModify Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRemove Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##NoRepair Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}##UninstallString Elevated
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}## High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##Contact High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayName High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##DisplayVersion High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoModify High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRemove High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##NoRepair High
Network Monitor HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}##UninstallString High
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{645FF040-5081-101B-9F08-00AA002F954E} Elevated
I-Search Desktop Search Toolbar HKLM\SOFTWARE\Policies##{6BF52A52-394A-11D3-B153-00C04F79FAA6} Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Enum##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet003\Services\cmdService\Security##Security Elevated
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##0 High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##Count High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Enum##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\ControlSet003\Services\Network Monitor\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\ControlSet004\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\ControlSet004\Services\cmdService\Security##Security Elevated
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\ControlSet004\Services\Network Monitor\Security##Security High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Class Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ClassGUID Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##ConfigFlags Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##DeviceDesc Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Legacy Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000##Service Elevated
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC##NextInstance High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000 High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Class High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ClassGUID High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##ConfigFlags High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##DeviceDesc High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Legacy High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSASVC\0000##Service High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR##NextInstance High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Class High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ClassGUID High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##ConfigFlags High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##DeviceDesc High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Legacy High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000##Service High
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##DisplayName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ErrorControl Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ImagePath Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##ObjectName Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Start Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService##Type Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##0 Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##Count Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum##NextInstance Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security## Elevated
I-Search Desktop Search Toolbar HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security##Security Elevated
Common Components Unrelated HKLM\SYSTEM\CurrentControlSet\Services\COM+ Messages##ImagePath Medium
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Description High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##DisplayName High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ErrorControl High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ImagePath High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##ObjectName High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Start High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc##Type High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##0 High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##Count High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Enum##NextInstance High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security## High
Trojan.Dropper.Small.AEK HKLM\SYSTEM\CurrentControlSet\Services\MsaSvc\Security##Security High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##DisplayName High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ErrorControl High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ImagePath High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##ObjectName High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Start High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor##Type High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##0 High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##Count High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum##NextInstance High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security## High
Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security##Security High
Virtumonde iexplore.exe (C:\WINDOWS\system32\jkkli.dll)
_______________________________________________________________

Looks like a complete mess!

I've tried to run my computer in safe mode to run though a few steps I've seen in various threads, but it will not let me do anything in safe mode. I have a ton of pop ups that keep coming with various spyware removal programs and registry cleaners, and a pop up from "songset" that comes up any time I visit sites like msn, etc., offering free ring tones. My system overall is running extremely slow, and I especially notice it when typing in Microsoft Word, and things of that nature. If you could give me some help I would really appreciate it!
Last edited by christinelydia : 02-09-2007 at 04:30 PM. Reason: Title Change, Windows Update failure
christinelydia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-11-2007, 09:26 AM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 21,650
OS: Win XP Pro SP3

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Hi and welcome to TSF.

Let's see if we can restore a bit of normality first, then we'll tackle the rest.


Firstly, let's reset System Restore, so that we have something to fall back on, just in case.

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

To turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.



This tool should be run in Normal Mode - it's very simple and fairly quick - just follow the instructions.


Please download combofix.exe to your desktop.

IMPORTANT - You must place combofix on your desktop!!


Double click combofix.exe & follow the prompts.

When finished, the tool will produce a log for you at c:\combofix.txt. Post that log in your next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.



One of your infections is hiding and we need to make it visible. So, before producing your next HijackThis Log, please follow these instructions:

I'd like you to rename HijackThis.exe (the actual .exe file itself) to glasgow.exe.
  • Navigate to C:\hjt\HijackThis.exe (or wherever HJT is located - if it's in a Temp file then move it))
  • Right click on HijackThis.exe
  • Select 'Rename'
  • Type in glasgow.exe
  • Press Enter.

Now run a scan and save a log as normal.


Please post back with c:\combofix.txt and a fresh, renamed HijackThis log.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 12:39 PM   #3 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 13
OS: Windows XP Professional


Sorry it's taken me so long to reply, the virus completely took over my internet settings to where I haven't been able to even get online. I got Norton Anti Virus installed and it got rid of many of the viruses, but I guess they've taken over the registry to where they reload upon restart and now I can't even get a system scan completed with Norton. Also, I tried to run combo fix and this is the message I got:

"The tool, ComboFix has been temporarily withdrawn.

The author discovered a rootkit infection that will intefere with ComboFix's running.

This will cause Combofix to be UNSAFE FOR USE on your machine.

Even if you manage to find a mirror for the tool, PLEASE DO NOT RUN THIS TOOL

Apologies for any inconvenience caused"

Any other suggestions?

The virus' that I think causes the most problems are:

Trojan.Peacom
Trojan.vundo
and the w32blacmal

Thanks!
Christine
christinelydia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 01:33 PM   #4 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 21,650
OS: Win XP Pro SP3

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Hi again

Sorry – it’s been a while since I posted to you so I’d assumed that you would have downloaded combofix already. Never mind – back to basics!

Firstly, I need a renamed HijackThis Log – then we can get to work. See my earlier post for instructions.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 02:49 PM   #5 (permalink)
Registered User
 
Join Date: Feb 2007
Posts: 13
OS: Windows XP Professional


Here we go!:

Logfile of HijackThis v1.99.1
Scan saved at 3:47:35 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kyle Hicks\Desktop\hijackthis\Glasgow.exe

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\GENERIC\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/is...cannerCtrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S3lsZSAgSGlja3M\command.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
christinelydia is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-18-2007, 03:07 PM   #6 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 21,650
OS: Win XP Pro SP3

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Hi again

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt.



Download ComboScan to your Desktop.
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, a text file will open - ComboScan.txt
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt back in this thread (do not attach it).
  5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  6. Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.


To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\ComboScan\Supplementary.txt
  3. Click Upload.



Please reply with c:\vundo.txt, Comboscan.txt and attach the Supplementary file.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.