PC Tools Spyware Doctor Date Status 23/06/2008 20:03:24:270 Service Started Spyware Doctor Service Application started 23/06/2008 20:03:24:270 Anti-Malware Engine Anti-Malware engine configuration loaded successfully. 23/06/2008 20:03:24:721 Anti-Malware Engine Anti-Malware detection engine was disabled 23/06/2008 20:03:37:169 Scan Started Scan Type - Intelli-Scan 23/06/2008 20:03:49:997 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - ad.yieldmanager.com/ ad.yieldmanager.com 23/06/2008 20:03:49:997 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - ad.yieldmanager.com/ ad.yieldmanager.com 23/06/2008 20:03:50:208 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - adtech.de/ adtech.de 23/06/2008 20:03:50:398 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - dealtime.com/ dealtime.com 23/06/2008 20:03:50:969 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - imrworldwide.com/ imrworldwide.com 23/06/2008 20:03:51:459 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - partygaming.122.2o7.net/ partygaming.122.2o7.net 23/06/2008 20:03:52:341 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - tradedoubler.com/ tradedoubler.com 23/06/2008 20:04:17:66 Infection was detected on this computer Threat Name - Trojan.Startpage Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\crossdomain[2].xml - http://www.awesomehomepage.com/crossdomain.xml 23/06/2008 20:04:17:76 Infection was detected on this computer Threat Name - Trojan.Startpage Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\R2KSR3U2\checkExeCookie[1].htm - http://www.awesomehomepage.com/checkExeCookie.php?8632 23/06/2008 20:04:39:338 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\DD01ZAZP\pid=p504355&lang=dutch&ip=auto[1].htm - http://www.adultfriendfinder.com/search/pid=p504355&lang=dutch&ip=auto 23/06/2008 20:04:40:340 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\more[1].htm - http://www.onestoponlineshop.net/o/more 23/06/2008 20:04:40:340 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\R2KSR3U2\css[1].css - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/css.css 23/06/2008 20:04:40:350 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\DD01ZAZP\logoo[1].gif - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/logoo.gif 23/06/2008 20:04:40:350 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\DD01ZAZP\banner1[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/banner1.JPG 23/06/2008 20:04:40:350 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\1U46ODLI\search[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/search.jpg 23/06/2008 20:04:40:350 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\1U46ODLI\arrow[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/arrow.JPG 23/06/2008 20:04:40:370 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\left_back[1].gif - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/left_back.gif 23/06/2008 20:04:40:390 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\R2KSR3U2\leftbackend[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/leftbackend.jpg 23/06/2008 20:04:40:390 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\DD01ZAZP\catageories[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/catageories.JPG 23/06/2008 20:04:40:390 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\1U46ODLI\blank[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/blank.JPG 23/06/2008 20:04:40:400 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\R2KSR3U2\bar[1].gif - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/bar.GIF 23/06/2008 20:04:40:400 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\line[1].gif - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/line.gif 23/06/2008 20:04:40:400 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\dot_y[1].jpg - http://www.onestoponlineshop.net/templates/onestoponlineshop.net/images/dot_y.JPG 23/06/2008 20:05:34:658 Infection was detected on this computer Threat Name - Trojan-Downloader.VB.AWJ Type - File Risk Level - Elevated Infection - C:\WINDOWS\SYSTEM32\pac.txt 23/06/2008 20:05:36:861 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - File Risk Level - Elevated Infection - C:\DOCUMENTS AND SETTINGS\DOMINIQUE\LOCAL SETTINGS\TEMP\removalfile.bat 23/06/2008 20:05:40:636 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm, Content Type 23/06/2008 20:05:40:636 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm 23/06/2008 20:05:41:257 Infection was detected on this computer Threat Name - Trojan.Agent Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws, (Default) 23/06/2008 20:05:41:257 Infection was detected on this computer Threat Name - Trojan.Agent Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws 23/06/2008 20:05:41:277 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan, RID 23/06/2008 20:05:41:287 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, LTM 23/06/2008 20:05:41:287 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CDY 23/06/2008 20:05:41:297 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CNT 23/06/2008 20:05:41:307 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO 23/06/2008 20:05:41:317 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LU 23/06/2008 20:05:41:317 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, CT 23/06/2008 20:05:41:327 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LT 23/06/2008 20:05:41:337 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software 23/06/2008 20:05:41:348 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL 23/06/2008 20:05:41:358 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LTM 23/06/2008 20:05:41:398 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CDY 23/06/2008 20:05:41:398 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CNT 23/06/2008 20:05:41:408 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LBL 23/06/2008 20:05:41:418 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, MN 23/06/2008 20:05:41:418 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan 23/06/2008 20:05:41:428 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, LTM 23/06/2008 20:05:41:428 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CDY 23/06/2008 20:05:41:438 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CNT 23/06/2008 20:05:41:438 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg 23/06/2008 20:05:41:448 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, LTM 23/06/2008 20:05:41:458 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CDY 23/06/2008 20:05:41:458 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CNT 23/06/2008 20:05:41:468 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CPS 23/06/2008 20:05:41:468 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4 23/06/2008 20:05:41:478 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, LTM 23/06/2008 20:05:41:478 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CDY 23/06/2008 20:05:41:488 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CNT 23/06/2008 20:05:41:488 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan 23/06/2008 20:05:41:498 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, LTM 23/06/2008 20:05:41:508 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CDY 23/06/2008 20:05:41:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CNT 23/06/2008 20:05:41:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan 23/06/2008 20:05:41:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan 23/06/2008 20:05:42:489 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 68c2e617 23/06/2008 20:05:47:286 Infection was detected on this computer Threat Name - Trojan.Agent Type - Registry Value Risk Level - High Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\rdfa, F 23/06/2008 20:05:47:296 Infection was detected on this computer Threat Name - Trojan.Agent Type - Registry Value Risk Level - High Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\rdfa, N 23/06/2008 20:05:47:296 Infection was detected on this computer Threat Name - Trojan.Agent Type - Registry Key Risk Level - High Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\rdfa 23/06/2008 20:05:47:677 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm, Content Type 23/06/2008 20:05:47:677 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm 23/06/2008 20:05:47:697 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Value Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d, (Default) 23/06/2008 20:05:47:697 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Key Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d 23/06/2008 20:07:02:785 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Type 23/06/2008 20:07:02:795 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Count 23/06/2008 20:07:02:815 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Time 23/06/2008 20:07:02:815 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore 23/06/2008 20:07:02:825 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} 23/06/2008 20:19:27:105 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 23/06/2008 20:19:27:105 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, (Default) 23/06/2008 20:19:27:115 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, ThreadingModel 23/06/2008 20:19:27:115 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32 23/06/2008 20:19:27:115 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 23/06/2008 20:19:27:135 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, (Default) 23/06/2008 20:19:27:145 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, ThreadingModel 23/06/2008 20:19:27:145 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32 23/06/2008 20:19:27:155 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 23/06/2008 20:19:27:175 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Type 23/06/2008 20:19:27:195 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Flags 23/06/2008 20:19:27:215 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Count 23/06/2008 20:19:27:225 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Time 23/06/2008 20:19:27:235 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore 23/06/2008 20:19:27:245 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 23/06/2008 20:19:27:255 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Module Risk Level - Elevated Infection - lsass.exe (C:\WINDOWS\system32\vtUomlii.dll) 23/06/2008 20:19:28:146 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 23/06/2008 20:19:28:507 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 23/06/2008 20:19:29:98 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 23/06/2008 20:19:29:98 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - File Risk Level - Elevated Infection - C:\WINDOWS\system32\vtUomlii.dll 23/06/2008 20:19:29:128 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}, (Default) 23/06/2008 20:19:29:138 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 23/06/2008 20:19:29:138 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, (Default) 23/06/2008 20:19:29:148 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, ThreadingModel 23/06/2008 20:19:29:148 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32 23/06/2008 20:19:29:148 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 23/06/2008 20:19:29:168 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 23/06/2008 20:19:29:168 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, (Default) 23/06/2008 20:19:29:188 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, ThreadingModel 23/06/2008 20:19:29:188 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32 23/06/2008 20:19:29:188 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 23/06/2008 20:19:29:198 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 23/06/2008 20:19:29:208 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, (Default) 23/06/2008 20:19:29:218 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, ThreadingModel 23/06/2008 20:19:29:218 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32 23/06/2008 20:19:29:218 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 23/06/2008 20:19:29:228 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 23/06/2008 20:19:29:258 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, (Default) 23/06/2008 20:19:29:258 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, ThreadingModel 23/06/2008 20:19:29:268 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32 23/06/2008 20:19:29:268 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 23/06/2008 20:19:29:378 Scan Finished Scan Type - Intelli-Scan Items Processed - 189078 Threats Detected - 10 Infections Detected - 117 Infections Ignored - 0 24/06/2008 8:57:18:19 Anti-Malware Engine Anti-Malware engine configuration loaded successfully. 24/06/2008 9:59:47:400 Scan Started Scan Type - Full Scan 24/06/2008 10:00:17:684 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - imrworldwide.com/ imrworldwide.com 24/06/2008 10:00:48:748 Infection was detected on this computer Threat Name - Trojan.Startpage Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\R2KSR3U2\checkExeCookie[1].htm - http://www.awesomehomepage.com/checkExeCookie.php?8632 24/06/2008 10:00:53:245 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\DD01ZAZP\pid=p504355&lang=dutch&ip=auto[1].htm - http://www.adultfriendfinder.com/search/pid=p504355&lang=dutch&ip=auto 24/06/2008 10:00:53:876 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Internet Temporary File Risk Level - High Infection - C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\VGQL5B3X\more[1].htm - http://www.onestoponlineshop.net/o/more 24/06/2008 10:01:20:164 Infection was detected on this computer Threat Name - Trojan-Downloader.VB.AWJ Type - File Risk Level - Elevated Infection - C:\WINDOWS\SYSTEM32\pac.txt 24/06/2008 10:02:43:113 Infection was detected on this computer Threat Name - Exploit.Java.ByteVerify Type - File Risk Level - High Infection - C:\Documents and Settings\Dominique\Application Data\Sun\Java\Deployment\cache\6.0\54\7c9afc76-3d7c1204 24/06/2008 10:02:43:594 Infection was detected on this computer Threat Name - Exploit.Java.ByteVerify Type - File Risk Level - High Infection - C:\Documents and Settings\Dominique\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-5b576166 24/06/2008 11:58:33:998 Infection was detected on this computer Threat Name - Adware.Zango_Search_Assistant Type - File Risk Level - Info & PUAs Infection - C:\System Volume Information\_restore{0AB512DB-7DD3-49FB-99FA-0EB26992E86C}\RP42\A0004560.lnk 24/06/2008 11:58:36:571 Infection was detected on this computer Threat Name - Adware.Zango_Search_Assistant Type - File Risk Level - Info & PUAs Infection - C:\System Volume Information\_restore{0AB512DB-7DD3-49FB-99FA-0EB26992E86C}\RP42\A0004585.lnk 24/06/2008 16:14:33:607 Smart Update Smart update was unable to run because a internet connection was not found. Please check your network settings and try again. 24/06/2008 16:29:08:565 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm, Content Type 24/06/2008 16:29:08:565 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm 24/06/2008 16:29:10:127 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan, RID 24/06/2008 16:29:10:147 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, LTM 24/06/2008 16:29:10:147 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CDY 24/06/2008 16:29:10:167 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CNT 24/06/2008 16:29:10:207 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO 24/06/2008 16:29:10:227 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LU 24/06/2008 16:29:10:247 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, CT 24/06/2008 16:29:10:267 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LT 24/06/2008 16:29:10:267 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software 24/06/2008 16:29:10:287 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL 24/06/2008 16:29:10:287 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LTM 24/06/2008 16:29:10:307 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CDY 24/06/2008 16:29:10:307 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CNT 24/06/2008 16:29:10:327 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LBL 24/06/2008 16:29:10:377 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, MN 24/06/2008 16:29:10:377 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan 24/06/2008 16:29:10:397 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, LTM 24/06/2008 16:29:10:417 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CDY 24/06/2008 16:29:10:437 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CNT 24/06/2008 16:29:10:437 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg 24/06/2008 16:29:10:437 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, LTM 24/06/2008 16:29:10:477 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CDY 24/06/2008 16:29:10:477 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CNT 24/06/2008 16:29:10:497 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CPS 24/06/2008 16:29:10:497 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4 24/06/2008 16:29:10:538 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, LTM 24/06/2008 16:29:10:538 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CDY 24/06/2008 16:29:10:558 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CNT 24/06/2008 16:29:10:558 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan 24/06/2008 16:29:10:578 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, LTM 24/06/2008 16:29:10:578 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CDY 24/06/2008 16:29:10:598 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CNT 24/06/2008 16:29:10:598 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan 24/06/2008 16:29:10:618 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan 24/06/2008 16:29:10:618 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uid 24/06/2008 16:29:10:638 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, (Default) 24/06/2008 16:29:10:638 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Shows 24/06/2008 16:29:10:658 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uqs 24/06/2008 16:29:10:678 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System 24/06/2008 16:29:12:620 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 68c2e617 24/06/2008 16:29:23:787 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm, Content Type 24/06/2008 16:29:23:787 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm 24/06/2008 16:29:23:787 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Value Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d, (Default) 24/06/2008 16:29:23:787 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Key Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d 24/06/2008 16:30:05:206 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Type 24/06/2008 16:30:05:226 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Count 24/06/2008 16:30:05:266 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Time 24/06/2008 16:30:05:286 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore 24/06/2008 16:30:05:406 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} 24/06/2008 16:31:09:479 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 24/06/2008 16:31:09:499 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, (Default) 24/06/2008 16:31:09:519 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, ThreadingModel 24/06/2008 16:31:09:519 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32 24/06/2008 16:31:09:519 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 24/06/2008 16:31:09:589 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, (Default) 24/06/2008 16:31:09:609 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32, ThreadingModel 24/06/2008 16:31:09:609 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\InprocServer32 24/06/2008 16:31:09:639 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 24/06/2008 16:31:09:749 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Type 24/06/2008 16:31:09:799 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Flags 24/06/2008 16:31:09:859 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Count 24/06/2008 16:31:09:909 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore, Time 24/06/2008 16:31:09:939 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA}\iexplore 24/06/2008 16:31:09:959 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3428212D-26F8-4F72-A6EB-1E57DC4EACEA} 24/06/2008 16:31:09:959 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Module Risk Level - Elevated Infection - lsass.exe (C:\WINDOWS\system32\vtUomlii.dll) 24/06/2008 16:31:09:959 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Module Risk Level - Elevated Infection - explorer.exe (C:\WINDOWS\system32\vtUomlii.dll) 24/06/2008 16:31:10:570 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 24/06/2008 16:31:11:101 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 24/06/2008 16:31:11:582 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Startup Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa, Authentication Packages = C:\WINDOWS\system32\vtUomlii 24/06/2008 16:31:11:582 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - File Risk Level - Elevated Infection - C:\WINDOWS\system32\vtUomlii.dll 24/06/2008 16:31:11:622 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}, (Default) 24/06/2008 16:31:11:642 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 24/06/2008 16:31:11:642 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, (Default) 24/06/2008 16:31:11:682 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, ThreadingModel 24/06/2008 16:31:11:682 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32 24/06/2008 16:31:11:702 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 24/06/2008 16:31:11:742 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 24/06/2008 16:31:11:742 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, (Default) 24/06/2008 16:31:11:762 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, ThreadingModel 24/06/2008 16:31:11:782 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32 24/06/2008 16:31:11:782 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 24/06/2008 16:31:11:822 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 24/06/2008 16:31:11:842 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, (Default) 24/06/2008 16:31:11:862 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, ThreadingModel 24/06/2008 16:31:11:862 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32 24/06/2008 16:31:11:862 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 24/06/2008 16:31:11:882 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 24/06/2008 16:31:11:902 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, (Default) 24/06/2008 16:31:11:922 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, ThreadingModel 24/06/2008 16:31:11:922 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32 24/06/2008 16:31:11:922 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 24/06/2008 16:31:12:82 Scan Finished Scan Type - Full Scan Items Processed - 303534 Threats Detected - 10 Infections Detected - 102 Infections Ignored - 0 24/06/2008 21:08:56:760 Service Stopped Spyware Doctor Service Application Stopped 1/07/2008 17:09:44:459 Service Started Spyware Doctor Service Application started 1/07/2008 17:09:44:469 Anti-Malware Engine Anti-Malware engine configuration loaded successfully. 1/07/2008 17:10:31:106 Scan Started Scan Type - Intelli-Scan 1/07/2008 17:11:00:999 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - mediaplex.com/ mediaplex.com 1/07/2008 17:11:01:139 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - statse.webtrendslive.com/ statse.webtrendslive.com 1/07/2008 17:11:36:9 Infection was detected on this computer Threat Name - Trojan-Downloader.VB.AWJ Type - File Risk Level - Elevated Infection - C:\WINDOWS\SYSTEM32\pac.txt 1/07/2008 17:11:41:887 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm, Content Type 1/07/2008 17:11:41:887 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm 1/07/2008 17:11:42:348 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan, RID 1/07/2008 17:11:42:348 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, LTM 1/07/2008 17:11:42:358 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CDY 1/07/2008 17:11:42:358 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO, CNT 1/07/2008 17:11:42:358 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\DJZERO 1/07/2008 17:11:42:368 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LU 1/07/2008 17:11:42:378 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, CT 1/07/2008 17:11:42:378 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software, LT 1/07/2008 17:11:42:378 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL\.mp4+software 1/07/2008 17:11:42:388 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\JKWL 1/07/2008 17:11:42:388 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LTM 1/07/2008 17:11:42:398 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CDY 1/07/2008 17:11:42:398 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, CNT 1/07/2008 17:11:42:398 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, LBL 1/07/2008 17:11:42:408 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan, MN 1/07/2008 17:11:42:408 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\metajuan 1/07/2008 17:11:42:418 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, LTM 1/07/2008 17:11:42:418 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CDY 1/07/2008 17:11:42:428 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg, CNT 1/07/2008 17:11:42:428 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\meta_mg 1/07/2008 17:11:42:438 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, LTM 1/07/2008 17:11:42:438 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CDY 1/07/2008 17:11:42:438 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CNT 1/07/2008 17:11:42:448 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4, CPS 1/07/2008 17:11:42:448 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\profiling4 1/07/2008 17:11:42:488 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, LTM 1/07/2008 17:11:42:498 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CDY 1/07/2008 17:11:42:498 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan, CNT 1/07/2008 17:11:42:498 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\superjuan 1/07/2008 17:11:42:508 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, LTM 1/07/2008 17:11:42:508 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CDY 1/07/2008 17:11:42:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan, CNT 1/07/2008 17:11:42:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan\TrackDJuan 1/07/2008 17:11:42:518 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan 1/07/2008 17:11:42:528 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uid 1/07/2008 17:11:42:528 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, (Default) 1/07/2008 17:11:42:538 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Shows 1/07/2008 17:11:42:538 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uqs 1/07/2008 17:11:42:538 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System 1/07/2008 17:11:43:219 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 68c2e617 1/07/2008 17:11:47:305 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm, Content Type 1/07/2008 17:11:47:315 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm 1/07/2008 17:11:47:315 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Value Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d, (Default) 1/07/2008 17:11:47:315 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Key Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d 1/07/2008 17:12:01:516 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Type 1/07/2008 17:12:01:526 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Count 1/07/2008 17:12:01:536 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Time 1/07/2008 17:12:01:546 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore 1/07/2008 17:12:01:556 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} 1/07/2008 17:14:11:713 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}, (Default) 1/07/2008 17:14:11:723 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 1/07/2008 17:14:11:723 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, (Default) 1/07/2008 17:14:11:733 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32, ThreadingModel 1/07/2008 17:14:11:733 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4}\InprocServer32 1/07/2008 17:14:11:733 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{46f86855-fb0f-49ec-8cf9-d6ec4b9fc1a4} 1/07/2008 17:14:11:753 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8AF9C02D-40D0-4D9A-8581-1966276F146A} 1/07/2008 17:14:11:753 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{8AF9C02D-40D0-4D9A-8581-1966276F146A}\InprocServer32, (Default) 1/07/2008 17:14:11:763 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{8AF9C02D-40D0-4D9A-8581-1966276F146A}\InprocServer32, ThreadingModel 1/07/2008 17:14:11:763 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{8AF9C02D-40D0-4D9A-8581-1966276F146A}\InprocServer32 1/07/2008 17:14:11:763 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{8AF9C02D-40D0-4D9A-8581-1966276F146A} 1/07/2008 17:14:11:773 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 1/07/2008 17:14:11:783 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, (Default) 1/07/2008 17:14:11:783 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32, ThreadingModel 1/07/2008 17:14:11:793 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0}\InprocServer32 1/07/2008 17:14:11:793 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{C43A01F8-D1A7-4DB7-BF96-628E1ECF4AD0} 1/07/2008 17:14:11:803 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 1/07/2008 17:14:11:803 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, (Default) 1/07/2008 17:14:11:813 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32, ThreadingModel 1/07/2008 17:14:11:813 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032}\InprocServer32 1/07/2008 17:14:11:813 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{DB766E1F-3941-4C47-8FC4-714F71F8A032} 1/07/2008 17:14:11:823 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 1/07/2008 17:14:11:833 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, (Default) 1/07/2008 17:14:11:843 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32, ThreadingModel 1/07/2008 17:14:11:843 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF}\InprocServer32 1/07/2008 17:14:11:843 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_CLASSES_ROOT\CLSID\{FD2114A6-01DF-48E2-8153-682EE00FDEAF} 1/07/2008 17:14:11:863 Scan Finished Scan Type - Intelli-Scan Items Processed - 188482 Threats Detected - 7 Infections Detected - 80 Infections Ignored - 0 1/07/2008 18:52:01:703 Service Stopped Spyware Doctor Service Application Stopped 5/07/2008 12:02:21:91 Service Started Spyware Doctor Service Application started 5/07/2008 12:02:21:91 Anti-Malware Engine Anti-Malware engine configuration loaded successfully. 5/07/2008 12:02:56:742 Scan Started Scan Type - Intelli-Scan 5/07/2008 12:03:59:993 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - 2o7.net/ 2o7.net 5/07/2008 12:04:00:534 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - ad.yieldmanager.com/ ad.yieldmanager.com 5/07/2008 12:04:00:925 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - adriver.ru/ adriver.ru 5/07/2008 12:04:02:167 Infection was detected on this computer Threat Name - Spyware.Known_Bad_Sites Type - Cookie Risk Level - High Infection - adultfriendfinder.com/ adultfriendfinder.com 5/07/2008 12:04:03:438 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - com.com/ com.com 5/07/2008 12:04:03:809 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - cybermonitor.com/ cybermonitor.com 5/07/2008 12:04:03:879 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - dealtime.com/ dealtime.com 5/07/2008 12:04:04:69 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - ehg-meevee.hitbox.com/ ehg-meevee.hitbox.com 5/07/2008 12:04:04:750 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - hentaicounter.com/ hentaicounter.com 5/07/2008 12:04:04:800 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - hitbox.com/ hitbox.com 5/07/2008 12:04:06:743 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - msnportal.112.2o7.net/ msnportal.112.2o7.net 5/07/2008 12:04:07:284 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - overture.com/ overture.com 5/07/2008 12:04:07:434 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - partygaming.122.2o7.net/ partygaming.122.2o7.net 5/07/2008 12:04:08:255 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - stat.dealtime.com/ stat.dealtime.com 5/07/2008 12:04:08:275 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - statcounter.com/ statcounter.com 5/07/2008 12:04:13:363 Infection was detected on this computer Threat Name - Adware.Advertising Type - Cookie Risk Level - Low Infection - www7.addfreestats.com/ www7.addfreestats.com 5/07/2008 12:04:13:383 Infection was detected on this computer Threat Name - Application.TrackingCookies Type - Cookie Risk Level - Low Infection - yadro.ru/ yadro.ru 5/07/2008 12:05:01:902 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm, Content Type 5/07/2008 12:05:01:902 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mcm 5/07/2008 12:05:02:964 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uid 5/07/2008 12:05:02:964 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, (Default) 5/07/2008 12:05:02:974 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Shows 5/07/2008 12:05:02:974 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Value Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System, Uqs 5/07/2008 12:05:02:984 Infection was detected on this computer Threat Name - Trojan.Virtumonde Type - Registry Key Risk Level - Elevated Infection - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System 5/07/2008 12:05:09:143 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Value Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm, Content Type 5/07/2008 12:05:09:143 Infection was detected on this computer Threat Name - Adware.Maxifiles Type - Registry Key Risk Level - High Infection - HKEY_CLASSES_ROOT\.mcm 5/07/2008 12:05:09:503 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Value Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d, (Default) 5/07/2008 12:05:09:503 Infection was detected on this computer Threat Name - Adware.Brilliant_Digital Type - Registry Key Risk Level - Medium Infection - HKEY_CLASSES_ROOT\.s3d 5/07/2008 12:05:37:363 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Type 5/07/2008 12:05:37:403 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Count 5/07/2008 12:05:37:424 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Value Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore, Time 5/07/2008 12:05:37:424 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\iexplore 5/07/2008 12:05:37:434 Infection was detected on this computer Threat Name - Adware.HotBar Type - Registry Key Risk Level - Info & PUAs Infection - HKEY_USERS\S-1-5-21-1292428093-920026266-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} 5/07/2008 12:16:14:299 Scan Finished Scan Type - Intelli-Scan Items Processed - 188627 Threats Detected - 7 Infections Detected - 33 Infections Ignored - 0