Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

PUA.Imali

PUA.Imali

Updated:
June 26, 2015
Infection Length:
Varies
Risk Impact:
Low
Systems Affected:
Windows

Behavior

PUA.Imali is a potentially unwanted application that bundles other potentially unwanted applications with it.

Antivirus Protection Dates

  • Initial Rapid Release version May 27, 2015 revision 008
  • Latest Rapid Release version September 22, 2016 revision 024
  • Initial Daily Certified version June 26, 2015
  • Latest Daily Certified version September 22, 2016 revision 025
  • Initial Weekly Certified release date July 01, 2015
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
When the program is installed, it creates the following files:
  • %ProgramFiles%\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
  • %ProgramFiles%\XTab\BrowerWatchCH.dll
  • %ProgramFiles%\XTab\BrowerWatchFF.dll
  • %ProgramFiles%\XTab\BrowserAction.dll
  • %ProgramFiles%\XTab\CmdShell.exe
  • %ProgramFiles%\XTab\conf
  • %ProgramFiles%\XTab\ffsearch_toolbar!1.0.0.1031.xpi
  • %ProgramFiles%\XTab\HPNotify.exe
  • %ProgramFiles%\XTab\IeWatchDog.dll
  • %ProgramFiles%\XTab\install.data
  • %ProgramFiles%\XTab\msvcp110.dll
  • %ProgramFiles%\XTab\msvcr110.dll
  • %ProgramFiles%\XTab\ProtectService.exe
  • %ProgramFiles%\XTab\searchProvider.xml
  • %ProgramFiles%\XTab\skin\about.png
  • %ProgramFiles%\XTab\skin\about_bk.png
  • %ProgramFiles%\XTab\skin\btn.png
  • %ProgramFiles%\XTab\skin\btn_apply.png
  • %ProgramFiles%\XTab\skin\close.png
  • %ProgramFiles%\XTab\skin\conf.xml
  • %ProgramFiles%\XTab\skin\conf_back.png
  • %ProgramFiles%\XTab\skin\input_bk.png
  • %ProgramFiles%\XTab\skin\logo.png
  • %ProgramFiles%\XTab\skin\main.xml
  • %ProgramFiles%\XTab\skin\radio_1.png
  • %ProgramFiles%\XTab\skin\radio_2.png
  • %ProgramFiles%\XTab\skin\rigth_arrow.png
  • %ProgramFiles%\XTab\skin\settings.png
  • %ProgramFiles%\XTab\SupTab.dll
  • %ProgramFiles%\XTab\uninstall.exe
  • %ProgramFiles%\XTab\web\data.html
  • %ProgramFiles%\XTab\web\img\google_trends.png
  • %ProgramFiles%\XTab\web\img\icon128.png
  • %ProgramFiles%\XTab\web\img\icon16.png
  • %ProgramFiles%\XTab\web\img\icon48.png
  • %ProgramFiles%\XTab\web\img\loading.gif
  • %ProgramFiles%\XTab\web\img\logo32.ico
  • %ProgramFiles%\XTab\web\indexIE.html
  • %ProgramFiles%\XTab\web\indexIE8.html
  • %ProgramFiles%\XTab\web\js\common.js
  • %ProgramFiles%\XTab\web\js\ga.js
  • %ProgramFiles%\XTab\web\js\jquery-1.11.0.min.js
  • %ProgramFiles%\XTab\web\js\jquery.autocomplete.js
  • %ProgramFiles%\XTab\web\js\jquery.xdomainrequest.min.js
  • %ProgramFiles%\XTab\web\js\js.js
  • %ProgramFiles%\XTab\web\js\library.js
  • %ProgramFiles%\XTab\web\js\xagainit-ie8.js
  • %ProgramFiles%\XTab\web\js\xagainit2.0.js
  • %ProgramFiles%\XTab\web\js\xdomain.min.js
  • %ProgramFiles%\XTab\web\main.css
  • %ProgramFiles%\XTab\web\ver.txt
  • %ProgramFiles%\XTab\web\_locales\en-US\messages.json
  • %ProgramFiles%\XTab\web\_locales\es-419\messages.json
  • %ProgramFiles%\XTab\web\_locales\es-ES\messages.json
  • %ProgramFiles%\XTab\web\_locales\fr-BE\messages.json
  • %ProgramFiles%\XTab\web\_locales\fr-CA\messages.json
  • %ProgramFiles%\XTab\web\_locales\fr-CH\messages.json
  • %ProgramFiles%\XTab\web\_locales\fr-FR\messages.json
  • %ProgramFiles%\XTab\web\_locales\fr-LU\messages.json
  • %ProgramFiles%\XTab\web\_locales\it-CH\messages.json
  • %ProgramFiles%\XTab\web\_locales\it-IT\messages.json
  • %ProgramFiles%\XTab\web\_locales\pl\messages.json
  • %ProgramFiles%\XTab\web\_locales\pt\messages.json
  • %ProgramFiles%\XTab\web\_locales\pt-BR\messages.json
  • %ProgramFiles%\XTab\web\_locales\ru\messages.json
  • %ProgramFiles%\XTab\web\_locales\ru-MO\messages.json
  • %ProgramFiles%\XTab\web\_locales\tr-TR\messages.json
  • %ProgramFiles%\XTab\web\_locales\vi-VI\messages.json
  • %ProgramFiles%\XTab\web\_locales\zh-CN\messages.json
  • %ProgramFiles%\XTab\web\_locales\zh-TW\messages.json
  • %SystemDrive%\Documents and Settings\All Users\Application Data\IHProtectUpDate\update\conf
  • %SystemDrive%\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe
  • %SystemDrive%\Documents and Settings\All Users\Application Data\WindowsMangerProtect\update\conf
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\4C4C4544-1432875918-3810-8058-C7C04F4D3153\Uninstall.exe
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\4C4C4544-1432875918-3810-8058-C7C04F4D3153\vnsg20.tmp
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3ydui6lj.default\extensions\searchffv2@gmail.com
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\576.json
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\bg.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\bg1.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\bk_shadow.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\button.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\button1.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\checkbox.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\checkbox_select.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\checked.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\close.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code1.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code2.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code3.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code4.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code5.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\code6.jpg
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\code\Thumbs.db
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\loading_bg.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\loading_light.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\min.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\scrollbar.bmp
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\Thumbs.db
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\images\unchecked.png
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\MessageBox.xml
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\uninstallDlg2.xml
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\mystartsearch\UninstallManager.exe
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\VOPackage\Uninstall.exe
  • %SystemDrive%\Documents and Settings\Administrator\Application Data\VOPackage\VOPackage.exe
  • %SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_64.exe
  • %SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_76.exe
  • %SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe
  • %SystemDrive%\Documents and Settings\Administrator\Local Settings\Temp\f9626892-7a78-3199-abd2-97bbce96297b\prog1.exe

The program creates the following registry entries:
  • HKEY_LOCAL_MACHINE\SOFTWARE\AIM Toolbar = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\AskPartnerNetwork = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} = LuckyTab Class
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32 = %ProgramFiles%\XTab\SupTab.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\InprocServer32\ThreadingModel = 410070006100720074006D0065006E0074000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\Programmable = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\TypeLib = {7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}\Version = 1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} = IIETabPage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid = 7B00300030003000320030003400320034002D0030003000300030002D0030003000300030002D00
    43003000300030002D003000300030003000300030003000300030003000340036007D000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\ProxyStubClsid32 = 7B00300030003000320030003400320034002D0030003000300030002D0030003000300030002D00
    43003000300030002D003000300030003000300030003000300030003000340036007D000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib = {7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}\TypeLib\Version = 1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}\1.0 = SupTabLib
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}\1.0\0\win32 = %ProgramFiles%\XTab\SupTab.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}\1.0\FLAGS = 30000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}\1.0\HELPDIR = %ProgramFiles%\XTab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command = "%ProgramFiles%\Mozilla Firefox\firefox.exe" http://www.mystartsearch.com/?type=sc&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command = %ProgramFiles%\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_LOCAL_MACHINE\SOFTWARE\Conduit = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\IHProtect\ptid = ima
  • HKEY_LOCAL_MACHINE\SOFTWARE\Iminent = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\DirectDraw\MostRecentApplication\Name = CrashReport_v6.2.7601.963.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\DirectDraw\MostRecentApplication\ID = 541FEDFA
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\GDIPlus = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Main\Start Page = http://www.mystartsearch.com/?type=hp&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Main\Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Main\Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Main\Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Search\CustomizeSearch = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\Search\SearchAssistant = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\SearchScopes\DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName = mystartsearch
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\URL = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0F0000000100000014000000E35EF08D884F0A0ADE2F75E96301CE6230F213A8040000000
    100000010000000D474DE575C39B2D39C8583C5C065498A0300000001000000140000005
    FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC251D00000001000000100000008F76B981
    D528AD4770088245E2031B630B0000000100000012000000440069006700690043006500
    720074000000140000000100000014000000B13EC36903F8BF4701D498261A0802EF63642
    BC36200000001000000200000007431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00B
    A6ABD7806ED3B118CF5300000001000000230000003021301F06096086480186FD6C020
    130123010060A2B0601040182373C0101030200C009000000010000003400000030320608
    2B0601050507030106082B0601050507030206082B0601050507030406082B06010505070
    30306082B06010505070308190000000100000010000000BA4F3972E7AED9DCCDC210DB59
    DA13C95C0000000100000004000000000800002000000001000000C9030000308203C5308
    202ADA003020102021002AC5C266A0B409B8F0B79F2AE462577300D06092A864886F70D0
    101050500306C310B300906035504061302555331153013060355040A130C4469676943657
    27420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290
    603550403132244696769436572742048696768204173737572616E636520455620526F6F7
    4204341301E170D3036313131303030303030305A170D3331313131303030303030305A306
    C310B300906035504061302555331153013060355040A130C446967694365727420496E633
    1193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132
    244696769436572742048696768204173737572616E636520455620526F6F74204341308201
    22300D06092A864886F70D01010105000382010F003082010A0282010100C6CCE573E6FBD4
    BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD0
    98A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6AB
    A65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D
    72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656
    187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D3
    5A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838
    AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001A36
    33061300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D
    0603551D0E04160414B13EC36903F8BF4701D498261A0802EF63642BC3301F0603551D23041
    830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D01010
    5050003820101001C1A0697DCD79C9F3C886606085721DB2147F82A67AABF183276401057C
    18AF37AD911658E35FA9EFC45B59ED94C314BB891E8432C8EB378CEDBE3537971D6E521940
    1DA55879A2464F68A66CCDE9C37CDA834B1699B23C89E78222B7043E35547316119EF58C5
    852F4E30F6A0311623C8E7E2651633CBBF1A1BA03DF8CA5E8B318B6008892D0C065C52B7C
    4F90A98D1155F9F12BE7C366338BD44A47FE4262B0AC497690DE98CE2C01057B8C8761291
    55F24869D8BC2A025B0F44D42031DBF4BA70265D90609EBC4B17092FB4CB1E4368C90727
    C1D25CF7EA21B968129C3C9CBF9EFC805C9B63CDEC47AA252767A037F300827D54D7A9F8E
    92E13A377E81F4A
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob = 190000000100000010000000BB048F1838395F6FC3A1F3D2B7E9765403000000010000001400
    00008F43288AD272F3103B6FB1428485EA3014C0BCFE69000000010000000E000000300C060
    A2B0601040182373C03021D0000000100000010000000EEB61628D6A59948D98A184DDD686
    1C0140000000100000014000000722D3A02319043B914054EE1EAA7C731D123893462000000
    0100000020000000847DF6A78497943F27FC72EB93F9A637320A02B561D0A91B09E87A7807ED
    7C610B00000001000000540000004D006900630072006F0073006F0066007400200052006F00
    6F00740020004300650072007400690066006900630061007400650020004100750074006800
    6F007200690074007900200032003000310031000000040000000100000010000000CE0490D5E
    56C34A5AE0BE98BE581185D2000000001000000F1050000308205ED308203D5A003020102021
    03F8BC8B5FC9FB29643B569D66C42E144300D06092A864886F70D01010B0500308188310B300
    9060355040613025553311330110603550408130A57617368696E67746F6E3110300E06035504
    0713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F72617
    4696F6E31323030060355040313294D6963726F736F667420526F6F7420436572746966696361
    746520417574686F726974792032303131301E170D3131303332323232303532385A170D33363
    03332323232313330345A308188310B3009060355040613025553311330110603550408130A5
    7617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154
    D6963726F736F667420436F72706F726174696F6E31323030060355040313294D6963726F736F
    667420526F6F7420436572746966696361746520417574686F726974792032303131308202223
    00D06092A864886F70D01010105000382020F003082020A0282020100B28041AA35384D1372
    3268224DB8B2F1FFD552BC6CC7F5D24A8C36EED1C25C7E8C8AAEAF13286FC073E33ACED025
    A85A3A6DEFA8B859AB132368CD0C2987D16F805C8F447F5D90015258AC51C55F2A87DCDCD
    80A1DC103B97BB056E8A3DE6461C29EF8F37CB9EC0DB554FE4CB6654F88F09C48990C420B0
    97C315917790678288D893A4C0325BE716A5C0BE78460A49922E3D2AF84A4A7FBD198ED0CA
    9DE9489E10EA0DCC0CE993DEA0852BB5679E41F84BA1EB8B4C4495C4F314B87DDDD056726
    9980E07111A3B8A541E2A453B9F73229830C13BF365E04B34B43472F6BE2911ED3984FDD420
    7C8E81D12FC99A96B3E927EC8D6693AFC64BDB6099DCAFD0C0BA29B77604B0394A4306912D
    6422DC1414CCADCAAFD8F5B83469AD9FCB1D1E3B3C97F487ACD24F0418F5C74D0ACB01020
    0649B7C72D21C857E3D086F30368FBD0CE71C189994A64016CFDEC3091CF413C92C7E5BA86
    1D6184C75F833962AEB4922F47F30BF855EBA01F59D0BB749B1ED076E6F2E906D710E8FA64
    DE69C635968802F046B83F27996FCB71892935F7481602358FD5797C4D02CF5FEB8A834F457
    188F9A90D4E72E9C29C07CF491B4E040E63518C5ED800C1552CB6C6E0C2654EC93439F59CB
    3C47EE8616E135F15C45FD97EED1DCEEE44ECCB2E86B1EC38F670EDAB5C13C1D90F0DC780B
    255ED34F7AC9BE4C3DAE7473CA6B58F31DFC54BAFEBF10203010001A351304F300B060355
    1D0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414722
    D3A02319043B914054EE1EAA7C731D1238934301006092B0601040182371501040302010030
    0D06092A864886F70D01010B050003820201007F72CF0FB7C515DB9BC049CA265BFE9E13E6D3
    F0D2DB975FF24B3F4DB3AE19AEEDD797A0ACEFA93AA3C241B0E5B8919E13812403E609FD3F5
    74039212456D1102F4B40A936864BB453579AFBF17E898F11FE186C51AAE8ED0995B5E571C9A
    1E98775A6157FC97E37545E7493C5C367CC0D4F6BA8170C6D08927E8BDD81AA2D7021C33D0
    614BBBF245EA784D73F0F2122BD4B0006DB971CD85ED4C50B5C876E50A4E8C338A4FBCB2CC
    592669B855ECB7A6C937C8029585B57B54069BA0879A66462159D879645B5662320038B1C73
    A0D3A27933E0505986DB2FE50225EA732A9F0014C836C7923BE94E00ECD85609B9334912D25
    40B01ABAC47B691297D4CB475805201E8CA82F69FCCAC9C8F17EA2F26B0AB72AC0BFE9E511
    EC74355674F51B357D6B6ECEE52B73AE94EE1D78188BC4F8E75BB4BA8F035AA26D4676749B27
    04C3B93DC1DDF78908672B238A4D1DC924DC958EB2B125CD43BAE8C6BB083E5013FF80932F6
    93353422AFDD370D7709802BCD4800F18C9919470501E9D1BFD14ED0E628433799A40A4A08D
    99A7173D2AACD31136376A1376F92381E7D123C6632E7CB6DE1FC5289DDCAD666059A9661B
    EA228C71CA3A736503C3AA4DF4A6EE6873BCEEBF0E081379D133C528EBDB91D34C61DD50A6
    A3D9829708C892AD1AB8210481FDCF4EFA5C5BB551A3863844EB76CAD9554EC6522104917B8
    C01EC70FAC5447
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob = 5C000000010000000400000000040000040000000100000010000000CA3DD368F1035CD032FAB
    82B59E85ADB140000000100000014000000597912DE6175D66FC423B7771374C796DE6F88720B
    000000010000003600000047005400450020004300790062006500720054007200750073007400
    200047006C006F00620061006C00200052006F006F007400000009000000010000002A00000030
    2806082B0601050507030406082B0601050507030206082B0601050507030106082B0601050507
    030303000000010000001400000097817950D81C9670CC34D809CF794431367EF4741900000001
    00000010000000B9632F69390C2F2D6B23E01FEC8C73890F0000000100000010000000E1B34A19
    374FC710C61667B82E8F1C2C20000000010000005E0200003082025A308201C3020201A5300D0
    6092A864886F70D01010405003075310B300906035504061302555331183016060355040A130F4
    7544520436F72706F726174696F6E31273025060355040B131E4754452043796265725472757374
    20536F6C7574696F6E732C20496E632E312330210603550403131A475445204379626572547275
    737420476C6F62616C20526F6F74301E170D3938303831333030323930305A170D31383038313
    33233353930305A3075310B300906035504061302555331183016060355040A130F4754452043
    6F72706F726174696F6E31273025060355040B131E475445204379626572547275737420536F6C
    7574696F6E732C20496E632E312330210603550403131A4754452043796265725472757374204
    76C6F62616C20526F6F7430819F300D06092A864886F70D010101050003818D003081890281810
    0950FA0B6F0509CE87AC788CDDD170E2EB094D01B3D0EF694C08A94C706C89097C8B8641A7A7E
    6C3C53E1372873607FB29753079F53F96D5894D2AF8D6D886780E6EDB295CF7231CAA51C72BA5C
    02E76442E7F9A92CD63A0DAC8D42AA240139E69C3F0185570D588745F8D385AA9369268570488
    03F1215C779B41F052F3B62990203010001300D06092A864886F70D0101040500038181006DEB1B
    09E95ED951DB672261A42A3C4877E3A07CA6DE73A21403853DFBAB0E30C58316338113089E7B3
    44EDF40C874D7B97DDCF476557D9B635418E9F0EAF35CB1D98B421EB9C0954EBAFAD5E27CF568
    61BF8EEC05975F5BB0D7A38534C424A70D0F9593EFCB94D89E1F9D5C856DC7AAAE4F1F22B5CD
    95ADBAA7CCF9AB0B7A7F
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Usage\HandWritingFiles = 46BD0030
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\Linkey = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall\DisplayName = 6D00790073007400610072007400730065006100720063006800200075006E0069006E00730074
    0061006C006C00000006
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall\UninstallString = 43003A005C0044006F00630075006D0065006E0074007300200061006E00640020005300650074
    00740069006E00670073005C00410064006D0069006E006900730074007200610074006F007200
    5C004100700070006C00690063006100740069006F006E00200044006100740061005C006D007
    900730074006100720074007300650061007200630068005C0055006E0069006E0073007400610
    06C006C004D0061006E0061006700650072002E00650078006500200020002D00700074006900
    64003D0069006D006100000026
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall\DisplayIcon = C:\Documents and Settings\Administrator\Application Data\mystartsearch\UninstallManager.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall\Publisher = mystartsearch
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\SearchProtect = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\Stats = 161
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayName = Remote Desktop Access (VuuPC)
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\UninstallString = "C:\Documents and Settings\Administrator\Application Data\VOPackage\Uninstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayIcon = "C:\Documents and Settings\Administrator\Application Data\VOPackage\Uninstall.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\Publisher = CMI Limited
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\DisplayVersion = 1.0.0.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\VOPackage\Source = MED01
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\mystartsearchSoftware\mystartsearchhp\Time = DDEC675500000000
  • HKEY_LOCAL_MACHINE\SOFTWARE\mystartsearchSoftware\mystartsearchhp\oem = ima
  • HKEY_LOCAL_MACHINE\SOFTWARE\SearchProtect = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\SpeedBit = created registry key
  • HKEY_LOCAL_MACHINE\SOFTWARE\SupDp\dir = %ProgramFiles%\XTab
  • HKEY_LOCAL_MACHINE\SOFTWARE\supTab\ptid = ima
  • HKEY_LOCAL_MACHINE\SOFTWARE\supWindowsMangerProtect\ptid = ima
  • HKEY_LOCAL_MACHINE\SOFTWARE\WajIntEnhance = created registry key
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect\EventMessageFile = %SystemDrive%\Documents and Settings\All Users\Application Da
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect\TypesSupported = 00000007
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service\Type = 00000010
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service\Start = 00000002
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service\ErrorControl = 00000001
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service\DisplayName = IHProtect Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service\ImagePath = %ProgramFiles%\XTab\ProtectService.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect\Type = 00000010
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect\Start = 00000002
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect\ErrorControl = 00000001
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect\DisplayName = WindowsMangerProtect Service
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect\ImagePath = %SystemDrive%\Documents and Settings\All Users\Application Data\WindowsMangerProtect\ProtectWindowsManager.exe -serviceuser\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData = C:\WINDOW\system32\config\systemprofile\Application Data
  • HKEY_CURRENT_USER\Software\AOL = created registry key
  • HKEY_CURRENT_USER\Software\APN PIP = created registry key
  • HKEY_CURRENT_USER\Software\HomeTab = created registry key
  • HKEY_CURRENT_USER\Software\Kromtech = created registry key
  • HKEY_CURRENT_USER\Software\Linkey = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page = http://www.mystartsearch.com/?type=hp&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=3219913727_3941_7447F509&ts=1432875728&type=default&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = http://www.bing.com/favicon.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURL = http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IETR02
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = C:\Documents and Settings\Administrator\Local Settings\Application DataLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=3219913727_3941_7447F509&ts=1432875728&type=default&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\DisplayName = 65000000
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\FaviconURL = http://www.mystartsearch.com//favicon.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}\FaviconPath = C:\Documents and Settings\Administrator\Local Settings\Application DataLow\Microsoft\Internet Explorer\Services\search_{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\DisplayName = mystartsearch
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=3219913727_3941_7447F509&ts=1432875728&type=default&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\TopResultURL = http://www.mystartsearch.com/web/?type=ds&ts=1432874200&z=063e4065a6abbad4369ee6cgfz1c8o7bdm6zec0wft&from=ima&uid=3219913727_3941_7447F509&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=ima&utm_campaign=install_ie&utm_content=ds&from=ima&uid=3219913727_3941_7447F509&ts=1432875728&type=default&q={searchTerms}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\DisplayName = Google
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\FaviconURL = http://www.google.com/favicon.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\TopResultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}\FaviconPath = C:\Documents and Settings\Administrator\Local Settings\Application DataLow\Microsoft\Internet Explorer\Services\search_{E733165D-CBCF-4FDA-883E-ADEF965B476C}.ico
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 460000009C000000090000000000000000000000000000000400000000000000205763863899D0
    0101000000C0A801F3000000000000000003000000020000000ADBCA6F00000000000000007900
    5C004D0061006300680069006E0065005C0053006F006600740077006100720065005C0043006C
    00610073007300650073005C0043004C005300490044005C007B00310038004400460030003800
    310043002D0045003800410044002D0034003200380033002D0041003500390002000000C0A8E6
    0100000000000000003200450042004400430033007D005C0049006E00500072006F00630053006
    500720076006500720033003200000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000000000000000000000000000000000000000
    00000002000000C0A8C501000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000030000000090000000000000000000000000000000400000000000000205763863899D00
    101000000C0A801F3000000000000000003000000020000000ADBCA6F000000000000000079005C
    004D0061006300680069006E0065005C0053006F006600740077006100720065005C0043006C006
    10073007300650073005C0043004C005300490044005C007B003100380044004600300038003100
    43002D0045003800410044002D0034003200380033002D0041003500390002000000C0A8E60100
    000000000000003200450042004400430033007D005C0049006E00500072006F006300530065007
    20076006500720033003200000000000000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000000000000000
    2000000C0A8C5010000000000000000000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000000000000000000000000000000000000000000000
    00000000000000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance = created registry key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} = created registry key
  • HKEY_CURRENT_USER\Software\SearchProtectWS = created registry key
  • HKEY_CURRENT_USER\Software\SimplyTech\HomeTabWajIEnhance = created registry key
  • HKEY_CURRENT_USER\Software\TNT2\Settings = created registry key
  • HKEY_CURRENT_USER\Software\TNT2\TNT2Customize = created registry key
  • HKEY_CURRENT_USER\Software\TNT2\TNT2Data = created registry key
  • HKEY_CURRENT_USER\Software\TNT2\TNT2Partner = created registry key
  • HKEY_CURRENT_USER\Software\WajIntEnhance = created registry key
  • user\S-1-5-18\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000006000000010000000000000000000000000000000400000000000000009323EE6C17D0
    01010000007F000001000000000000000000000000user\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec = 31000000D8

The program bundles third party applications with it during installation.

The program may change the settings for the browser homepage and the default search engine.

The program may redirect users to the following webpages:

  • www.adservingsolutionsinc.adk2.net
  • imali.adk2.com


    You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your computer has been affected by this risk.

    Before proceeding further we recommend that you run a full system scan . If that does not resolve the problem you can try one of the options available below.



    FOR NORTON USERS
    If you are a Norton product user, we recommend you try the following resources to remove this risk.


    Removal Tool

    If you have an infected Windows system file, you may need to replace it using the Windows installation CD .


    How to reduce the risk of infection
    The following resources provide further information and best practices to help reduce the risk of infection.


    FOR BUSINESS USERS
    If you are a Symantec business product user, we recommend you try the following resources to remove this risk.


    Identifying and submitting suspect files
    Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.


    Removal Tool

    If you have an infected Windows system file, you may need to replace it using the Windows installation CD .


    How to reduce the risk of infection
    The following resource provides further information and best practices to help reduce the risk of infection.
    Protecting your business network



    MANUAL REMOVAL
    The following instructions pertain to all current Symantec antivirus products.


    1. Performing a full system scan
    How to run a full system scan using your Symantec product


    2. Restoring settings in the registry
    Many risks make modifications to the registry, which could impact the functionality or performance of the compromised computer. While many of these modifications can be restored through various Windows components, it may be necessary to edit the registry. See in the Technical Details of this writeup for information about which registry keys were created or modified. Delete registry subkeys and entries created by the risk and return all modified registry entries to their previous values.