Malware Info: Startpage Trojan

Removing Startpage
Categories: Trojan,Adware,BHO,Backdoor,Hijacker,Toolbar,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:

Launching/ deleting files

Sending/ receiving files

Deleting data

Displaying notification

Rebooting the machine

Executing files

Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

Startpage Also known as:


[Kaspersky]Trojan.Win32.StartPage.y,Trojan.Win32.StartPage.aq,Trojan.Win32.StartPage.ix,Trojan.Win32.Krepper.p,Trojan-Downloader.Win32.Agent.jm,Trojan.Win32.StartPage.bg,Trojan.Win32.StartPage.aj,Trojan.Win32.StartPage.t,Trojan-Downloader.Win32.IstBar.ff,Trojan.Win32.StartPage.aia,Trojan-Downloader.Win32.Small.bxa,Trojan.Win32.StartPage.aks,Trojan.Win32.StartPage.qw,Exploit.JS.ActiveXComponent,Trojan.VBS.StartPage.be,Trojan.Win32.Startpage.aky,Trojan.Win32.StartPAge.alu,Trojan.Win32.StartPage.vr,Trojan.Win32.StartPage.is,Trojan.Win32.StartPage.uz,Trojan-Dropper.Win32.Agent.ow,Backdoor.Win32.Hupigon.ccp,Trojan.Win32.StartPage.po,Trojan.Win32.StarPage.amt,Trojan.Win32.StartPage.amn,Trojan.Win32.Kolweb.b,Trojan.Win32.BHO.f,Trojan.Win32.StartPage.amb,Trojan.Win32.StartPage.ba,Trojan-Clicker.Win32.Delf.ar,Porn-Tool.Win32.Clavusnet.b,Trojan.Win32.StartPage.agy,Trojan.Win32.StartPage.mu,Trojan.Win32.StartPage.zz,Trojan-Downlaoder.Win32.Small.rr,Trojan.BAT.StartPage.d,Trojan.Win32.StartPage.apw,Trojan.Win32.StartPage.arx,Trojan-Downloader.Win32.Hmir.du,Trojan.Win32.StartPage.amd,Trojan.Win32.Delf.cf,Trojan.Win32.StartPage.ag;
[Eset]Win32/StartPage.Y trojan,Win32/StartPage.Y2 trojan,Win32/StartPage.GV trojan,Win32/StartPage.NAI trojan,Win32/Goweh.B trojan,Win32/StartPage.IX trojan,Win32/StartPage.IX1 trojan,Win32/StartPage.IS trojan,Win32/Krepper.Q trojan,Win32/StartPage.IV trojan;
[McAfee]StartPage-Q,StartPage-GX,StartPage-FO,Generic StartPage.j,StartPage-DU.dll.dr,StartPage-DU.dll,Adware-Altnet.dr,Adware-CWS,StartPage-Al.gen,StartPage-IW,StartPage-CD,Downloader-DS.b,Gpix.gen,StartPage-T,Generic RootKit.a,Downloader.gen.a,Generic Downloader.f;
[F-Prot]security risk or a "backdoor" program,W32/Downloader.BTL,W32/StartpageX.AJS,W32/Trojan.AHSX;
[Panda]Trojan Horse,Trj/StartPage.Y,Trj/StartPage.F,Trj/Krepper.A,Adware/DNSErr,Trj/Bookmark.B,Trj/Downloader.AJ,Trj/Conspy.B,Trj/Tofger.J,Trj/StartPage.BF,Trj/StartPage.IY,Trj/Startpage.DV,Trj/Runet.A,Trj/Harnig.B,Trj/Bookmark.A,Trj/Reler.A,Trj/Harnig.C,Trj/Startpage.BS,Adware/Adtomi,Trj/Startpage.DI,Trj/StartPage.EB,Trj/Downloader.DP,Trj/Krepper.C,Trj/StartPage.ID,Trj/StartPage.gen,Trj/Goweh.A,Trj/StartPage.FH,Trj/Kreeper.A,Trj/Krepper.F,Trj/SubSearch.C,Trj/Startpage.HO,Trj/StartPage.GU,Trj/StartPage.IN,Spyware/ISTbar,Trj/Startpage.HL,Trj/StartPage.BM,Trj/Sysgotem.B,Trj/Startpage.HV,Trj/Downloader.PM,Trj/StartPage.HT,Trj/Leritand.A,Trj/Leritand.C,Trj/StartPage.EH,Trj/StartPage.AB,Adware/Look2Me,Trj/Startpage.IF,Trj/StartPage.T;
[Computer Associates]Win32.Startpage.E,Win32/StartPage.Q!Trojan,Win32.Startpage.BC,Win32/StartPage.alpha!Trojan,Win32/StartPage.AQ!Trojan,Win32.Startpage.CI,Win32.Startpage.G,Win32.Startpage.Y,Win32/StartPage.G.Trojan,Win32/Startpage.Y!Trojan,Win32.Startpage.AN!downloader,Win32/Startpage.AN!Trojan,Win32.Startpage.BJ,Win32/ClearHosts.73728!Trojan,Win32.Startpage.AG,Win32/StartPage.AG!Trojan,Win32.Startpage.BJ!downloader,Win32/ClearHosts!Downloader,Win32.Startpage.AE,Win32/Startpage.21504!Trojan,Win32.Startpage.BL,Win32/StartPage.BL.5120!Trojan,Win32.Startpage.BV,Win32/QHosts!Trojan,Win32.Startpage.AQ,Win32/StartPage.tenbiz!Trojan,Win32.Startpage.AI,Win32/StartPage.6656!Trojan,Win32.Startpage.CB,Win32.Startpage.BA,Win32/StartPage.11776.A!Trojan,Win32.Startpage.AD,Win32.Startpage.CH!downloader,Win32/StartPage!Downloader,Win32.Startpage.AM,Win32/Startpage.AM!Trojan,Win32.Startpage.CQ,Win32/StartPage.Secure!Trojan,Win32/Startpage.AU!DLL!Trojan,Win32.Startpage.J,Win32/VB.dh!Trojan,Win32/Harnig.D!Trojan,Win32.Startpage.S,Win32/StartPage.8151!Trojan,Win32.Startpage.ME,Win32.Startpage.FZ,Win32/DlMersting.CG!Trojan,Win32.Startpage.FG,Win32/StartPage.couldnotfind!Dow,Win32.Startpage.GZ,Win32/StartPage.GZ!Trojan,Win32/StartPage.GZ.3072!Trojan,Win32.Startpage.FP,Win32.Startpage.BM,Win32/Digits.23104!Trojan,Win32/DlMersting.AI.30720!DLL!Tr,Win32/DlMersting.AJ.30720!DLL!Tr,Win32/DlMersting.AK.30720!Trojan,Win32/DlMersting.AL.30720!DLL!Tr,Win32/DlMersting.AN.30720!DLL!Tr,Win32/DlMersting.AW.30720!DLL!Tr,Win32/StartPage.FZ!BHO!Trojan,Win32/Startpage.FZ.30720!DLL!Tro,Win32/Startpage.FZ.31744.Trojan,Win32/Startpage.FZ!Trojan,Win32/StartPage.GZ!BHO!Trojan,Win32/Startpage.GZ1!Trojan,Win32.Startpage.MH,Win32/Startpage.205824!Trojan,Win32.Startpage.IU,Win32/StartPage.ku!Trojan,Win32.Startpage.HE,Win32/StartPage.HT!Trojan,Win32.Startpage.GS,Win32/StartPage.freeticket!Troja,Win32.Startpage.HB,Win32/Startpage.7680!Worm,Win32.Startpage.GT,Win32.Startpage.HM,Win32/Startpage.GC!Trojan,Win32/DlMersting.AY.30720!DLL!Tr,Win32.Startpage.CN,Win32/Startpage.EB!Trojan,Win32.Startpage.GU!downloader,Win32/Startpage.DV!Downloader,Win32.Startpage.DP,Win32/StartPage.defaultsearching,Win32.Startpage.IM,Win32/StartPage.EH!DLL!Trojan,Win32.Startpage.HR,Win32/Startpage.HR!Trojan,Win32.Startpage.GO,Win32/Startpage.Nopop!Trojan,Win32.Startpage.HX,Win32.Startpage.EH,Win32.Startpage.FO,Win32/Startpage.FO.Trojan,Win32.Startpage.GF,Win32.Startpage.GG,Win32.Startpage.AV,Win32.Startpage.KF,Win32.Startpage.JG,Win32.Startpage.HA,Win32.Startpage.HI,Win32.Startpage.GK,Win32.Startpage.NF,Win32.Startpage.NI,Win32/StartPage.35840.A!Trojan,Win32/StartPage.HI!Trojan,Win32/Startpage.HX.Trojan,Win32/Startpage!Trojan,Win32.Startpage,Win32/Startpage.X!Trojan,Win32.Startpage.X,Win32/StartPage.t!Trojan,Win32.Startpage.D;
[Other]TROJ_AGENT.NR,Win32/Malum.IIB,TROJ_CLICKER.AP,Win32/StartPage.UR,Win32/Startpage.UT,Trojan.StartPage,HTML.StartPage.US,JS.StartPage,VBS/StartPage.UZ,Win32/Startpage.US,Adware.Roogoo,Win32/Startpage.VB,Win32/Startpage.FZ,Trojan.StartPage.M,Win32/Startpage.NS,CWS.DesktopHijack,PremiumSearch,Trojan Horse,Win32/Startpage.VK,Win32/Startpage.VY,Adware.MyCustomIE,Trojan:Win32/Startpage.PO,W32/Startpage.AXX,Trojan.Win32.StartPage.po,coolsearch hijacker,W32/Startpage.EAR,Win32/Startpage.VU,Adware.Margoc,Win32/Startpage.VW,Win32/Startpage.VF,Win32/Startpage.WF,Win32/Startpage.WG,Win32/Startpage.WQ,Adware.MainSearch,Trojan:Win32/Nethost.A,Win32/Startpage.WZ,Win32/Startpage.WS,Win32/Startpage.XJ,Win32/Startpage.JB,Win32/Startpage.XW,Win32/Startpage.OU,W32/Agent.ZE,Win32/Startpage.YD,TROJ_AGENT.WSI,Win32/Startpage.YI,Trojan:Win32/Anomaly.gen!B,Hijacker.StartPage.apw,Win32/Startpage.YM,Win32/Startpage.YT,Trojan:Win32/Meredrop,Mal/Basine-C,Trojan.Farfli,W32.Spybot.Worm,Win32/Startpage.YX,Trojan:Win32/Startpage,W32/Startpage.ERA,Possible_Virus

Visible Symptoms:
Files in system folders:

 
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe

How to detect Startpage:

Files: [%COMMON_APPDATA%]\Tools\tools.dll [%COMMON_FAVORITES%]\Anti Spyware Soft.url [%COMMON_FAVORITES%]\avir.ico [%COMMON_FAVORITES%]\Buy Viagra Online.url [%COMMON_FAVORITES%]\Cheap Viagra.url [%COMMON_FAVORITES%]\cialis.ico [%COMMON_FAVORITES%]\Email Spam Filter.url [%COMMON_FAVORITES%]\Free Online Casino.url [%COMMON_FAVORITES%]\gamb.ico [%COMMON_FAVORITES%]\nospam.ico [%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url [%COMMON_FAVORITES%]\Online Directory of Pure Porn.url [%COMMON_FAVORITES%]\Online Pharmacy.url [%COMMON_FAVORITES%]\Online Poker.url [%COMMON_FAVORITES%]\Play in the most popular online casino.url [%COMMON_FAVORITES%]\poker.ico [%COMMON_FAVORITES%]\Spyware Remover.url [%COMMON_FAVORITES%]\spyware.ico [%COMMON_FAVORITES%]\tgf.ico [%COMMON_FAVORITES%]\viag.ico [%FAVORITES%]\Anti Spyware Soft.url [%FAVORITES%]\avir.ico [%FAVORITES%]\cialis.ico [%FAVORITES%]\Email Spam Filter.url [%FAVORITES%]\gamb.ico [%FAVORITES%]\nospam.ico [%FAVORITES%]\Online AntiVirus and Spyware Remover.url [%FAVORITES%]\Online Pharmacy.url [%FAVORITES%]\poker.ico [%FAVORITES%]\shopping\shopping.url [%FAVORITES%]\Spyware Remover.url [%FAVORITES%]\spyware.ico [%FAVORITES%]\tgf.ico [%FAVORITES%]\viag.ico [%PROFILE_TEMP%]\avicodec.exe [%PROFILE_TEMP%]\restsrv32a.sys [%PROGRAM_FILES%]\internet explorer\ieengine.exe [%PROGRAM_FILES%]\internet explorer\signup\presario.htm [%SYSTEM%]\winupd.exe [%SYSTEM%]\yxuce.dll [%WINDOWS%]\cl2.exe [%WINDOWS%]\enewsletterpro.exe [%WINDOWS%]\hh.htt [%COMMON_FAVORITES%]\Free Real-time Dating Service.url [%COMMON_FAVORITES%]\freedating.ico [%DESKTOP%]\ppime.exe [%FAVORITES%]\Buy Viagra Online.url [%FAVORITES%]\Cheap Viagra.url [%FAVORITES%]\Free Online Casino.url [%FAVORITES%]\Free Real-time Dating Service.url [%FAVORITES%]\freedating.ico [%FAVORITES%]\Online Directory of Pure Porn.url [%FAVORITES%]\Online Poker.url [%FAVORITES%]\Play in the most popular online casino.url [%PROFILE%]\applic~1\setup\setup.dll [%PROFILE_TEMP%]\se.dll [%PROFILE_TEMP%]\wpytcnwrobw.dll [%STARTUP%]\msupdate.exe [%STARTUP%]\winlogin.exe [%SYSTEM%]\576bz7yyii.dll [%SYSTEM%]\7i0s705ifzz.dll [%SYSTEM%]\9f2ns2sk8wlkk5.dll [%SYSTEM%]\9qbqe.dll [%SYSTEM%]\a5i0oof7t7dm.dll [%SYSTEM%]\abfgoke.dll [%SYSTEM%]\abo.dll [%SYSTEM%]\actsie4.exe [%SYSTEM%]\ael.dll [%SYSTEM%]\akleaa.dll [%SYSTEM%]\albgjd.dll [%SYSTEM%]\bcfjp.dll [%SYSTEM%]\blbff.dll [%SYSTEM%]\bnijea.dll [%SYSTEM%]\bootconf.exe [%SYSTEM%]\cenbna.dll [%SYSTEM%]\cjcan.dll [%SYSTEM%]\clnfg.dll [%SYSTEM%]\dbdegea.dll [%SYSTEM%]\dflnca.dll [%SYSTEM%]\dnnlk.dll [%SYSTEM%]\drivers\paraudio.sys [%SYSTEM%]\ebkh.dll [%SYSTEM%]\enijbaa.dll [%SYSTEM%]\exp1orer.exe [%SYSTEM%]\f5u5154vus.dll [%SYSTEM%]\faaa.dll [%SYSTEM%]\fikol.dll [%SYSTEM%]\ggigbca.dll [%SYSTEM%]\ghpkea.dll [%SYSTEM%]\gopmkc.dll [%SYSTEM%]\hfglhh.dll [%SYSTEM%]\hgcn.dll [%SYSTEM%]\hipewr5.exe [%SYSTEM%]\hjam.dll [%SYSTEM%]\hllo.dll [%SYSTEM%]\hlp.dll [%SYSTEM%]\hpagc.dll [%SYSTEM%]\ihol.dll [%SYSTEM%]\ijmdnp.dll [%SYSTEM%]\jajig.dll [%SYSTEM%]\jfcbjp.dll [%SYSTEM%]\jfdjgaa.dll [%SYSTEM%]\jj78208.exe [%SYSTEM%]\jmleib.dll [%SYSTEM%]\jnmnnhc.dll [%SYSTEM%]\joac.dll [%SYSTEM%]\jomdj.dll [%SYSTEM%]\jsconsole.dll [%SYSTEM%]\jw09tin.exe [%SYSTEM%]\kbdko.dll [%SYSTEM%]\kea.dll [%SYSTEM%]\kfe.dll [%SYSTEM%]\kpnlgd.dll [%SYSTEM%]\lfphaea.dll [%SYSTEM%]\lgif.dll [%SYSTEM%]\lj7i5x.dll [%SYSTEM%]\lkkmhn.dll [%SYSTEM%]\lll.dll [%SYSTEM%]\lnhf.dll [%SYSTEM%]\lomio.dll [%SYSTEM%]\lpp.dll [%SYSTEM%]\matrixhere.exe [%SYSTEM%]\mbpbfc.dll [%SYSTEM%]\moneyspj.exe [%SYSTEM%]\msdoh.dll [%SYSTEM%]\msspi.dll [%SYSTEM%]\ncdjoka.dll [%SYSTEM%]\nld.dll [%SYSTEM%]\ntldr.exe [%SYSTEM%]\oalgeec.dll [%SYSTEM%]\ohnl.dll [%SYSTEM%]\oplenh.dll [%SYSTEM%]\pbm.dll [%SYSTEM%]\pbpb.dll [%SYSTEM%]\pmgafcc.dll [%SYSTEM%]\pwl4uoo95kl5.dll [%SYSTEM%]\QuickTime1.tx [%SYSTEM%]\QuickTimer1.exe [%SYSTEM%]\rcoujxlbka.dll [%SYSTEM%]\regsvrac32.dll [%SYSTEM%]\restsrv32a.sys [%SYSTEM%]\SASS.EXE [%SYSTEM%]\sndbdrv3104.exe [%SYSTEM%]\sysstartup.exe [%SYSTEM%]\upyyjl.exe [%SYSTEM%]\usbhdctl.exe [%SYSTEM%]\wdmeaii.dll [%SYSTEM%]\winmla32.exe [%SYSTEM%]\winmm64.exe [%SYSTEM%]\Www.LookSoft.Net.dll [%SYSTEM%]\Www.LookSoft.Net.exe [%WINDOWS%]\default.css [%WINDOWS%]\madopew.dll [%WINDOWS%]\mwshelp.dll [%WINDOWS%]\restsrv32a.sys [%WINDOWS%]\run33.exe [%WINDOWS%]\system\9xzc9d0zi98.dll [%WINDOWS%]\system\a6z95lih1r9vd.dll [%WINDOWS%]\system\adgjmpsv.dll [%WINDOWS%]\system\adrerbcs.exe [%WINDOWS%]\system\bootconf.exe [%WINDOWS%]\system\chdekfb.dll [%WINDOWS%]\system\dhoh.dll [%WINDOWS%]\system\dla.dll [%WINDOWS%]\system\flplcg.dll [%WINDOWS%]\system\hsjnn86uhnvu.dll [%WINDOWS%]\system\kfeehaa.dll [%WINDOWS%]\system\kjjo.dll [%WINDOWS%]\system\lpcoen.dll [%WINDOWS%]\system\matrixhere.exe [%WINDOWS%]\system\msspi.dll [%WINDOWS%]\system\oofndd.dll [%WINDOWS%]\system\pboola.dll [%WINDOWS%]\system\pod.dll [%WINDOWS%]\system\soundmx.exe [%WINDOWS%]\system\sysstartup.exe [%WINDOWS%]\system\winupd.exe [%WINDOWS%]\win86.exe [%COMMON_APPDATA%]\Tools\tools.dll [%COMMON_FAVORITES%]\Anti Spyware Soft.url [%COMMON_FAVORITES%]\avir.ico [%COMMON_FAVORITES%]\Buy Viagra Online.url [%COMMON_FAVORITES%]\Cheap Viagra.url [%COMMON_FAVORITES%]\cialis.ico [%COMMON_FAVORITES%]\Email Spam Filter.url [%COMMON_FAVORITES%]\Free Online Casino.url [%COMMON_FAVORITES%]\gamb.ico [%COMMON_FAVORITES%]\nospam.ico [%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url [%COMMON_FAVORITES%]\Online Directory of Pure Porn.url [%COMMON_FAVORITES%]\Online Pharmacy.url [%COMMON_FAVORITES%]\Online Poker.url [%COMMON_FAVORITES%]\Play in the most popular online casino.url [%COMMON_FAVORITES%]\poker.ico [%COMMON_FAVORITES%]\Spyware Remover.url [%COMMON_FAVORITES%]\spyware.ico [%COMMON_FAVORITES%]\tgf.ico [%COMMON_FAVORITES%]\viag.ico [%FAVORITES%]\Anti Spyware Soft.url [%FAVORITES%]\avir.ico [%FAVORITES%]\cialis.ico [%FAVORITES%]\Email Spam Filter.url [%FAVORITES%]\gamb.ico [%FAVORITES%]\nospam.ico [%FAVORITES%]\Online AntiVirus and Spyware Remover.url [%FAVORITES%]\Online Pharmacy.url [%FAVORITES%]\poker.ico [%FAVORITES%]\shopping\shopping.url [%FAVORITES%]\Spyware Remover.url [%FAVORITES%]\spyware.ico [%FAVORITES%]\tgf.ico [%FAVORITES%]\viag.ico [%PROFILE_TEMP%]\avicodec.exe [%PROFILE_TEMP%]\restsrv32a.sys [%PROGRAM_FILES%]\internet explorer\ieengine.exe [%PROGRAM_FILES%]\internet explorer\signup\presario.htm [%SYSTEM%]\winupd.exe [%SYSTEM%]\yxuce.dll [%WINDOWS%]\cl2.exe [%WINDOWS%]\enewsletterpro.exe [%WINDOWS%]\hh.htt [%COMMON_FAVORITES%]\Free Real-time Dating Service.url [%COMMON_FAVORITES%]\freedating.ico [%DESKTOP%]\ppime.exe [%FAVORITES%]\Buy Viagra Online.url [%FAVORITES%]\Cheap Viagra.url [%FAVORITES%]\Free Online Casino.url [%FAVORITES%]\Free Real-time Dating Service.url [%FAVORITES%]\freedating.ico [%FAVORITES%]\Online Directory of Pure Porn.url [%FAVORITES%]\Online Poker.url [%FAVORITES%]\Play in the most popular online casino.url [%PROFILE%]\applic~1\setup\setup.dll [%PROFILE_TEMP%]\se.dll [%PROFILE_TEMP%]\wpytcnwrobw.dll [%STARTUP%]\msupdate.exe [%STARTUP%]\winlogin.exe [%SYSTEM%]\576bz7yyii.dll [%SYSTEM%]\7i0s705ifzz.dll [%SYSTEM%]\9f2ns2sk8wlkk5.dll [%SYSTEM%]\9qbqe.dll [%SYSTEM%]\a5i0oof7t7dm.dll [%SYSTEM%]\abfgoke.dll [%SYSTEM%]\abo.dll [%SYSTEM%]\actsie4.exe [%SYSTEM%]\ael.dll [%SYSTEM%]\akleaa.dll [%SYSTEM%]\albgjd.dll [%SYSTEM%]\bcfjp.dll [%SYSTEM%]\blbff.dll [%SYSTEM%]\bnijea.dll [%SYSTEM%]\bootconf.exe [%SYSTEM%]\cenbna.dll [%SYSTEM%]\cjcan.dll [%SYSTEM%]\clnfg.dll [%SYSTEM%]\dbdegea.dll [%SYSTEM%]\dflnca.dll [%SYSTEM%]\dnnlk.dll [%SYSTEM%]\drivers\paraudio.sys [%SYSTEM%]\ebkh.dll [%SYSTEM%]\enijbaa.dll [%SYSTEM%]\exp1orer.exe [%SYSTEM%]\f5u5154vus.dll [%SYSTEM%]\faaa.dll [%SYSTEM%]\fikol.dll [%SYSTEM%]\ggigbca.dll [%SYSTEM%]\ghpkea.dll [%SYSTEM%]\gopmkc.dll [%SYSTEM%]\hfglhh.dll [%SYSTEM%]\hgcn.dll [%SYSTEM%]\hipewr5.exe [%SYSTEM%]\hjam.dll [%SYSTEM%]\hllo.dll [%SYSTEM%]\hlp.dll [%SYSTEM%]\hpagc.dll [%SYSTEM%]\ihol.dll [%SYSTEM%]\ijmdnp.dll [%SYSTEM%]\jajig.dll [%SYSTEM%]\jfcbjp.dll [%SYSTEM%]\jfdjgaa.dll [%SYSTEM%]\jj78208.exe [%SYSTEM%]\jmleib.dll [%SYSTEM%]\jnmnnhc.dll [%SYSTEM%]\joac.dll [%SYSTEM%]\jomdj.dll [%SYSTEM%]\jsconsole.dll [%SYSTEM%]\jw09tin.exe [%SYSTEM%]\kbdko.dll [%SYSTEM%]\kea.dll [%SYSTEM%]\kfe.dll [%SYSTEM%]\kpnlgd.dll [%SYSTEM%]\lfphaea.dll [%SYSTEM%]\lgif.dll [%SYSTEM%]\lj7i5x.dll [%SYSTEM%]\lkkmhn.dll [%SYSTEM%]\lll.dll [%SYSTEM%]\lnhf.dll [%SYSTEM%]\lomio.dll [%SYSTEM%]\lpp.dll [%SYSTEM%]\matrixhere.exe [%SYSTEM%]\mbpbfc.dll [%SYSTEM%]\moneyspj.exe [%SYSTEM%]\msdoh.dll [%SYSTEM%]\msspi.dll [%SYSTEM%]\ncdjoka.dll [%SYSTEM%]\nld.dll [%SYSTEM%]\ntldr.exe [%SYSTEM%]\oalgeec.dll [%SYSTEM%]\ohnl.dll [%SYSTEM%]\oplenh.dll [%SYSTEM%]\pbm.dll [%SYSTEM%]\pbpb.dll [%SYSTEM%]\pmgafcc.dll [%SYSTEM%]\pwl4uoo95kl5.dll [%SYSTEM%]\QuickTime1.tx [%SYSTEM%]\QuickTimer1.exe [%SYSTEM%]\rcoujxlbka.dll [%SYSTEM%]\regsvrac32.dll [%SYSTEM%]\restsrv32a.sys [%SYSTEM%]\SASS.EXE [%SYSTEM%]\sndbdrv3104.exe [%SYSTEM%]\sysstartup.exe [%SYSTEM%]\upyyjl.exe [%SYSTEM%]\usbhdctl.exe [%SYSTEM%]\wdmeaii.dll [%SYSTEM%]\winmla32.exe [%SYSTEM%]\winmm64.exe [%SYSTEM%]\Www.LookSoft.Net.dll [%SYSTEM%]\Www.LookSoft.Net.exe [%WINDOWS%]\default.css [%WINDOWS%]\madopew.dll [%WINDOWS%]\mwshelp.dll [%WINDOWS%]\restsrv32a.sys [%WINDOWS%]\run33.exe [%WINDOWS%]\system\9xzc9d0zi98.dll [%WINDOWS%]\system\a6z95lih1r9vd.dll [%WINDOWS%]\system\adgjmpsv.dll [%WINDOWS%]\system\adrerbcs.exe [%WINDOWS%]\system\bootconf.exe [%WINDOWS%]\system\chdekfb.dll [%WINDOWS%]\system\dhoh.dll [%WINDOWS%]\system\dla.dll [%WINDOWS%]\system\flplcg.dll [%WINDOWS%]\system\hsjnn86uhnvu.dll [%WINDOWS%]\system\kfeehaa.dll [%WINDOWS%]\system\kjjo.dll [%WINDOWS%]\system\lpcoen.dll [%WINDOWS%]\system\matrixhere.exe [%WINDOWS%]\system\msspi.dll [%WINDOWS%]\system\oofndd.dll [%WINDOWS%]\system\pboola.dll [%WINDOWS%]\system\pod.dll [%WINDOWS%]\system\soundmx.exe [%WINDOWS%]\system\sysstartup.exe [%WINDOWS%]\system\winupd.exe [%WINDOWS%]\win86.exe

Folders: [%PROGRAMS%]\clocksync [%STARTMENU%]\programs\clocksync [%PROGRAMS%]\psguard spyware remover

Registry Keys: HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} HKEY_CLASSES_ROOT\interface\{5cde145a-b6b9-408d-a8cc-f9ca040ba7a4} HKEY_CLASSES_ROOT\interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} HKEY_CLASSES_ROOT\winres.windowsresources.1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{54f7fd6e-e782-4f9f-8ff0-677090048729} HKEY_CLASSES_ROOT\avecore.foundcollection HKEY_CLASSES_ROOT\avecore.foundcollection.1 HKEY_CLASSES_ROOT\avecore.foundobject HKEY_CLASSES_ROOT\avecore.foundobject.1 HKEY_CLASSES_ROOT\avecore.killedprocessescollection HKEY_CLASSES_ROOT\avecore.killedprocessescollection.1 HKEY_CLASSES_ROOT\avecore.killedprocessinfo HKEY_CLASSES_ROOT\avecore.killedprocessinfo.1 HKEY_CLASSES_ROOT\avecore.license HKEY_CLASSES_ROOT\avecore.license.1 HKEY_CLASSES_ROOT\avecore.options HKEY_CLASSES_ROOT\avecore.options.1 HKEY_CLASSES_ROOT\avecore.quarantine HKEY_CLASSES_ROOT\avecore.quarantine.1 HKEY_CLASSES_ROOT\avecore.realtime HKEY_CLASSES_ROOT\avecore.realtime.1 HKEY_CLASSES_ROOT\avecore.rtobject HKEY_CLASSES_ROOT\avecore.rtobject.1 HKEY_CLASSES_ROOT\avecore.safemode HKEY_CLASSES_ROOT\avecore.safemode.1 HKEY_CLASSES_ROOT\avecore.scaner HKEY_CLASSES_ROOT\avecore.scaner.1 HKEY_CLASSES_ROOT\avecore.scanstatistic HKEY_CLASSES_ROOT\avecore.scanstatistic.1 HKEY_CLASSES_ROOT\avecore.theapp HKEY_CLASSES_ROOT\avecore.theapp.1 HKEY_CLASSES_ROOT\avecore.update HKEY_CLASSES_ROOT\avecore.update.1 HKEY_CLASSES_ROOT\avecore.updateinfo HKEY_CLASSES_ROOT\avecore.updateinfo.1 HKEY_CLASSES_ROOT\avecore.versioninfo HKEY_CLASSES_ROOT\avecore.versioninfo.1 HKEY_CLASSES_ROOT\clsid\{04f3168f-5afc-4531-b3b4-16ca93720415} HKEY_CLASSES_ROOT\clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6} HKEY_CLASSES_ROOT\clsid\{09d62e7b-f1a0-46bf-a5ae-eff9e2e22d89} HKEY_CLASSES_ROOT\clsid\{09e22647-aed1-4025-9940-9234b091caa3} HKEY_CLASSES_ROOT\clsid\{17016049-c758-4710-a3e8-2800c0c57f0f} HKEY_CLASSES_ROOT\clsid\{187a8428-bd94-470d-a178-a2347f940519} HKEY_CLASSES_ROOT\clsid\{2865930b-4588-4ff3-8227-6d4f66c92c7a} HKEY_CLASSES_ROOT\clsid\{286b4be8-5aab-443c-806a-da7c4064e699} HKEY_CLASSES_ROOT\clsid\{2d04df1a-015e-4b14-997a-1d9efe429b36} HKEY_CLASSES_ROOT\clsid\{2e817c58-8b6e-42c1-8fe5-35164212b660} HKEY_CLASSES_ROOT\clsid\{2fe2edc0-9e62-4f34-8a73-bc66dae48ef3} HKEY_CLASSES_ROOT\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3} HKEY_CLASSES_ROOT\clsid\{3a3a8c24-8ff0-4140-9731-54d9483ea70b} HKEY_CLASSES_ROOT\clsid\{3a906593-b4bd-48ed-84b0-3249bed65ef9} HKEY_CLASSES_ROOT\clsid\{453125c3-7a5e-4581-808c-a70eea670a9b} HKEY_CLASSES_ROOT\clsid\{49b72a72-01f5-4ae8-bbd7-daa67f1e303b} HKEY_CLASSES_ROOT\clsid\{4fa2b39b-a7da-983c-68e6-5b095a4118fd} HKEY_CLASSES_ROOT\clsid\{59e2d3c2-ab30-4295-b301-8849a2166e8c} HKEY_CLASSES_ROOT\clsid\{60371670-81b9-4d06-9c42-4dec1aabe62b} HKEY_CLASSES_ROOT\clsid\{6ae3aca6-1be3-4443-98dd-effcfa793d35} HKEY_CLASSES_ROOT\clsid\{71bafe05-b6c5-49db-9c61-397a60343877} HKEY_CLASSES_ROOT\clsid\{771f4f1f-643b-4049-a6d5-bca4583424c2} HKEY_CLASSES_ROOT\clsid\{787dec39-69d0-40b3-b173-e0411c59b300} HKEY_CLASSES_ROOT\clsid\{79ddf2ef-d881-464b-b2af-5af8816a3964} HKEY_CLASSES_ROOT\clsid\{8066d67f-7f83-48aa-9edb-faf24d51a76b} HKEY_CLASSES_ROOT\clsid\{813c8e86-4c90-4617-b59e-e130cc068140} HKEY_CLASSES_ROOT\clsid\{825862c3-abef-49f1-a243-df8ea3d281d6} HKEY_CLASSES_ROOT\clsid\{89133bce-57d0-4d2b-afaf-a97b74ad704e} HKEY_CLASSES_ROOT\clsid\{8f40cc34-fe77-4618-aa3d-bd2efacaa8dc} HKEY_CLASSES_ROOT\clsid\{8fa142a3-b637-4d4d-ade9-9a205e69cc1e} HKEY_CLASSES_ROOT\clsid\{9f89e240-06a6-4e1c-ba84-f267de7db391} HKEY_CLASSES_ROOT\clsid\{b60a0e56-548d-40ae-9383-d752531f653f} HKEY_CLASSES_ROOT\clsid\{b67b0756-2528-4996-b4bd-c993614cc0b6} HKEY_CLASSES_ROOT\clsid\{bbe6c0f6-e4a2-410a-9f2c-22aed33eff75} HKEY_CLASSES_ROOT\clsid\{bcc51ea9-6340-4ebe-8736-13a752ecb0be} HKEY_CLASSES_ROOT\clsid\{bf333890-39cd-476c-94ec-29493712426c} HKEY_CLASSES_ROOT\clsid\{c9f55255-0e99-41e6-b302-42ed7caccea5} HKEY_CLASSES_ROOT\clsid\{cbefb350-ed5b-4115-b846-c1041676b388} HKEY_CLASSES_ROOT\clsid\{d682d42e-be2c-4758-ab18-926d2e7553b8} HKEY_CLASSES_ROOT\clsid\{d918e319-211b-42f7-a9d8-e204eab2d40f} HKEY_CLASSES_ROOT\clsid\{e9719d38-ec55-4c8b-9df0-080ade95a9fa} HKEY_CLASSES_ROOT\clsid\{fc36e6eb-7dc7-47c7-b5d6-563ceee4608e} HKEY_CLASSES_ROOT\customie.bho HKEY_CLASSES_ROOT\customie.bho.1 HKEY_CLASSES_ROOT\interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae} HKEY_CLASSES_ROOT\interface\{9da65ff0-676f-48c7-9253-0020417f97ee} HKEY_CLASSES_ROOT\typelib\{344ee577-2027-4714-82ff-0d7538488547} HKEY_CLASSES_ROOT\typelib\{4947ddcc-d549-4d0b-9685-aa58b20e9642} HKEY_CLASSES_ROOT\typelib\{aad9a825-7c82-4121-ab7c-c33be0853588} HKEY_CLASSES_ROOT\winres.windowsresources HKEY_CLASSES_ROOT\wndlayer.window HKEY_CLASSES_ROOT\wndlayer.window.1 HKEY_CLASSES_ROOT\wndlayer.windowcollection HKEY_CLASSES_ROOT\wndlayer.windowcollection.1 HKEY_CLASSES_ROOT\wndlayer.windowlayer HKEY_CLASSES_ROOT\wndlayer.windowlayer.1 HKEY_CLASSES_ROOT\xmllib.xmldp HKEY_CLASSES_ROOT\xmllib.xmldp.1 HKEY_CURRENT_USER\software\freeware\{ffb51760-344e-4ffb-bfff-4b18c7ac1d63} HKEY_LOCAL_MACHINE\software\classes\clsid\{d918e319-211b-42f7-a9d8-e204eab2d40f} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{ffb51760-344e-4ffb-bfff-4b18c7ac1d63} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{09d62e7b-f1a0-46bf-a5ae-eff9e2e22d89} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{09e22647-aed1-4025-9940-9234b091caa3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{286b4be8-5aab-443c-806a-da7c4064e699} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2d04df1a-015e-4b14-997a-1d9efe429b36} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e817c58-8b6e-42c1-8fe5-35164212b660} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{453125c3-7a5e-4581-808c-a70eea670a9b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59e2d3c2-ab30-4295-b301-8849a2166e8c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{60371670-81b9-4d06-9c42-4dec1aabe62b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8066d67f-7f83-48aa-9edb-faf24d51a76b} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{825862c3-abef-49f1-a243-df8ea3d281d6} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8fa142a3-b637-4d4d-ade9-9a205e69cc1e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bbe6c0f6-e4a2-410a-9f2c-22aed33eff75} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf333890-39cd-476c-94ec-29493712426c} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c9f55255-0e99-41e6-b302-42ed7caccea5} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cbefb350-ed5b-4115-b846-c1041676b388} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d918e319-211b-42f7-a9d8-e204eab2d40f} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc36e6eb-7dc7-47c7-b5d6-563ceee4608e} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bestsearch HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\psguard spyware remover HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xmllib HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_msqmx HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msqmx HKEY_LOCAL_MACHINE\system\currentcontrolset\services\paraudio

Registry Values: HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_CLASSES_ROOT\protocols\filter\text/html HKEY_CLASSES_ROOT\protocols\filter\text/plain HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{524d5441-544e-524e-562d-474145575241} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{524d5441-544e-524e-562d-474145575241} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Startpage:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Secdrop Trojan Cleaner
IRCBot Trojan Removal
Removing Backdoor.MagicPS Trojan
KidLogger Spyware Symptoms

Malware Info

Blog Archive

About Me

Saturday, November 22, 2008

Startpage Trojan

How to detect Startpage:

Removing Startpage:

No comments: