Saturday, November 22, 2008

China Trojan

Removing China
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

China Also known as:

[Kaspersky]Backdoor.ChinDoor.10,Backdoor.Win32.ChinDoor.10,Backdoor.ChinDoor.11,Backdoor.Win32.ChinDoor.11;
[Eset]Win32/ChinDoor.10 trojan,Win32/ChinDoor.11 trojan;
[McAfee]BackDoor-AFS;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/China.10,Backdoor Program;
[Computer Associates]Backdoor/VB.Unknown!Server,Backdoor/ChinDoor.11
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\window.exe
[%WINDOWS%]\system\window.exe

How to detect China:

Files:
[%WINDOWS%]\system\window.exe
[%WINDOWS%]\system\window.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing China:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SmitFraud Trojan
Marawi Trojan Information
Remove Bulla Adware

Posted by at No comments:

NetDemon Trojan

Removing NetDemon
Categories: Trojan,Backdoor,RAT
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

NetDemon Also known as:

[Kaspersky]Backdoor.NetDemon.10;
[McAfee]BackDoor-IR;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/NetDemon.10;
[Computer Associates]Backdoor/NetDemon.10
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\winmap.exe
[%WINDOWS%]\system\winmap.exe

How to detect NetDemon:

Files:
[%WINDOWS%]\system\winmap.exe
[%WINDOWS%]\system\winmap.exe

Removing NetDemon:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
InternetAlert Spyware Cleaner
Pigeon.ENP Trojan Information
Remove Angels.Aggression.Beta Trojan
Zlob.Fam.Brain Codec Trojan Symptoms
Agent.fn Downloader Removal

Posted by at No comments:

IstBar.is Toolbar

Removing IstBar.is
Categories: Toolbar,Downloader
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\bit2.exe
[%PROFILE_TEMP%]\bitcoll.dll
[%PROFILE_TEMP%]\cmdo.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\bit2.exe
[%PROFILE_TEMP%]\bitcoll.dll
[%PROFILE_TEMP%]\cmdo.exe
[%PROFILE_TEMP%]\jfgudk.exe

How to detect IstBar.is:

Files:
[%PROFILE_TEMP%]\bit2.exe
[%PROFILE_TEMP%]\bitcoll.dll
[%PROFILE_TEMP%]\cmdo.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\bit2.exe
[%PROFILE_TEMP%]\bitcoll.dll
[%PROFILE_TEMP%]\cmdo.exe
[%PROFILE_TEMP%]\jfgudk.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing IstBar.is:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove BuddyLinks Adware
Matefender Trojan Cleaner
Ultimate.Spy.Personal.Edition Trojan Symptoms
Remove Estalive Adware
Svug.50megs Tracking Cookie Cleaner

Posted by at No comments:

Jpeg2x.dll BHO

Removing Jpeg2x.dll
Categories: BHO
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\jpeg2xw32.dll
[%SYSTEM%]\jpeg2xw32.dll

How to detect Jpeg2x.dll:

Files:
[%SYSTEM%]\jpeg2xw32.dll
[%SYSTEM%]\jpeg2xw32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b2ba6320-f0eb-413c-aced-6dd3365c4ca3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b2ba6320-f0eb-413c-aced-6dd3365c4ca3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b2ba6320-f0eb-413c-aced-6dd3365c4ca3}

Removing Jpeg2x.dll:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Moke Adware Information
Ad.Ware.Pro Ransomware Information
MIRC.nHTMLn DoS Cleaner
ZipItPro Adware Cleaner

Posted by at No comments:

BackDoor.CMQ Trojan

Removing BackDoor.CMQ
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
BackDoor.CMQ Also known as:

[McAfee]Backdoor-CMQ,BackDoor-CMQ;
[Other]Win32.Boxed.CD,Trojan-Downlaoder.Win32.Agent.ajd,Win32.Boxed.FR,Trojan.Lootseek.AV,Win32.Boxed.GC
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ssd32d.exe
[%PROFILE_TEMP%]\ssd32d.exe

How to detect BackDoor.CMQ:

Files:
[%PROFILE_TEMP%]\ssd32d.exe
[%PROFILE_TEMP%]\ssd32d.exe

Removing BackDoor.CMQ:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Syscerun Adware Cleaner
Teen.Searchbar Toolbar Removal instruction
Charaho Trojan Information
Beenut Trojan Information

Posted by at No comments:

BestPics Trojan

Removing BestPics
Categories: Trojan,Backdoor,RAT
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

BestPics Also known as:

[Kaspersky]Backdoor.Bestpics;
[Eset]Win32/Bestpics.A trojan;
[McAfee]BackDoor-ZG;
[F-Prot]security risk or a "backdoor" program
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\ntss.exe
[%WINDOWS%]\system\ntss.exe

How to detect BestPics:

Files:
[%WINDOWS%]\system\ntss.exe
[%WINDOWS%]\system\ntss.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing BestPics:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Banbra.dq Spyware Removal
Remove AMS RAT

Posted by at No comments:

Key Spyware

Removing Key
Categories: Spyware
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\SYSTEM\ksepyy.zhy
[%WINDOWS%]\SYSTEM\ksepyy.zhy

How to detect Key:

Files:
[%WINDOWS%]\SYSTEM\ksepyy.zhy
[%WINDOWS%]\SYSTEM\ksepyy.zhy

Folders:
[%PROGRAMS%]\Key Spyware
[%PROGRAM_FILES%]\Key Spyware

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\keyspy
HKEY_LOCAL_MACHINE\software\xtzy\keyspy

Removing Key:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Rotate Trojan Cleaner
CGSCUI.DLL BHO Information
Bancos.IAA Trojan Information

Posted by at No comments:

WhileUSurf Adware

Removing WhileUSurf
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\svchost.dll
[%SYSTEM%]\printer32.dll
[%SYSTEM%]\wys.dll
[%SYSTEM%]\wys.exe
[%SYSTEM%]\wys3.exe
[%SYSTEM%]\wys5.dll
[%SYSTEM%]\svchost.dll
[%SYSTEM%]\printer32.dll
[%SYSTEM%]\wys.dll
[%SYSTEM%]\wys.exe
[%SYSTEM%]\wys3.exe
[%SYSTEM%]\wys5.dll

How to detect WhileUSurf:

Files:
[%SYSTEM%]\svchost.dll
[%SYSTEM%]\printer32.dll
[%SYSTEM%]\wys.dll
[%SYSTEM%]\wys.exe
[%SYSTEM%]\wys3.exe
[%SYSTEM%]\wys5.dll
[%SYSTEM%]\svchost.dll
[%SYSTEM%]\printer32.dll
[%SYSTEM%]\wys.dll
[%SYSTEM%]\wys.exe
[%SYSTEM%]\wys3.exe
[%SYSTEM%]\wys5.dll

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\while you surf

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing WhileUSurf:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove HLLP.Philis Trojan
Remove Monurl Downloader
Ehg.samsungusa.hitbox Tracking Cookie Symptoms
SatanicDream DoS Removal

Posted by at No comments:

Adware.Qyule Trojan

Removing Adware.Qyule
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware.Qyule Also known as:

[Kaspersky]Downloader.Win32.Quyl.c;
[McAfee]Adware-Qyule;
[Other]Troj/Dloader-ZM
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\Setup_w0003.exe
[%PROFILE_TEMP%]\Setup_w0003.exe

How to detect Adware.Qyule:

Files:
[%PROFILE_TEMP%]\Setup_w0003.exe
[%PROFILE_TEMP%]\Setup_w0003.exe

Folders:
[%PROGRAM_FILES%]\Qyule

Registry Keys:
HKEY_CURRENT_USER\software\qyule
HKEY_CURRENT_USER\software\smartclient\qyule

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\smartclient

Removing Adware.Qyule:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Zlob.Fam.Seekmo Toolbar Trojan Information
DownloadCoach Adware Symptoms

Posted by at No comments:

Disquickl Adware

Removing Disquickl
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Disquickl Also known as:

[Kaspersky]AdWare.Win32.Suggestor.o,AdWare.win32.Suggestor.o;
[McAfee]Adware-LinkMaker;
[Other]Adware.LinkMaker,QuickLinks/Forethought,linkmaker,Win32/Ramkeni.A
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\gbe90qs.exe
[%SYSTEM%]\jiub5f27y.hhy
[%SYSTEM%]\mksawrtal.amf
[%SYSTEM%]\nr1rnqm8.exe
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\bdpn.exe
[%SYSTEM%]\fhsxc.exe
[%SYSTEM%]\fqgge.sty
[%SYSTEM%]\hvzead7v.exe
[%SYSTEM%]\iqrdy2c1.exe
[%SYSTEM%]\ssn6tuu.exe
[%SYSTEM%]\ubbv.dll
[%SYSTEM%]\v199.dll
[%SYSTEM%]\x3cqp0.dll
[%SYSTEM%]\yrwmhje.aka
[%SYSTEM%]\gbe90qs.exe
[%SYSTEM%]\jiub5f27y.hhy
[%SYSTEM%]\mksawrtal.amf
[%SYSTEM%]\nr1rnqm8.exe
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\bdpn.exe
[%SYSTEM%]\fhsxc.exe
[%SYSTEM%]\fqgge.sty
[%SYSTEM%]\hvzead7v.exe
[%SYSTEM%]\iqrdy2c1.exe
[%SYSTEM%]\ssn6tuu.exe
[%SYSTEM%]\ubbv.dll
[%SYSTEM%]\v199.dll
[%SYSTEM%]\x3cqp0.dll
[%SYSTEM%]\yrwmhje.aka

How to detect Disquickl:

Files:
[%SYSTEM%]\gbe90qs.exe
[%SYSTEM%]\jiub5f27y.hhy
[%SYSTEM%]\mksawrtal.amf
[%SYSTEM%]\nr1rnqm8.exe
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\bdpn.exe
[%SYSTEM%]\fhsxc.exe
[%SYSTEM%]\fqgge.sty
[%SYSTEM%]\hvzead7v.exe
[%SYSTEM%]\iqrdy2c1.exe
[%SYSTEM%]\ssn6tuu.exe
[%SYSTEM%]\ubbv.dll
[%SYSTEM%]\v199.dll
[%SYSTEM%]\x3cqp0.dll
[%SYSTEM%]\yrwmhje.aka
[%SYSTEM%]\gbe90qs.exe
[%SYSTEM%]\jiub5f27y.hhy
[%SYSTEM%]\mksawrtal.amf
[%SYSTEM%]\nr1rnqm8.exe
[%SYSTEM%]\pixk5gp2.phy
[%SYSTEM%]\bdpn.exe
[%SYSTEM%]\fhsxc.exe
[%SYSTEM%]\fqgge.sty
[%SYSTEM%]\hvzead7v.exe
[%SYSTEM%]\iqrdy2c1.exe
[%SYSTEM%]\ssn6tuu.exe
[%SYSTEM%]\ubbv.dll
[%SYSTEM%]\v199.dll
[%SYSTEM%]\x3cqp0.dll
[%SYSTEM%]\yrwmhje.aka

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{AE0ECC2F-0C33-494C-8B22-B57A7763027F}
HKEY_CLASSES_ROOT\clsid\{da28e0db-229c-4003-827e-96ae15ad90fb}
HKEY_CLASSES_ROOT\fseytdc.ariaqudok
HKEY_CLASSES_ROOT\fseytdc.ariaqudok.1
HKEY_CLASSES_ROOT\fseytdc.yvakt
HKEY_CLASSES_ROOT\fseytdc.yvakt.1
HKEY_CLASSES_ROOT\interface\{34e97b51-ab15-419b-96d1-1b2469659004}
HKEY_CLASSES_ROOT\interface\{47f2b86d-82a1-44f5-a78b-136ac5496094}
HKEY_CLASSES_ROOT\interface\{cd929f93-9872-4ec0-87f4-63307447f9f8}
HKEY_CLASSES_ROOT\qhwrydhms.kweaj
HKEY_CLASSES_ROOT\typelib\{034c619c-216c-48d5-920f-a91c42e449fe}
HKEY_CLASSES_ROOT\typelib\{90aff1ef-c901-4991-8d61-5beea455e090}
HKEY_LOCAL_MACHINE\software\alxunhju
HKEY_LOCAL_MACHINE\software\ksr39sj5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE0ECC2F-0C33-494C-8B22-B57A7763027F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5E2A3E7-00FE-4D31-A030-A10799DDCA66}
HKEY_CLASSES_ROOT\clsid\{00172ad1-f4bd-48c0-aeb5-a4cfe4638393}
HKEY_CLASSES_ROOT\clsid\{0f9a5f09-3bfd-40d3-85fe-36227430a374}
HKEY_CLASSES_ROOT\clsid\{5c3e6596-c64f-48e0-ac1e-b9c6eb3a5915}
HKEY_CLASSES_ROOT\clsid\{624a3cdb-8c0a-4902-8480-191582c8498e}
HKEY_CLASSES_ROOT\clsid\{ae0ecc2f-0c33-494c-8b22-b57a7763027f}
HKEY_CLASSES_ROOT\clsid\{b91a8e01-502d-4ef6-b0c4-7139709832ed}
HKEY_CLASSES_ROOT\clsid\{ba3ddc15-3ef1-4dc7-b9b6-ed0403f9422a}
HKEY_CLASSES_ROOT\clsid\{d332110e-3edb-417b-b8e2-297b61c074c6}
HKEY_CLASSES_ROOT\clsid\{d55e80b0-433d-442f-a524-060dea41dee0}
HKEY_CLASSES_ROOT\clsid\{dfe7d27e-c021-4c72-80f3-254b776e0992}
HKEY_CLASSES_ROOT\clsid\{f8d76886-fa88-4df6-8fbd-c02cf8c91c94}
HKEY_CLASSES_ROOT\fseytdc
HKEY_CLASSES_ROOT\interface\{19f34252-ae41-4948-a1fe-e5519ab20595}
HKEY_CLASSES_ROOT\interface\{2a06e07e-c850-4cd9-a488-48accfbece1d}
HKEY_CLASSES_ROOT\qhwrydhms
HKEY_CLASSES_ROOT\qhwrydhms.hrhx
HKEY_CLASSES_ROOT\typelib\{22481ecf-6213-4385-a287-e457b22e3a2e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00172ad1-f4bd-48c0-aeb5-a4cfe4638393}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c3e6596-c64f-48e0-ac1e-b9c6eb3a5915}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ae0ecc2f-0c33-494c-8b22-b57a7763027f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dfe7d27e-c021-4c72-80f3-254b776e0992}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e2a3e7-00fe-4d31-a030-a10799ddca66}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ov2utpkh
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pggia9wp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\qn0xx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\uyyb
HKEY_LOCAL_MACHINE\software\qjuwb
HKEY_LOCAL_MACHINE\software\wus7kvitb

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\s7kqhe
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_LOCAL_MACHINE\software\bvbbvjbi
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\s7kqhe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\s7kqhe

Removing Disquickl:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Deggoo Trojan Symptoms
BLHouse Trojan Information
BadBoh BHO Cleaner
Katherdoor.Server Backdoor Information
MSView Adware Removal

Posted by at No comments:

MaxSearch Adware

Removing MaxSearch
Categories: Adware,Hijacker
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.

How to detect MaxSearch:

Folders:
[%PROGRAM_FILES%]\maxifiles
[%PROGRAM_FILES%]\freeprod toolbar

Registry Keys:
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar
HKEY_CLASSES_ROOT\xbtb07618.ietoolbar.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar
HKEY_CLASSES_ROOT\toolband.xbtb04715
HKEY_CLASSES_ROOT\toolband.xbtb04715.1
HKEY_CLASSES_ROOT\toolband.xbtb07618
HKEY_CLASSES_ROOT\toolband.xbtb07618.1
HKEY_CLASSES_ROOT\typelib\{3261a9a1-91f5-4a20-bec7-3f8373c72c1f}
HKEY_CLASSES_ROOT\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}
HKEY_CLASSES_ROOT\typelib\{ffbe337d-cb05-4ff0-b9fa-3c2fcc2f54fb}
HKEY_CLASSES_ROOT\xbtb04715.ietoolbar
HKEY_CLASSES_ROOT\xbtb04715.ietoolbar.1
HKEY_CLASSES_ROOT\xbtb04715.xbtb04715
HKEY_CLASSES_ROOT\xbtb04715.xbtb04715.1
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618
HKEY_CLASSES_ROOT\xbtb07618.xbtb07618.1
HKEY_CURRENT_USER\software\xbtb07618
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform\maxifiles
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\user agent\post platform\maxifilestb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar

Removing MaxSearch:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDL.4PW Trojan Symptoms
PC.MightyMax Adware Information
UpF.ker Backdoor Information
Remove PSGuard Trojan

Posted by at No comments:

MediaUpdate BHO

Removing MediaUpdate
Categories: BHO,Hijacker
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\medup012.dll
[%WINDOWS%]\system\medup012.dll
[%SYSTEM%]\medup012.dll
[%WINDOWS%]\system\medup012.dll

How to detect MediaUpdate:

Files:
[%SYSTEM%]\medup012.dll
[%WINDOWS%]\system\medup012.dll
[%SYSTEM%]\medup012.dll
[%WINDOWS%]\system\medup012.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{b8c0220d-763d-49a4-95f4-61dfdec66ee6}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b8c0220d-763d-49a4-95f4-61dfdec66ee6}
HKEY_LOCAL_MACHINE\software\invictus
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6}

Removing MediaUpdate:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Pig.Move.Search BHO Removal
SillyDl.AZX Trojan Removal instruction

Posted by at No comments:

Holystic Adware

Removing Holystic
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downloaded program files\preload.inf
[%SYSTEM%]\preload.ocx
[%WINDOWS%]\downloaded program files\preload.inf
[%SYSTEM%]\preload.ocx

How to detect Holystic:

Files:
[%WINDOWS%]\downloaded program files\preload.inf
[%SYSTEM%]\preload.ocx
[%WINDOWS%]\downloaded program files\preload.inf
[%SYSTEM%]\preload.ocx

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{03c543a1-c090-418f-a1d0-fb96380d601d}
HKEY_CLASSES_ROOT\hol_preload.full.1
HKEY_CURRENT_USER\software\holistyc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03C543A1-C090-418F-A1D0-FB96380D601D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{03c543a1-c090-418f-a1d0-fb96380d601d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\preload.ocx

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing Holystic:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.HKW Trojan Symptoms
Removing Coma Trojan
WVIOLENCE Trojan Symptoms
Malaise Trojan Cleaner

Posted by at No comments:

Cls Trojan

Removing Cls
Categories: Trojan,BHO,Backdoor,Downloader,DoS
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.
Cls Also known as:

[Computer Associates]Cls

How to detect Cls:

Registry Keys:
HKEY_CLASSES_ROOT\spm1316.spm1316
HKEY_CLASSES_ROOT\spm1316.spm1316.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-7173706d1316}

Removing Cls:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing Momaker RAT
Koko Trojan Removal
Remove Crupor Trojan
Windows.Remote RAT Symptoms
Win32.Fraggle Trojan Information

Posted by at No comments:

DNS Backdoor

Removing DNS
Categories: Backdoor,RAT,Hacker Tool
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
DNS Also known as:

[Kaspersky]Backdoor.DnsDoor.01;
[Panda]Backdoor Program,Bck/DnsDoor;
[Computer Associates]Backdoor/DNSDoor.0.1,Win32.DnsDoor.01
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\dns32.dll.exe
[%WINDOWS%]\dns32.dll.exe

How to detect DNS:

Files:
[%WINDOWS%]\dns32.dll.exe
[%WINDOWS%]\dns32.dll.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing DNS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Easy.Keylogger Spyware Information

Posted by at No comments:

Tatss Adware

Removing Tatss
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

Visible Symptoms:
Files in system folders:
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe

How to detect Tatss:

Files:
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe
[%SYSTEM%]\pgtools\init.dll
[%SYSTEM%]\pgtools\tataccess.ocx
[%SYSTEM%]\pgtools\tatss.dll
[%SYSTEM%]\pgtools\tatss.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Tatss:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Remove Pigeon.EUK Trojan
Remove Vxidl.ASJ Trojan
Remove PSW.Hukle Trojan
HLLP.Randon RAT Removal instruction

Posted by at No comments:

Network.Crack.Wizard Spyware

Removing Network.Crack.Wizard
Categories: Spyware,Backdoor,RAT
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.
Network.Crack.Wizard Also known as:

[Kaspersky]Backdoor.Recoder;
[Panda]Bck/Recorder;
[Computer Associates]Win32.Recoder,Win32/HackPass!PWS!Trojan,Win32/HackPass.B1!PWS!Trojan
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\system\hooklib.dll
[%WINDOWS%]\system\mssys_32.exe
[%WINDOWS%]\system\hooklib.dll
[%WINDOWS%]\system\mssys_32.exe

How to detect Network.Crack.Wizard:

Files:
[%WINDOWS%]\system\hooklib.dll
[%WINDOWS%]\system\mssys_32.exe
[%WINDOWS%]\system\hooklib.dll
[%WINDOWS%]\system\mssys_32.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Network.Crack.Wizard:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Support Trojan Removal
BaciamiStupido Adware Removal

Posted by at No comments:

Banker.AHO Trojan

Removing Banker.AHO
Categories: Trojan
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Banker.AHO Also known as:

[Kaspersky]Trojan-Spy.Win32.Banker.ciy;
[McAfee]PWS-Banker.gen.aa
Visible Symptoms:
Files in system folders:
[%COMMON_STARTUP%]\Windows32.exe
[%SYSTEM%]\exploreraddon.exe
[%WINDOWS%]\help.scr
[%COMMON_STARTUP%]\Windows32.exe
[%SYSTEM%]\exploreraddon.exe
[%WINDOWS%]\help.scr

How to detect Banker.AHO:

Files:
[%COMMON_STARTUP%]\Windows32.exe
[%SYSTEM%]\exploreraddon.exe
[%WINDOWS%]\help.scr
[%COMMON_STARTUP%]\Windows32.exe
[%SYSTEM%]\exploreraddon.exe
[%WINDOWS%]\help.scr

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

Removing Banker.AHO:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing UltraView Spyware
CWS.Time Trojan Removal
Removing AdwarePro Ransomware
Remove Hitpop Trojan
Remove SearchClickAds Adware

Posted by at No comments:

PowerZone Adware

Removing PowerZone
Categories: Adware
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

How to detect PowerZone:

Registry Keys:
HKEY_CLASSES_ROOT\appid\serverside.dll
HKEY_CLASSES_ROOT\appid\{eee0f52e-e32f-4ecb-871f-deff6eba4d35}
HKEY_CLASSES_ROOT\clsid\{7fc56022-4eda-472e-8830-7ca92ccbd025}
HKEY_CLASSES_ROOT\serverside.ssinternal
HKEY_CLASSES_ROOT\serverside.ssinternal.1

Removing PowerZone:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CDF Trojan Removal instruction

Posted by at No comments:

Smitfraud.c Trojan

Removing Smitfraud.c
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%COMMON_DESKTOPDIRECTORY%]\Online Security Center.url
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_FAVORITES%]\Antivirus Test Online.url
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_STARTMENU%]\Anti SPAM.url
[%COMMON_STARTMENU%]\Computer Security.url
[%COMMON_STARTMENU%]\Online Security Center.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%DESKTOP%]\Blackjack.url
[%DESKTOP%]\REMOVE SPYWARE.url
[%DESKTOP%]\remove.exe
[%DESKTOP%]\SpySheriff.lnk
[%DESKTOP%]\Trust Cleaner.lnk
[%DESKTOP%]\VIDEO.EXE
[%FAVORITES%]\Alprazolam.url
[%FAVORITES%]\Antivirus Test Online.url
[%FAVORITES%]\Free XXX Sites List.url
[%FAVORITES%]\Job Search.url
[%FAVORITES%]\Network Security.url
[%FAVORITES%]\online dating.url
[%FAVORITES%]\Online Gambling.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\Remove Spyware.url
[%FAVORITES%]\Spam Filters.url
[%FAVORITES%]\Take It Here - Daily Updated Porn Links.url
[%FAVORITES%]\Web Detective.url
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\AlfaCleaner\digsign.db
[%PROGRAM_FILES%]\Security Toolbar\Security Toolbar.dll
[%PROGRAM_FILES%]\Security Toolbar\Uninstall.bat
[%PROGRAM_FILES%]\SpySheriff\base.avd
[%PROGRAM_FILES%]\SpySheriff\base001.avd
[%PROGRAM_FILES%]\SpySheriff\base002.avd
[%PROGRAM_FILES%]\SpySheriff\found.wav
[%PROGRAM_FILES%]\SpySheriff\heur000.dll
[%PROGRAM_FILES%]\SpySheriff\heur001.dll
[%PROGRAM_FILES%]\SpySheriff\heur002.dll
[%PROGRAM_FILES%]\SpySheriff\heur003.dll
[%PROGRAM_FILES%]\SpySheriff\notfound.wav
[%PROGRAM_FILES%]\SpySheriff\removed.wav
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.dvm
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.exe
[%PROGRAM_FILES%]\SpySheriff\Uninstall.exe
[%PROGRAM_FILES%]\SpyTrooper\Uninstall.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%PROGRAM_FILES%]\SpywareStrike\SpywareStrike.exe
[%PROGRAM_FILES%]\SpywareStrike\spywarestrike.ini
[%STARTMENU%]\SpywareStrike 2.5.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\atmclk.exe
[%SYSTEM%]\atmtd.dll
[%SYSTEM%]\atmtd.dll._
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\CWS_iestart.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\dcomcfg.exe
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\dxole32.exe
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\intel32.exe
[%SYSTEM%]\intell32.exe
[%SYSTEM%]\ishost.exe
[%SYSTEM%]\ismon.exe
[%SYSTEM%]\isnotify.exe
[%SYSTEM%]\issearch.exe
[%SYSTEM%]\ixt0.dll
[%SYSTEM%]\ixt1.dll
[%SYSTEM%]\ixt2.dll
[%SYSTEM%]\ixt3.dll
[%SYSTEM%]\ixt4.dll
[%SYSTEM%]\ixt5.dll
[%SYSTEM%]\ixt6.dll
[%SYSTEM%]\ixt7.dll
[%SYSTEM%]\ixt8.dll
[%SYSTEM%]\ixt9.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels8.exe
[%SYSTEM%]\lcch.dat
[%SYSTEM%]\mirarsearch_toolbar.exe
[%SYSTEM%]\mscornet.exe
[%SYSTEM%]\msmsgs.exe
[%SYSTEM%]\msole32.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\nvctrl.exe
[%SYSTEM%]\oleadm.dll
[%SYSTEM%]\oleext.dll
[%SYSTEM%]\oleext32.dll
[%SYSTEM%]\page.htm
[%SYSTEM%]\perflibs__
[%SYSTEM%]\phqghume.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\reger.exe
[%SYSTEM%]\regperf.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\shellgui32.dll
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\svehost.exe
[%SYSTEM%]\sywsvcs.exe
[%SYSTEM%]\taskdir.dll
[%SYSTEM%]\taskdir.exe
[%SYSTEM%]\taskdir~.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\thlwin32.dll
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\voblaizdupla.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\winlogon.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\wldr.dll
[%SYSTEM%]\wp.bmp
[%SYSTEM%]\wppp.html
[%SYSTEM%]\wstart.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\zlbw.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\desktop.html
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\inetloader.dll
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\screen.html
[%WINDOWS%]\secure32.html
[%WINDOWS%]\sites.ini
[%WINDOWS%]\susp.exe
[%WINDOWS%]\svchosts.dll
[%WINDOWS%]\tool1.exe
[%WINDOWS%]\tool2.exe
[%WINDOWS%]\tool3.exe
[%WINDOWS%]\tool4.exe
[%WINDOWS%]\tool5.exe
[%WINDOWS%]\uninstDsk.exe
[%WINDOWS%]\uninstIU.exe
[%WINDOWS%]\web\desktop.html
[%WINDOWS%]\WUPDMGR.EXE
[%WINDOWS%]\ZServ.dll
[%COMMON_DESKTOPDIRECTORY%]\Online Security Center.url
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_FAVORITES%]\Antivirus Test Online.url
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_STARTMENU%]\Anti SPAM.url
[%COMMON_STARTMENU%]\Computer Security.url
[%COMMON_STARTMENU%]\Online Security Center.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%DESKTOP%]\Blackjack.url
[%DESKTOP%]\REMOVE SPYWARE.url
[%DESKTOP%]\remove.exe
[%DESKTOP%]\SpySheriff.lnk
[%DESKTOP%]\Trust Cleaner.lnk
[%DESKTOP%]\VIDEO.EXE
[%FAVORITES%]\Alprazolam.url
[%FAVORITES%]\Antivirus Test Online.url
[%FAVORITES%]\Free XXX Sites List.url
[%FAVORITES%]\Job Search.url
[%FAVORITES%]\Network Security.url
[%FAVORITES%]\online dating.url
[%FAVORITES%]\Online Gambling.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\Remove Spyware.url
[%FAVORITES%]\Spam Filters.url
[%FAVORITES%]\Take It Here - Daily Updated Porn Links.url
[%FAVORITES%]\Web Detective.url
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\AlfaCleaner\digsign.db
[%PROGRAM_FILES%]\Security Toolbar\Security Toolbar.dll
[%PROGRAM_FILES%]\Security Toolbar\Uninstall.bat
[%PROGRAM_FILES%]\SpySheriff\base.avd
[%PROGRAM_FILES%]\SpySheriff\base001.avd
[%PROGRAM_FILES%]\SpySheriff\base002.avd
[%PROGRAM_FILES%]\SpySheriff\found.wav
[%PROGRAM_FILES%]\SpySheriff\heur000.dll
[%PROGRAM_FILES%]\SpySheriff\heur001.dll
[%PROGRAM_FILES%]\SpySheriff\heur002.dll
[%PROGRAM_FILES%]\SpySheriff\heur003.dll
[%PROGRAM_FILES%]\SpySheriff\notfound.wav
[%PROGRAM_FILES%]\SpySheriff\removed.wav
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.dvm
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.exe
[%PROGRAM_FILES%]\SpySheriff\Uninstall.exe
[%PROGRAM_FILES%]\SpyTrooper\Uninstall.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%PROGRAM_FILES%]\SpywareStrike\SpywareStrike.exe
[%PROGRAM_FILES%]\SpywareStrike\spywarestrike.ini
[%STARTMENU%]\SpywareStrike 2.5.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\atmclk.exe
[%SYSTEM%]\atmtd.dll
[%SYSTEM%]\atmtd.dll._
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\CWS_iestart.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\dcomcfg.exe
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\dxole32.exe
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\intel32.exe
[%SYSTEM%]\intell32.exe
[%SYSTEM%]\ishost.exe
[%SYSTEM%]\ismon.exe
[%SYSTEM%]\isnotify.exe
[%SYSTEM%]\issearch.exe
[%SYSTEM%]\ixt0.dll
[%SYSTEM%]\ixt1.dll
[%SYSTEM%]\ixt2.dll
[%SYSTEM%]\ixt3.dll
[%SYSTEM%]\ixt4.dll
[%SYSTEM%]\ixt5.dll
[%SYSTEM%]\ixt6.dll
[%SYSTEM%]\ixt7.dll
[%SYSTEM%]\ixt8.dll
[%SYSTEM%]\ixt9.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels8.exe
[%SYSTEM%]\lcch.dat
[%SYSTEM%]\mirarsearch_toolbar.exe
[%SYSTEM%]\mscornet.exe
[%SYSTEM%]\msmsgs.exe
[%SYSTEM%]\msole32.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\nvctrl.exe
[%SYSTEM%]\oleadm.dll
[%SYSTEM%]\oleext.dll
[%SYSTEM%]\oleext32.dll
[%SYSTEM%]\page.htm
[%SYSTEM%]\perflibs__
[%SYSTEM%]\phqghume.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\reger.exe
[%SYSTEM%]\regperf.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\shellgui32.dll
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\svehost.exe
[%SYSTEM%]\sywsvcs.exe
[%SYSTEM%]\taskdir.dll
[%SYSTEM%]\taskdir.exe
[%SYSTEM%]\taskdir~.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\thlwin32.dll
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\voblaizdupla.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\winlogon.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\wldr.dll
[%SYSTEM%]\wp.bmp
[%SYSTEM%]\wppp.html
[%SYSTEM%]\wstart.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\zlbw.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\desktop.html
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\inetloader.dll
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\screen.html
[%WINDOWS%]\secure32.html
[%WINDOWS%]\sites.ini
[%WINDOWS%]\susp.exe
[%WINDOWS%]\svchosts.dll
[%WINDOWS%]\tool1.exe
[%WINDOWS%]\tool2.exe
[%WINDOWS%]\tool3.exe
[%WINDOWS%]\tool4.exe
[%WINDOWS%]\tool5.exe
[%WINDOWS%]\uninstDsk.exe
[%WINDOWS%]\uninstIU.exe
[%WINDOWS%]\web\desktop.html
[%WINDOWS%]\WUPDMGR.EXE
[%WINDOWS%]\ZServ.dll

How to detect Smitfraud.c:

Files:
[%COMMON_DESKTOPDIRECTORY%]\Online Security Center.url
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_FAVORITES%]\Antivirus Test Online.url
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_STARTMENU%]\Anti SPAM.url
[%COMMON_STARTMENU%]\Computer Security.url
[%COMMON_STARTMENU%]\Online Security Center.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%DESKTOP%]\Blackjack.url
[%DESKTOP%]\REMOVE SPYWARE.url
[%DESKTOP%]\remove.exe
[%DESKTOP%]\SpySheriff.lnk
[%DESKTOP%]\Trust Cleaner.lnk
[%DESKTOP%]\VIDEO.EXE
[%FAVORITES%]\Alprazolam.url
[%FAVORITES%]\Antivirus Test Online.url
[%FAVORITES%]\Free XXX Sites List.url
[%FAVORITES%]\Job Search.url
[%FAVORITES%]\Network Security.url
[%FAVORITES%]\online dating.url
[%FAVORITES%]\Online Gambling.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\Remove Spyware.url
[%FAVORITES%]\Spam Filters.url
[%FAVORITES%]\Take It Here - Daily Updated Porn Links.url
[%FAVORITES%]\Web Detective.url
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\AlfaCleaner\digsign.db
[%PROGRAM_FILES%]\Security Toolbar\Security Toolbar.dll
[%PROGRAM_FILES%]\Security Toolbar\Uninstall.bat
[%PROGRAM_FILES%]\SpySheriff\base.avd
[%PROGRAM_FILES%]\SpySheriff\base001.avd
[%PROGRAM_FILES%]\SpySheriff\base002.avd
[%PROGRAM_FILES%]\SpySheriff\found.wav
[%PROGRAM_FILES%]\SpySheriff\heur000.dll
[%PROGRAM_FILES%]\SpySheriff\heur001.dll
[%PROGRAM_FILES%]\SpySheriff\heur002.dll
[%PROGRAM_FILES%]\SpySheriff\heur003.dll
[%PROGRAM_FILES%]\SpySheriff\notfound.wav
[%PROGRAM_FILES%]\SpySheriff\removed.wav
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.dvm
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.exe
[%PROGRAM_FILES%]\SpySheriff\Uninstall.exe
[%PROGRAM_FILES%]\SpyTrooper\Uninstall.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%PROGRAM_FILES%]\SpywareStrike\SpywareStrike.exe
[%PROGRAM_FILES%]\SpywareStrike\spywarestrike.ini
[%STARTMENU%]\SpywareStrike 2.5.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\atmclk.exe
[%SYSTEM%]\atmtd.dll
[%SYSTEM%]\atmtd.dll._
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\CWS_iestart.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\dcomcfg.exe
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\dxole32.exe
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\intel32.exe
[%SYSTEM%]\intell32.exe
[%SYSTEM%]\ishost.exe
[%SYSTEM%]\ismon.exe
[%SYSTEM%]\isnotify.exe
[%SYSTEM%]\issearch.exe
[%SYSTEM%]\ixt0.dll
[%SYSTEM%]\ixt1.dll
[%SYSTEM%]\ixt2.dll
[%SYSTEM%]\ixt3.dll
[%SYSTEM%]\ixt4.dll
[%SYSTEM%]\ixt5.dll
[%SYSTEM%]\ixt6.dll
[%SYSTEM%]\ixt7.dll
[%SYSTEM%]\ixt8.dll
[%SYSTEM%]\ixt9.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels8.exe
[%SYSTEM%]\lcch.dat
[%SYSTEM%]\mirarsearch_toolbar.exe
[%SYSTEM%]\mscornet.exe
[%SYSTEM%]\msmsgs.exe
[%SYSTEM%]\msole32.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\nvctrl.exe
[%SYSTEM%]\oleadm.dll
[%SYSTEM%]\oleext.dll
[%SYSTEM%]\oleext32.dll
[%SYSTEM%]\page.htm
[%SYSTEM%]\perflibs__
[%SYSTEM%]\phqghume.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\reger.exe
[%SYSTEM%]\regperf.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\shellgui32.dll
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\svehost.exe
[%SYSTEM%]\sywsvcs.exe
[%SYSTEM%]\taskdir.dll
[%SYSTEM%]\taskdir.exe
[%SYSTEM%]\taskdir~.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\thlwin32.dll
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\voblaizdupla.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\winlogon.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\wldr.dll
[%SYSTEM%]\wp.bmp
[%SYSTEM%]\wppp.html
[%SYSTEM%]\wstart.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\zlbw.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\desktop.html
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\inetloader.dll
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\screen.html
[%WINDOWS%]\secure32.html
[%WINDOWS%]\sites.ini
[%WINDOWS%]\susp.exe
[%WINDOWS%]\svchosts.dll
[%WINDOWS%]\tool1.exe
[%WINDOWS%]\tool2.exe
[%WINDOWS%]\tool3.exe
[%WINDOWS%]\tool4.exe
[%WINDOWS%]\tool5.exe
[%WINDOWS%]\uninstDsk.exe
[%WINDOWS%]\uninstIU.exe
[%WINDOWS%]\web\desktop.html
[%WINDOWS%]\WUPDMGR.EXE
[%WINDOWS%]\ZServ.dll
[%COMMON_DESKTOPDIRECTORY%]\Online Security Center.url
[%COMMON_DESKTOPDIRECTORY%]\Online Security Guide.url
[%COMMON_DESKTOPDIRECTORY%]\Security Troubleshooting.url
[%COMMON_FAVORITES%]\Antivirus Test Online.url
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_STARTMENU%]\Anti SPAM.url
[%COMMON_STARTMENU%]\Computer Security.url
[%COMMON_STARTMENU%]\Online Security Center.url
[%COMMON_STARTMENU%]\Online Security Guide.url
[%COMMON_STARTMENU%]\Security Troubleshooting.url
[%DESKTOP%]\Blackjack.url
[%DESKTOP%]\REMOVE SPYWARE.url
[%DESKTOP%]\remove.exe
[%DESKTOP%]\SpySheriff.lnk
[%DESKTOP%]\Trust Cleaner.lnk
[%DESKTOP%]\VIDEO.EXE
[%FAVORITES%]\Alprazolam.url
[%FAVORITES%]\Antivirus Test Online.url
[%FAVORITES%]\Free XXX Sites List.url
[%FAVORITES%]\Job Search.url
[%FAVORITES%]\Network Security.url
[%FAVORITES%]\online dating.url
[%FAVORITES%]\Online Gambling.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\Remove Spyware.url
[%FAVORITES%]\Spam Filters.url
[%FAVORITES%]\Take It Here - Daily Updated Porn Links.url
[%FAVORITES%]\Web Detective.url
[%PROFILE%]\cmd.exe
[%PROFILE%]\start
[%PROGRAM_FILES%]\AlfaCleaner\digsign.db
[%PROGRAM_FILES%]\Security Toolbar\Security Toolbar.dll
[%PROGRAM_FILES%]\Security Toolbar\Uninstall.bat
[%PROGRAM_FILES%]\SpySheriff\base.avd
[%PROGRAM_FILES%]\SpySheriff\base001.avd
[%PROGRAM_FILES%]\SpySheriff\base002.avd
[%PROGRAM_FILES%]\SpySheriff\found.wav
[%PROGRAM_FILES%]\SpySheriff\heur000.dll
[%PROGRAM_FILES%]\SpySheriff\heur001.dll
[%PROGRAM_FILES%]\SpySheriff\heur002.dll
[%PROGRAM_FILES%]\SpySheriff\heur003.dll
[%PROGRAM_FILES%]\SpySheriff\notfound.wav
[%PROGRAM_FILES%]\SpySheriff\removed.wav
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.dvm
[%PROGRAM_FILES%]\SpySheriff\SpySheriff.exe
[%PROGRAM_FILES%]\SpySheriff\Uninstall.exe
[%PROGRAM_FILES%]\SpyTrooper\Uninstall.exe
[%PROGRAM_FILES%]\SpywareQuake\blacklist.txt
[%PROGRAM_FILES%]\SpywareQuake\msvcp71.dll
[%PROGRAM_FILES%]\SpywareQuake\msvcr71.dll
[%PROGRAM_FILES%]\SpywareQuake\ref.dat
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.exe
[%PROGRAM_FILES%]\SpywareQuake\SpywareQuake.url
[%PROGRAM_FILES%]\SpywareQuake\uninst.exe
[%PROGRAM_FILES%]\SpywareStrike\SpywareStrike.exe
[%PROGRAM_FILES%]\SpywareStrike\spywarestrike.ini
[%STARTMENU%]\SpywareStrike 2.5.lnk
[%SYSTEM%]\a.exe
[%SYSTEM%]\adobepnl.dll
[%SYSTEM%]\alxres.dll
[%SYSTEM%]\appmagr.dll
[%SYSTEM%]\atmclk.exe
[%SYSTEM%]\atmtd.dll
[%SYSTEM%]\atmtd.dll._
[%SYSTEM%]\bridge.dll
[%SYSTEM%]\CWS_iestart.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\dcomcfg.exe
[%SYSTEM%]\dfrgsrv.exe
[%SYSTEM%]\dxmpp.dll
[%SYSTEM%]\dxole32.exe
[%SYSTEM%]\hvnwm.dll
[%SYSTEM%]\intel32.exe
[%SYSTEM%]\intell32.exe
[%SYSTEM%]\ishost.exe
[%SYSTEM%]\ismon.exe
[%SYSTEM%]\isnotify.exe
[%SYSTEM%]\issearch.exe
[%SYSTEM%]\ixt0.dll
[%SYSTEM%]\ixt1.dll
[%SYSTEM%]\ixt2.dll
[%SYSTEM%]\ixt3.dll
[%SYSTEM%]\ixt4.dll
[%SYSTEM%]\ixt5.dll
[%SYSTEM%]\ixt6.dll
[%SYSTEM%]\ixt7.dll
[%SYSTEM%]\ixt8.dll
[%SYSTEM%]\ixt9.dll
[%SYSTEM%]\jao.dll
[%SYSTEM%]\kernels32.exe
[%SYSTEM%]\kernels8.exe
[%SYSTEM%]\lcch.dat
[%SYSTEM%]\mirarsearch_toolbar.exe
[%SYSTEM%]\mscornet.exe
[%SYSTEM%]\msmsgs.exe
[%SYSTEM%]\msole32.exe
[%SYSTEM%]\mswinb32.dll
[%SYSTEM%]\mswinb32.exe
[%SYSTEM%]\mswinup32.dll
[%SYSTEM%]\notepad.exe
[%SYSTEM%]\nvctrl.exe
[%SYSTEM%]\oleadm.dll
[%SYSTEM%]\oleext.dll
[%SYSTEM%]\oleext32.dll
[%SYSTEM%]\page.htm
[%SYSTEM%]\perflibs__
[%SYSTEM%]\phqghume.exe
[%SYSTEM%]\qjrkvy.exe
[%SYSTEM%]\questmod.dll
[%SYSTEM%]\reger.exe
[%SYSTEM%]\regperf.exe
[%SYSTEM%]\repigsp.exe
[%SYSTEM%]\runsrv32.dll
[%SYSTEM%]\runsrv32.exe
[%SYSTEM%]\shell386.exe
[%SYSTEM%]\shellgui32.dll
[%SYSTEM%]\SUSP.exe
[%SYSTEM%]\svehost.exe
[%SYSTEM%]\sywsvcs.exe
[%SYSTEM%]\taskdir.dll
[%SYSTEM%]\taskdir.exe
[%SYSTEM%]\taskdir~.exe
[%SYSTEM%]\tcpservice2.exe
[%SYSTEM%]\thlwin32.dll
[%SYSTEM%]\txfdb32.dll
[%SYSTEM%]\udpmod.dll
[%SYSTEM%]\users32.exe
[%SYSTEM%]\voblaizdupla.exe
[%SYSTEM%]\winapi32.dll
[%SYSTEM%]\winbl32.dll
[%SYSTEM%]\winflash.dll
[%SYSTEM%]\winlfl32.dll
[%SYSTEM%]\winlogon.exe
[%SYSTEM%]\winsrv32.exe
[%SYSTEM%]\wldr.dll
[%SYSTEM%]\wp.bmp
[%SYSTEM%]\wppp.html
[%SYSTEM%]\wstart.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\yephk.dll
[%SYSTEM%]\zlbw.dll
[%WINDOWS%]\alexaie.dll
[%WINDOWS%]\alxie328.dll
[%WINDOWS%]\alxtb1.dll
[%WINDOWS%]\BTGrab.dll
[%WINDOWS%]\desktop.html
[%WINDOWS%]\dlmax.dll
[%WINDOWS%]\inetloader.dll
[%WINDOWS%]\Pynix.dll
[%WINDOWS%]\screen.html
[%WINDOWS%]\secure32.html
[%WINDOWS%]\sites.ini
[%WINDOWS%]\susp.exe
[%WINDOWS%]\svchosts.dll
[%WINDOWS%]\tool1.exe
[%WINDOWS%]\tool2.exe
[%WINDOWS%]\tool3.exe
[%WINDOWS%]\tool4.exe
[%WINDOWS%]\tool5.exe
[%WINDOWS%]\uninstDsk.exe
[%WINDOWS%]\uninstIU.exe
[%WINDOWS%]\web\desktop.html
[%WINDOWS%]\WUPDMGR.EXE
[%WINDOWS%]\ZServ.dll

Folders:
[%COMMON_PROGRAMS%]\WinHound spyware remover
[%PROGRAMS%]\SpySheriff
[%PROGRAMS%]\SpywareStrike
[%PROGRAM_FILES%]\alfacleaner
[%PROGRAM_FILES%]\Crystalys media
[%PROGRAM_FILES%]\P.S.Guard
[%PROGRAM_FILES%]\psguard
[%PROGRAM_FILES%]\Security Toolbar
[%PROGRAM_FILES%]\SpyAxe
[%PROGRAM_FILES%]\SpyFalcon
[%PROGRAM_FILES%]\spysheriff
[%PROGRAM_FILES%]\SpywareQuake
[%PROGRAM_FILES%]\SpywareStrike
[%PROGRAM_FILES%]\Trust Cleaner
[%PROGRAM_FILES%]\Virtual Maid
[%PROGRAM_FILES%]\WinHound

Registry Keys:
HKEY_CLASSES_ROOT\adobepnl.ADOBE_PANEL
HKEY_CLASSES_ROOT\band.MITBHO
HKEY_CLASSES_ROOT\CLSID\System
HKEY_CLASSES_ROOT\CLSID\VMHomepage
HKEY_CLASSES_ROOT\CLSID\VMHomepage.1
HKEY_CLASSES_ROOT\CLSID\{00000000-59D4-4008-9058-080011001200}
HKEY_CLASSES_ROOT\CLSID\{00000000-C1EC-0345-6EC2-4D0300000000}
HKEY_CLASSES_ROOT\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_CLASSES_ROOT\clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}
HKEY_CLASSES_ROOT\CLSID\{05a91164-3c96-47d6-aa74-2c855791b2d0}
HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}
HKEY_CLASSES_ROOT\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}
HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ED-A336-8BBA43373BE6}
HKEY_CLASSES_ROOT\CLSID\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D}
HKEY_CLASSES_ROOT\CLSID\{15DC7116-E58E-4395-A45A-A1C99B17C030}
HKEY_CLASSES_ROOT\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}
HKEY_CLASSES_ROOT\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}
HKEY_CLASSES_ROOT\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}
HKEY_CLASSES_ROOT\CLSID\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
HKEY_CLASSES_ROOT\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}
HKEY_CLASSES_ROOT\CLSID\{210b4043-35ca-4aa0-8796-191f9663dfb3}
HKEY_CLASSES_ROOT\CLSID\{210b4043-35ca-4aa0-8796-191f9663dfb3}
HKEY_CLASSES_ROOT\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}
HKEY_CLASSES_ROOT\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}
HKEY_CLASSES_ROOT\CLSID\{24E27EA9-FCF3-444F-BD80-20543BA5D946}
HKEY_CLASSES_ROOT\CLSID\{2513A321-CB50-4C5F-91C5-80342AFACFB1}
HKEY_CLASSES_ROOT\CLSID\{27150F81-0877-42E9-AF13-55E5A3439A26}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}
HKEY_CLASSES_ROOT\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}
HKEY_CLASSES_ROOT\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}
HKEY_CLASSES_ROOT\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}
HKEY_CLASSES_ROOT\CLSID\{35a88e51-b53d-43e9-b8a7-75d4c31b4676}
HKEY_CLASSES_ROOT\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}
HKEY_CLASSES_ROOT\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}
HKEY_CLASSES_ROOT\CLSID\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}
HKEY_CLASSES_ROOT\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}
HKEY_CLASSES_ROOT\CLSID\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}
HKEY_CLASSES_ROOT\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}
HKEY_CLASSES_ROOT\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}
HKEY_CLASSES_ROOT\CLSID\{52034AD2-914C-4634-B375-9299631E5525}
HKEY_CLASSES_ROOT\CLSID\{55059d4f-a1ac-4837-ae07-4859101f598d}
HKEY_CLASSES_ROOT\CLSID\{5839511e-ec1b-4f91-ace3-fb88e52f5239}
HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}
HKEY_CLASSES_ROOT\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
HKEY_CLASSES_ROOT\CLSID\{5bc82bdb-bc03-4671-9a78-3ef2b68449de}
HKEY_CLASSES_ROOT\CLSID\{5E8FA924-DEF0-4E71-8A82-A11CA0C1413B}
HKEY_CLASSES_ROOT\CLSID\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}
HKEY_CLASSES_ROOT\CLSID\{62eb0924-19d2-4226-b4b9-8ad1f70904c1}
HKEY_CLASSES_ROOT\CLSID\{6379A99A-9102-446C-A837-0623E1810D75}
HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}
HKEY_CLASSES_ROOT\CLSID\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_CLASSES_ROOT\CLSID\{6ab7158b-4bff-4160-ad7d-4d622df548cf}
HKEY_CLASSES_ROOT\CLSID\{6af69c4d-420a-4c95-b34f-e4635f84f53b}
HKEY_CLASSES_ROOT\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}
HKEY_CLASSES_ROOT\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}
HKEY_CLASSES_ROOT\CLSID\{77701e16-9bfe-4b63-a5b4-7bd156758a37}
HKEY_CLASSES_ROOT\CLSID\{7a932ed2-1737-4ab8-b84d-c71779958551}
HKEY_CLASSES_ROOT\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}
HKEY_CLASSES_ROOT\CLSID\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_CLASSES_ROOT\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}
HKEY_CLASSES_ROOT\CLSID\{8333C319-0669-4893-A418-F56D9249FCA6}
HKEY_CLASSES_ROOT\CLSID\{89aef01d-d237-49c7-84dc-4e1904c1fd31}
HKEY_CLASSES_ROOT\CLSID\{89e4aaba-3b21-49b3-b922-8ca35193c68e}
HKEY_CLASSES_ROOT\CLSID\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}
HKEY_CLASSES_ROOT\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}
HKEY_CLASSES_ROOT\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1}
HKEY_CLASSES_ROOT\CLSID\{93ac7c30-3878-4eaa-9420-7977285df5b1}
HKEY_CLASSES_ROOT\CLSID\{957bab51-81ff-8195-f273-d7e286ea702f}
HKEY_CLASSES_ROOT\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}
HKEY_CLASSES_ROOT\CLSID\{A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
HKEY_CLASSES_ROOT\CLSID\{A40D9D65-5C09-421A-AFF8-2160D7ABD4E7}
HKEY_CLASSES_ROOT\CLSID\{aea3d2df-2b2c-4d7b-81a0-d975c6dc088e}
HKEY_CLASSES_ROOT\CLSID\{af3fd9a8-1287-4159-9212-9a5b4494af70}
HKEY_CLASSES_ROOT\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
HKEY_CLASSES_ROOT\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152}
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
HKEY_CLASSES_ROOT\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}
HKEY_CLASSES_ROOT\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}
HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}
HKEY_CLASSES_ROOT\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}
HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}
HKEY_CLASSES_ROOT\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}
HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}
HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}
HKEY_CLASSES_ROOT\CLSID\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}
HKEY_CLASSES_ROOT\CLSID\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
HKEY_CLASSES_ROOT\CLSID\{E0AA0493-C410-4CBD-B1DB-1723374FA8E0}
HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_CLASSES_ROOT\CLSID\{E52DEDBB-D168-4BDB-B229-C48160800E81}
HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}
HKEY_CLASSES_ROOT\CLSID\{E5D78BD8-3874-4AA0-9D45-CFB79382C484}
HKEY_CLASSES_ROOT\CLSID\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}
HKEY_CLASSES_ROOT\CLSID\{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}
HKEY_CLASSES_ROOT\CLSID\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa}
HKEY_CLASSES_ROOT\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}
HKEY_CLASSES_ROOT\CLSID\{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}
HKEY_CLASSES_ROOT\CLSID\{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}
HKEY_CLASSES_ROOT\CLSID\{FB153DCE-822E-47ec-8D00-2706E7864B37}
HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}
HKEY_CLASSES_ROOT\Interface\{159C2E50-9823-11D2-8DDC-D84A1B4ACD4D}
HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}
HKEY_CLASSES_ROOT\Interface\{5FD68FB1-7D4C-4803-AB57-382E5CE342BC}
HKEY_CLASSES_ROOT\Interface\{EF17C9F7-3ABD-48BA-BCD3-3ADD3C1B65E5}
HKEY_CLASSES_ROOT\MezziaCodec.Chl
HKEY_CLASSES_ROOT\NVideoCodek.Chl
HKEY_CLASSES_ROOT\TypeLib\{159C2E41-9823-11D2-8DDC-D84A1B4ACD4D}
HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}
HKEY_CLASSES_ROOT\TypeLib\{31F9B5A7-5B94-445D-922C-E97BF52F5FD7}
HKEY_CLASSES_ROOT\TypeLib\{B8CE2641-0F08-43A1-8F28-3AE65B395CB3}
HKEY_CLASSES_ROOT\TypeLib\{C13F6A43-3C5A-429A-87D5-3BBF60099CF0}
HKEY_CLASSES_ROOT\VMHomepage.1
HKEY_CURRENT_USER\Software\ADV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{159C2E51-9823-11D2-8DDC-D84A1B4ACD4D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27150F81-0877-42E9-AF13-55E5A3439A26}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6379A99A-9102-446C-A837-0623E1810D75}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
HKEY_CURRENT_USER\Software\SNO2
HKEY_CURRENT_USER\Software\Trust Cleaner
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold
HKEY_LOCAL_MACHINE\Software\Crystalys Media
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{27150f81-0877-42e9-af13-55e5a3439a26}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-C1EC-0345-6EC2-4D0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2520BA45-3D97-4864-82FF-F47F951727BA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27150F81-0877-42E9-AF13-55E5A3439A26}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E8FA924-DEF0-4E71-8A82-A11CA0C1413B}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f4c3d09-b3b9-4f88-aa82-31332fee1c08}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{686a161d-5bd1-4999-8832-6393f41e564c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AB7158B-4BFF-4160-AD7D-4D622DF548CF}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a932ed2-1737-4ab8-b84d-c71779958551}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7caf96a2-c556-460a-988e-76fc7895d284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D83B16E-0DE1-452B-AC52-96EC0B34AA4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3E7E8D3-0B97-4FF3-B1BD-DAB4B04CD697}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Uninstall
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Connection Update and HomeP KB234087
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trust Cleaner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}

Registry Values:
HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\software\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies

Removing Smitfraud.c:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Lazy.Admin Backdoor Symptoms
Removing MailSpam.Aenima DoS
Zlob.Fam.HQVideoCodec Trojan Information
Interneter Trojan Symptoms
Generic.MultiDropper Trojan Removal instruction

Posted by at No comments:

Startpage Trojan

Removing Startpage
Categories: Trojan,Adware,BHO,Backdoor,Hijacker,Toolbar,Downloader
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
Startpage Also known as:

[Kaspersky]Trojan.Win32.StartPage.y,Trojan.Win32.StartPage.aq,Trojan.Win32.StartPage.ix,Trojan.Win32.Krepper.p,Trojan-Downloader.Win32.Agent.jm,Trojan.Win32.StartPage.bg,Trojan.Win32.StartPage.aj,Trojan.Win32.StartPage.t,Trojan-Downloader.Win32.IstBar.ff,Trojan.Win32.StartPage.aia,Trojan-Downloader.Win32.Small.bxa,Trojan.Win32.StartPage.aks,Trojan.Win32.StartPage.qw,Exploit.JS.ActiveXComponent,Trojan.VBS.StartPage.be,Trojan.Win32.Startpage.aky,Trojan.Win32.StartPAge.alu,Trojan.Win32.StartPage.vr,Trojan.Win32.StartPage.is,Trojan.Win32.StartPage.uz,Trojan-Dropper.Win32.Agent.ow,Backdoor.Win32.Hupigon.ccp,Trojan.Win32.StartPage.po,Trojan.Win32.StarPage.amt,Trojan.Win32.StartPage.amn,Trojan.Win32.Kolweb.b,Trojan.Win32.BHO.f,Trojan.Win32.StartPage.amb,Trojan.Win32.StartPage.ba,Trojan-Clicker.Win32.Delf.ar,Porn-Tool.Win32.Clavusnet.b,Trojan.Win32.StartPage.agy,Trojan.Win32.StartPage.mu,Trojan.Win32.StartPage.zz,Trojan-Downlaoder.Win32.Small.rr,Trojan.BAT.StartPage.d,Trojan.Win32.StartPage.apw,Trojan.Win32.StartPage.arx,Trojan-Downloader.Win32.Hmir.du,Trojan.Win32.StartPage.amd,Trojan.Win32.Delf.cf,Trojan.Win32.StartPage.ag;
[Eset]Win32/StartPage.Y trojan,Win32/StartPage.Y2 trojan,Win32/StartPage.GV trojan,Win32/StartPage.NAI trojan,Win32/Goweh.B trojan,Win32/StartPage.IX trojan,Win32/StartPage.IX1 trojan,Win32/StartPage.IS trojan,Win32/Krepper.Q trojan,Win32/StartPage.IV trojan;
[McAfee]StartPage-Q,StartPage-GX,StartPage-FO,Generic StartPage.j,StartPage-DU.dll.dr,StartPage-DU.dll,Adware-Altnet.dr,Adware-CWS,StartPage-Al.gen,StartPage-IW,StartPage-CD,Downloader-DS.b,Gpix.gen,StartPage-T,Generic RootKit.a,Downloader.gen.a,Generic Downloader.f;
[F-Prot]security risk or a "backdoor" program,W32/Downloader.BTL,W32/StartpageX.AJS,W32/Trojan.AHSX;
[Panda]Trojan Horse,Trj/StartPage.Y,Trj/StartPage.F,Trj/Krepper.A,Adware/DNSErr,Trj/Bookmark.B,Trj/Downloader.AJ,Trj/Conspy.B,Trj/Tofger.J,Trj/StartPage.BF,Trj/StartPage.IY,Trj/Startpage.DV,Trj/Runet.A,Trj/Harnig.B,Trj/Bookmark.A,Trj/Reler.A,Trj/Harnig.C,Trj/Startpage.BS,Adware/Adtomi,Trj/Startpage.DI,Trj/StartPage.EB,Trj/Downloader.DP,Trj/Krepper.C,Trj/StartPage.ID,Trj/StartPage.gen,Trj/Goweh.A,Trj/StartPage.FH,Trj/Kreeper.A,Trj/Krepper.F,Trj/SubSearch.C,Trj/Startpage.HO,Trj/StartPage.GU,Trj/StartPage.IN,Spyware/ISTbar,Trj/Startpage.HL,Trj/StartPage.BM,Trj/Sysgotem.B,Trj/Startpage.HV,Trj/Downloader.PM,Trj/StartPage.HT,Trj/Leritand.A,Trj/Leritand.C,Trj/StartPage.EH,Trj/StartPage.AB,Adware/Look2Me,Trj/Startpage.IF,Trj/StartPage.T;
[Computer Associates]Win32.Startpage.E,Win32/StartPage.Q!Trojan,Win32.Startpage.BC,Win32/StartPage.alpha!Trojan,Win32/StartPage.AQ!Trojan,Win32.Startpage.CI,Win32.Startpage.G,Win32.Startpage.Y,Win32/StartPage.G.Trojan,Win32/Startpage.Y!Trojan,Win32.Startpage.AN!downloader,Win32/Startpage.AN!Trojan,Win32.Startpage.BJ,Win32/ClearHosts.73728!Trojan,Win32.Startpage.AG,Win32/StartPage.AG!Trojan,Win32.Startpage.BJ!downloader,Win32/ClearHosts!Downloader,Win32.Startpage.AE,Win32/Startpage.21504!Trojan,Win32.Startpage.BL,Win32/StartPage.BL.5120!Trojan,Win32.Startpage.BV,Win32/QHosts!Trojan,Win32.Startpage.AQ,Win32/StartPage.tenbiz!Trojan,Win32.Startpage.AI,Win32/StartPage.6656!Trojan,Win32.Startpage.CB,Win32.Startpage.BA,Win32/StartPage.11776.A!Trojan,Win32.Startpage.AD,Win32.Startpage.CH!downloader,Win32/StartPage!Downloader,Win32.Startpage.AM,Win32/Startpage.AM!Trojan,Win32.Startpage.CQ,Win32/StartPage.Secure!Trojan,Win32/Startpage.AU!DLL!Trojan,Win32.Startpage.J,Win32/VB.dh!Trojan,Win32/Harnig.D!Trojan,Win32.Startpage.S,Win32/StartPage.8151!Trojan,Win32.Startpage.ME,Win32.Startpage.FZ,Win32/DlMersting.CG!Trojan,Win32.Startpage.FG,Win32/StartPage.couldnotfind!Dow,Win32.Startpage.GZ,Win32/StartPage.GZ!Trojan,Win32/StartPage.GZ.3072!Trojan,Win32.Startpage.FP,Win32.Startpage.BM,Win32/Digits.23104!Trojan,Win32/DlMersting.AI.30720!DLL!Tr,Win32/DlMersting.AJ.30720!DLL!Tr,Win32/DlMersting.AK.30720!Trojan,Win32/DlMersting.AL.30720!DLL!Tr,Win32/DlMersting.AN.30720!DLL!Tr,Win32/DlMersting.AW.30720!DLL!Tr,Win32/StartPage.FZ!BHO!Trojan,Win32/Startpage.FZ.30720!DLL!Tro,Win32/Startpage.FZ.31744.Trojan,Win32/Startpage.FZ!Trojan,Win32/StartPage.GZ!BHO!Trojan,Win32/Startpage.GZ1!Trojan,Win32.Startpage.MH,Win32/Startpage.205824!Trojan,Win32.Startpage.IU,Win32/StartPage.ku!Trojan,Win32.Startpage.HE,Win32/StartPage.HT!Trojan,Win32.Startpage.GS,Win32/StartPage.freeticket!Troja,Win32.Startpage.HB,Win32/Startpage.7680!Worm,Win32.Startpage.GT,Win32.Startpage.HM,Win32/Startpage.GC!Trojan,Win32/DlMersting.AY.30720!DLL!Tr,Win32.Startpage.CN,Win32/Startpage.EB!Trojan,Win32.Startpage.GU!downloader,Win32/Startpage.DV!Downloader,Win32.Startpage.DP,Win32/StartPage.defaultsearching,Win32.Startpage.IM,Win32/StartPage.EH!DLL!Trojan,Win32.Startpage.HR,Win32/Startpage.HR!Trojan,Win32.Startpage.GO,Win32/Startpage.Nopop!Trojan,Win32.Startpage.HX,Win32.Startpage.EH,Win32.Startpage.FO,Win32/Startpage.FO.Trojan,Win32.Startpage.GF,Win32.Startpage.GG,Win32.Startpage.AV,Win32.Startpage.KF,Win32.Startpage.JG,Win32.Startpage.HA,Win32.Startpage.HI,Win32.Startpage.GK,Win32.Startpage.NF,Win32.Startpage.NI,Win32/StartPage.35840.A!Trojan,Win32/StartPage.HI!Trojan,Win32/Startpage.HX.Trojan,Win32/Startpage!Trojan,Win32.Startpage,Win32/Startpage.X!Trojan,Win32.Startpage.X,Win32/StartPage.t!Trojan,Win32.Startpage.D;
[Other]TROJ_AGENT.NR,Win32/Malum.IIB,TROJ_CLICKER.AP,Win32/StartPage.UR,Win32/Startpage.UT,Trojan.StartPage,HTML.StartPage.US,JS.StartPage,VBS/StartPage.UZ,Win32/Startpage.US,Adware.Roogoo,Win32/Startpage.VB,Win32/Startpage.FZ,Trojan.StartPage.M,Win32/Startpage.NS,CWS.DesktopHijack,PremiumSearch,Trojan Horse,Win32/Startpage.VK,Win32/Startpage.VY,Adware.MyCustomIE,Trojan:Win32/Startpage.PO,W32/Startpage.AXX,Trojan.Win32.StartPage.po,coolsearch hijacker,W32/Startpage.EAR,Win32/Startpage.VU,Adware.Margoc,Win32/Startpage.VW,Win32/Startpage.VF,Win32/Startpage.WF,Win32/Startpage.WG,Win32/Startpage.WQ,Adware.MainSearch,Trojan:Win32/Nethost.A,Win32/Startpage.WZ,Win32/Startpage.WS,Win32/Startpage.XJ,Win32/Startpage.JB,Win32/Startpage.XW,Win32/Startpage.OU,W32/Agent.ZE,Win32/Startpage.YD,TROJ_AGENT.WSI,Win32/Startpage.YI,Trojan:Win32/Anomaly.gen!B,Hijacker.StartPage.apw,Win32/Startpage.YM,Win32/Startpage.YT,Trojan:Win32/Meredrop,Mal/Basine-C,Trojan.Farfli,W32.Spybot.Worm,Win32/Startpage.YX,Trojan:Win32/Startpage,W32/Startpage.ERA,Possible_Virus
Visible Symptoms:
Files in system folders:
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe

How to detect Startpage:

Files:
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe
[%COMMON_APPDATA%]\Tools\tools.dll
[%COMMON_FAVORITES%]\Anti Spyware Soft.url
[%COMMON_FAVORITES%]\avir.ico
[%COMMON_FAVORITES%]\Buy Viagra Online.url
[%COMMON_FAVORITES%]\Cheap Viagra.url
[%COMMON_FAVORITES%]\cialis.ico
[%COMMON_FAVORITES%]\Email Spam Filter.url
[%COMMON_FAVORITES%]\Free Online Casino.url
[%COMMON_FAVORITES%]\gamb.ico
[%COMMON_FAVORITES%]\nospam.ico
[%COMMON_FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%COMMON_FAVORITES%]\Online Directory of Pure Porn.url
[%COMMON_FAVORITES%]\Online Pharmacy.url
[%COMMON_FAVORITES%]\Online Poker.url
[%COMMON_FAVORITES%]\Play in the most popular online casino.url
[%COMMON_FAVORITES%]\poker.ico
[%COMMON_FAVORITES%]\Spyware Remover.url
[%COMMON_FAVORITES%]\spyware.ico
[%COMMON_FAVORITES%]\tgf.ico
[%COMMON_FAVORITES%]\viag.ico
[%FAVORITES%]\Anti Spyware Soft.url
[%FAVORITES%]\avir.ico
[%FAVORITES%]\cialis.ico
[%FAVORITES%]\Email Spam Filter.url
[%FAVORITES%]\gamb.ico
[%FAVORITES%]\nospam.ico
[%FAVORITES%]\Online AntiVirus and Spyware Remover.url
[%FAVORITES%]\Online Pharmacy.url
[%FAVORITES%]\poker.ico
[%FAVORITES%]\shopping\shopping.url
[%FAVORITES%]\Spyware Remover.url
[%FAVORITES%]\spyware.ico
[%FAVORITES%]\tgf.ico
[%FAVORITES%]\viag.ico
[%PROFILE_TEMP%]\avicodec.exe
[%PROFILE_TEMP%]\restsrv32a.sys
[%PROGRAM_FILES%]\internet explorer\ieengine.exe
[%PROGRAM_FILES%]\internet explorer\signup\presario.htm
[%SYSTEM%]\winupd.exe
[%SYSTEM%]\yxuce.dll
[%WINDOWS%]\cl2.exe
[%WINDOWS%]\enewsletterpro.exe
[%WINDOWS%]\hh.htt
[%COMMON_FAVORITES%]\Free Real-time Dating Service.url
[%COMMON_FAVORITES%]\freedating.ico
[%DESKTOP%]\ppime.exe
[%FAVORITES%]\Buy Viagra Online.url
[%FAVORITES%]\Cheap Viagra.url
[%FAVORITES%]\Free Online Casino.url
[%FAVORITES%]\Free Real-time Dating Service.url
[%FAVORITES%]\freedating.ico
[%FAVORITES%]\Online Directory of Pure Porn.url
[%FAVORITES%]\Online Poker.url
[%FAVORITES%]\Play in the most popular online casino.url
[%PROFILE%]\applic~1\setup\setup.dll
[%PROFILE_TEMP%]\se.dll
[%PROFILE_TEMP%]\wpytcnwrobw.dll
[%STARTUP%]\msupdate.exe
[%STARTUP%]\winlogin.exe
[%SYSTEM%]\576bz7yyii.dll
[%SYSTEM%]\7i0s705ifzz.dll
[%SYSTEM%]\9f2ns2sk8wlkk5.dll
[%SYSTEM%]\9qbqe.dll
[%SYSTEM%]\a5i0oof7t7dm.dll
[%SYSTEM%]\abfgoke.dll
[%SYSTEM%]\abo.dll
[%SYSTEM%]\actsie4.exe
[%SYSTEM%]\ael.dll
[%SYSTEM%]\akleaa.dll
[%SYSTEM%]\albgjd.dll
[%SYSTEM%]\bcfjp.dll
[%SYSTEM%]\blbff.dll
[%SYSTEM%]\bnijea.dll
[%SYSTEM%]\bootconf.exe
[%SYSTEM%]\cenbna.dll
[%SYSTEM%]\cjcan.dll
[%SYSTEM%]\clnfg.dll
[%SYSTEM%]\dbdegea.dll
[%SYSTEM%]\dflnca.dll
[%SYSTEM%]\dnnlk.dll
[%SYSTEM%]\drivers\paraudio.sys
[%SYSTEM%]\ebkh.dll
[%SYSTEM%]\enijbaa.dll
[%SYSTEM%]\exp1orer.exe
[%SYSTEM%]\f5u5154vus.dll
[%SYSTEM%]\faaa.dll
[%SYSTEM%]\fikol.dll
[%SYSTEM%]\ggigbca.dll
[%SYSTEM%]\ghpkea.dll
[%SYSTEM%]\gopmkc.dll
[%SYSTEM%]\hfglhh.dll
[%SYSTEM%]\hgcn.dll
[%SYSTEM%]\hipewr5.exe
[%SYSTEM%]\hjam.dll
[%SYSTEM%]\hllo.dll
[%SYSTEM%]\hlp.dll
[%SYSTEM%]\hpagc.dll
[%SYSTEM%]\ihol.dll
[%SYSTEM%]\ijmdnp.dll
[%SYSTEM%]\jajig.dll
[%SYSTEM%]\jfcbjp.dll
[%SYSTEM%]\jfdjgaa.dll
[%SYSTEM%]\jj78208.exe
[%SYSTEM%]\jmleib.dll
[%SYSTEM%]\jnmnnhc.dll
[%SYSTEM%]\joac.dll
[%SYSTEM%]\jomdj.dll
[%SYSTEM%]\jsconsole.dll
[%SYSTEM%]\jw09tin.exe
[%SYSTEM%]\kbdko.dll
[%SYSTEM%]\kea.dll
[%SYSTEM%]\kfe.dll
[%SYSTEM%]\kpnlgd.dll
[%SYSTEM%]\lfphaea.dll
[%SYSTEM%]\lgif.dll
[%SYSTEM%]\lj7i5x.dll
[%SYSTEM%]\lkkmhn.dll
[%SYSTEM%]\lll.dll
[%SYSTEM%]\lnhf.dll
[%SYSTEM%]\lomio.dll
[%SYSTEM%]\lpp.dll
[%SYSTEM%]\matrixhere.exe
[%SYSTEM%]\mbpbfc.dll
[%SYSTEM%]\moneyspj.exe
[%SYSTEM%]\msdoh.dll
[%SYSTEM%]\msspi.dll
[%SYSTEM%]\ncdjoka.dll
[%SYSTEM%]\nld.dll
[%SYSTEM%]\ntldr.exe
[%SYSTEM%]\oalgeec.dll
[%SYSTEM%]\ohnl.dll
[%SYSTEM%]\oplenh.dll
[%SYSTEM%]\pbm.dll
[%SYSTEM%]\pbpb.dll
[%SYSTEM%]\pmgafcc.dll
[%SYSTEM%]\pwl4uoo95kl5.dll
[%SYSTEM%]\QuickTime1.tx
[%SYSTEM%]\QuickTimer1.exe
[%SYSTEM%]\rcoujxlbka.dll
[%SYSTEM%]\regsvrac32.dll
[%SYSTEM%]\restsrv32a.sys
[%SYSTEM%]\SASS.EXE
[%SYSTEM%]\sndbdrv3104.exe
[%SYSTEM%]\sysstartup.exe
[%SYSTEM%]\upyyjl.exe
[%SYSTEM%]\usbhdctl.exe
[%SYSTEM%]\wdmeaii.dll
[%SYSTEM%]\winmla32.exe
[%SYSTEM%]\winmm64.exe
[%SYSTEM%]\Www.LookSoft.Net.dll
[%SYSTEM%]\Www.LookSoft.Net.exe
[%WINDOWS%]\default.css
[%WINDOWS%]\madopew.dll
[%WINDOWS%]\mwshelp.dll
[%WINDOWS%]\restsrv32a.sys
[%WINDOWS%]\run33.exe
[%WINDOWS%]\system\9xzc9d0zi98.dll
[%WINDOWS%]\system\a6z95lih1r9vd.dll
[%WINDOWS%]\system\adgjmpsv.dll
[%WINDOWS%]\system\adrerbcs.exe
[%WINDOWS%]\system\bootconf.exe
[%WINDOWS%]\system\chdekfb.dll
[%WINDOWS%]\system\dhoh.dll
[%WINDOWS%]\system\dla.dll
[%WINDOWS%]\system\flplcg.dll
[%WINDOWS%]\system\hsjnn86uhnvu.dll
[%WINDOWS%]\system\kfeehaa.dll
[%WINDOWS%]\system\kjjo.dll
[%WINDOWS%]\system\lpcoen.dll
[%WINDOWS%]\system\matrixhere.exe
[%WINDOWS%]\system\msspi.dll
[%WINDOWS%]\system\oofndd.dll
[%WINDOWS%]\system\pboola.dll
[%WINDOWS%]\system\pod.dll
[%WINDOWS%]\system\soundmx.exe
[%WINDOWS%]\system\sysstartup.exe
[%WINDOWS%]\system\winupd.exe
[%WINDOWS%]\win86.exe

Folders:
[%PROGRAMS%]\clocksync
[%STARTMENU%]\programs\clocksync
[%PROGRAMS%]\psguard spyware remover

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}
HKEY_CLASSES_ROOT\interface\{5cde145a-b6b9-408d-a8cc-f9ca040ba7a4}
HKEY_CLASSES_ROOT\interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
HKEY_CLASSES_ROOT\winres.windowsresources.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{54f7fd6e-e782-4f9f-8ff0-677090048729}
HKEY_CLASSES_ROOT\avecore.foundcollection
HKEY_CLASSES_ROOT\avecore.foundcollection.1
HKEY_CLASSES_ROOT\avecore.foundobject
HKEY_CLASSES_ROOT\avecore.foundobject.1
HKEY_CLASSES_ROOT\avecore.killedprocessescollection
HKEY_CLASSES_ROOT\avecore.killedprocessescollection.1
HKEY_CLASSES_ROOT\avecore.killedprocessinfo
HKEY_CLASSES_ROOT\avecore.killedprocessinfo.1
HKEY_CLASSES_ROOT\avecore.license
HKEY_CLASSES_ROOT\avecore.license.1
HKEY_CLASSES_ROOT\avecore.options
HKEY_CLASSES_ROOT\avecore.options.1
HKEY_CLASSES_ROOT\avecore.quarantine
HKEY_CLASSES_ROOT\avecore.quarantine.1
HKEY_CLASSES_ROOT\avecore.realtime
HKEY_CLASSES_ROOT\avecore.realtime.1
HKEY_CLASSES_ROOT\avecore.rtobject
HKEY_CLASSES_ROOT\avecore.rtobject.1
HKEY_CLASSES_ROOT\avecore.safemode
HKEY_CLASSES_ROOT\avecore.safemode.1
HKEY_CLASSES_ROOT\avecore.scaner
HKEY_CLASSES_ROOT\avecore.scaner.1
HKEY_CLASSES_ROOT\avecore.scanstatistic
HKEY_CLASSES_ROOT\avecore.scanstatistic.1
HKEY_CLASSES_ROOT\avecore.theapp
HKEY_CLASSES_ROOT\avecore.theapp.1
HKEY_CLASSES_ROOT\avecore.update
HKEY_CLASSES_ROOT\avecore.update.1
HKEY_CLASSES_ROOT\avecore.updateinfo
HKEY_CLASSES_ROOT\avecore.updateinfo.1
HKEY_CLASSES_ROOT\avecore.versioninfo
HKEY_CLASSES_ROOT\avecore.versioninfo.1
HKEY_CLASSES_ROOT\clsid\{04f3168f-5afc-4531-b3b4-16ca93720415}
HKEY_CLASSES_ROOT\clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}
HKEY_CLASSES_ROOT\clsid\{09d62e7b-f1a0-46bf-a5ae-eff9e2e22d89}
HKEY_CLASSES_ROOT\clsid\{09e22647-aed1-4025-9940-9234b091caa3}
HKEY_CLASSES_ROOT\clsid\{17016049-c758-4710-a3e8-2800c0c57f0f}
HKEY_CLASSES_ROOT\clsid\{187a8428-bd94-470d-a178-a2347f940519}
HKEY_CLASSES_ROOT\clsid\{2865930b-4588-4ff3-8227-6d4f66c92c7a}
HKEY_CLASSES_ROOT\clsid\{286b4be8-5aab-443c-806a-da7c4064e699}
HKEY_CLASSES_ROOT\clsid\{2d04df1a-015e-4b14-997a-1d9efe429b36}
HKEY_CLASSES_ROOT\clsid\{2e817c58-8b6e-42c1-8fe5-35164212b660}
HKEY_CLASSES_ROOT\clsid\{2fe2edc0-9e62-4f34-8a73-bc66dae48ef3}
HKEY_CLASSES_ROOT\clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}
HKEY_CLASSES_ROOT\clsid\{3a3a8c24-8ff0-4140-9731-54d9483ea70b}
HKEY_CLASSES_ROOT\clsid\{3a906593-b4bd-48ed-84b0-3249bed65ef9}
HKEY_CLASSES_ROOT\clsid\{453125c3-7a5e-4581-808c-a70eea670a9b}
HKEY_CLASSES_ROOT\clsid\{49b72a72-01f5-4ae8-bbd7-daa67f1e303b}
HKEY_CLASSES_ROOT\clsid\{4fa2b39b-a7da-983c-68e6-5b095a4118fd}
HKEY_CLASSES_ROOT\clsid\{59e2d3c2-ab30-4295-b301-8849a2166e8c}
HKEY_CLASSES_ROOT\clsid\{60371670-81b9-4d06-9c42-4dec1aabe62b}
HKEY_CLASSES_ROOT\clsid\{6ae3aca6-1be3-4443-98dd-effcfa793d35}
HKEY_CLASSES_ROOT\clsid\{71bafe05-b6c5-49db-9c61-397a60343877}
HKEY_CLASSES_ROOT\clsid\{771f4f1f-643b-4049-a6d5-bca4583424c2}
HKEY_CLASSES_ROOT\clsid\{787dec39-69d0-40b3-b173-e0411c59b300}
HKEY_CLASSES_ROOT\clsid\{79ddf2ef-d881-464b-b2af-5af8816a3964}
HKEY_CLASSES_ROOT\clsid\{8066d67f-7f83-48aa-9edb-faf24d51a76b}
HKEY_CLASSES_ROOT\clsid\{813c8e86-4c90-4617-b59e-e130cc068140}
HKEY_CLASSES_ROOT\clsid\{825862c3-abef-49f1-a243-df8ea3d281d6}
HKEY_CLASSES_ROOT\clsid\{89133bce-57d0-4d2b-afaf-a97b74ad704e}
HKEY_CLASSES_ROOT\clsid\{8f40cc34-fe77-4618-aa3d-bd2efacaa8dc}
HKEY_CLASSES_ROOT\clsid\{8fa142a3-b637-4d4d-ade9-9a205e69cc1e}
HKEY_CLASSES_ROOT\clsid\{9f89e240-06a6-4e1c-ba84-f267de7db391}
HKEY_CLASSES_ROOT\clsid\{b60a0e56-548d-40ae-9383-d752531f653f}
HKEY_CLASSES_ROOT\clsid\{b67b0756-2528-4996-b4bd-c993614cc0b6}
HKEY_CLASSES_ROOT\clsid\{bbe6c0f6-e4a2-410a-9f2c-22aed33eff75}
HKEY_CLASSES_ROOT\clsid\{bcc51ea9-6340-4ebe-8736-13a752ecb0be}
HKEY_CLASSES_ROOT\clsid\{bf333890-39cd-476c-94ec-29493712426c}
HKEY_CLASSES_ROOT\clsid\{c9f55255-0e99-41e6-b302-42ed7caccea5}
HKEY_CLASSES_ROOT\clsid\{cbefb350-ed5b-4115-b846-c1041676b388}
HKEY_CLASSES_ROOT\clsid\{d682d42e-be2c-4758-ab18-926d2e7553b8}
HKEY_CLASSES_ROOT\clsid\{d918e319-211b-42f7-a9d8-e204eab2d40f}
HKEY_CLASSES_ROOT\clsid\{e9719d38-ec55-4c8b-9df0-080ade95a9fa}
HKEY_CLASSES_ROOT\clsid\{fc36e6eb-7dc7-47c7-b5d6-563ceee4608e}
HKEY_CLASSES_ROOT\customie.bho
HKEY_CLASSES_ROOT\customie.bho.1
HKEY_CLASSES_ROOT\interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
HKEY_CLASSES_ROOT\interface\{9da65ff0-676f-48c7-9253-0020417f97ee}
HKEY_CLASSES_ROOT\typelib\{344ee577-2027-4714-82ff-0d7538488547}
HKEY_CLASSES_ROOT\typelib\{4947ddcc-d549-4d0b-9685-aa58b20e9642}
HKEY_CLASSES_ROOT\typelib\{aad9a825-7c82-4121-ab7c-c33be0853588}
HKEY_CLASSES_ROOT\winres.windowsresources
HKEY_CLASSES_ROOT\wndlayer.window
HKEY_CLASSES_ROOT\wndlayer.window.1
HKEY_CLASSES_ROOT\wndlayer.windowcollection
HKEY_CLASSES_ROOT\wndlayer.windowcollection.1
HKEY_CLASSES_ROOT\wndlayer.windowlayer
HKEY_CLASSES_ROOT\wndlayer.windowlayer.1
HKEY_CLASSES_ROOT\xmllib.xmldp
HKEY_CLASSES_ROOT\xmllib.xmldp.1
HKEY_CURRENT_USER\software\freeware\{ffb51760-344e-4ffb-bfff-4b18c7ac1d63}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d918e319-211b-42f7-a9d8-e204eab2d40f}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{ffb51760-344e-4ffb-bfff-4b18c7ac1d63}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{09d62e7b-f1a0-46bf-a5ae-eff9e2e22d89}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{09e22647-aed1-4025-9940-9234b091caa3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{286b4be8-5aab-443c-806a-da7c4064e699}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2d04df1a-015e-4b14-997a-1d9efe429b36}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e817c58-8b6e-42c1-8fe5-35164212b660}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{453125c3-7a5e-4581-808c-a70eea670a9b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59e2d3c2-ab30-4295-b301-8849a2166e8c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{60371670-81b9-4d06-9c42-4dec1aabe62b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8066d67f-7f83-48aa-9edb-faf24d51a76b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{825862c3-abef-49f1-a243-df8ea3d281d6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8fa142a3-b637-4d4d-ade9-9a205e69cc1e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bbe6c0f6-e4a2-410a-9f2c-22aed33eff75}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf333890-39cd-476c-94ec-29493712426c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c9f55255-0e99-41e6-b302-42ed7caccea5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cbefb350-ed5b-4115-b846-c1041676b388}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d918e319-211b-42f7-a9d8-e204eab2d40f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc36e6eb-7dc7-47c7-b5d6-563ceee4608e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bestsearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\psguard spyware remover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\xmllib
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_msqmx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msqmx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\paraudio

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CLASSES_ROOT\protocols\filter\text/html
HKEY_CLASSES_ROOT\protocols\filter\text/plain
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{524d5441-544e-524e-562d-474145575241}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{524d5441-544e-524e-562d-474145575241}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices

Removing Startpage:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Win32.Secdrop Trojan Cleaner
IRCBot Trojan Removal
Removing Backdoor.MagicPS Trojan
KidLogger Spyware Symptoms

Posted by at No comments:
Subscribe to: Posts (Atom)