Wednesday, October 15, 2008

CWS Adware

How To Remove Remove CWS?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CWS is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
CWS It also known as:

[Kaspersky]Backdoor.Sinit.c,Trojan.VBS.StartPage.e,Trojan.Win32.Delf.ch,Trojan.Win32.Fasny,Trojan.Win32.Finitow,Trojan.Win32.Ideach.d,Trojan.Win32.Krepper.f,Trojan.Win32.Krepper.j,Trojan.Win32.Madise.a,Trojan.Win32.StartPage.ar,Trojan.Win32.StartPage.au,Trojan.Win32.StartPage.bk,Trojan.Win32.StartPage.bn,Trojan.Win32.StartPage.df,Trojan.Win32.StartPage.t,Trojan.Win32.StartPage.y,Trojan.Win32.Trilon.a,TrojanClicker.Win32.Quicken,TrojanDownloader.Win32.Esepor.e,TrojanDownloader.Win32.IstBar.ai,TrojanDownloader.Win32.IstBar.as,TrojanDownloader.Win32.IstBar.cp,TrojanDownloader.Win32.Tooncom.a,TrojanDownloader.Win32.Tooncom.l,TrojanDownloader.Win32.Turown.h,TrojanDropper.Win32.Small.dk,TrojanDropper.Win32.Small.dr;
[Eset]VBS/StartPage.U.gen trojan,Win32/StartPage.DF trojan,Win32/Trilon.C trojan;
[Panda]Adware/DNSErr,Adware/IEDriver,Adware/PurityScan,Adware/SearchAid,Adware/ShowSearch,Adware/Twocc,Spyware/ISTbar,Trj/Bookmark.B,Trj/Bookmark.C,Trj/Conspy.E,Trj/Downloader.BT,Trj/Downloader.FG,Trj/StartPage.AI,Trj/StartPage.AT,Trj/StartPage.CS,Trj/StartPage.E,Trj/StartPage.EF,Trj/StartPage.F,Trj/StartPage.gen,Trj/StartPage.O,Trj/StartPage.R,Trojan Horse;
[Computer Associates]JS.CSSPopup.B,JS.CSSPopup.D,JScript/CSSPopup.B!Trojan,VBS.Startpage.AP,VBS/Startpage!Trojan,Win32.DlSmall.K,Win32.Startpage.AL!downloader,Win32.Startpage.AO,Win32.Startpage.BZ,Win32.Startpage.D,Win32.Startpage.EP,Win32.Startpage.O,Win32.Startpage.P,Win32.Startpage.Y,Win32.Winshow.G,Win32/Conspy!Trojan,Win32/DlSmall.K!Trojan,Win32/FakeSvc.C!Trojan,Win32/Hostidel.A!Trojan,Win32/Madise.BrowserHelper!Troja,Win32/Nosearch.A!Trojan,Win32/StartPage.CtrlPan!Trojan,Win32/StartPage.IDG!Trojan,Win32/StartPage.Mtwirl!Trojan,Win32/Startpage.O!Trojan,Win32/StartPage.P!Trojan,Win32/StartPage.Rfind!Trojan,Win32/StartPage.t!Trojan,Win32/StartPage.WebCool!Trojan,Win32/Startpage.Y!Trojan,Win32/Winshow!Downloader,Win32/Winshow.G!Trojan

CWS Symptoms:

Files:
[%COMMON_FAVORITES%]\Download Free Spyware Remover.url
[%COMMON_FAVORITES%]\NEW VIAGRA at Half Price!.url
[%COMMON_FAVORITES%]\Online Chat With Nude Girls.url
[%COMMON_FAVORITES%]\Order CIALIS online without leaving home..url
[%COMMON_FAVORITES%]\PC protection in under 2 minutes!.url
[%COMMON_FAVORITES%]\SEX Dating - Real Girls For Real SEX.url
[%COMMON_FAVORITES%]\Stop PopUps On Your Computer.url
[%COMMON_FAVORITES%]\VIAGRA at incredible low price. Bonus Pills!.url
[%COMMON_FAVORITES%]\View ADULT photos of REAL GIRLS!.url
[%FAVORITES%]\Download Free Spyware Remover.url
[%FAVORITES%]\NEW VIAGRA at Half Price!.url
[%FAVORITES%]\Online Chat With Nude Girls.url
[%FAVORITES%]\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
[%FAVORITES%]\Online Pharmacy\Cialis at HALF PRICE!.url
[%FAVORITES%]\Online Pharmacy\Fast Way To Loose Your Weight!.url
[%FAVORITES%]\Online Pharmacy\Guaranteed low price at Pills..url
[%FAVORITES%]\Online Pharmacy\SOMA at Special LOW PRICE.url
[%FAVORITES%]\Online Pharmacy\Tramadol Special Offer!.url
[%FAVORITES%]\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
[%FAVORITES%]\Order CIALIS online without leaving home..url
[%FAVORITES%]\PC protection in under 2 minutes!.url
[%FAVORITES%]\Sex and Dating\Meet Girls Who Want To Get Laid!.url
[%FAVORITES%]\Sex and Dating\Meet Horny Girls In Your Area!.url
[%FAVORITES%]\Sex and Dating\Read profiles and Chat With Nude Girls!.url
[%FAVORITES%]\Sex and Dating\SEX Dating - people looking for SEX.url
[%FAVORITES%]\Sex and Dating\View XXX photos of Real Sexy Girls..url
[%FAVORITES%]\SEX Dating - Real Girls For Real SEX.url
[%FAVORITES%]\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
[%FAVORITES%]\Spyware Uninstall\Free Spyware Scanner..url
[%FAVORITES%]\Spyware Uninstall\Search & Destroy Annoying Adware..url
[%FAVORITES%]\Spyware Uninstall\Stop PopUps on your PC..url
[%FAVORITES%]\Stop PopUps On Your Computer.url
[%FAVORITES%]\VIAGRA at incredible low price. Bonus Pills!.url
[%FAVORITES%]\View ADULT photos of REAL GIRLS!.url
[%SYSTEM%]\cidft.dll
[%SYSTEM%]\cidpoq32.dll
[%SYSTEM%]\gln.dll
[%SYSTEM%]\gupd.dll
[%SYSTEM%]\icqrt.dll
[%SYSTEM%]\icvbr.dll
[%SYSTEM%]\mtwcnl32.dll
[%SYSTEM%]\sdfup.dll
[%SYSTEM%]\search.hta
[%SYSTEM%]\toolband.dll
[%SYSTEM%]\wecxg32.dll
[%SYSTEM%]\xcwer32.dll
[%SYSTEM%]\zxmsn.dll
[%WINDOWS%]\olehelp.exe
[%APPDATA%]\vtoufrezpr.dll
[%DESKTOP%]\digital detective\tempfiles\iehost.exe
[%PROFILE%]\desktop\hijackthis\backup-20040406-234439-493.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-543.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-581.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-814.dll
[%PROFILE%]\desktop\hijackthis\backup-20040410-201416-150.dll
[%PROFILE%]\desktop\hijackthis\backup-20040411-194857-127.dll
[%PROFILE%]\desktop\hijackthis\backup-20040411-220816-602.dll
[%PROFILE%]\desktop\hijackthis\backup-20040412-154855-548.dll
[%PROFILE%]\desktop\hijackthis\backup-20040412-170335-416.dll
[%PROFILE%]\desktop\hijackthis\backup-20040415-200002-465.dll
[%PROFILE%]\desktop\hijackthis\backup-20040415-201903-397.dll
[%SYSTEM%]\1.00.07.dll
[%SYSTEM%]\bpln.dll
[%SYSTEM%]\coolwebsearch-info.dll
[%SYSTEM%]\crxa.exe
[%SYSTEM%]\delj.dll
[%SYSTEM%]\dnse.dll
[%SYSTEM%]\dnserr.dll
[%SYSTEM%]\dreplace.dll
[%SYSTEM%]\dxm8vb.dll
[%SYSTEM%]\excel10.dll
[%SYSTEM%]\famcff.dll
[%SYSTEM%]\gegnba.dll
[%SYSTEM%]\gejafa.dll
[%SYSTEM%]\googlems.dll
[%SYSTEM%]\hlmk.dll
[%SYSTEM%]\hst32.dll
[%SYSTEM%]\iefeatsl.dll
[%SYSTEM%]\iehost.exe
[%SYSTEM%]\iehost34.exe
[%SYSTEM%]\ietoolbar.dll
[%SYSTEM%]\jehmbyxrubdb.dll
[%SYSTEM%]\kha.dll
[%SYSTEM%]\kncjmlb.dll
[%SYSTEM%]\mid.dll
[%SYSTEM%]\mshelper.dll
[%SYSTEM%]\msiesh.dll
[%SYSTEM%]\mssearch.dll
[%SYSTEM%]\navext.dll
[%SYSTEM%]\oifhhio.dll
[%SYSTEM%]\oipa.dll
[%SYSTEM%]\opc.dll
[%SYSTEM%]\pnkeb.dll
[%SYSTEM%]\searchaddon.dll
[%SYSTEM%]\sqlbgb.dll
[%SYSTEM%]\submithook.dll
[%SYSTEM%]\sys_ext.dll
[%SYSTEM%]\wcadw.dll
[%SYSTEM%]\wcnl32.dll
[%SYSTEM%]\webinfo.dll
[%SYSTEM%]\wer1306.dll
[%SYSTEM%]\winlink.dll
[%SYSTEM%]\winres.dll
[%SYSTEM%]\wirl.dll
[%SYSTEM%]\word10.dll
[%WINDOWS%]\dpe.dll
[%WINDOWS%]\kk8pwxm634.exe
[%WINDOWS%]\navext.dll
[%WINDOWS%]\sys.reg
[%WINDOWS%]\system\1.00.07.dll
[%WINDOWS%]\system\autosearch.dll
[%WINDOWS%]\system\coolwebsearch-info.dll
[%WINDOWS%]\system\dnse.dll
[%WINDOWS%]\system\dnserr.dll
[%WINDOWS%]\system\dreplace.dll
[%WINDOWS%]\system\excel10.dll
[%WINDOWS%]\system\googlems.dll
[%WINDOWS%]\system\iefeatsl.dll
[%WINDOWS%]\system\ietoolbar.dll
[%WINDOWS%]\system\mgs_32.dll
[%WINDOWS%]\system\mshelper.dll
[%WINDOWS%]\system\msiesh.dll
[%WINDOWS%]\system\mssearch.dll
[%WINDOWS%]\system\navext.dll
[%WINDOWS%]\system\searchaddon.dll
[%WINDOWS%]\system\services.exe
[%WINDOWS%]\system\submithook.dll
[%WINDOWS%]\system\sys_ext.dll
[%WINDOWS%]\system\toolband.dll
[%WINDOWS%]\system\wcadw.dll
[%WINDOWS%]\system\webinfo.dll
[%WINDOWS%]\system\wer1306.dll
[%WINDOWS%]\system\winlink.dll
[%WINDOWS%]\system\winres.dll
[%WINDOWS%]\system\winspool.exe
[%WINDOWS%]\system\word10.dll
[%WINDOWS%]\web\tips.ini
[%COMMON_FAVORITES%]\Download Free Spyware Remover.url
[%COMMON_FAVORITES%]\NEW VIAGRA at Half Price!.url
[%COMMON_FAVORITES%]\Online Chat With Nude Girls.url
[%COMMON_FAVORITES%]\Order CIALIS online without leaving home..url
[%COMMON_FAVORITES%]\PC protection in under 2 minutes!.url
[%COMMON_FAVORITES%]\SEX Dating - Real Girls For Real SEX.url
[%COMMON_FAVORITES%]\Stop PopUps On Your Computer.url
[%COMMON_FAVORITES%]\VIAGRA at incredible low price. Bonus Pills!.url
[%COMMON_FAVORITES%]\View ADULT photos of REAL GIRLS!.url
[%FAVORITES%]\Download Free Spyware Remover.url
[%FAVORITES%]\NEW VIAGRA at Half Price!.url
[%FAVORITES%]\Online Chat With Nude Girls.url
[%FAVORITES%]\Online Pharmacy\CHEAPEST VIAGRA ONLINE.url
[%FAVORITES%]\Online Pharmacy\Cialis at HALF PRICE!.url
[%FAVORITES%]\Online Pharmacy\Fast Way To Loose Your Weight!.url
[%FAVORITES%]\Online Pharmacy\Guaranteed low price at Pills..url
[%FAVORITES%]\Online Pharmacy\SOMA at Special LOW PRICE.url
[%FAVORITES%]\Online Pharmacy\Tramadol Special Offer!.url
[%FAVORITES%]\Online Pharmacy\Try New VIAGRA! Works Faster and Longer!.url
[%FAVORITES%]\Order CIALIS online without leaving home..url
[%FAVORITES%]\PC protection in under 2 minutes!.url
[%FAVORITES%]\Sex and Dating\Meet Girls Who Want To Get Laid!.url
[%FAVORITES%]\Sex and Dating\Meet Horny Girls In Your Area!.url
[%FAVORITES%]\Sex and Dating\Read profiles and Chat With Nude Girls!.url
[%FAVORITES%]\Sex and Dating\SEX Dating - people looking for SEX.url
[%FAVORITES%]\Sex and Dating\View XXX photos of Real Sexy Girls..url
[%FAVORITES%]\SEX Dating - Real Girls For Real SEX.url
[%FAVORITES%]\Spyware Uninstall\Easy Detect and Uninstall Spyware..url
[%FAVORITES%]\Spyware Uninstall\Free Spyware Scanner..url
[%FAVORITES%]\Spyware Uninstall\Search & Destroy Annoying Adware..url
[%FAVORITES%]\Spyware Uninstall\Stop PopUps on your PC..url
[%FAVORITES%]\Stop PopUps On Your Computer.url
[%FAVORITES%]\VIAGRA at incredible low price. Bonus Pills!.url
[%FAVORITES%]\View ADULT photos of REAL GIRLS!.url
[%SYSTEM%]\cidft.dll
[%SYSTEM%]\cidpoq32.dll
[%SYSTEM%]\gln.dll
[%SYSTEM%]\gupd.dll
[%SYSTEM%]\icqrt.dll
[%SYSTEM%]\icvbr.dll
[%SYSTEM%]\mtwcnl32.dll
[%SYSTEM%]\sdfup.dll
[%SYSTEM%]\search.hta
[%SYSTEM%]\toolband.dll
[%SYSTEM%]\wecxg32.dll
[%SYSTEM%]\xcwer32.dll
[%SYSTEM%]\zxmsn.dll
[%WINDOWS%]\olehelp.exe
[%APPDATA%]\vtoufrezpr.dll
[%DESKTOP%]\digital detective\tempfiles\iehost.exe
[%PROFILE%]\desktop\hijackthis\backup-20040406-234439-493.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-543.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-581.dll
[%PROFILE%]\desktop\hijackthis\backup-20040409-002521-814.dll
[%PROFILE%]\desktop\hijackthis\backup-20040410-201416-150.dll
[%PROFILE%]\desktop\hijackthis\backup-20040411-194857-127.dll
[%PROFILE%]\desktop\hijackthis\backup-20040411-220816-602.dll
[%PROFILE%]\desktop\hijackthis\backup-20040412-154855-548.dll
[%PROFILE%]\desktop\hijackthis\backup-20040412-170335-416.dll
[%PROFILE%]\desktop\hijackthis\backup-20040415-200002-465.dll
[%PROFILE%]\desktop\hijackthis\backup-20040415-201903-397.dll
[%SYSTEM%]\1.00.07.dll
[%SYSTEM%]\bpln.dll
[%SYSTEM%]\coolwebsearch-info.dll
[%SYSTEM%]\crxa.exe
[%SYSTEM%]\delj.dll
[%SYSTEM%]\dnse.dll
[%SYSTEM%]\dnserr.dll
[%SYSTEM%]\dreplace.dll
[%SYSTEM%]\dxm8vb.dll
[%SYSTEM%]\excel10.dll
[%SYSTEM%]\famcff.dll
[%SYSTEM%]\gegnba.dll
[%SYSTEM%]\gejafa.dll
[%SYSTEM%]\googlems.dll
[%SYSTEM%]\hlmk.dll
[%SYSTEM%]\hst32.dll
[%SYSTEM%]\iefeatsl.dll
[%SYSTEM%]\iehost.exe
[%SYSTEM%]\iehost34.exe
[%SYSTEM%]\ietoolbar.dll
[%SYSTEM%]\jehmbyxrubdb.dll
[%SYSTEM%]\kha.dll
[%SYSTEM%]\kncjmlb.dll
[%SYSTEM%]\mid.dll
[%SYSTEM%]\mshelper.dll
[%SYSTEM%]\msiesh.dll
[%SYSTEM%]\mssearch.dll
[%SYSTEM%]\navext.dll
[%SYSTEM%]\oifhhio.dll
[%SYSTEM%]\oipa.dll
[%SYSTEM%]\opc.dll
[%SYSTEM%]\pnkeb.dll
[%SYSTEM%]\searchaddon.dll
[%SYSTEM%]\sqlbgb.dll
[%SYSTEM%]\submithook.dll
[%SYSTEM%]\sys_ext.dll
[%SYSTEM%]\wcadw.dll
[%SYSTEM%]\wcnl32.dll
[%SYSTEM%]\webinfo.dll
[%SYSTEM%]\wer1306.dll
[%SYSTEM%]\winlink.dll
[%SYSTEM%]\winres.dll
[%SYSTEM%]\wirl.dll
[%SYSTEM%]\word10.dll
[%WINDOWS%]\dpe.dll
[%WINDOWS%]\kk8pwxm634.exe
[%WINDOWS%]\navext.dll
[%WINDOWS%]\sys.reg
[%WINDOWS%]\system\1.00.07.dll
[%WINDOWS%]\system\autosearch.dll
[%WINDOWS%]\system\coolwebsearch-info.dll
[%WINDOWS%]\system\dnse.dll
[%WINDOWS%]\system\dnserr.dll
[%WINDOWS%]\system\dreplace.dll
[%WINDOWS%]\system\excel10.dll
[%WINDOWS%]\system\googlems.dll
[%WINDOWS%]\system\iefeatsl.dll
[%WINDOWS%]\system\ietoolbar.dll
[%WINDOWS%]\system\mgs_32.dll
[%WINDOWS%]\system\mshelper.dll
[%WINDOWS%]\system\msiesh.dll
[%WINDOWS%]\system\mssearch.dll
[%WINDOWS%]\system\navext.dll
[%WINDOWS%]\system\searchaddon.dll
[%WINDOWS%]\system\services.exe
[%WINDOWS%]\system\submithook.dll
[%WINDOWS%]\system\sys_ext.dll
[%WINDOWS%]\system\toolband.dll
[%WINDOWS%]\system\wcadw.dll
[%WINDOWS%]\system\webinfo.dll
[%WINDOWS%]\system\wer1306.dll
[%WINDOWS%]\system\winlink.dll
[%WINDOWS%]\system\winres.dll
[%WINDOWS%]\system\winspool.exe
[%WINDOWS%]\system\word10.dll
[%WINDOWS%]\web\tips.ini

Folders:
[%COMMON_FAVORITES%]\Online Pharmacy
[%COMMON_FAVORITES%]\Sex and Dating
[%COMMON_FAVORITES%]\Spyware Uninstall
[%FAVORITES%]\Online Pharmacy
[%FAVORITES%]\Sex and Dating
[%FAVORITES%]\Spyware Uninstall
[%APPDATA%]\wingf
[%WINDOWS%]\sysbj
[%WINDOWS%]\winfj

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{08825590-1efe-f0cd-6e7d-483b9b36e236}
HKEY_CLASSES_ROOT\CLSID\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKEY_CLASSES_ROOT\clsid\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKEY_LOCAL_MACHINE\software\classes\clsid\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9A674BF-771F-42E5-A440-D20DDA85A862}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-717765721306}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
HKEY_CLASSES_ROOT\clsid\{00110011-4b0b-44d5-9718-90c88817369b}
HKEY_CLASSES_ROOT\clsid\{086ae192-23a6-48d6-96ec-715f53797e85}
HKEY_CLASSES_ROOT\clsid\{150fa160-130d-451f-b863-b655061432ba}
HKEY_CLASSES_ROOT\clsid\{15fed902-5051-4d02-9b7a-4fbfd09d28d1}
HKEY_CLASSES_ROOT\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKEY_CLASSES_ROOT\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_CLASSES_ROOT\clsid\{2118e38e-d3f9-4036-ba5f-befa51170042}
HKEY_CLASSES_ROOT\clsid\{2a532036-9174-4b3c-b301-7805e925cf8a}
HKEY_CLASSES_ROOT\clsid\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKEY_CLASSES_ROOT\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}
HKEY_CLASSES_ROOT\clsid\{3566f990-36c0-4797-b74a-b2c6da46fb32}
HKEY_CLASSES_ROOT\clsid\{3b749197-9826-43d0-b8f6-a72971443c61}
HKEY_CLASSES_ROOT\clsid\{44e93f27-f60b-4352-9a7d-ee4a10214f55}
HKEY_CLASSES_ROOT\clsid\{4b607c1d-43b2-4f6f-b76e-96eb3233bded}
HKEY_CLASSES_ROOT\clsid\{5321e378-ffad-4999-8c62-03ca8155f0b3}
HKEY_CLASSES_ROOT\clsid\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKEY_CLASSES_ROOT\clsid\{5d70127d-73f6-4f1c-92f3-4088e968c5d6}
HKEY_CLASSES_ROOT\clsid\{664a5b8b-508e-4dd1-89ab-502c91655d2b}
HKEY_CLASSES_ROOT\clsid\{749cc722-9118-4ba6-b987-3c466886dcdb}
HKEY_CLASSES_ROOT\clsid\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
HKEY_CLASSES_ROOT\clsid\{799a370d-5993-4887-9df7-0a4756a77d00}
HKEY_CLASSES_ROOT\clsid\{7b32f6dc-2751-4251-a011-7ce9e88e984c}
HKEY_CLASSES_ROOT\clsid\{8003a1f9-de91-4eb2-b97c-fe3a37db0cab}
HKEY_CLASSES_ROOT\clsid\{806418df-4a40-43dc-bc15-31439276c045}
HKEY_CLASSES_ROOT\clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}
HKEY_CLASSES_ROOT\clsid\{91982485-9a26-4ce7-91cf-73867a319aaa}
HKEY_CLASSES_ROOT\clsid\{966c1208-4456-4da1-9934-9a59bd39b7a4}
HKEY_CLASSES_ROOT\clsid\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_CLASSES_ROOT\clsid\{a9a674bf-771f-42e5-a440-d20dda85a862}
HKEY_CLASSES_ROOT\clsid\{ace9c626-f133-47f8-8c1a-e32f17cb9ed3}
HKEY_CLASSES_ROOT\clsid\{b81197b4-4e57-4db6-ae1d-23e49355bb2d}
HKEY_CLASSES_ROOT\clsid\{b847676d-72ac-4393-bfff-43a1eb979352}
HKEY_CLASSES_ROOT\clsid\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
HKEY_CLASSES_ROOT\clsid\{c9b0d3dc-dc2b-4a17-8e34-02cd4c1e573f}
HKEY_CLASSES_ROOT\clsid\{ccd82dfe-6ca4-4aac-a82b-8c57a8d9ff24}
HKEY_CLASSES_ROOT\clsid\{cf021f40-3e14-23a5-cba2-717765721306}
HKEY_CLASSES_ROOT\clsid\{d3c4dbc7-bcd0-4864-88d3-7b93c73b515a}
HKEY_CLASSES_ROOT\clsid\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
HKEY_CLASSES_ROOT\clsid\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
HKEY_CLASSES_ROOT\clsid\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
HKEY_CLASSES_ROOT\getpostlog.getpostlog
HKEY_CLASSES_ROOT\getpostlog.getpostlog.1
HKEY_CLASSES_ROOT\interface\{7142c3e1-1fe1-4a2a-b882-681dc7db0d30}
HKEY_CLASSES_ROOT\ml.iehlprobj
HKEY_CLASSES_ROOT\ml.iehlprobj.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00110011-4b0b-44d5-9718-90c88817369b}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{086ae192-23a6-48d6-96ec-715f53797e85}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{150fa160-130d-451f-b863-b655061432ba}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{30192f8d-0958-44e6-b54d-331fd39ac959}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{799a370d-5993-4887-9df7-0a4756a77d00}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{b847676d-72ac-4393-bfff-43a1eb979352}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765721306}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd9bc004-8331-4457-b830-4759ff704c22}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
HKEY_CLASSES_ROOT\typelib\{a65529dd-4833-4784-a594-205f4a50267a}
HKEY_CURRENT_USER\software\gs1
HKEY_LOCAL_MACHINE\software\classes\clsid\{00110011-4b0b-44d5-9718-90c88817369b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{086ae192-23a6-48d6-96ec-715f53797e85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{30192f8d-0958-44e6-b54d-331fd39ac959}
HKEY_LOCAL_MACHINE\software\classes\clsid\{44e93f27-f60b-4352-9a7d-ee4a10214f55}
HKEY_LOCAL_MACHINE\software\classes\clsid\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKEY_LOCAL_MACHINE\software\classes\clsid\{749cc722-9118-4ba6-b987-3c466886dcdb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
HKEY_LOCAL_MACHINE\software\classes\clsid\{834261e1-dd97-4177-853b-c907e5d5bd6e}
HKEY_LOCAL_MACHINE\software\classes\clsid\{91982485-9a26-4ce7-91cf-73867a319aaa}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b847676d-72ac-4393-bfff-43a1eb979352}
HKEY_LOCAL_MACHINE\software\classes\clsid\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cf021f40-3e14-23a5-cba2-717765721306}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd9bc004-8331-4457-b830-4759ff704c22}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00110011-4b0b-44d5-9718-90c88817369b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{086ae192-23a6-48d6-96ec-715f53797e85}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{08825590-1efe-f0cd-6e7d-483b9b36e236}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{150fa160-130d-451f-b863-b655061432ba}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{15fed902-5051-4d02-9b7a-4fbfd09d28d1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2118e38e-d3f9-4036-ba5f-befa51170042}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{30192f8d-0958-44e6-b54d-331fd39ac959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3b749197-9826-43d0-b8f6-a72971443c61}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{44e93f27-f60b-4352-9a7d-ee4a10214f55}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4b607c1d-43b2-4f6f-b76e-96eb3233bded}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d70127d-73f6-4f1c-92f3-4088e968c5d6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{664a5b8b-508e-4dd1-89ab-502c91655d2b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{749cc722-9118-4ba6-b987-3c466886dcdb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b32f6dc-2751-4251-a011-7ce9e88e984c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{806418df-4a40-43dc-bc15-31439276c045}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{834261e1-dd97-4177-853b-c907e5d5bd6e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{91982485-9a26-4ce7-91cf-73867a319aaa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a9a674bf-771f-42e5-a440-d20dda85a862}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ace9c626-f133-47f8-8c1a-e32f17cb9ed3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b847676d-72ac-4393-bfff-43a1eb979352}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c9b0d3dc-dc2b-4a17-8e34-02cd4c1e573f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ccd82dfe-6ca4-4aac-a82b-8c57a8d9ff24}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765721306}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\styles
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\enex0h15g

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Nunci Hijacker

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)