Saturday, November 8, 2008

Unknown.Toolbar6 BHO

How To Remove Unknown.Toolbar6?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Unknown.Toolbar6 is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Unknown.Toolbar6 Symptoms:

Files:
[%PROGRAM_FILES%]\intern~2\4third.exe
[%PROGRAM_FILES%]\intern~2\hope curb.exe
[%PROGRAM_FILES%]\intern~2\long.exe
[%PROGRAM_FILES%]\intern~2\up meta.exe
[%PROGRAM_FILES%]\second~1\3655.exe
[%PROGRAM_FILES%]\second~1\axispoll.dll
[%PROGRAM_FILES%]\second~1\baittick.dll
[%PROGRAM_FILES%]\intern~2\4third.exe
[%PROGRAM_FILES%]\intern~2\hope curb.exe
[%PROGRAM_FILES%]\intern~2\long.exe
[%PROGRAM_FILES%]\intern~2\up meta.exe
[%PROGRAM_FILES%]\second~1\3655.exe
[%PROGRAM_FILES%]\second~1\axispoll.dll
[%PROGRAM_FILES%]\second~1\baittick.dll

Folders:
[%PROGRAM_FILES%]\playbind
[%PROGRAM_FILES%]\sendpe~1

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0820a243-cb96-9380-3a55-c273e5ade7b7}
HKEY_CLASSES_ROOT\clsid\{2ce58e7c-c2a4-ca87-787b-00b6f09f2cab}
HKEY_CLASSES_ROOT\clsid\{823b4790-b3f5-ee67-1d37-2807033272bc}
HKEY_CLASSES_ROOT\clsid\{9f056c01-9ad4-c0c5-8c63-da73d8888f29}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0820a243-cb96-9380-3a55-c273e5ade7b7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2ce58e7c-c2a4-ca87-787b-00b6f09f2cab}
HKEY_LOCAL_MACHINE\software\classes\clsid\{823b4790-b3f5-ee67-1d37-2807033272bc}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f056c01-9ad4-c0c5-8c63-da73d8888f29}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9f056c01-9ad4-c0c5-8c63-da73d8888f29}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Phokem Trojan

How To Remove Phokem?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Phokem is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Phokem It also known as:

[Other]Win32/Phokem.A

Phokem Symptoms:

Files:
[%APPDATA%]\Microsoft\UsersCertificates\explorex.exe
[%APPDATA%]\Microsoft\UsersCertificates\explorex.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Easy.Keyboard.Logger Spyware

How To Remove Easy.Keyboard.Logger?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Easy.Keyboard.Logger is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.


Easy.Keyboard.Logger Symptoms:

Files:
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk
[%PROFILE_TEMP%]\EasyKeylog.txt
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Easy Keyboard Logger.lnk
[%DESKTOP%]\Easy Keyboard Logger.lnk

Folders:
[%PROGRAM_FILES%]\Easy Keyboard Logger
[%PROGRAMS%]\Easy Keyboard Logger

Registry Keys:
HKEY_CURRENT_USER\software\ekl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\easy keyboard logger_is1
HKEY_LOCAL_MACHINE\software\softsaga easy keyboard logger

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

CWS.GonnaSearch BHO

How To Remove CWS.GonnaSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CWS.GonnaSearch is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


CWS.GonnaSearch Symptoms:

Files:
[%WINDOWS%]\drivers\audio\install.exe
[%PROGRAM_FILES%]\intern~1\toolbar\about.html
[%PROGRAM_FILES%]\intern~1\toolbar\autosearch.dll
[%PROGRAM_FILES%]\intern~1\toolbar\autose~1.dll
[%PROGRAM_FILES%]\intern~1\toolbar\error.html
[%PROGRAM_FILES%]\intern~1\toolbar\install.exe
[%PROGRAM_FILES%]\intern~1\toolbar\mgs_32.dll
[%PROGRAM_FILES%]\intern~1\toolbar\options.html
[%PROGRAM_FILES%]\intern~1\toolbar\searchaddon.dll
[%PROGRAM_FILES%]\intern~1\toolbar\search~1.dll
[%PROGRAM_FILES%]\intern~1\toolbar\toolbar.dll
[%PROGRAM_FILES%]\intern~1\toolbar\webinfo.dll
[%SYSTEM%]\mgs_32.dll
[%WINDOWS%]\drivers\video\install.exe
[%WINDOWS%]\drivers\audio\install.exe
[%PROGRAM_FILES%]\intern~1\toolbar\about.html
[%PROGRAM_FILES%]\intern~1\toolbar\autosearch.dll
[%PROGRAM_FILES%]\intern~1\toolbar\autose~1.dll
[%PROGRAM_FILES%]\intern~1\toolbar\error.html
[%PROGRAM_FILES%]\intern~1\toolbar\install.exe
[%PROGRAM_FILES%]\intern~1\toolbar\mgs_32.dll
[%PROGRAM_FILES%]\intern~1\toolbar\options.html
[%PROGRAM_FILES%]\intern~1\toolbar\searchaddon.dll
[%PROGRAM_FILES%]\intern~1\toolbar\search~1.dll
[%PROGRAM_FILES%]\intern~1\toolbar\toolbar.dll
[%PROGRAM_FILES%]\intern~1\toolbar\webinfo.dll
[%SYSTEM%]\mgs_32.dll
[%WINDOWS%]\drivers\video\install.exe

Folders:
[%PROGRAM_FILES%]\internet explorer\toolbar

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\autosearch.autosearchobj
HKEY_LOCAL_MACHINE\software\classes\autosearch.autosearchobj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{150fa160-130d-451f-b863-b655061432ba}
HKEY_LOCAL_MACHINE\software\classes\clsid\{799a370d-5993-4887-9df7-0a4756a77d00}
HKEY_LOCAL_MACHINE\software\classes\clsid\{92f02779-6d88-4958-8ad3-83c12d86adc7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e7afff2a-1b57-49c7-bf6b-e5123394c970}
HKEY_LOCAL_MACHINE\software\classes\interface\{3d11cbe7-1eee-4c8f-ab5c-a4cf7939f1f1}
HKEY_LOCAL_MACHINE\software\classes\interface\{7142c3e1-1fe1-4a2a-b882-681dc7db0d30}
HKEY_LOCAL_MACHINE\software\classes\interface\{a1376d2c-12eb-472b-9c8c-db24448d3c91}
HKEY_LOCAL_MACHINE\software\classes\ml.iehlprobj
HKEY_LOCAL_MACHINE\software\classes\ml.iehlprobj.1
HKEY_LOCAL_MACHINE\software\classes\searchaddon.ieobject
HKEY_LOCAL_MACHINE\software\classes\searchaddon.ieobject.1
HKEY_LOCAL_MACHINE\software\classes\typelib\{7e68f5f3-782c-4bcd-88df-1e3d6350de4c}
HKEY_LOCAL_MACHINE\software\classes\typelib\{a65529dd-4833-4784-a594-205f4a50267a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{c1947e81-7036-4ac8-ac09-906224f6f4fc}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f7825d95-cdd7-4e73-bfdc-846de0f336be}
HKEY_LOCAL_MACHINE\software\classes\webinfo.webinfoobj
HKEY_LOCAL_MACHINE\software\classes\webinfo.webinfoobj.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{799a370d-5993-4887-9df7-0a4756a77d00}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{799a370d-5993-4887-9df7-0a4756a77d00}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{e7afff2a-1b57-49c7-bf6b-e5123394c970}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Cram Toolbar Adware

How To Remove Cram Toolbar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Cram Toolbar is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

Cram Toolbar Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{01E69986-A054-4C52-ABE8-EF63DF1C5211}
HKEY_CLASSES_ROOT\CLSID\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_CLASSES_ROOT\Interface\{9D5C62AE-57B0-43C3-BAE4-BA7908DF4386}
HKEY_CLASSES_ROOT\Interface\{F5BB1D9A-DA7B-4C5B-8272-1554B814E97F}
HKEY_CLASSES_ROOT\ToolBand.XBTB00429
HKEY_CLASSES_ROOT\ToolBand.XBTB00429.1
HKEY_CLASSES_ROOT\TypeLib\{256CE99C-D5E1-4ACC-A538-2ED1E2710FAE}
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar
HKEY_CLASSES_ROOT\XBTB00429.IEToolbar.1
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429
HKEY_CLASSES_ROOT\XBTB00429.XBTB00429.1
HKEY_CURRENT_USER\Software\Maxthon
HKEY_CURRENT_USER\software\XBTB00429
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1395A06F-EEA0-4445-BA0C-E8B56B48E244}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\XBTB00429.XBTB00429Toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

IP Adware

How To Remove IP?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IP is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
DoS trojans conduct attacks from a single computer with the consent of the user.


IP It also known as:

[Kaspersky]Trojan-Clicker.Win32.Agent.ip;
[F-Prot]W32/Dialer.DIY;
[Other]Downloader.Goobiz

IP Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{e4792f3d-760f-4f7d-9612-4da401d88cf4}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\coppieesibizioniste.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\linkpal.biz\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\my-securedoc.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mycreditoweb.com\www
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\domains\mysessoblog.com\www


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

NetPal.PrizePopper BHO

How To Remove NetPal.PrizePopper?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
NetPal.PrizePopper is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

NetPal.PrizePopper Symptoms:

Files:
[%SYSTEM%]\ker7120.dll
[%SYSTEM%]\kernell32.dll
[%WINDOWS%]\system\ker7120.dll
[%WINDOWS%]\system\kernell32.dll
[%SYSTEM%]\ker7120.dll
[%SYSTEM%]\kernell32.dll
[%WINDOWS%]\system\ker7120.dll
[%WINDOWS%]\system\kernell32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{c7ade150-743d-11d4-8141-00e029626f6a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{c7ade150-743d-11d4-8141-00e029626f6a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c7ade150-743d-11d4-8141-00e029626f6a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c7ade150-743d-11d4-8141-00e029626f6a}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Rolepi Trojan

How To Remove Rolepi?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Rolepi is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Rolepi It also known as:

[Kaspersky]Trojan-PSW.Win32.Nilage.bez,Trojan-PWS.Win32.Nilage.bil,Trojan-PSW.Win32.Agent.jp,Trojan-PSW.Win32.OnLineGames.pl;
[McAfee]PWS-Zhengtu,PWS-Lineage.dll,PWS-Legmir.dll,PWs-LegMir;
[F-Prot]W32/PWStealer.gen1,W32/PWStealer1!Generic;
[Other]Mal/Packer,Win32/Rolepi.P,Infostealer.Gampass,Win32/Rolepi.R,Win32/Rolepi.CK,Win32/Rolepi!generic,Win32/Rolepi.DC,Mal/Gampass-A,Win32/Rolepi.DI,PWS:Win32/Zengtu.A,Win32/Rolepi.DG,Win32/Rolepi.DH,Win32/Rolepi.FC,Win32/Rolepi.FD,Win32/Rolepi.FT,PWS:Win32/Lineage.gen!dll,Mal/EncPk-F,Win32/Rolepi.GM

Rolepi Symptoms:

Files:
[%PROFILE_TEMP%]\Rav.exe
[%PROFILE_TEMP%]\Ravs0.dll
[%SYSTEM%]\agtz.dll
[%SYSTEM%]\amvo.exe
[%SYSTEM%]\amvo0.dll
[%SYSTEM%]\amvo1.dll
[%SYSTEM%]\help.exe.tmp
[%SYSTEM%]\kavo.exe
[%SYSTEM%]\kavo0.dll
[%SYSTEM%]\LgSyl.dll
[%PROFILE_TEMP%]\Rav.exe
[%PROFILE_TEMP%]\Ravs0.dll
[%SYSTEM%]\agtz.dll
[%SYSTEM%]\amvo.exe
[%SYSTEM%]\amvo0.dll
[%SYSTEM%]\amvo1.dll
[%SYSTEM%]\help.exe.tmp
[%SYSTEM%]\kavo.exe
[%SYSTEM%]\kavo0.dll
[%SYSTEM%]\LgSyl.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\madown
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_poikjnvb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_zdfrty

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dgfcbvj\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dgfcbvj\security


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Ultimate.Fixer Ransomware

How To Remove Ultimate.Fixer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Ultimate.Fixer is dangerous virus:
The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.


Ultimate.Fixer Symptoms:

Files:
[%DESKTOP%]\UltimateFixer 2007.lnk
[%DESKTOP%]\UltimateFixer 2007.lnk

Folders:
[%APPDATA%]\Ultimate Fixer
[%COMMON_PROGRAMS%]\UltimateFixer 2007
[%PROGRAM_FILES%]\Ultimate Fixer

Registry Keys:
HKEY_CURRENT_USER\software\ultimate fixer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ultimate fixer
HKEY_LOCAL_MACHINE\software\ultimate fixer

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

UpSpiral Toolbar

How To Remove UpSpiral?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
UpSpiral is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.

UpSpiral Symptoms:

Files:
[%WINDOWS%]\downloaded program files\upspiral.dll
[%WINDOWS%]\downloaded program files\upspiral.dll

Folders:
[%PROGRAM_FILES%]\upspiral toolbar

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa28}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa29}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-deff-ed65a486aa2a}
HKEY_CLASSES_ROOT\upspiral.upspiral
HKEY_CLASSES_ROOT\upspiral.upspiralmenu button
HKEY_CLASSES_ROOT\upspiral.upspiraltoggle button
HKEY_CURRENT_USER\software\upspiral toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-deff-ed65a486aa28}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\upspiral

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Akosch.Uploader Downloader

How To Remove Akosch.Uploader?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Akosch.Uploader is dangerous virus:
Trojans-downloaders downloads and installs new malware or adware on the computer.



Akosch.Uploader Symptoms:

Files:
[%WINDOWS%]\driver.exe
[%WINDOWS%]\driver.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Harnig Trojan

How To Remove Harnig?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Harnig is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Harnig It also known as:

[Kaspersky]Trojan-Downloader.WIn32.Small.dib,Packed.Win32.Tibs.g,Trojan-Downloader.Win32.Small.dib,Trojan-Downloader.Win32.Small.ctf,Trojan-Downloader.Win32.PassAlert.h,Packed.Win32.Tibs,Trojan-Downloader.Win32.Smal.ehj,Trojan-Downloader.Win32.Small.amb,Trojan.Win32.Inject.bs;
[McAfee]Downloader-AVS,Downloader-AWM,Generic Downloader.q,Generic Downloader.bl;
[F-Prot]W32/Downloader.MBW;
[Panda]Trojan Horse,Trj/Harnig.B,Trj/Downloader.GX;
[Computer Associates]Win32.Harnig.N,Win32/StartPage.Hardvir!Download,Win32.Harnig.B,Win32/Harnig.B!Trojan,Win32.Harnig.O,Win32/Harnig.O!Trojan;
[Other]Trojan.Downloader.Time2Pay.AQ,Win32/Harnig!generic,Win32/Harnig.CA,Win32/Harnig.EI,Win32/Harnig.BV,Downloader,W32/DLoader.PAU,Troj/VB-QE,Trojan-Downloader.Gen,trojan-downloader.toolbarnew.biz,Win32/Harnig.EH,W32/DLoader.CBQC,Mal/Packer,Win32/SillyDl.CRW,Win32/Harnig.BP,Trojan-Downloader.Win32.LoadAdv.gen,TrojanDownloader:Win32/Small.CCC,Mal/DowAdv-B,TrojanDownloader:Win32/Harnig,W32/Harnig.BBZ

Harnig Symptoms:

Files:
[%STARTUP%]\loaddadv103[1].exe
[%STARTUP%]\loaddadv3[1].exe
[%SYSTEM%]\wintime.exe
[%STARTUP%]\loaddadv103[1].exe
[%STARTUP%]\loaddadv3[1].exe
[%SYSTEM%]\wintime.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

ImIServer.IEPlugin Adware

How To Remove ImIServer.IEPlugin?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ImIServer.IEPlugin is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.Trojans-downloaders downloads and installs new malware or adware on the computer.



ImIServer.IEPlugin It also known as:

[Kaspersky]TrojanDownloader.Win32.OneClickNetSearch.b,Trojan-Downloader.Win32.OneClickNetSearch.h;
[Panda]Adware/ClickTrack,Adware/IEPlugin,Adware/Imibar,Trj/Imiserv.B;
[Computer Associates]Win32.Imiserv.C,Win32.Imiserv.D,Win32.Imiserv.I,Win32/Imiserv.C!Trojan,Win32/Imiserv.C.DLL!Trojan,Win32/Imiserv.DLL!Trojan,Win32/Imiserv.I!Trojan

ImIServer.IEPlugin Symptoms:

Files:
[%PROGRAM_FILES%]\Network Monitor\netmon.exe
[%PROGRAM_FILES%]\Network Monitor\netmon.exe~
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\ieunst.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.dll_
[%WINDOWS%]\systb.dll_tobedeleted
[%WINDOWS%]\systb.exe
[%WINDOWS%]\ts.exe
[%WINDOWS%]\uninstall_nmon.vbs
[%WINDOWS%]\wupdt.exe
[%PROFILE_TEMP%]\thi1ce1.tmp\wupdt.exe
[%WINDOWS%]\temp\wupdt.exe
[%WINDOWS%]\vvpvww.dat
[%PROGRAM_FILES%]\Network Monitor\netmon.exe
[%PROGRAM_FILES%]\Network Monitor\netmon.exe~
[%WINDOWS%]\dsr.dll
[%WINDOWS%]\dsr.exe
[%WINDOWS%]\extract.exe
[%WINDOWS%]\ieunst.exe
[%WINDOWS%]\rgrt.exe
[%WINDOWS%]\systb.dll
[%WINDOWS%]\systb.dll_
[%WINDOWS%]\systb.dll_tobedeleted
[%WINDOWS%]\systb.exe
[%WINDOWS%]\ts.exe
[%WINDOWS%]\uninstall_nmon.vbs
[%WINDOWS%]\wupdt.exe
[%PROFILE_TEMP%]\thi1ce1.tmp\wupdt.exe
[%WINDOWS%]\temp\wupdt.exe
[%WINDOWS%]\vvpvww.dat

Folders:
[%DESKTOP%]\desktop toolbar
[%PROGRAM_FILES_COMMON%]\zumr
[%WINDOWS%]\zumr

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_CLASSES_ROOT\IMIToolbar.imiTool
HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1
HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
HKEY_CLASSES_ROOT\Interface\{F9B9C9A3-9D2D-423D-ABA5-80D83A915023}
HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}
HKEY_CLASSES_ROOT\Typelib\{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}
HKEY_CLASSES_ROOT\Wbho.Band
HKEY_CLASSES_ROOT\Wbho.Band.1
HKEY_CURRENT_USER\Software\intexp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{556DDE35-E955-11D0-A707-000000521958}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}
HKEY_CLASSES_ROOT\clsid\{69135bde-5fdc-4b61-98aa-82ad2091bccc}
HKEY_CLASSES_ROOT\imitoolbar.imitool
HKEY_CLASSES_ROOT\imitoolbar.imitool.1
HKEY_CLASSES_ROOT\interface\{3e589169-86ad-44fe-b426-f0bf105d5582}
HKEY_CLASSES_ROOT\interface\{e4458b4a-6149-4450-84f2-864adb7e8c52}
HKEY_CLASSES_ROOT\interface\{f9b9c9a3-9d2d-423d-aba5-80d83a915023}
HKEY_CLASSES_ROOT\typelib\{57add57b-173e-418a-8f70-17e5c9f2bcc9}
HKEY_CLASSES_ROOT\typelib\{58d419e8-1321-4dd2-a6fc-7b41c14dcd79}
HKEY_CLASSES_ROOT\wbho.band
HKEY_CLASSES_ROOT\wbho.band.1
HKEY_CURRENT_USER\software\intexp
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{556dde35-e955-11d0-a707-000000521958}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{a80f2db2-80a9-4834-8f5a-4ab70f4ef4c3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{69135bde-5fdc-4b61-98aa-82ad2091bccc}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\clsid\{dabc6f13-64fd-4f33-9d3b-948d31c87a64}\inprocserver32
HKEY_LOCAL_MACHINE\36
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, hxr93f3e=rundll32.exe w38a581b.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet explorer toolbar - intelligent explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet explorer toolbar - intelligent explorer, uninstallstring=rundll32 url.dll
HKEY_LOCAL_MACHINE\software\policies
HKEY_LOCAL_MACHINE\software\policies
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr
HKEY_LOCAL_MACHINE\software\zumr\update
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_network_monitor\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\network monitor\enum


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Bless Trojan

How To Remove Bless?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Bless is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.



Bless It also known as:

[Kaspersky]Backdoor.Kneel,packed: UPX;
[Eset]Win32/Kneel trojan;
[McAfee]BackDoor-YH;
[F-Prot]security risk or a "backdoor" program;
[Computer Associates]Backdoor/Kneel

Bless Symptoms:

Files:
[%SYSTEM%]\microsoft.exe
[%SYSTEM%]\microsoft.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Deskadd Trojan

How To Remove Deskadd?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Deskadd is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Deskadd It also known as:

[Kaspersky]Trojan.Win32.Small.fe

Deskadd Symptoms:

Files:
[%DESKTOP%]\Adult Site - Cum Shot.url
[%DESKTOP%]\Adult Site - Striptease.url
[%DESKTOP%]\Adult Site - Teens.url
[%DESKTOP%]\Adult Site - Threesome.url
[%DESKTOP%]\Free Casino.url
[%DESKTOP%]\Online Pharmacy Discount.url
[%DESKTOP%]\Singles Dating.url
[%DESKTOP%]\Adult Site - Cum Shot.url
[%DESKTOP%]\Adult Site - Striptease.url
[%DESKTOP%]\Adult Site - Teens.url
[%DESKTOP%]\Adult Site - Threesome.url
[%DESKTOP%]\Free Casino.url
[%DESKTOP%]\Online Pharmacy Discount.url
[%DESKTOP%]\Singles Dating.url


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Vundo Trojan

How To Remove Vundo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Vundo is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Vundo It also known as:

[Kaspersky]AdWare.Win32.Virtumonde.fp,AdWare.Win32.Virtumonde.jp,AdWare.Win32.SecToolBar.h,AdWare.Win32.Virtumonde.aju,AdWare.Win32.Virtumonde.aqi,Trojan.Win32.Agent.ctk;
[McAfee]Vundo;
[Panda]Spyware/Virtumonde,Adware/Gator;
[Computer Associates]Win32.Vundo,Win32.Vundo.H,Win32/Vundo!Trojan,Win32/Vundo.DLL!Trojan,Win32.Vundo.O,Win32/Vundo.522752!Trojan;
[Other]Win32/Vundo,Mal/Behav-099,Trojan.Vundo,Win32/Vundo!generic,Win32/Vundo.CI,Win32/Vundo.CM,TROJ_VUNDO.AWA,Vundo.gen32,Win32/Vundo.GT,Vundo.gen49,Trojan.Awax,Win32/Darksma.GU,Troj/BHO-DZ,Win32/Vundo.GW,Win32/Vundo.GX,Win32/Vundo.HL,Vundo.gen4l

Vundo Symptoms:

Files:
[%PROFILE_TEMP%]\ipatnu.dat
[%PROFILE_TEMP%]\patch302.exe
[%PROFILE_TEMP%]\tenbv.dat
[%PROFILE_TEMP%]\tmp1.tmp.exe
[%PROFILE_TEMP%]\tmp13C.tmp.exe
[%PROFILE_TEMP%]\tmp183.tmp.exe
[%PROFILE_TEMP%]\tmp19.tmp.exe
[%PROFILE_TEMP%]\tmp1A0.tmp.exe
[%PROFILE_TEMP%]\tmp1E7.tmp.exe
[%PROFILE_TEMP%]\tmp2A.tmp.exe
[%PROFILE_TEMP%]\tmp3D.tmp.exe
[%PROFILE_TEMP%]\tmp3E0.tmp.exe
[%PROFILE_TEMP%]\tmp3E6.tmp.exe
[%PROFILE_TEMP%]\tmp3EE.tmp.exe
[%PROFILE_TEMP%]\tmp68.tmp.exe
[%PROFILE_TEMP%]\tmp6A.tmp.exe
[%PROFILE_TEMP%]\tmp89.tmp.exe
[%PROFILE_TEMP%]\tmp8C.tmp.exe
[%PROFILE_TEMP%]\tmpBE.tmp.exe
[%PROFILE_TEMP%]\tmpC3.tmp.exe
[%PROFILE_TEMP%]\tmpD0.tmp.exe
[%PROFILE_TEMP%]\tmpE0.tmp.exe
[%SYSTEM%]\awvtu.dll
[%SYSTEM%]\hjllm.bak1
[%SYSTEM%]\hjllm.ini
[%SYSTEM%]\MC2O3MVV.F2B
[%SYSTEM%]\mlljh.dll
[%SYSTEM%]\pmkhe.dll
[%WINDOWS%]\awtuut.dll
[%WINDOWS%]\cbxxvw.dll
[%WINDOWS%]\ddbawv.dll
[%WINDOWS%]\effcyv.dll
[%WINDOWS%]\gebxxx.dll
[%WINDOWS%]\geeebc.dll
[%WINDOWS%]\hggdcb.dll
[%WINDOWS%]\iihife.dll
[%WINDOWS%]\iiihec.dll
[%WINDOWS%]\khgedb.dll
[%WINDOWS%]\ljijkk.dll
[%WINDOWS%]\mlifgh.dll
[%WINDOWS%]\nnmmnk.dll
[%WINDOWS%]\opmmlk.dll
[%WINDOWS%]\opmmmk.dll
[%WINDOWS%]\oponll.dll
[%WINDOWS%]\qonkll.dll
[%WINDOWS%]\rqommn.dll
[%WINDOWS%]\rqrsrr.dll
[%WINDOWS%]\tutuvw.dll
[%WINDOWS%]\urssss.dll
[%WINDOWS%]\vtuuro.dll
[%WINDOWS%]\xxxyyy.dll
[%WINDOWS%]\yaabxw.dll
[%WINDOWS%]\yabbca.dll
[%WINDOWS%]\yaxyab.dll
[%PROFILE_TEMP%]\nursar.dat
[%PROFILE_TEMP%]\patch321.exe
[%PROFILE_TEMP%]\svci.exe
[%PROFILE_TEMP%]\VMTEMP.TMP
[%SYSTEM%]\cidrules.dll
[%SYSTEM%]\jiijyilm.dll
[%SYSTEM%]\khfecdb.dll
[%SYSTEM%]\svci.exe
[%WINDOWS%]\inf\psdrv.exe
[%WINDOWS%]\inf\vrdsp.ini
[%PROFILE_TEMP%]\ipatnu.dat
[%PROFILE_TEMP%]\patch302.exe
[%PROFILE_TEMP%]\tenbv.dat
[%PROFILE_TEMP%]\tmp1.tmp.exe
[%PROFILE_TEMP%]\tmp13C.tmp.exe
[%PROFILE_TEMP%]\tmp183.tmp.exe
[%PROFILE_TEMP%]\tmp19.tmp.exe
[%PROFILE_TEMP%]\tmp1A0.tmp.exe
[%PROFILE_TEMP%]\tmp1E7.tmp.exe
[%PROFILE_TEMP%]\tmp2A.tmp.exe
[%PROFILE_TEMP%]\tmp3D.tmp.exe
[%PROFILE_TEMP%]\tmp3E0.tmp.exe
[%PROFILE_TEMP%]\tmp3E6.tmp.exe
[%PROFILE_TEMP%]\tmp3EE.tmp.exe
[%PROFILE_TEMP%]\tmp68.tmp.exe
[%PROFILE_TEMP%]\tmp6A.tmp.exe
[%PROFILE_TEMP%]\tmp89.tmp.exe
[%PROFILE_TEMP%]\tmp8C.tmp.exe
[%PROFILE_TEMP%]\tmpBE.tmp.exe
[%PROFILE_TEMP%]\tmpC3.tmp.exe
[%PROFILE_TEMP%]\tmpD0.tmp.exe
[%PROFILE_TEMP%]\tmpE0.tmp.exe
[%SYSTEM%]\awvtu.dll
[%SYSTEM%]\hjllm.bak1
[%SYSTEM%]\hjllm.ini
[%SYSTEM%]\MC2O3MVV.F2B
[%SYSTEM%]\mlljh.dll
[%SYSTEM%]\pmkhe.dll
[%WINDOWS%]\awtuut.dll
[%WINDOWS%]\cbxxvw.dll
[%WINDOWS%]\ddbawv.dll
[%WINDOWS%]\effcyv.dll
[%WINDOWS%]\gebxxx.dll
[%WINDOWS%]\geeebc.dll
[%WINDOWS%]\hggdcb.dll
[%WINDOWS%]\iihife.dll
[%WINDOWS%]\iiihec.dll
[%WINDOWS%]\khgedb.dll
[%WINDOWS%]\ljijkk.dll
[%WINDOWS%]\mlifgh.dll
[%WINDOWS%]\nnmmnk.dll
[%WINDOWS%]\opmmlk.dll
[%WINDOWS%]\opmmmk.dll
[%WINDOWS%]\oponll.dll
[%WINDOWS%]\qonkll.dll
[%WINDOWS%]\rqommn.dll
[%WINDOWS%]\rqrsrr.dll
[%WINDOWS%]\tutuvw.dll
[%WINDOWS%]\urssss.dll
[%WINDOWS%]\vtuuro.dll
[%WINDOWS%]\xxxyyy.dll
[%WINDOWS%]\yaabxw.dll
[%WINDOWS%]\yabbca.dll
[%WINDOWS%]\yaxyab.dll
[%PROFILE_TEMP%]\nursar.dat
[%PROFILE_TEMP%]\patch321.exe
[%PROFILE_TEMP%]\svci.exe
[%PROFILE_TEMP%]\VMTEMP.TMP
[%SYSTEM%]\cidrules.dll
[%SYSTEM%]\jiijyilm.dll
[%SYSTEM%]\khfecdb.dll
[%SYSTEM%]\svci.exe
[%WINDOWS%]\inf\psdrv.exe
[%WINDOWS%]\inf\vrdsp.ini

Folders:
[%PROGRAM_FILES%]\earn

Registry Keys:
HKEY_CLASSES_ROOT\atlevents.atlevents
HKEY_CLASSES_ROOT\atlevents.atlevents.1
HKEY_CLASSES_ROOT\CLSID\{1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2}
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder
HKEY_CLASSES_ROOT\dosspecfolder.dosspecfolder.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkhe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtsqo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AE6D7D5-0C28-4DB6-9FD1-33B870A4C5F2}
HKEY_CLASSES_ROOT\clsid\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
HKEY_CLASSES_ROOT\clsid\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_CLASSES_ROOT\clsid\{2316230a-c89c-4bcc-95c2-66659ac7a775}
HKEY_CLASSES_ROOT\clsid\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_CLASSES_ROOT\clsid\{2c80ead3-74cd-4700-83a4-aa878cd1c03c}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_CLASSES_ROOT\clsid\{bb54de33-e539-4749-bfac-cc49617e8f2a}
HKEY_CLASSES_ROOT\clsid\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_CURRENT_USER\software\microsoft\sysupd
HKEY_CURRENT_USER\software\microsoft\windowsupd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrsrr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windku32
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0612f71e-934b-4d92-b8e8-2e29ea78eb03}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1ae6d7d5-0c28-4db6-9fd1-33b870a4c5f2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2316230a-c89c-4bcc-95c2-66659ac7a775}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2538878e-873a-48e7-85a6-c53acd0da915}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8109af33-6949-4833-8881-43dcc232b7b2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6964fd8-3af1-4a2a-abb7-3d0c62924fd6}
HKEY_LOCAL_MACHINE\software\targetsoft

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CLASSES_ROOT\clsid\{5ac8b218-35b8-4923-9887-2f52657f8d5c}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{849b9523-785f-4014-9caf-079fb4a74c61}\inprocserver32
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

AutoSearch BHO

How To Remove AutoSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AutoSearch is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


AutoSearch It also known as:

[McAfee]FakeAlert-R.dll

AutoSearch Symptoms:

Files:
[%COMMON_APPDATA%]\AutoSearch.dll
[%PROFILE_TEMP%]\stdrun3.exe
[%WINDOWS%]\aff_0006.exe
[%APPDATA%]\AutoSearch.dll
[%SYSTEM%]\safesearch.dll
[%WINDOWS%]\AutoSearch.dll
[%WINDOWS%]\AutoSearchHelper.dll
[%WINDOWS%]\sibrwin07.exe
[%WINDOWS%]\system\safesearch.dll
[%COMMON_APPDATA%]\AutoSearch.dll
[%PROFILE_TEMP%]\stdrun3.exe
[%WINDOWS%]\aff_0006.exe
[%APPDATA%]\AutoSearch.dll
[%SYSTEM%]\safesearch.dll
[%WINDOWS%]\AutoSearch.dll
[%WINDOWS%]\AutoSearchHelper.dll
[%WINDOWS%]\sibrwin07.exe
[%WINDOWS%]\system\safesearch.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000001}
HKEY_CURRENT_USER\software\classes\autosearch.autosearchobj
HKEY_CURRENT_USER\software\classes\autosearch.autosearchobj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000001}
HKEY_CLASSES_ROOT\.wink
HKEY_CLASSES_ROOT\bhonew.bhoapp
HKEY_CLASSES_ROOT\bhonew.bhoapp.1
HKEY_CLASSES_ROOT\clsid\{00000000-0000-0000-0000-000000000001}
HKEY_CLASSES_ROOT\clsid\{1d3aea68-1602-4674-9552-f8f9309ee6e0}
HKEY_CLASSES_ROOT\dting file
HKEY_CLASSES_ROOT\iextensions.autosearch
HKEY_CLASSES_ROOT\iextensions.autosearch.1
HKEY_CLASSES_ROOT\interface\{3d11cbe7-1eee-4c8f-ab5c-a4cf7939f1f1}
HKEY_CLASSES_ROOT\interface\{d2735263-bb7c-4786-88d0-ed04886a8708}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-0000-0000-000000000001}
HKEY_CLASSES_ROOT\typelib\{b7f3b034-329e-4373-a415-20bb0b03d053}
HKEY_CLASSES_ROOT\typelib\{c1947e81-7036-4ac8-ac09-906224f6f4fc}
HKEY_CLASSES_ROOT\wink file
HKEY_CURRENT_USER\autosearch.autosearchobj
HKEY_CURRENT_USER\autosearch.autosearchobj.1
HKEY_CURRENT_USER\clsid\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_CURRENT_USER\software\classes\clsid\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\clsid\{a55581dc-2cdb-4089-8878-71a080b22342}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-0000-0000-000000000001}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Popohrand Adware

How To Remove Popohrand?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Popohrand is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



Popohrand It also known as:

[Kaspersky]Trojan-Clicker.Win32.VB.qd;
[Other]MediaMotor,Trojan.Adclicker

Popohrand Symptoms:

Files:
[%WINDOWS%]\octeltpop.exe
[%WINDOWS%]\octeltpop.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Win32.QQRob Trojan

How To Remove Win32.QQRob?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.QQRob is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Win32.QQRob It also known as:

[Kaspersky]Trojan-PSW.Win32.QQRob.an,Trojan-PSW.Win32.QQRob.15,Trojan-PSW.Win32.QQRob.af;
[McAfee]PWS-QQRob;
[F-Prot]W32/QQRob.D@pws,W32/QQRob.A@pws,W32/QQRob.C@pws;
[Other]Troj/QQRob-AW,Troj/QQRob-CT,W32/QQRob.BZ

Win32.QQRob Symptoms:

Files:
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe
[%SYSTEM%]\NTdhcp.exe
[%SYSTEM%]\SVCHOT.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

EVision.Megapro Spyware

How To Remove EVision.Megapro?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
EVision.Megapro is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.


EVision.Megapro Symptoms:

Files:
[%DESKTOP%]\evision megapro.lnk
[%PROGRAMS%]\evision megapro.lnk
[%DESKTOP%]\evision megapro.lnk
[%PROGRAMS%]\evision megapro.lnk

Folders:
[%PROGRAM_FILES%]\evision megapro

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\mycomputer\namespace\{4f19d601-7c1f-11d3-badd-0060082831a6}
HKEY_CLASSES_ROOT\clsid\{3bb33680-2f53-11d6-bc84-00d0b7e10cd1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\evision megapro
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{3bb33680-2f53-11d6-bc84-00d0b7e10cd1}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats: