Sunday, November 9, 2008

BlockChecker Adware

How To Remove BlockChecker?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BlockChecker is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



BlockChecker Symptoms:

Files:
[%PROGRAM_FILES%]\Block Checker\Block Checker.exe
[%PROGRAM_FILES%]\Block Checker\block-checker.exe
[%PROGRAM_FILES%]\Block Checker\Block Checker.exe
[%PROGRAM_FILES%]\Block Checker\block-checker.exe

Folders:
[%PROGRAM_FILES%]\block checker
[%PROGRAMS%]\block checker

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\block checker

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

NetControl Spyware

How To Remove NetControl?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
NetControl is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.
They usually do whimsical things like flip the screen upside-down, open the CD-ROM tray,
and swap mouse buttons. However, they can be quite hard to remove.


NetControl Symptoms:

Files:
[%WINDOWS%]\system\netserv.exe
[%WINDOWS%]\system\netserv.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Xtractor.Plus Adware

How To Remove Xtractor.Plus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Xtractor.Plus is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Xtractor.Plus Symptoms:

Files:
[%WINDOWS%]\hhs.url
[%WINDOWS%]\hhs.url

Folders:
[%DESKTOP%]\xtractor plus.lnk
[%PROGRAMS%]\xtractor plus 3.6
[%PROGRAM_FILES%]\xtractor plus


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Banbra.dq Spyware

How To Remove Banbra.dq?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Banbra.dq is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.


Banbra.dq Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

ServU.based Backdoor

How To Remove ServU.based?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ServU.based is dangerous virus:
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.



ServU.based Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ssdpcl
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ssdpcl


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrafficHog Adware

How To Remove TrafficHog?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
TrafficHog is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


TrafficHog Symptoms:

Files:
[%SYSTEM%]\winalot32.dll
[%SYSTEM%]\winalot32.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{086cefd5-a88d-4981-8915-d51f04360ed1}
HKEY_CLASSES_ROOT\interface\{90ccdcb0-c9e5-4dc0-b791-a1111d37af9d}
HKEY_CLASSES_ROOT\interface\{967b8a74-4063-49ab-95d4-e3d25308ec66}
HKEY_CLASSES_ROOT\interface\{a19ac0c8-24c1-43c9-8f7c-449e931df473}
HKEY_CLASSES_ROOT\interface\{da8fe493-49a2-44f6-b4aa-e58cafc7ffdf}
HKEY_CLASSES_ROOT\interface\{fab925c1-16b6-4de1-bfca-880fbeafe584}
HKEY_CLASSES_ROOT\interface\{fb3daa1e-3236-4b43-9c19-64f57eb9c019}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{086cefd5-a88d-4981-8915-d51f04360ed1}

Registry Values:
HKEY_CURRENT_USER\software\traffichog
HKEY_CURRENT_USER\software\traffichog


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

KeyLog.JanNet Trojan

How To Remove KeyLog.JanNet?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
KeyLog.JanNet is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


KeyLog.JanNet It also known as:

[Kaspersky]Trojan.Spy.Janet.420,TrojanSpy.Win32.Janet.420,Trojan.Spy.Janet.30,TrojanSpy.Win32.Janet.30;
[McAfee]KeyLog-JanNet;
[F-Prot]security risk or a "backdoor" program;
[Panda]Trj/Spy.Janet.420,Trojan Horse;
[Computer Associates]Win32.Janet.420,Win32/Janet.420!Trojan,Win32/Janet.30!Spy!Trojan

KeyLog.JanNet Symptoms:

Files:
[%WINDOWS%]\system\jwin.txt
[%WINDOWS%]\system\win2k2.exe
[%WINDOWS%]\winlog.dat
[%WINDOWS%]\system\jwin.txt
[%WINDOWS%]\system\win2k2.exe
[%WINDOWS%]\winlog.dat


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Cobfinn Trojan

How To Remove Cobfinn?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Cobfinn is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Cobfinn It also known as:

[Kaspersky]Backdoor.Win32.ShBot.a,Backdoor.Win32.ShBot.b;
[McAfee]BackDoor-CYL;
[Other]Win32/Cobfinn.I,Backdoor.Shellbot,BackDoor-CYL,Win32/Cobfinn.H

Cobfinn Symptoms:

Files:
[%WINDOWS%]\system\svchctrl.dll
[%WINDOWS%]\system\svchctrl.exe
[%WINDOWS%]\system\svchostw.dll
[%WINDOWS%]\system\svchostw.exe
[%WINDOWS%]\system\svchctrl.dll
[%WINDOWS%]\system\svchctrl.exe
[%WINDOWS%]\system\svchostw.dll
[%WINDOWS%]\system\svchostw.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbotr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellbot

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Stealth.Keylogger Spyware

How To Remove Stealth.Keylogger?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Stealth.Keylogger is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


Stealth.Keylogger Symptoms:

Files:
[%COMMON_APPDATA%]\SysMon\Logs\TestEmail.xml
[%COMMON_APPDATA%]\SysMon\Logs\TestReport.xml
[%COMMON_APPDATA%]\WinKey\SystemKeyUninstaller.exe
[%APPDATA%]\WinKey\Logs\SysAggregatedLog.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysApplications.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysClipboardMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysFileMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysKeyLogger.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysMessenger.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysPrinterMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysScreenShot.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysWeb.xsl
[%APPDATA%]\WinKey\Logs\SysApplications.xsl
[%APPDATA%]\WinKey\Logs\SysApplications_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysClipboardMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysClipboardMonitor_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysFileMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysGlobalLog.xsl
[%APPDATA%]\WinKey\Logs\SysKeyLogger.xsl
[%APPDATA%]\WinKey\Logs\SysKeyLogger_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysMessenger.xsl
[%APPDATA%]\WinKey\Logs\Syspict_140420061127.jpg
[%APPDATA%]\WinKey\Logs\SysPrinterMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysScreenShot.xsl
[%APPDATA%]\WinKey\Logs\SysScreenShot_20061127.xmm
[%APPDATA%]\WinKey\Logs\SystemKeybk.bmp
[%APPDATA%]\WinKey\Logs\SysWeb.xsl
[%APPDATA%]\WinKey\Logs\TestEmail.xml
[%APPDATA%]\WinKey\SysScrCap.exe
[%APPDATA%]\WinKey\SysSMTPSender.exe
[%APPDATA%]\WinKey\SystemKey.exe
[%APPDATA%]\WinKey\SystemKeyHelp.chm
[%APPDATA%]\WinKey\SystemKeyUninstaller.exe
[%APPDATA%]\WinKey\WinKey.dll
[%APPDATA%]\WinKey\xcacls.exe
[%WINDOWS%]\SKUninstaller.exe
[%COMMON_APPDATA%]\SysMon\Logs\TestEmail.xml
[%COMMON_APPDATA%]\SysMon\Logs\TestReport.xml
[%COMMON_APPDATA%]\WinKey\SystemKeyUninstaller.exe
[%APPDATA%]\WinKey\Logs\SysAggregatedLog.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysApplications.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysClipboardMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysFileMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysKeyLogger.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysMessenger.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysPrinterMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysScreenShot.xsl
[%APPDATA%]\WinKey\Logs\SysAllDaySysWeb.xsl
[%APPDATA%]\WinKey\Logs\SysApplications.xsl
[%APPDATA%]\WinKey\Logs\SysApplications_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysClipboardMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysClipboardMonitor_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysFileMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysGlobalLog.xsl
[%APPDATA%]\WinKey\Logs\SysKeyLogger.xsl
[%APPDATA%]\WinKey\Logs\SysKeyLogger_20061127.xmm
[%APPDATA%]\WinKey\Logs\SysMessenger.xsl
[%APPDATA%]\WinKey\Logs\Syspict_140420061127.jpg
[%APPDATA%]\WinKey\Logs\SysPrinterMonitor.xsl
[%APPDATA%]\WinKey\Logs\SysScreenShot.xsl
[%APPDATA%]\WinKey\Logs\SysScreenShot_20061127.xmm
[%APPDATA%]\WinKey\Logs\SystemKeybk.bmp
[%APPDATA%]\WinKey\Logs\SysWeb.xsl
[%APPDATA%]\WinKey\Logs\TestEmail.xml
[%APPDATA%]\WinKey\SysScrCap.exe
[%APPDATA%]\WinKey\SysSMTPSender.exe
[%APPDATA%]\WinKey\SystemKey.exe
[%APPDATA%]\WinKey\SystemKeyHelp.chm
[%APPDATA%]\WinKey\SystemKeyUninstaller.exe
[%APPDATA%]\WinKey\WinKey.dll
[%APPDATA%]\WinKey\xcacls.exe
[%WINDOWS%]\SKUninstaller.exe

Folders:
[%APPDATA%]\SystemKey
[%WINDOWS%]\ASK

Registry Keys:
HKEY_LOCAL_MACHINE\software\winkey
HKEY_LOCAL_MACHINE\software\ask
HKEY_LOCAL_MACHINE\software\systemkey

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Gpcode Trojan

How To Remove Gpcode?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Gpcode is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Gpcode Symptoms:

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Sexy.Hot Dialer

How To Remove Sexy.Hot?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Sexy.Hot is dangerous virus:
A Dialer Program is a program that
uses the computer's modem to dial telephone numbers,
often without the user's knowledge and consent.


Sexy.Hot Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

DyFuCa Internet Optimizer Adware

How To Remove DyFuCa Internet Optimizer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
DyFuCa Internet Optimizer is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


DyFuCa Internet Optimizer Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

MalwareMonitor Ransomware

How To Remove MalwareMonitor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
MalwareMonitor is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe such software,
although the field known as cryptovirology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching
a specially crafted file/program to an e-mail message and sending this to the victim.

If the victim opens/executes the attachment, the program encrypts
a number of files on the victim's computer. A ransom note is then left behind for the victim.

The victim will be unable to open the encrypted files without the correct decryption key.
Once the ransom demanded in the ransom note is paid, the cracker may (or may not)
send the decryption key, enabling decryption of the "kidnapped" files.


MalwareMonitor Symptoms:

Files:
[%DESKTOP%]\MalwareMonitor.lnk
[%DESKTOP%]\MalwareMonitorSetup.exe
[%DESKTOP%]\MalwareMonitor.lnk
[%DESKTOP%]\MalwareMonitorSetup.exe

Folders:
[%PROGRAMS%]\MalwareMonitor
[%PROGRAM_FILES%]\MalwareMonitor

Registry Keys:
HKEY_CURRENT_USER\software\malwaremonitor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwaremonitor

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Meredrop Trojan

How To Remove Meredrop?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Meredrop is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Meredrop It also known as:

[Kaspersky]Hoax.Win32.Agent.b;
[Other]ErrorSafe,Trojan:Win32/Meredrop

Meredrop Symptoms:

Files:
[%PROGRAM_FILES%]\WinMsg\uinst.exe
[%PROGRAM_FILES%]\WinMsg\uinst.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

SillyDl.AQZ Trojan

How To Remove SillyDl.AQZ?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SillyDl.AQZ is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


SillyDl.AQZ It also known as:

[Kaspersky]Trojan-Downloader.Win32.Agent.xv;
[McAfee]Downloader-AGM;
[Other]Downloader.Trojan,Troj/DownLdr-IO

SillyDl.AQZ Symptoms:

Files:
[%PROFILE_TEMP%]\mdm.exe
[%PROFILE_TEMP%]\mdm.ex
[%PROFILE_TEMP%]\mdm.exe
[%PROFILE_TEMP%]\mdm.ex


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

CWS.PayForTraffic.net BHO

How To Remove CWS.PayForTraffic.net?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CWS.PayForTraffic.net is dangerous virus:
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.


CWS.PayForTraffic.net Symptoms:

Files:
[%SYSTEM%]\msole.dll
[%WINDOWS%]\system\msole.dll
[%SYSTEM%]\msole.dll
[%WINDOWS%]\system\msole.dll

Registry Keys:
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98dbbf16-ca43-4c33-be80-99e6694468a4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

MyNetProtector Trojan

How To Remove MyNetProtector?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
MyNetProtector is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



MyNetProtector Symptoms:

Files:
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe
[%DESKTOP%]\mnpantispy.lnk
[%DESKTOP%]\mnpassetup001.exe
[%PROGRAMS%]\mnpantispy.lnk
[%SYSTEM%]\bnssys32.exe
[%SYSTEM%]\mnpasuninstall.exe
[%SYSTEM%]\nssys32.exe

Folders:
[%PROGRAM_FILES%]\mnpantispy

Registry Keys:
HKEY_CURRENT_USER\software\mnpantispy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mnpantispy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Refikey Downloader

How To Remove Refikey?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Refikey is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Refikey It also known as:

[Kaspersky]Trojan-Downloader.Win32.Small.dwc;
[McAfee]Generic Downloader;
[Other]Downloader.Trojan,TrojanDownloader:Win32/Small!B129

Refikey Symptoms:

Files:
[%PROGRAM_FILES_COMMON%]\commgr32.dll
[%PROGRAM_FILES_COMMON%]\commgr32.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

LolaWeb.Winhost Trojan

How To Remove LolaWeb.Winhost?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
LolaWeb.Winhost is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


LolaWeb.Winhost Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Paq.Keylog.Common.Components Spyware

How To Remove Paq.Keylog.Common.Components?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Paq.Keylog.Common.Components is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to intercept or take partial control over the user's interaction
with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior,
the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.

Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


Paq.Keylog.Common.Components Symptoms:

Files:
[%DESKTOP%]\Paq Keylog.lnk
[%DESKTOP%]\Paq Keylog.lnk

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\paq keylog_is1


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrojanDownloader.Win32.Lalus Trojan

How To Remove TrojanDownloader.Win32.Lalus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
TrojanDownloader.Win32.Lalus is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


TrojanDownloader.Win32.Lalus It also known as:

[Panda]Adware/DownloadPlus,Trj/Ratwu.B

TrojanDownloader.Win32.Lalus Symptoms:

Files:
[%PROFILE_TEMP%]\msgcenter_lminv1.exe
[%PROFILE_TEMP%]\msgcenter_lminv1.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Webmoner Spyware

How To Remove Webmoner?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Webmoner is dangerous virus:
Spyware is computer software that is installed surreptitiously on a personal computer
to with the computer, without the user's informed consent.


Webmoner Symptoms:

Registry Keys:
HKEY_CURRENT_USER\software\nirsoft\mailpassview


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Hacker.ag Adware

How To Remove Hacker.ag?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Hacker.ag is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Hacker.ag Symptoms:

Files:
[%WINDOWS%]\coder.ini
[%WINDOWS%]\coder.ini


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

KaZaA Worm

How To Remove KaZaA?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
KaZaA is dangerous virus:
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.



KaZaA It also known as:

[Panda]Adware/BrilliantDigital,Adware/Medload,Adware/TopMoxie

KaZaA Symptoms:

Files:
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Launch Kazaa.lnk
[%DESKTOP%]\kazaa media desktop.lnk
[%DESKTOP%]\kazaa promotions.url
[%DESKTOP%]\kazaa shop.lnk
[%DESKTOP%]\kazaa shop.url
[%DESKTOP%]\Kazaa.lnk
[%DESKTOP%]\kazaalite.lnk
[%DESKTOP%]\kazaa_setup.exe
[%DESKTOP%]\kazza.lnk
[%DESKTOP%]\kli.lnk
[%DESKTOP%]\kza.lnk
[%DESKTOP%]\my shared folder.lnk
[%DESKTOP%]\my shared folder.url
[%DESKTOP%]\play poker now!.lnk
[%DESKTOP%]\your free casino chips!.lnk
[%PROFILE%]\administrator\start menu\programs\altnet\peer points manager.lnk
[%PROFILE_TEMP%]\altnet\adm25.dll
[%PROFILE_TEMP%]\altnet\admdata.dll
[%PROFILE_TEMP%]\altnet\admdloader.dll
[%PROFILE_TEMP%]\altnet\admfdi.dll
[%PROFILE_TEMP%]\altnet\atl.dll
[%PROFILE_TEMP%]\altnet\msvcirt.dll
[%PROFILE_TEMP%]\altnet\setup.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROGRAMS%]\kazaa media desktop\kazaa media desktop.lnk
[%PROGRAMS%]\kazaa.lnk
[%PROGRAMS%]\kazaaliyr.lnk
[%PROGRAMS%]\kza.lnk
[%SYSTEM%]\bifq5x5n.exe
[%SYSTEM%]\cd_clint.dll
[%SYSTEM%]\irqy.exe
[%SYSTEM%]\marshal.dll
[%SYSTEM%]\p2p networking v125.cpl
[%SYSTEM%]\p2pnetworking.exe
[%WINDOWS%]\cache371\b_371_0_1_586300.htm
[%WINDOWS%]\cache371\b_371_0_1_589300.htm
[%WINDOWS%]\cache371\b_371_0_1_589500.htm
[%WINDOWS%]\cache371\b_371_0_1_589600.htm
[%WINDOWS%]\cache371\b_371_0_1_591900.htm
[%WINDOWS%]\cache371\b_371_0_1_592000.htm
[%WINDOWS%]\cache371\b_371_0_1_592200.htm
[%WINDOWS%]\cache371\b_371_0_1_646000.htm
[%WINDOWS%]\cache371\b_371_0_1_648100.htm
[%WINDOWS%]\cache371\b_371_0_1_664000.htm
[%WINDOWS%]\cache371\b_371_0_1_668500.htm
[%WINDOWS%]\cache371\b_371_0_1_737400.htm
[%WINDOWS%]\cache371\b_371_0_1_775900.htm
[%WINDOWS%]\cache371\b_371_0_1_794100.htm
[%WINDOWS%]\cache371\b_371_2_1_536000.htm
[%WINDOWS%]\cache371\b_371_2_1_566600.htm
[%WINDOWS%]\cache371\b_371_2_1_567900.htm
[%WINDOWS%]\cache371\b_371_2_1_574200.htm
[%WINDOWS%]\cache371\b_371_2_1_576200.htm
[%WINDOWS%]\cache371\b_371_2_1_577800.htm
[%WINDOWS%]\cache371\b_371_2_1_593200.htm
[%WINDOWS%]\cache371\b_371_2_1_635400.htm
[%WINDOWS%]\cache371\b_371_2_1_649800.htm
[%WINDOWS%]\cache371\b_371_2_1_655600.htm
[%WINDOWS%]\cache371\b_371_2_1_662100.htm
[%WINDOWS%]\cache371\b_371_2_1_663900.htm
[%WINDOWS%]\cache371\b_371_2_1_667100.htm
[%WINDOWS%]\cache371\b_371_2_1_738900.htm
[%WINDOWS%]\cache371\b_371_2_1_739900.htm
[%WINDOWS%]\cache371\b_371_2_1_746100.htm
[%WINDOWS%]\cache371\b_371_2_1_755100.htm
[%WINDOWS%]\cache371\b_371_2_1_755600.htm
[%WINDOWS%]\cache371\b_371_2_1_756100.htm
[%WINDOWS%]\cache371\b_371_2_1_775400.htm
[%WINDOWS%]\cache371\b_371_2_1_777800.htm
[%WINDOWS%]\cache371\b_371_2_2_568100.htm
[%WINDOWS%]\cache371\b_371_2_2_570100.htm
[%WINDOWS%]\cache371\b_371_2_2_572300.htm
[%WINDOWS%]\cache371\b_371_2_2_573900.htm
[%WINDOWS%]\cache371\b_371_2_2_576000.htm
[%WINDOWS%]\cache371\b_371_2_2_649600.htm
[%WINDOWS%]\cache371\b_371_2_2_703900.htm
[%WINDOWS%]\cache371\b_371_2_2_712000.htm
[%WINDOWS%]\cache371\b_371_2_2_730800.htm
[%WINDOWS%]\cache371\b_371_2_2_731300.htm
[%WINDOWS%]\cache371\b_371_2_2_778600.htm
[%WINDOWS%]\cache371\b_371_2_3_519700.htm
[%WINDOWS%]\cache371\b_371_2_3_532200.htm
[%WINDOWS%]\cache371\b_371_2_3_558300.htm
[%WINDOWS%]\cache371\b_371_2_3_563900.htm
[%WINDOWS%]\cache371\b_371_2_3_588100.htm
[%WINDOWS%]\cache371\b_371_2_3_642300.htm
[%WINDOWS%]\cache371\b_371_2_3_670700.htm
[%WINDOWS%]\cache371\b_371_2_3_679500.htm
[%WINDOWS%]\cache371\b_371_2_3_778600.htm
[%WINDOWS%]\cache371\b_500600.htm
[%WINDOWS%]\cache371\b_501000.htm
[%WINDOWS%]\cache371\b_525900.htm
[%WINDOWS%]\cache371\b_604700.htm
[%WINDOWS%]\cache371\b_605600.htm
[%WINDOWS%]\cache371\b_605800.htm
[%WINDOWS%]\cache371\b_647400.htm
[%WINDOWS%]\cache371\b_647800.htm
[%WINDOWS%]\cache371\b_670300.htm
[%WINDOWS%]\cache371\b_727700.htm
[%WINDOWS%]\cache371\b_743700.htm
[%WINDOWS%]\cache371\b_753400.htm
[%WINDOWS%]\cache371\b_754300.htm
[%WINDOWS%]\cache371\b_775700.htm
[%WINDOWS%]\cache371\b_790700.htm
[%WINDOWS%]\cache371\t_b_371_0_1_591900.htm
[%WINDOWS%]\cache371\t_b_371_0_1_592000.htm
[%WINDOWS%]\cache371\t_b_371_0_1_592200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_574200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_576200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_635400.htm
[%WINDOWS%]\cache371\t_b_371_2_1_662100.htm
[%WINDOWS%]\cache371\t_b_371_2_1_775400.htm
[%WINDOWS%]\cache371\t_b_371_2_2_712000.htm
[%WINDOWS%]\cache371\t_b_371_2_2_778600.htm
[%WINDOWS%]\cache371\t_b_371_2_3_558300.htm
[%WINDOWS%]\cache371\t_b_371_2_3_642300.htm
[%WINDOWS%]\cache371\t_b_500600.htm
[%WINDOWS%]\cache371\t_b_525900.htm
[%WINDOWS%]\cache371\t_b_604700.htm
[%WINDOWS%]\cache371\t_b_647400.htm
[%WINDOWS%]\cache371\t_b_647800.htm
[%WINDOWS%]\cache371\t_b_670300.htm
[%WINDOWS%]\cache371\t_b_727700.htm
[%WINDOWS%]\cache371\t_b_743700.htm
[%WINDOWS%]\cache371\t_b_753400.htm
[%WINDOWS%]\cache371\t_b_754300.htm
[%WINDOWS%]\cache371\t_b_775700.htm
[%WINDOWS%]\cache371\t_b_790700.htm
[%APPDATA%]\Microsoft\Internet Explorer\Quick Launch\Launch Kazaa.lnk
[%DESKTOP%]\kazaa media desktop.lnk
[%DESKTOP%]\kazaa promotions.url
[%DESKTOP%]\kazaa shop.lnk
[%DESKTOP%]\kazaa shop.url
[%DESKTOP%]\Kazaa.lnk
[%DESKTOP%]\kazaalite.lnk
[%DESKTOP%]\kazaa_setup.exe
[%DESKTOP%]\kazza.lnk
[%DESKTOP%]\kli.lnk
[%DESKTOP%]\kza.lnk
[%DESKTOP%]\my shared folder.lnk
[%DESKTOP%]\my shared folder.url
[%DESKTOP%]\play poker now!.lnk
[%DESKTOP%]\your free casino chips!.lnk
[%PROFILE%]\administrator\start menu\programs\altnet\peer points manager.lnk
[%PROFILE_TEMP%]\altnet\adm25.dll
[%PROFILE_TEMP%]\altnet\admdata.dll
[%PROFILE_TEMP%]\altnet\admdloader.dll
[%PROFILE_TEMP%]\altnet\admfdi.dll
[%PROFILE_TEMP%]\altnet\atl.dll
[%PROFILE_TEMP%]\altnet\msvcirt.dll
[%PROFILE_TEMP%]\altnet\setup.exe
[%PROFILE_TEMP%]\p2psetup.exe
[%PROGRAMS%]\kazaa media desktop\kazaa media desktop.lnk
[%PROGRAMS%]\kazaa.lnk
[%PROGRAMS%]\kazaaliyr.lnk
[%PROGRAMS%]\kza.lnk
[%SYSTEM%]\bifq5x5n.exe
[%SYSTEM%]\cd_clint.dll
[%SYSTEM%]\irqy.exe
[%SYSTEM%]\marshal.dll
[%SYSTEM%]\p2p networking v125.cpl
[%SYSTEM%]\p2pnetworking.exe
[%WINDOWS%]\cache371\b_371_0_1_586300.htm
[%WINDOWS%]\cache371\b_371_0_1_589300.htm
[%WINDOWS%]\cache371\b_371_0_1_589500.htm
[%WINDOWS%]\cache371\b_371_0_1_589600.htm
[%WINDOWS%]\cache371\b_371_0_1_591900.htm
[%WINDOWS%]\cache371\b_371_0_1_592000.htm
[%WINDOWS%]\cache371\b_371_0_1_592200.htm
[%WINDOWS%]\cache371\b_371_0_1_646000.htm
[%WINDOWS%]\cache371\b_371_0_1_648100.htm
[%WINDOWS%]\cache371\b_371_0_1_664000.htm
[%WINDOWS%]\cache371\b_371_0_1_668500.htm
[%WINDOWS%]\cache371\b_371_0_1_737400.htm
[%WINDOWS%]\cache371\b_371_0_1_775900.htm
[%WINDOWS%]\cache371\b_371_0_1_794100.htm
[%WINDOWS%]\cache371\b_371_2_1_536000.htm
[%WINDOWS%]\cache371\b_371_2_1_566600.htm
[%WINDOWS%]\cache371\b_371_2_1_567900.htm
[%WINDOWS%]\cache371\b_371_2_1_574200.htm
[%WINDOWS%]\cache371\b_371_2_1_576200.htm
[%WINDOWS%]\cache371\b_371_2_1_577800.htm
[%WINDOWS%]\cache371\b_371_2_1_593200.htm
[%WINDOWS%]\cache371\b_371_2_1_635400.htm
[%WINDOWS%]\cache371\b_371_2_1_649800.htm
[%WINDOWS%]\cache371\b_371_2_1_655600.htm
[%WINDOWS%]\cache371\b_371_2_1_662100.htm
[%WINDOWS%]\cache371\b_371_2_1_663900.htm
[%WINDOWS%]\cache371\b_371_2_1_667100.htm
[%WINDOWS%]\cache371\b_371_2_1_738900.htm
[%WINDOWS%]\cache371\b_371_2_1_739900.htm
[%WINDOWS%]\cache371\b_371_2_1_746100.htm
[%WINDOWS%]\cache371\b_371_2_1_755100.htm
[%WINDOWS%]\cache371\b_371_2_1_755600.htm
[%WINDOWS%]\cache371\b_371_2_1_756100.htm
[%WINDOWS%]\cache371\b_371_2_1_775400.htm
[%WINDOWS%]\cache371\b_371_2_1_777800.htm
[%WINDOWS%]\cache371\b_371_2_2_568100.htm
[%WINDOWS%]\cache371\b_371_2_2_570100.htm
[%WINDOWS%]\cache371\b_371_2_2_572300.htm
[%WINDOWS%]\cache371\b_371_2_2_573900.htm
[%WINDOWS%]\cache371\b_371_2_2_576000.htm
[%WINDOWS%]\cache371\b_371_2_2_649600.htm
[%WINDOWS%]\cache371\b_371_2_2_703900.htm
[%WINDOWS%]\cache371\b_371_2_2_712000.htm
[%WINDOWS%]\cache371\b_371_2_2_730800.htm
[%WINDOWS%]\cache371\b_371_2_2_731300.htm
[%WINDOWS%]\cache371\b_371_2_2_778600.htm
[%WINDOWS%]\cache371\b_371_2_3_519700.htm
[%WINDOWS%]\cache371\b_371_2_3_532200.htm
[%WINDOWS%]\cache371\b_371_2_3_558300.htm
[%WINDOWS%]\cache371\b_371_2_3_563900.htm
[%WINDOWS%]\cache371\b_371_2_3_588100.htm
[%WINDOWS%]\cache371\b_371_2_3_642300.htm
[%WINDOWS%]\cache371\b_371_2_3_670700.htm
[%WINDOWS%]\cache371\b_371_2_3_679500.htm
[%WINDOWS%]\cache371\b_371_2_3_778600.htm
[%WINDOWS%]\cache371\b_500600.htm
[%WINDOWS%]\cache371\b_501000.htm
[%WINDOWS%]\cache371\b_525900.htm
[%WINDOWS%]\cache371\b_604700.htm
[%WINDOWS%]\cache371\b_605600.htm
[%WINDOWS%]\cache371\b_605800.htm
[%WINDOWS%]\cache371\b_647400.htm
[%WINDOWS%]\cache371\b_647800.htm
[%WINDOWS%]\cache371\b_670300.htm
[%WINDOWS%]\cache371\b_727700.htm
[%WINDOWS%]\cache371\b_743700.htm
[%WINDOWS%]\cache371\b_753400.htm
[%WINDOWS%]\cache371\b_754300.htm
[%WINDOWS%]\cache371\b_775700.htm
[%WINDOWS%]\cache371\b_790700.htm
[%WINDOWS%]\cache371\t_b_371_0_1_591900.htm
[%WINDOWS%]\cache371\t_b_371_0_1_592000.htm
[%WINDOWS%]\cache371\t_b_371_0_1_592200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_574200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_576200.htm
[%WINDOWS%]\cache371\t_b_371_2_1_635400.htm
[%WINDOWS%]\cache371\t_b_371_2_1_662100.htm
[%WINDOWS%]\cache371\t_b_371_2_1_775400.htm
[%WINDOWS%]\cache371\t_b_371_2_2_712000.htm
[%WINDOWS%]\cache371\t_b_371_2_2_778600.htm
[%WINDOWS%]\cache371\t_b_371_2_3_558300.htm
[%WINDOWS%]\cache371\t_b_371_2_3_642300.htm
[%WINDOWS%]\cache371\t_b_500600.htm
[%WINDOWS%]\cache371\t_b_525900.htm
[%WINDOWS%]\cache371\t_b_604700.htm
[%WINDOWS%]\cache371\t_b_647400.htm
[%WINDOWS%]\cache371\t_b_647800.htm
[%WINDOWS%]\cache371\t_b_670300.htm
[%WINDOWS%]\cache371\t_b_727700.htm
[%WINDOWS%]\cache371\t_b_743700.htm
[%WINDOWS%]\cache371\t_b_753400.htm
[%WINDOWS%]\cache371\t_b_754300.htm
[%WINDOWS%]\cache371\t_b_775700.htm
[%WINDOWS%]\cache371\t_b_790700.htm

Folders:
[%PROFILE%]\start menu\programs\kazaa media desktop
[%PROFILE_TEMP%]\admcache
[%PROGRAMS%]\kazaa
[%PROGRAM_FILES%]\kazaa
[%WINDOWS%]\browserxtras\pn
[%WINDOWS%]\cache329

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_CLASSES_ROOT\clsid\{726c99d0-50c5-404f-9efd-7b2834dfed50}
HKEY_CLASSES_ROOT\clsid\{f78b32d6-d6d8-4137-a18f-91ebe1a4aedb}
HKEY_CURRENT_USER\software\kazaa
HKEY_CURRENT_USER\software\kazaa tmp 0
HKEY_LOCAL_MACHINE\software\classes\adm.adm
HKEY_LOCAL_MACHINE\software\classes\adm.adm.1
HKEY_LOCAL_MACHINE\software\classes\adm25.adm25
HKEY_LOCAL_MACHINE\software\classes\adm25.adm25.1
HKEY_LOCAL_MACHINE\software\classes\adm4.adm4
HKEY_LOCAL_MACHINE\software\classes\adm4.adm4.1
HKEY_LOCAL_MACHINE\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}
HKEY_LOCAL_MACHINE\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}
HKEY_LOCAL_MACHINE\software\classes\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
HKEY_LOCAL_MACHINE\software\classes\clsid\{c91e8926-d4be-4685-99f4-0d996b96bac0}
HKEY_LOCAL_MACHINE\software\classes\jcde_stack
HKEY_LOCAL_MACHINE\software\classes\jcde_stack.1
HKEY_LOCAL_MACHINE\software\classes\signingmodule.signingmodule
HKEY_LOCAL_MACHINE\software\classes\signingmodule.signingmodule.1
HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer
HKEY_LOCAL_MACHINE\software\classes\webp2pinstaller.installer.1
HKEY_LOCAL_MACHINE\software\kazaa
HKEY_LOCAL_MACHINE\software\lcaleb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kazaa
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\kza
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\p2p networking
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kazaa
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kli
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kza
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{01083175-01cc-42aa-9090-81dd0f88f28f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{38c76428-6c9c-4cc6-b747-3ab6a4770225}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{726c99d0-50c5-404f-9efd-7b2834dfed50}
HKEY_LOCAL_MACHINE\software\sharman networks ltd

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{548d52a1-5620-4c11-8fa7-b95404fd9fcd}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

WebD Trojan

How To Remove WebD?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
WebD is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


WebD Symptoms:

Files:
[%WINDOWS%]\webd.exe
[%WINDOWS%]\webd.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Swaptor Worm

How To Remove Swaptor?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Swaptor is dangerous virus:
Worms can be classified by installation method, launch method and finally according
to characteristics standard to all malware: polymorphism, stealth etc.

Many of the worms which managed to cause significant outbreaks use more then
one propagation method as well as more than one infection technique.



Swaptor Symptoms:

Files:
[%PROGRAMS%]\swaptor\swaptor.lnk
[%PROGRAMS%]\swaptor\swaptor.lnk

Folders:
[%DESKTOP%]\swaptor.lnk
[%PROFILE%]\start menu\programs\swaptor
[%PROGRAM_FILES%]\swaptor

Registry Keys:
HKEY_CURRENT_USER\software\filenavigator_26
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\swaptor
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\swaptor
HKEY_LOCAL_MACHINE\software\swaptor
HKEY_LOCAL_MACHINE\software\wise solutions\wise installation system\repair\[%PROGRAM_FILES%]\swaptor\install.log


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

FixThemNow Ransomware

How To Remove FixThemNow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
FixThemNow is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".


FixThemNow Symptoms:

Files:
[%DESKTOP%]\FixThemNow.lnk
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\settings.ini
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.exe
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.len
[%DESKTOP%]\FixThemNow.lnk
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\settings.ini
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.exe
[%PROFILE_TEMP%]\NI.UGES_0001_N122M2111\setup.len

Folders:
[%APPDATA%]\fixthemnow\Data
[%COMMON_PROGRAMS%]\FixThemNow
[%PROGRAM_FILES%]\FixThemNow
[%PROGRAM_FILES_COMMON%]\FixThemNow

Registry Keys:
HKEY_CURRENT_USER\software\fixthemnow

Registry Values:
HKEY_LOCAL_MACHINE\software\fixthemnow
HKEY_LOCAL_MACHINE\software\fixthemnow
HKEY_LOCAL_MACHINE\software\fixthemnow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Exploider Adware

How To Remove Exploider?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Exploider is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Exploider Symptoms:

Files:
[%WINDOWS%]\shchost.exe
[%WINDOWS%]\shchost.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

SearchPack Adware

How To Remove SearchPack?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SearchPack is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


SearchPack Symptoms:

Files:
[%PROGRAM_FILES%]\SPack\SearchWebUpdater.exe
[%PROGRAM_FILES%]\SPack\SearchWebUpdater.exe

Folders:
[%PROGRAM_FILES%]\SPack

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{B7DB0D67-19DB-4999-A9B7-70012FB7A573}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7DB0D67-19DB-4999-A9B7-70012FB7A573}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

ElitemediaPop Adware

How To Remove ElitemediaPop?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ElitemediaPop is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


ElitemediaPop Symptoms:

Files:
[%WINDOWS%]\unstall.exe
[%WINDOWS%]\unstall.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Trojan Guarder Gold Adware

How To Remove Trojan Guarder Gold?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Trojan Guarder Gold is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



Trojan Guarder Gold Symptoms:

Files:
[%COMMON_STARTUP%]\Trojan Guarder Gold Version.lnk
[%COMMON_STARTUP%]\Trojan Guarder Gold Version.lnk

Folders:
[%PROGRAM_FILES%]\Trojan Guarder Gold Version


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

TrojanDownloader.Win32.Turown Hijacker

How To Remove TrojanDownloader.Win32.Turown?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
TrojanDownloader.Win32.Turown is dangerous virus:
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


TrojanDownloader.Win32.Turown It also known as:

[Kaspersky]TrojanDownloader.Win32.Turown.c;
[Panda]Adware/IEDriver;
[Computer Associates]Win32.Startpage.AY,Win32.Startpage.JK!downloader,Win32/SearchBar.A!Trojan,Win32/SearchBar.sb!Downloader

TrojanDownloader.Win32.Turown Symptoms:

Files:
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\vi.tty
[%SYSTEM%]\sub.dll
[%PROFILE_TEMP%]\ckz3f3b55cc\Files\vi.tty
[%SYSTEM%]\sub.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Quick.Launch Spyware

How To Remove Quick.Launch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Quick.Launch is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


Quick.Launch Symptoms:

Files:
[%DESKTOP%]\Quick Launch.lnk
[%DESKTOP%]\Quick Launch.lnk

Folders:
[%PROGRAM_FILES%]\Quick Launch
[%PROGRAMS%]\Quick Launch

Registry Keys:
HKEY_CURRENT_USER\software\local appwizard-generated applications\keystroke
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\quick launch shortcut_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Delf Trojan

How To Remove Delf?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Delf is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
DoS trojans conduct attacks from a single computer with the consent of the user.


Delf It also known as:

[Kaspersky]Backdoor.Delf.u,Backdoor.Delf.k,Trojan-Clicker.Win32.Delf.ha,Trojan-Clicker.Win32.Delf.gw,Trojan-Dropper.Win32.Delf.gd,Trojan-PWS.Win32.Delf.lc,Trojan-Spy.Win32.Delf.nt,Trojan-Downloader.Win32.Delf.kc,Trojan-Downloader.Win32.Delf.vm,Trojan-PSW.Win32.Delf.qx,Trojan-Dropper.Win32.Delf.aea,Trojan-Downloader.Win32.Delf.axx,Trojan-Downloader.Win32.Delf.bge,Backdoor.Win32.Delf.aom,Trojan-Downloader.Win32.Delf.cty,Trojan.Generic;
[Eset]Win32/Delf.GR trojan,Win32/Netso.A trojan,Win32/Delf.GE trojan,Win32/Delf.IF trojan,Win32/Delf.JO trojan,Win32/Delf.AJ trojan,Win32/Delf.IU trojan,Win32/Delf.AB trojan,Win32/Delf.G trojan,Win32/Delf.I trojan,Win32/Delf.J trojan,Win32/Delf.L trojan,Win32/Delf.CO trojan;
[McAfee]BackDoor-SY,The-CID,BackDoor-ARR.dr,Downloader-AWI,Generic Downloader.c,Generic PWS,Generic BackDoor;
[F-Prot]security risk or a "backdoor" program,W32/Dropper.WJ,W32/Downloader2.DUS,W32/Dropper.EMO,W32/Downloader.CFYE,W32/Downldr2.AIIS;
[Panda]Backdoor Program,Bck/Delf.K,Backdoor Program.LC,Trojan Horse.LC,Trj/Delf.T,Trj/Downloader.JE,Trojan Horse,Trj/PSW.Delf.D.dll,Trj/PSW.Delf,Trj/PSW.Delf.b,Trj/Lineage.DNW;
[Computer Associates]Backdoor/Carved,Win32.Carved,Backdoor/Delf.K,Backdoor/Delf.GR,Backdoor/Delf.gr!Server,Backdoor/Delf.GU,Backdoor/Delf.GZ,Backdoor/Delf.GE!Server,Backdoor/Delf,Backdoor/Delf!Server,Backdoor/Delf.JQ,Win32/Delf.AM!Trojan,Win32/Delf.AJ!Trojan,Win32/Delf.AK!Trojan,Win32/Delf.m!Spy!Trojan,Win32/Delf.AL!Downloader,Backdoor/Delf.IU,Win32/Delf.BB!PWS!Trojan,Backdoor/Delf.AB,Backdoor/Delf.g,Backdoor/Delf.i,Backdoor/Delf.j,Backdoor/Delf.JP,Win32/Delf.D!PWS!Trojan,Win32/Delf.V!Trojan,Win32/Delf.t!Spy!Trojan,Win32/Delf.O!PWS!Trojan,Backdoor/Delf.l,Win32/Delf.AI!PWS!Trojan,Win32/Delf.B!PWS!Trojan,Win32/Delf.V!Joiner,Backdoor/Delf.A,Win32.Mite,Win32/Notifier.Delf.d!Trojan;
[Other]-Managers DEMO,W32/DLoader.BJEV,Troj/Delf-DXK,Generic Delphi,Troj/Delf-DVK,W32/Delf.LWF,W32/Delf.NJJ,W32/Delf.AFFJ,W32/DLoader.OKP,W32/Delf.AHPH,Trojan:Win32/Delf.B,TROJ_DELF.GUE,Trojan.Dropper,Troj/Maran-Gen,Downloader.Delf.bge,W32/Malware.LYY,TROJ_DELF.EYN,W32/Delf.AIAY,Backdoor.Trojan,W32/Delf.AZWL.dropper,Mal/DelpDldr-B,W32.Pifio,TROJ_DELF.NPF,W32/Malware

Delf Symptoms:

Files:
[%SYSTEM%]\kf1media.dll
[%SYSTEM%]\pathname.dll
[%WINDOWS%]\crat.dll
[%PROFILE_TEMP%]\cy.dll
[%PROFILE_TEMP%]\cy.exe
[%PROFILE_TEMP%]\Haif1-20.jpg
[%PROFILE_TEMP%]\MyPic.exe
[%PROFILE_TEMP%]\RAVWM.EXE
[%PROFILE_TEMP%]\wmptool.exe
[%SYSTEM%]\DirectX10.dll
[%SYSTEM%]\drivers\8761CCDC.sys
[%SYSTEM%]\gdmoyi32.dll
[%SYSTEM%]\gdmsi32.dll
[%SYSTEM%]\gdwli32.dll
[%SYSTEM%]\hursax.dll
[%SYSTEM%]\kawdeaz.exe
[%SYSTEM%]\kawdezy.dll
[%SYSTEM%]\KVBatch01.dll
[%SYSTEM%]\kvdxjis.exe
[%SYSTEM%]\kvdxjma.dll
[%SYSTEM%]\kvdxsiis.exe
[%SYSTEM%]\kvdxsima.dll
[%SYSTEM%]\pathname.exe
[%SYSTEM%]\ratbjpi.dll
[%SYSTEM%]\ratbjtl.exe
[%SYSTEM%]\RAVWM429.dll
[%SYSTEM%]\sidjdaz.exe
[%SYSTEM%]\sidjdzy.dll
[%SYSTEM%]\videodevice.dll
[%SYSTEM%]\ziouhx.dll
[%WINDOWS%]\49400WL.DLL
[%WINDOWS%]\Fonts\ardaase.fon
[%WINDOWS%]\Fonts\ardasase.fon
[%WINDOWS%]\Fonts\cadaafx.fon
[%WINDOWS%]\Fonts\chtiaur.fon
[%WINDOWS%]\Fonts\enweafx.fon
[%WINDOWS%]\Fonts\kawdecs.dll
[%WINDOWS%]\Fonts\kvdxjcf.dll
[%WINDOWS%]\Fonts\kvdxsicf.dll
[%WINDOWS%]\Fonts\ratbjni.dll
[%WINDOWS%]\Fonts\sidjdcs.dll
[%WINDOWS%]\videoarchivio[1].exe
[%WINDOWS%]\wmptool.exe
[%SYSTEM%]\kf1media.dll
[%SYSTEM%]\pathname.dll
[%WINDOWS%]\crat.dll
[%PROFILE_TEMP%]\cy.dll
[%PROFILE_TEMP%]\cy.exe
[%PROFILE_TEMP%]\Haif1-20.jpg
[%PROFILE_TEMP%]\MyPic.exe
[%PROFILE_TEMP%]\RAVWM.EXE
[%PROFILE_TEMP%]\wmptool.exe
[%SYSTEM%]\DirectX10.dll
[%SYSTEM%]\drivers\8761CCDC.sys
[%SYSTEM%]\gdmoyi32.dll
[%SYSTEM%]\gdmsi32.dll
[%SYSTEM%]\gdwli32.dll
[%SYSTEM%]\hursax.dll
[%SYSTEM%]\kawdeaz.exe
[%SYSTEM%]\kawdezy.dll
[%SYSTEM%]\KVBatch01.dll
[%SYSTEM%]\kvdxjis.exe
[%SYSTEM%]\kvdxjma.dll
[%SYSTEM%]\kvdxsiis.exe
[%SYSTEM%]\kvdxsima.dll
[%SYSTEM%]\pathname.exe
[%SYSTEM%]\ratbjpi.dll
[%SYSTEM%]\ratbjtl.exe
[%SYSTEM%]\RAVWM429.dll
[%SYSTEM%]\sidjdaz.exe
[%SYSTEM%]\sidjdzy.dll
[%SYSTEM%]\videodevice.dll
[%SYSTEM%]\ziouhx.dll
[%WINDOWS%]\49400WL.DLL
[%WINDOWS%]\Fonts\ardaase.fon
[%WINDOWS%]\Fonts\ardasase.fon
[%WINDOWS%]\Fonts\cadaafx.fon
[%WINDOWS%]\Fonts\chtiaur.fon
[%WINDOWS%]\Fonts\enweafx.fon
[%WINDOWS%]\Fonts\kawdecs.dll
[%WINDOWS%]\Fonts\kvdxjcf.dll
[%WINDOWS%]\Fonts\kvdxsicf.dll
[%WINDOWS%]\Fonts\ratbjni.dll
[%WINDOWS%]\Fonts\sidjdcs.dll
[%WINDOWS%]\videoarchivio[1].exe
[%WINDOWS%]\wmptool.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_pcidown
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pcidown
HKEY_CLASSES_ROOT\clsid\{09f8a0eb-ed61-4714-b0ad-7eaff5361a8b}
HKEY_CLASSES_ROOT\clsid\{48847374-8323-fadc-b443-4732abcd3784}
HKEY_CLASSES_ROOT\clsid\{58907901-1416-3389-9981-372178569985}
HKEY_CLASSES_ROOT\clsid\{9d561258-45f3-a451-f908-a258458226d9}
HKEY_CLASSES_ROOT\clsid\{a12c8d43-ac10-4c17-9136-e3e2fc9b3d21}
HKEY_CLASSES_ROOT\clsid\{a6650011-3344-6688-4899-345fabcd156a}
HKEY_CLASSES_ROOT\clsid\{ac87a354-abc3-dede-ff33-3213fd7447ca}
HKEY_CLASSES_ROOT\clsid\{c51c4afb-8a3a-6c1e-ba41-c20f02940603}
HKEY_CLASSES_ROOT\clsid\{f2cea371-1442-4f42-900f-97c479f406db}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fad11f89-f11e-4a15-92fb-6f0edc4c8d59}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

RegistrySmart Ransomware

How To Remove RegistrySmart?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
RegistrySmart is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".


RegistrySmart Symptoms:

Files:
[%COMMON_DESKTOPDIRECTORY%]\RegistrySmart.lnk
[%DESKTOP%]\RegistrySmart.lnk
[%COMMON_DESKTOPDIRECTORY%]\RegistrySmart.lnk
[%DESKTOP%]\RegistrySmart.lnk

Folders:
[%APPDATA%]\RegistrySmart
[%COMMON_PROGRAMS%]\RegistrySmart
[%PROGRAMS%]\RegistrySmart
[%PROGRAM_FILES%]\RegistrySmart


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

GloboSearch Trojan

How To Remove GloboSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
GloboSearch is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


GloboSearch Symptoms:

Files:
[%SYSTEM%]\popup_bl.dll
[%SYSTEM%]\systr.dll
[%SYSTEM%]\popup_bl.dll
[%SYSTEM%]\systr.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{28f65fcb-d130-11d8-ba48-8be0c49af370}
HKEY_CLASSES_ROOT\clsid\{cf70455e-edc1-4067-b824-cd0314bc3b2e}
HKEY_CLASSES_ROOT\interface\{05aae5e5-47a1-4f65-8c32-8913ead54dbf}
HKEY_CLASSES_ROOT\interface\{28f65fca-d130-11d8-ba48-8be0c49af370}
HKEY_CLASSES_ROOT\interface\{a77bd0a1-a8fa-48c0-8fff-5a4ddcad4581}
HKEY_CLASSES_ROOT\popup_bl.bl
HKEY_CLASSES_ROOT\popup_bl.bl.1
HKEY_CLASSES_ROOT\popup_bl.onclick
HKEY_CLASSES_ROOT\popup_bl.onclick.1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28f65fcb-d130-11d8-ba48-8be0c49af370}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Farmmext Adware

How To Remove Farmmext?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Farmmext is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



Farmmext It also known as:

[Kaspersky]Trojan-Downloader.Win32.Stubby.c;
[Panda]Adware/IPInsight;
[Computer Associates]Win32.SillyDl.DG,Win32/SillyDl.69632!Trojan

Farmmext Symptoms:

Files:
[%PROFILE_TEMP%]\farmmext.inf
[%PROFILE_TEMP%]\THI11CA.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI11CA.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1276.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1276.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI12B9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI12B9.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI13B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI13B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1639.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1639.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI17A7.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI17A7.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI195B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI195B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1B0.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1B0.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1C40.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1C40.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1C48.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1C48.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2494.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2494.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2645.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2645.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI268E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI268E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI27B4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI27B4.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI280A.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI280A.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI29E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI29E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2C53.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2C53.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2C64.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2C64.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2CBD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2D04.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2D04.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2EF9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2F85.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2F85.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3064.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3064.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3271.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3271.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI354A.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI354A.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3574.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3574.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3807.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3807.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3843.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3843.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3C83.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3C83.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3D78.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3D78.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4007.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4007.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4072.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4072.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI417D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI417D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI418F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI418F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI41CB.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI41CB.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4261.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4261.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI43FD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI43FD.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4480.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4480.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI44E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI44E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4543.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4543.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI470F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI470F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI475D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI475D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4922.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4922.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4B42.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4D87.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4D87.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI501F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI501F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5193.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5193.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI53EE.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI53EE.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5C10.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5C10.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5C30.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5C30.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6021.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6021.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI608E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI608E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI62F6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI62F6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6346.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6346.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI66D7.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI670B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6763.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6763.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI67F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI681D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI681D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6B14.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6B14.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI71E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI71E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI71E9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI71E9.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7218.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7218.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7543.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7543.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7676.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7676.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI76D5.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI76D5.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI76F3.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI76F3.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7849.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7849.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI78BC.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI78BC.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7B67.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7B67.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7C25.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7C25.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7F49.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7F49.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIB3B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIB3B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIBCC.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIBCC.tmp\farmmext.ini
[%PROFILE_TEMP%]\THID4E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THID4E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIEB4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIEB4.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIFC4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIFC4.tmp\farmmext.ini
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\farmmext.inf
[%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.inf
[%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.ini
[%WINDOWS%]\farmmext.exe
[%WINDOWS%]\lastgood\farmmext.exe
[%WINDOWS%]\lastgood\farmmext.ini
[%PROFILE_TEMP%]\farmmext.inf
[%PROFILE_TEMP%]\THI11CA.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI11CA.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1276.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1276.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI12B9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI12B9.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI13B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI13B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1639.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1639.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI17A7.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI17A7.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI195B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI195B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1A7E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1B0.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1B0.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1B0E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1C40.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1C40.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1C48.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1C48.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI1EE1.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2494.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2494.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2645.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2645.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI268E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI268E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI27B4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI27B4.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI280A.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI280A.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI29E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI29E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2C53.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2C53.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2C64.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2C64.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2CBD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2D04.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2D04.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2EE6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI2EF9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2F85.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI2F85.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3064.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3064.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3271.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3271.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI354A.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI354A.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3574.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3574.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3807.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3807.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3843.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3843.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3C83.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3C83.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI3D78.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI3D78.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4007.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4007.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4072.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4072.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI417D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI417D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI418F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI418F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI41CB.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI41CB.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4261.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4261.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI43FD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI43FD.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4480.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4480.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI44E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI44E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4543.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4543.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI470F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI470F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI475D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI475D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4922.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4922.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI4B42.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4D87.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI4D87.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI501F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI501F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5193.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5193.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI53EE.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI53EE.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5B0D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5BDF.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5C10.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5C10.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5C30.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5C30.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5CBD.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5EA6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI5F2E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6021.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6021.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI608E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI608E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI62F6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI62F6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6346.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6346.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI66D7.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI670B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6763.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6763.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI67F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI67F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI681D.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI681D.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6A2F.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6ADE.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI6B14.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI6B14.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI71E6.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI71E6.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI71E9.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI71E9.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7218.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7218.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7543.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7543.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7676.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7676.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI76D5.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI76D5.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI76F3.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI76F3.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7849.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7849.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI78BC.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI78BC.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7B67.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7B67.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7C25.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7C25.tmp\farmmext.ini
[%PROFILE_TEMP%]\THI7F49.tmp\farmmext.inf
[%PROFILE_TEMP%]\THI7F49.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIB3B.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIB3B.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIBCC.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIBCC.tmp\farmmext.ini
[%PROFILE_TEMP%]\THID4E.tmp\farmmext.inf
[%PROFILE_TEMP%]\THID4E.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIEB4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIEB4.tmp\farmmext.ini
[%PROFILE_TEMP%]\THIFC4.tmp\farmmext.inf
[%PROFILE_TEMP%]\THIFC4.tmp\farmmext.ini
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\farmmext.inf
[%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.inf
[%PROFILE_TEMP%]\thi3dc7.tmp\farmmext.ini
[%WINDOWS%]\farmmext.exe
[%WINDOWS%]\lastgood\farmmext.exe
[%WINDOWS%]\lastgood\farmmext.ini

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

Small.bug Downloader

How To Remove Small.bug?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Small.bug is dangerous virus:
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Small.bug Symptoms:

Files:
[%SYSTEM%]\a1\rarndrll2.exe
[%SYSTEM%]\c3\dnslook11.exe
[%SYSTEM%]\f1\dnslook11.exe
[%SYSTEM%]\frd1\dnslook11.exe
[%SYSTEM%]\rev1\logidndr1.exe
[%WINDOWS%]\MTE3NDI6ODoxNg.exe
[%SYSTEM%]\a1\rarndrll2.exe
[%SYSTEM%]\c3\dnslook11.exe
[%SYSTEM%]\f1\dnslook11.exe
[%SYSTEM%]\frd1\dnslook11.exe
[%SYSTEM%]\rev1\logidndr1.exe
[%WINDOWS%]\MTE3NDI6ODoxNg.exe

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\software\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\software\policies


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

EXact.Advertising Adware

How To Remove EXact.Advertising?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
EXact.Advertising is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


EXact.Advertising Symptoms:

Files:
[%PROGRAM_FILES%]\NaviSearch\bin\nls.exe
[%SYSTEM%]\exclean.exe
[%SYSTEM%]\exdl.exe
[%SYSTEM%]\exdl1.exe
[%SYSTEM%]\FYI\uhoetaligi.dll
[%SYSTEM%]\FYI\uhoetaligi.exe
[%SYSTEM%]\mqexdlm.srg
[%SYSTEM%]\msbe.dll
[%SYSTEM%]\exdl0.exe
[%SYSTEM%]\exdl3.exe
[%SYSTEM%]\msxct.exe
[%WINDOWS%]\exdl.exe
[%WINDOWS%]\installer_siac.exe
[%PROGRAM_FILES%]\NaviSearch\bin\nls.exe
[%SYSTEM%]\exclean.exe
[%SYSTEM%]\exdl.exe
[%SYSTEM%]\exdl1.exe
[%SYSTEM%]\FYI\uhoetaligi.dll
[%SYSTEM%]\FYI\uhoetaligi.exe
[%SYSTEM%]\mqexdlm.srg
[%SYSTEM%]\msbe.dll
[%SYSTEM%]\exdl0.exe
[%SYSTEM%]\exdl3.exe
[%SYSTEM%]\msxct.exe
[%WINDOWS%]\exdl.exe
[%WINDOWS%]\installer_siac.exe

Registry Keys:
HKEY_CLASSES_ROOT\adp.urlcatcher
HKEY_CLASSES_ROOT\adp.urlcatcher.1
HKEY_CLASSES_ROOT\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}
HKEY_LOCAL_MACHINE\software\exactutil
HKEY_LOCAL_MACHINE\software\classes\clsid\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats: