Saturday, November 22, 2008

CWS.Yexe Hijacker

How To Remove CWS.Yexe?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CWS.Yexe is dangerous virus:
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.


CWS.Yexe Symptoms:

Files:
[%SYSTEM%]\services\y.exe
[%WINDOWS%]\system\services\1.00.07.dll
[%SYSTEM%]\services\y.exe
[%WINDOWS%]\system\services\1.00.07.dll

Folders:
[%WINDOWS%]\inet20001
[%WINDOWS%]\inet20009
[%WINDOWS%]\inet20056
[%WINDOWS%]\inet20080
[%WINDOWS%]\inet20087
[%WINDOWS%]\inet20091

Registry Keys:
HKEY_CLASSES_ROOT\interface\{f864100b-0250-43fb-ae95-f50c5537b178}
HKEY_CLASSES_ROOT\replace.hbo
HKEY_CLASSES_ROOT\replace.hbo.1
HKEY_CLASSES_ROOT\typelib\{516a36ea-afe2-4965-a492-b198b7f7b018}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
PCMonitor Spyware Cleaner
Virtumonde.by Adware Cleaner
PCB Trojan Removal
Removing CookieMonster Trojan
Remove Transponder Malware

CommonName.Internet.Keyword BHO

How To Remove CommonName.Internet.Keyword?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CommonName.Internet.Keyword is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


CommonName.Internet.Keyword It also known as:

[Panda]Spyware/CommonName

CommonName.Internet.Keyword Symptoms:

Files:
[%SYSTEM%]\inetmgr.ini
[%SYSTEM%]\inetmgr.ini

Registry Keys:
HKEY_LOCAL_MACHINE\software\internet keyword

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Hijack Worm Symptoms
Winbudget Adware Cleaner
Removing SrchUpdt Adware
Remove Best.search Adware
Removing WinHLP.generic Trojan

Backdoor.Spigot Backdoor

How To Remove Backdoor.Spigot?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Backdoor.Spigot is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.


Backdoor.Spigot It also known as:

[Kaspersky]Backdoor.G_Spot.20;
[McAfee]BackDoor-AAG;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Spigot.A;
[Computer Associates]Win32.Spotbot.20

Backdoor.Spigot Symptoms:

Registry Keys:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\ameopt
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\ameopt
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\kapabout


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove ZZB Toolbar
Rewzaq Trojan Removal
Mostrar Adware Removal instruction

AClient Adware

How To Remove AClient?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
AClient is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

AClient Symptoms:

Files:
[%SYSTEM%]\AClient.dll
[%SYSTEM%]\AClient.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{98B822AD-6BE7-49BC-B773-97240B774080}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B822AD-6BE7-49BC-B773-97240B774080}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
isize.com Tracking Cookie Information

Adware.SaveNow Adware

How To Remove Adware.SaveNow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Adware.SaveNow is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.

Adware.SaveNow It also known as:

[Kaspersky]TrojanDownloader.Win32.Swizzor.bf,TrojanDownloader.Win32.Swizzor.br;
[McAfee]Adware-SaveNow;
[Panda]Adware/Lop,Adware/SaveNow,Adware/WeatherCast

Adware.SaveNow Symptoms:

Files:
[%APPDATA%]\FoxieSpywareSwiftSweeper\file000080.dat
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\ndr112.tmp.html
[%PROFILE_TEMP%]\privacyurl.exe
[%PROFILE_TEMP%]\sentry.inf
[%PROFILE_TEMP%]\sentry.ini
[%PROFILE_TEMP%]\sepinst.exe
[%PROFILE_TEMP%]\$5D3B5432.t$m
[%PROFILE_TEMP%]\1.dll
[%PROFILE_TEMP%]\Cliprex_WhenUSave_InstallerInst.exe
[%PROFILE_TEMP%]\eantho~1.exe
[%PROFILE_TEMP%]\icd2.tmp\setup.inf
[%PROFILE_TEMP%]\m.dll
[%PROFILE_TEMP%]\ni.dll
[%PROFILE_TEMP%]\NoadwareBkupTemp\RunMSC.dll
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.bat
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.exe
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.ini
[%PROFILE_TEMP%]\omu.dll
[%PROFILE_TEMP%]\px.dll
[%PROFILE_TEMP%]\rn1f.htm
[%PROFILE_TEMP%]\saveinstwm.exe
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\temp.fr????\ACM.dll
[%PROFILE_TEMP%]\WildWinTracker.exe
[%PROFILE_TEMP%]\z.dll
[%PROFILE_TEMP%]\~dlfntmp1\index.html
[%PROFILE_TEMP%]\~dlfntmp2\index.html
[%PROFILE_TEMP%]\~dlfntmp3\index.html
[%PROFILE_TEMP%]\~dlfntmp4\index.html
[%PROFILE_TEMP%]\~dlfntmp5\index.html
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\DAEMON Tools\SetupDTSB.exe
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome.manifest
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\Iwhenu_ff.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.js
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\Save\ffext.mod
[%PROGRAM_FILES%]\Save\Save.exe
[%PROGRAM_FILES%]\Save\save.htm
[%PROGRAM_FILES%]\Save\SaveUninst.exe
[%PROGRAM_FILES%]\VVSN\VVSN.exe
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%PROGRAM_FILES%]\Windows Media Player\setup_wm.exe
[%SYSTEM%]\dllcache\setup_wm.exe
[%SYSTEM%]\iehelpermiddleman.dll
[%SYSTEM%]\IEHelperMiddleMan.tlb
[%SYSTEM%]\msimmsgr.dll
[%SYSTEM%]\msimnetc.dll
[%SYSTEM%]\Regicon.ocx
[%SYSTEM%]\utdns.dll
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
[%WINDOWS%]\ServicePackFiles\i386\setup_wm.exe
[%PROFILE%]\administrator\start menu\programs\whenusearch\whenusearch desktop toolbar.lnk
[%PROFILE%]\desktop\bonzibuddy.lnk
[%PROFILE%]\desktop\finish installing....lnk
[%PROFILE%]\locals~1\temp\iadhide3.dll
[%PROFILE%]\locals~1\temp\msview.inf
[%PROFILE%]\locals~1\temp\ndr112.tmp.html
[%PROFILE%]\locals~1\temp\privacyurl.exe
[%PROFILE%]\locals~1\temp\sentry.inf
[%PROFILE%]\locals~1\temp\sentry.ini
[%PROFILE%]\locals~1\temp\sepinst.exe
[%PROFILE_TEMP%]\0ehtyh2d.htm
[%PROFILE_TEMP%]\0jt87pl3.dll
[%PROFILE_TEMP%]\0l.dll
[%PROFILE_TEMP%]\0x6numrs.dll
[%PROFILE_TEMP%]\108b.html
[%PROFILE_TEMP%]\108f.html
[%PROFILE_TEMP%]\139b.html
[%PROFILE_TEMP%]\139f.html
[%PROFILE_TEMP%]\193tix.dll
[%PROFILE_TEMP%]\26cb489e.exe
[%PROFILE_TEMP%]\2hwct3u.dll
[%PROFILE_TEMP%]\2kudarvt.htm
[%PROFILE_TEMP%]\2ms.dll
[%PROFILE_TEMP%]\3g4rumy.dll
[%PROFILE_TEMP%]\3gigj.dll
[%PROFILE_TEMP%]\3s.dll
[%PROFILE_TEMP%]\4q.dll
[%PROFILE_TEMP%]\4yjnjx7op.dll
[%PROFILE_TEMP%]\57sc.dll
[%PROFILE_TEMP%]\5bp4qeaz.htm
[%PROFILE_TEMP%]\5lpvzu07.htm
[%PROFILE_TEMP%]\5nmek0x2.htm
[%PROFILE_TEMP%]\5tla41db.dll
[%PROFILE_TEMP%]\5vr5fawq.dll
[%PROFILE_TEMP%]\6d2bq.dll
[%PROFILE_TEMP%]\77b.html
[%PROFILE_TEMP%]\77f.html
[%PROFILE_TEMP%]\7bk.dll
[%PROFILE_TEMP%]\7e.dll
[%PROFILE_TEMP%]\7ibnw.dll
[%PROFILE_TEMP%]\7pkvo3av.htm
[%PROFILE_TEMP%]\7tfzvhjhj.dll
[%PROFILE_TEMP%]\8e9xkrpy.dll
[%PROFILE_TEMP%]\8opuz.dll
[%PROFILE_TEMP%]\8z8b.dll
[%PROFILE_TEMP%]\97.dll
[%PROFILE_TEMP%]\98n78x.dll
[%PROFILE_TEMP%]\ae.dll
[%PROFILE_TEMP%]\af74zp5m.dll
[%PROFILE_TEMP%]\ags.dll
[%PROFILE_TEMP%]\aizv8c.dll
[%PROFILE_TEMP%]\as.dll
[%PROFILE_TEMP%]\asvzm.dll
[%PROFILE_TEMP%]\aw2.dll
[%PROFILE_TEMP%]\aydhfnh3.htm
[%PROFILE_TEMP%]\ayjurejx.dll
[%PROFILE_TEMP%]\b8he8.dll
[%PROFILE_TEMP%]\bc0sy6wo.dll
[%PROFILE_TEMP%]\bf.exe
[%PROFILE_TEMP%]\bkcsq.dll
[%PROFILE_TEMP%]\bpj00.dll
[%PROFILE_TEMP%]\bu.dll
[%PROFILE_TEMP%]\bvc.dll
[%PROFILE_TEMP%]\c32tx.dll
[%PROFILE_TEMP%]\c5ry.dll
[%PROFILE_TEMP%]\cbza.dll
[%PROFILE_TEMP%]\ccrgdqmj2.dll
[%PROFILE_TEMP%]\cd.dll
[%PROFILE_TEMP%]\cj1tj4fwt.dll
[%PROFILE_TEMP%]\cqtjeyx.dll
[%PROFILE_TEMP%]\cygj6daf.htm
[%PROFILE_TEMP%]\czvkvfkc.htm
[%PROFILE_TEMP%]\d2r4q2s.dll
[%PROFILE_TEMP%]\dbbjb.dll
[%PROFILE_TEMP%]\dbh45nm.dll
[%PROFILE_TEMP%]\dmqg00afn.dll
[%PROFILE_TEMP%]\ds.dll
[%PROFILE_TEMP%]\dune.dll
[%PROFILE_TEMP%]\dwhruoy.dll
[%PROFILE_TEMP%]\e.dll
[%PROFILE_TEMP%]\e0ipbie7.htm
[%PROFILE_TEMP%]\ed3a00g.dll
[%PROFILE_TEMP%]\eggc.dll
[%PROFILE_TEMP%]\exmuj.dll
[%PROFILE_TEMP%]\f5psvz.dll
[%PROFILE_TEMP%]\f8vbin.dll
[%PROFILE_TEMP%]\f9blssn7.htm
[%PROFILE_TEMP%]\ff5ne1.dll
[%PROFILE_TEMP%]\fixit.exe
[%PROFILE_TEMP%]\fn7w9t62.htm
[%PROFILE_TEMP%]\fuaru.dll
[%PROFILE_TEMP%]\fuc09vc.dll
[%PROFILE_TEMP%]\fyagg18bz.dll
[%PROFILE_TEMP%]\giu1v.dll
[%PROFILE_TEMP%]\gj.dll
[%PROFILE_TEMP%]\gjh986vky.dll
[%PROFILE_TEMP%]\gjp8a1eb.htm
[%PROFILE_TEMP%]\gr7wpxitz.dll
[%PROFILE_TEMP%]\gz4qozx.dll
[%PROFILE_TEMP%]\hcdd90rc.htm
[%PROFILE_TEMP%]\hlx77wu.dll
[%PROFILE_TEMP%]\i570ufys.htm
[%PROFILE_TEMP%]\i7qjx.dll
[%PROFILE_TEMP%]\icd1.tmp\clocksyncinst.inf
[%PROFILE_TEMP%]\icd1.tmp\saveinstcm.exe
[%PROFILE_TEMP%]\ihkjdx41.htm
[%PROFILE_TEMP%]\ilmdr.dll
[%PROFILE_TEMP%]\ipxwry.dll
[%PROFILE_TEMP%]\iqfke.dll
[%PROFILE_TEMP%]\ir.dll
[%PROFILE_TEMP%]\iueal.dll
[%PROFILE_TEMP%]\jbzv2z.dll
[%PROFILE_TEMP%]\jftjjgxw.dll
[%PROFILE_TEMP%]\jg0gf6zw.htm
[%PROFILE_TEMP%]\jnyl.dll
[%PROFILE_TEMP%]\julfh.dll
[%PROFILE_TEMP%]\jy.dll
[%PROFILE_TEMP%]\k81n7qhi.htm
[%PROFILE_TEMP%]\kbcywxrn.htm
[%PROFILE_TEMP%]\kdt3.dll
[%PROFILE_TEMP%]\kidcfz.dll
[%PROFILE_TEMP%]\kk2yp62.dll
[%PROFILE_TEMP%]\ktwjn.dll
[%PROFILE_TEMP%]\kvp6.dll
[%PROFILE_TEMP%]\kx4ceojq.htm
[%PROFILE_TEMP%]\kz.dll
[%PROFILE_TEMP%]\kzcrqcdf.dll
[%PROFILE_TEMP%]\l0c.dll
[%PROFILE_TEMP%]\l0iv.dll
[%PROFILE_TEMP%]\l2bffxx.dll
[%PROFILE_TEMP%]\lb3d.dll
[%PROFILE_TEMP%]\lcm.dll
[%PROFILE_TEMP%]\lhncp3u2v.dll
[%PROFILE_TEMP%]\lj.dll
[%PROFILE_TEMP%]\llbepkj.dll
[%PROFILE_TEMP%]\lub7cqpv.htm
[%PROFILE_TEMP%]\m5dx7rs0q.dll
[%PROFILE_TEMP%]\m7.dll
[%PROFILE_TEMP%]\m9gl.dll
[%PROFILE_TEMP%]\mbxded.dll
[%PROFILE_TEMP%]\mhzi2sa.dll
[%PROFILE_TEMP%]\mqqk.dll
[%PROFILE_TEMP%]\ms72xf.dll
[%PROFILE_TEMP%]\mso5f90b.doc
[%PROFILE_TEMP%]\mso6ffdd.doc
[%PROFILE_TEMP%]\msoa15fd.doc
[%PROFILE_TEMP%]\msodc106.doc
[%PROFILE_TEMP%]\msoecc9e.doc
[%PROFILE_TEMP%]\n6oa477t.dll
[%PROFILE_TEMP%]\n9zyim.dll
[%PROFILE_TEMP%]\ndwnhr6l.htm
[%PROFILE_TEMP%]\nea0wp.dll
[%PROFILE_TEMP%]\njh96v.dll
[%PROFILE_TEMP%]\no.dll
[%PROFILE_TEMP%]\notmljqt.htm
[%PROFILE_TEMP%]\np.dll
[%PROFILE_TEMP%]\nqnx9nu.dll
[%PROFILE_TEMP%]\nsdtmp09.dll
[%PROFILE_TEMP%]\nxqb.dll
[%PROFILE_TEMP%]\nyk.dll
[%PROFILE_TEMP%]\oe8yydvxm.exe
[%PROFILE_TEMP%]\oi.exe
[%PROFILE_TEMP%]\or2qc1wzm.dll
[%PROFILE_TEMP%]\ougz2u1j.htm
[%PROFILE_TEMP%]\our36tvb.htm
[%PROFILE_TEMP%]\owgpjqxob.dll
[%PROFILE_TEMP%]\oy.dll
[%PROFILE_TEMP%]\p.dll
[%PROFILE_TEMP%]\p6pyiax.dll
[%PROFILE_TEMP%]\pf3mc4bk.htm
[%PROFILE_TEMP%]\pobm2.dll
[%PROFILE_TEMP%]\pp501pao.dll
[%PROFILE_TEMP%]\ptrchtxe.htm
[%PROFILE_TEMP%]\pvf.dll
[%PROFILE_TEMP%]\q.dll
[%PROFILE_TEMP%]\q1mho1rg1.dll
[%PROFILE_TEMP%]\qaek.dll
[%PROFILE_TEMP%]\qawqijgy.htm
[%PROFILE_TEMP%]\qcblffnn.dll
[%PROFILE_TEMP%]\qe6ucylp.htm
[%PROFILE_TEMP%]\qkwko.dll
[%PROFILE_TEMP%]\qrvdpjgk.htm
[%PROFILE_TEMP%]\qt.dll
[%PROFILE_TEMP%]\qt4xvs.dll
[%PROFILE_TEMP%]\qtcbmid.dll
[%PROFILE_TEMP%]\qvpjfoevy.dll
[%PROFILE_TEMP%]\r2jjoo.dll
[%PROFILE_TEMP%]\r8zmm3rh.dll
[%PROFILE_TEMP%]\rg4ohwe.dll
[%PROFILE_TEMP%]\rhbo41ms.htm
[%PROFILE_TEMP%]\rhnbu.dll
[%PROFILE_TEMP%]\rmu8.dll
[%PROFILE_TEMP%]\roa8fve.dll
[%PROFILE_TEMP%]\rssyu0y0.dll
[%PROFILE_TEMP%]\rsyom2jq8.dll
[%PROFILE_TEMP%]\rt3e9jyf.htm
[%PROFILE_TEMP%]\rvyn1n7u.htm
[%PROFILE_TEMP%]\s0uq8sd5.htm
[%PROFILE_TEMP%]\savenowinst.exe
[%PROFILE_TEMP%]\sboz30w.dll
[%PROFILE_TEMP%]\se.exe
[%PROFILE_TEMP%]\sgmomc.dll
[%PROFILE_TEMP%]\sq188im.dll
[%PROFILE_TEMP%]\sta5f0.exe
[%PROFILE_TEMP%]\sta70.exe
[%PROFILE_TEMP%]\t1or3u.dll
[%PROFILE_TEMP%]\t3zjtccy.htm
[%PROFILE_TEMP%]\t9w1782b.htm
[%PROFILE_TEMP%]\telfdwv9.dll
[%PROFILE_TEMP%]\temporary directory 1 for types of attachment-delaney's info.zip\art therapy recommendations.doc
[%PROFILE_TEMP%]\temporary directory 2 for types of attachment-delaney's info.zip\notes on art therapy with adolescents.doc
[%PROFILE_TEMP%]\thi6401.tmp\conflict.inf
[%PROFILE_TEMP%]\tzh5a5wm.htm
[%PROFILE_TEMP%]\u3rfgryzl.dll
[%PROFILE_TEMP%]\uc88.dll
[%PROFILE_TEMP%]\ujlexzk.dll
[%PROFILE_TEMP%]\ukds.dll
[%PROFILE_TEMP%]\unie.tmp.exe
[%PROFILE_TEMP%]\uocjrz.dll
[%PROFILE_TEMP%]\uowsp.dll
[%PROFILE_TEMP%]\upd126.exe
[%PROFILE_TEMP%]\v.dll
[%PROFILE_TEMP%]\vhsk.dll
[%PROFILE_TEMP%]\voxjsh.dll
[%PROFILE_TEMP%]\vru.dll
[%PROFILE_TEMP%]\vrzy0vj.dll
[%PROFILE_TEMP%]\vyz.dll
[%PROFILE_TEMP%]\vzhrpg8b.dll
[%PROFILE_TEMP%]\w6k.dll
[%PROFILE_TEMP%]\wcbll0.dll
[%PROFILE_TEMP%]\we.dll
[%PROFILE_TEMP%]\winupdate17.exe
[%PROFILE_TEMP%]\wkzd9dv.dll
[%PROFILE_TEMP%]\wllpeqe.dll
[%PROFILE_TEMP%]\wnust.dll
[%PROFILE_TEMP%]\wode.dll
[%PROFILE_TEMP%]\wtx.dll
[%PROFILE_TEMP%]\WUS32.bat
[%PROFILE_TEMP%]\wv.dll
[%PROFILE_TEMP%]\wvrm.dll
[%PROFILE_TEMP%]\wvzoly.dll
[%PROFILE_TEMP%]\wwrcy.dll
[%PROFILE_TEMP%]\x62nlx.dll
[%PROFILE_TEMP%]\xepy2w.dll
[%PROFILE_TEMP%]\xkos.dll
[%PROFILE_TEMP%]\xmvadfv.dll
[%PROFILE_TEMP%]\xqh.dll
[%PROFILE_TEMP%]\xua.dll
[%PROFILE_TEMP%]\y1r.dll
[%PROFILE_TEMP%]\y3e.dll
[%PROFILE_TEMP%]\y5llkd8.dll
[%PROFILE_TEMP%]\yq20.dll
[%PROFILE_TEMP%]\z0mja7i84.dll
[%PROFILE_TEMP%]\z2.dll
[%PROFILE_TEMP%]\zb.dll
[%PROFILE_TEMP%]\zi.dll
[%PROFILE_TEMP%]\zo7x7bdv.dll
[%PROFILE_TEMP%]\zroj.dll
[%PROFILE_TEMP%]\zxy82p.dll
[%PROFILE_TEMP%]\~dlfntmp0\index.html
[%PROFILE_TEMP%]\~dlfntmp6\index.html
[%PROFILE_TEMP%]\~dlfntmp7\index.html
[%PROFILE_TEMP%]\~dlfntmp8\index.html
[%PROFILE_TEMP%]\~dlfntmp9\index.html
[%PROGRAM_FILES%]\broadjump\client foundation\updatestaging\cm216prd.patch.exe
[%PROGRAM_FILES%]\themexp\Themexp.org File\SetupInst.exe
[%SYSTEM%]\windmy.dll
[%SYSTEM%]\winnb52.dll
[%WINDOWS%]\epakucmzh.exe
[%WINDOWS%]\temp\saveinstwm.exe
[%APPDATA%]\FoxieSpywareSwiftSweeper\file000080.dat
[%PROFILE_TEMP%]\iadhide3.dll
[%PROFILE_TEMP%]\msview.inf
[%PROFILE_TEMP%]\ndr112.tmp.html
[%PROFILE_TEMP%]\privacyurl.exe
[%PROFILE_TEMP%]\sentry.inf
[%PROFILE_TEMP%]\sentry.ini
[%PROFILE_TEMP%]\sepinst.exe
[%PROFILE_TEMP%]\$5D3B5432.t$m
[%PROFILE_TEMP%]\1.dll
[%PROFILE_TEMP%]\Cliprex_WhenUSave_InstallerInst.exe
[%PROFILE_TEMP%]\eantho~1.exe
[%PROFILE_TEMP%]\icd2.tmp\setup.inf
[%PROFILE_TEMP%]\m.dll
[%PROFILE_TEMP%]\ni.dll
[%PROFILE_TEMP%]\NoadwareBkupTemp\RunMSC.dll
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.bat
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.exe
[%PROFILE_TEMP%]\NoadwareBkupTemp\Webstats.ini
[%PROFILE_TEMP%]\omu.dll
[%PROFILE_TEMP%]\px.dll
[%PROFILE_TEMP%]\rn1f.htm
[%PROFILE_TEMP%]\saveinstwm.exe
[%PROFILE_TEMP%]\setup_wm.exe
[%PROFILE_TEMP%]\temp.fr????\ACM.dll
[%PROFILE_TEMP%]\WildWinTracker.exe
[%PROFILE_TEMP%]\z.dll
[%PROFILE_TEMP%]\~dlfntmp1\index.html
[%PROFILE_TEMP%]\~dlfntmp2\index.html
[%PROFILE_TEMP%]\~dlfntmp3\index.html
[%PROFILE_TEMP%]\~dlfntmp4\index.html
[%PROFILE_TEMP%]\~dlfntmp5\index.html
[%PROGRAM_FILES%]\BearShare\RunMSC.dll
[%PROGRAM_FILES%]\BearShare\Webstats.bat
[%PROGRAM_FILES%]\BearShare\Webstats.exe
[%PROGRAM_FILES%]\BearShare\Webstats.ini
[%PROGRAM_FILES%]\DAEMON Tools\SetupDTSB.exe
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome.manifest
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\Iwhenu_ff.xpt
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.js
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf
[%PROGRAM_FILES%]\Save\ACM.dll
[%PROGRAM_FILES%]\Save\ffext.mod
[%PROGRAM_FILES%]\Save\Save.exe
[%PROGRAM_FILES%]\Save\save.htm
[%PROGRAM_FILES%]\Save\SaveUninst.exe
[%PROGRAM_FILES%]\VVSN\VVSN.exe
[%PROGRAM_FILES%]\WhenUSearch\Search.exe
[%PROGRAM_FILES%]\Windows Media Player\setup_wm.exe
[%SYSTEM%]\dllcache\setup_wm.exe
[%SYSTEM%]\iehelpermiddleman.dll
[%SYSTEM%]\IEHelperMiddleMan.tlb
[%SYSTEM%]\msimmsgr.dll
[%SYSTEM%]\msimnetc.dll
[%SYSTEM%]\Regicon.ocx
[%SYSTEM%]\utdns.dll
[%SYSTEM%]\WinDmy.dll
[%WINDOWS%]\lastgood\system32\msvcp50.dll
[%WINDOWS%]\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
[%WINDOWS%]\ServicePackFiles\i386\setup_wm.exe
[%PROFILE%]\administrator\start menu\programs\whenusearch\whenusearch desktop toolbar.lnk
[%PROFILE%]\desktop\bonzibuddy.lnk
[%PROFILE%]\desktop\finish installing....lnk
[%PROFILE%]\locals~1\temp\iadhide3.dll
[%PROFILE%]\locals~1\temp\msview.inf
[%PROFILE%]\locals~1\temp\ndr112.tmp.html
[%PROFILE%]\locals~1\temp\privacyurl.exe
[%PROFILE%]\locals~1\temp\sentry.inf
[%PROFILE%]\locals~1\temp\sentry.ini
[%PROFILE%]\locals~1\temp\sepinst.exe
[%PROFILE_TEMP%]\0ehtyh2d.htm
[%PROFILE_TEMP%]\0jt87pl3.dll
[%PROFILE_TEMP%]\0l.dll
[%PROFILE_TEMP%]\0x6numrs.dll
[%PROFILE_TEMP%]\108b.html
[%PROFILE_TEMP%]\108f.html
[%PROFILE_TEMP%]\139b.html
[%PROFILE_TEMP%]\139f.html
[%PROFILE_TEMP%]\193tix.dll
[%PROFILE_TEMP%]\26cb489e.exe
[%PROFILE_TEMP%]\2hwct3u.dll
[%PROFILE_TEMP%]\2kudarvt.htm
[%PROFILE_TEMP%]\2ms.dll
[%PROFILE_TEMP%]\3g4rumy.dll
[%PROFILE_TEMP%]\3gigj.dll
[%PROFILE_TEMP%]\3s.dll
[%PROFILE_TEMP%]\4q.dll
[%PROFILE_TEMP%]\4yjnjx7op.dll
[%PROFILE_TEMP%]\57sc.dll
[%PROFILE_TEMP%]\5bp4qeaz.htm
[%PROFILE_TEMP%]\5lpvzu07.htm
[%PROFILE_TEMP%]\5nmek0x2.htm
[%PROFILE_TEMP%]\5tla41db.dll
[%PROFILE_TEMP%]\5vr5fawq.dll
[%PROFILE_TEMP%]\6d2bq.dll
[%PROFILE_TEMP%]\77b.html
[%PROFILE_TEMP%]\77f.html
[%PROFILE_TEMP%]\7bk.dll
[%PROFILE_TEMP%]\7e.dll
[%PROFILE_TEMP%]\7ibnw.dll
[%PROFILE_TEMP%]\7pkvo3av.htm
[%PROFILE_TEMP%]\7tfzvhjhj.dll
[%PROFILE_TEMP%]\8e9xkrpy.dll
[%PROFILE_TEMP%]\8opuz.dll
[%PROFILE_TEMP%]\8z8b.dll
[%PROFILE_TEMP%]\97.dll
[%PROFILE_TEMP%]\98n78x.dll
[%PROFILE_TEMP%]\ae.dll
[%PROFILE_TEMP%]\af74zp5m.dll
[%PROFILE_TEMP%]\ags.dll
[%PROFILE_TEMP%]\aizv8c.dll
[%PROFILE_TEMP%]\as.dll
[%PROFILE_TEMP%]\asvzm.dll
[%PROFILE_TEMP%]\aw2.dll
[%PROFILE_TEMP%]\aydhfnh3.htm
[%PROFILE_TEMP%]\ayjurejx.dll
[%PROFILE_TEMP%]\b8he8.dll
[%PROFILE_TEMP%]\bc0sy6wo.dll
[%PROFILE_TEMP%]\bf.exe
[%PROFILE_TEMP%]\bkcsq.dll
[%PROFILE_TEMP%]\bpj00.dll
[%PROFILE_TEMP%]\bu.dll
[%PROFILE_TEMP%]\bvc.dll
[%PROFILE_TEMP%]\c32tx.dll
[%PROFILE_TEMP%]\c5ry.dll
[%PROFILE_TEMP%]\cbza.dll
[%PROFILE_TEMP%]\ccrgdqmj2.dll
[%PROFILE_TEMP%]\cd.dll
[%PROFILE_TEMP%]\cj1tj4fwt.dll
[%PROFILE_TEMP%]\cqtjeyx.dll
[%PROFILE_TEMP%]\cygj6daf.htm
[%PROFILE_TEMP%]\czvkvfkc.htm
[%PROFILE_TEMP%]\d2r4q2s.dll
[%PROFILE_TEMP%]\dbbjb.dll
[%PROFILE_TEMP%]\dbh45nm.dll
[%PROFILE_TEMP%]\dmqg00afn.dll
[%PROFILE_TEMP%]\ds.dll
[%PROFILE_TEMP%]\dune.dll
[%PROFILE_TEMP%]\dwhruoy.dll
[%PROFILE_TEMP%]\e.dll
[%PROFILE_TEMP%]\e0ipbie7.htm
[%PROFILE_TEMP%]\ed3a00g.dll
[%PROFILE_TEMP%]\eggc.dll
[%PROFILE_TEMP%]\exmuj.dll
[%PROFILE_TEMP%]\f5psvz.dll
[%PROFILE_TEMP%]\f8vbin.dll
[%PROFILE_TEMP%]\f9blssn7.htm
[%PROFILE_TEMP%]\ff5ne1.dll
[%PROFILE_TEMP%]\fixit.exe
[%PROFILE_TEMP%]\fn7w9t62.htm
[%PROFILE_TEMP%]\fuaru.dll
[%PROFILE_TEMP%]\fuc09vc.dll
[%PROFILE_TEMP%]\fyagg18bz.dll
[%PROFILE_TEMP%]\giu1v.dll
[%PROFILE_TEMP%]\gj.dll
[%PROFILE_TEMP%]\gjh986vky.dll
[%PROFILE_TEMP%]\gjp8a1eb.htm
[%PROFILE_TEMP%]\gr7wpxitz.dll
[%PROFILE_TEMP%]\gz4qozx.dll
[%PROFILE_TEMP%]\hcdd90rc.htm
[%PROFILE_TEMP%]\hlx77wu.dll
[%PROFILE_TEMP%]\i570ufys.htm
[%PROFILE_TEMP%]\i7qjx.dll
[%PROFILE_TEMP%]\icd1.tmp\clocksyncinst.inf
[%PROFILE_TEMP%]\icd1.tmp\saveinstcm.exe
[%PROFILE_TEMP%]\ihkjdx41.htm
[%PROFILE_TEMP%]\ilmdr.dll
[%PROFILE_TEMP%]\ipxwry.dll
[%PROFILE_TEMP%]\iqfke.dll
[%PROFILE_TEMP%]\ir.dll
[%PROFILE_TEMP%]\iueal.dll
[%PROFILE_TEMP%]\jbzv2z.dll
[%PROFILE_TEMP%]\jftjjgxw.dll
[%PROFILE_TEMP%]\jg0gf6zw.htm
[%PROFILE_TEMP%]\jnyl.dll
[%PROFILE_TEMP%]\julfh.dll
[%PROFILE_TEMP%]\jy.dll
[%PROFILE_TEMP%]\k81n7qhi.htm
[%PROFILE_TEMP%]\kbcywxrn.htm
[%PROFILE_TEMP%]\kdt3.dll
[%PROFILE_TEMP%]\kidcfz.dll
[%PROFILE_TEMP%]\kk2yp62.dll
[%PROFILE_TEMP%]\ktwjn.dll
[%PROFILE_TEMP%]\kvp6.dll
[%PROFILE_TEMP%]\kx4ceojq.htm
[%PROFILE_TEMP%]\kz.dll
[%PROFILE_TEMP%]\kzcrqcdf.dll
[%PROFILE_TEMP%]\l0c.dll
[%PROFILE_TEMP%]\l0iv.dll
[%PROFILE_TEMP%]\l2bffxx.dll
[%PROFILE_TEMP%]\lb3d.dll
[%PROFILE_TEMP%]\lcm.dll
[%PROFILE_TEMP%]\lhncp3u2v.dll
[%PROFILE_TEMP%]\lj.dll
[%PROFILE_TEMP%]\llbepkj.dll
[%PROFILE_TEMP%]\lub7cqpv.htm
[%PROFILE_TEMP%]\m5dx7rs0q.dll
[%PROFILE_TEMP%]\m7.dll
[%PROFILE_TEMP%]\m9gl.dll
[%PROFILE_TEMP%]\mbxded.dll
[%PROFILE_TEMP%]\mhzi2sa.dll
[%PROFILE_TEMP%]\mqqk.dll
[%PROFILE_TEMP%]\ms72xf.dll
[%PROFILE_TEMP%]\mso5f90b.doc
[%PROFILE_TEMP%]\mso6ffdd.doc
[%PROFILE_TEMP%]\msoa15fd.doc
[%PROFILE_TEMP%]\msodc106.doc
[%PROFILE_TEMP%]\msoecc9e.doc
[%PROFILE_TEMP%]\n6oa477t.dll
[%PROFILE_TEMP%]\n9zyim.dll
[%PROFILE_TEMP%]\ndwnhr6l.htm
[%PROFILE_TEMP%]\nea0wp.dll
[%PROFILE_TEMP%]\njh96v.dll
[%PROFILE_TEMP%]\no.dll
[%PROFILE_TEMP%]\notmljqt.htm
[%PROFILE_TEMP%]\np.dll
[%PROFILE_TEMP%]\nqnx9nu.dll
[%PROFILE_TEMP%]\nsdtmp09.dll
[%PROFILE_TEMP%]\nxqb.dll
[%PROFILE_TEMP%]\nyk.dll
[%PROFILE_TEMP%]\oe8yydvxm.exe
[%PROFILE_TEMP%]\oi.exe
[%PROFILE_TEMP%]\or2qc1wzm.dll
[%PROFILE_TEMP%]\ougz2u1j.htm
[%PROFILE_TEMP%]\our36tvb.htm
[%PROFILE_TEMP%]\owgpjqxob.dll
[%PROFILE_TEMP%]\oy.dll
[%PROFILE_TEMP%]\p.dll
[%PROFILE_TEMP%]\p6pyiax.dll
[%PROFILE_TEMP%]\pf3mc4bk.htm
[%PROFILE_TEMP%]\pobm2.dll
[%PROFILE_TEMP%]\pp501pao.dll
[%PROFILE_TEMP%]\ptrchtxe.htm
[%PROFILE_TEMP%]\pvf.dll
[%PROFILE_TEMP%]\q.dll
[%PROFILE_TEMP%]\q1mho1rg1.dll
[%PROFILE_TEMP%]\qaek.dll
[%PROFILE_TEMP%]\qawqijgy.htm
[%PROFILE_TEMP%]\qcblffnn.dll
[%PROFILE_TEMP%]\qe6ucylp.htm
[%PROFILE_TEMP%]\qkwko.dll
[%PROFILE_TEMP%]\qrvdpjgk.htm
[%PROFILE_TEMP%]\qt.dll
[%PROFILE_TEMP%]\qt4xvs.dll
[%PROFILE_TEMP%]\qtcbmid.dll
[%PROFILE_TEMP%]\qvpjfoevy.dll
[%PROFILE_TEMP%]\r2jjoo.dll
[%PROFILE_TEMP%]\r8zmm3rh.dll
[%PROFILE_TEMP%]\rg4ohwe.dll
[%PROFILE_TEMP%]\rhbo41ms.htm
[%PROFILE_TEMP%]\rhnbu.dll
[%PROFILE_TEMP%]\rmu8.dll
[%PROFILE_TEMP%]\roa8fve.dll
[%PROFILE_TEMP%]\rssyu0y0.dll
[%PROFILE_TEMP%]\rsyom2jq8.dll
[%PROFILE_TEMP%]\rt3e9jyf.htm
[%PROFILE_TEMP%]\rvyn1n7u.htm
[%PROFILE_TEMP%]\s0uq8sd5.htm
[%PROFILE_TEMP%]\savenowinst.exe
[%PROFILE_TEMP%]\sboz30w.dll
[%PROFILE_TEMP%]\se.exe
[%PROFILE_TEMP%]\sgmomc.dll
[%PROFILE_TEMP%]\sq188im.dll
[%PROFILE_TEMP%]\sta5f0.exe
[%PROFILE_TEMP%]\sta70.exe
[%PROFILE_TEMP%]\t1or3u.dll
[%PROFILE_TEMP%]\t3zjtccy.htm
[%PROFILE_TEMP%]\t9w1782b.htm
[%PROFILE_TEMP%]\telfdwv9.dll
[%PROFILE_TEMP%]\temporary directory 1 for types of attachment-delaney's info.zip\art therapy recommendations.doc
[%PROFILE_TEMP%]\temporary directory 2 for types of attachment-delaney's info.zip\notes on art therapy with adolescents.doc
[%PROFILE_TEMP%]\thi6401.tmp\conflict.inf
[%PROFILE_TEMP%]\tzh5a5wm.htm
[%PROFILE_TEMP%]\u3rfgryzl.dll
[%PROFILE_TEMP%]\uc88.dll
[%PROFILE_TEMP%]\ujlexzk.dll
[%PROFILE_TEMP%]\ukds.dll
[%PROFILE_TEMP%]\unie.tmp.exe
[%PROFILE_TEMP%]\uocjrz.dll
[%PROFILE_TEMP%]\uowsp.dll
[%PROFILE_TEMP%]\upd126.exe
[%PROFILE_TEMP%]\v.dll
[%PROFILE_TEMP%]\vhsk.dll
[%PROFILE_TEMP%]\voxjsh.dll
[%PROFILE_TEMP%]\vru.dll
[%PROFILE_TEMP%]\vrzy0vj.dll
[%PROFILE_TEMP%]\vyz.dll
[%PROFILE_TEMP%]\vzhrpg8b.dll
[%PROFILE_TEMP%]\w6k.dll
[%PROFILE_TEMP%]\wcbll0.dll
[%PROFILE_TEMP%]\we.dll
[%PROFILE_TEMP%]\winupdate17.exe
[%PROFILE_TEMP%]\wkzd9dv.dll
[%PROFILE_TEMP%]\wllpeqe.dll
[%PROFILE_TEMP%]\wnust.dll
[%PROFILE_TEMP%]\wode.dll
[%PROFILE_TEMP%]\wtx.dll
[%PROFILE_TEMP%]\WUS32.bat
[%PROFILE_TEMP%]\wv.dll
[%PROFILE_TEMP%]\wvrm.dll
[%PROFILE_TEMP%]\wvzoly.dll
[%PROFILE_TEMP%]\wwrcy.dll
[%PROFILE_TEMP%]\x62nlx.dll
[%PROFILE_TEMP%]\xepy2w.dll
[%PROFILE_TEMP%]\xkos.dll
[%PROFILE_TEMP%]\xmvadfv.dll
[%PROFILE_TEMP%]\xqh.dll
[%PROFILE_TEMP%]\xua.dll
[%PROFILE_TEMP%]\y1r.dll
[%PROFILE_TEMP%]\y3e.dll
[%PROFILE_TEMP%]\y5llkd8.dll
[%PROFILE_TEMP%]\yq20.dll
[%PROFILE_TEMP%]\z0mja7i84.dll
[%PROFILE_TEMP%]\z2.dll
[%PROFILE_TEMP%]\zb.dll
[%PROFILE_TEMP%]\zi.dll
[%PROFILE_TEMP%]\zo7x7bdv.dll
[%PROFILE_TEMP%]\zroj.dll
[%PROFILE_TEMP%]\zxy82p.dll
[%PROFILE_TEMP%]\~dlfntmp0\index.html
[%PROFILE_TEMP%]\~dlfntmp6\index.html
[%PROFILE_TEMP%]\~dlfntmp7\index.html
[%PROFILE_TEMP%]\~dlfntmp8\index.html
[%PROFILE_TEMP%]\~dlfntmp9\index.html
[%PROGRAM_FILES%]\broadjump\client foundation\updatestaging\cm216prd.patch.exe
[%PROGRAM_FILES%]\themexp\Themexp.org File\SetupInst.exe
[%SYSTEM%]\windmy.dll
[%SYSTEM%]\winnb52.dll
[%WINDOWS%]\epakucmzh.exe
[%WINDOWS%]\temp\saveinstwm.exe

Folders:
[%PROGRAM_FILES%]\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
[%DESKTOP%]\sportsinteraction.com.url
[%PROFILE%]\start menu\programs\whenusearch
[%PROGRAM_FILES%]\savenow

Registry Keys:
HKEY_CLASSES_ROOT\acm.acmfactory
HKEY_CLASSES_ROOT\acm.acmfactory.1
HKEY_CLASSES_ROOT\appid\acm.dll
HKEY_CLASSES_ROOT\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}
HKEY_CLASSES_ROOT\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}
HKEY_CLASSES_ROOT\interface\{43382522-a846-46f4-ac57-1f71ae6e1086}
HKEY_CLASSES_ROOT\interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0}
HKEY_CLASSES_ROOT\interface\{72a836d1-bc00-43c0-a941-17960e4fb842}
HKEY_CURRENT_USER\software\whenu
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\gdivx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savenow
HKEY_LOCAL_MACHINE\software\whenu
HKEY_CLASSES_ROOT\clsid\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\clsid\{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}
HKEY_CLASSES_ROOT\clsid\{fee7fd53-3356-4d4d-8978-2c4ae3a7e109}
HKEY_CLASSES_ROOT\typelib\{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}
HKEY_CLASSES_ROOT\typelib\{fc327b3f-377b-4cb7-8b61-27cd69816bc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\sndbmark.dll
HKEY_USERS\.default\software\whenu

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\savenow
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\whenusearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Gates.of.Hell Backdoor Removal instruction
TrojanDownloader.Win32.Swizzor.bn Trojan Removal
Gnorug Trojan Cleaner
Bancos.FXB Trojan Cleaner

WebBuying Adware

How To Remove WebBuying?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
WebBuying is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


WebBuying Symptoms:

Files:
[%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll
[%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.6.8\webbuying.dll
[%PROGRAM_FILES%]\Web Buying\v1.7.4\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.7.8\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.0\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.1\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.2\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.5\webbuying.exe
[%PROGRAM_FILES%]\Web Buying\v1.8.6\webbuying.exe

Folders:
[%PROGRAM_FILES%]\Web Buying

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{C318CD44-E327-4377-A28E-6EC16A921AE8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C318CD44-E327-4377-A28E-6EC16A921AE8}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Flogash Trojan Information
Removing Seekmo.Search.Assistant Adware
Key.Captor Spyware Cleaner
spIE Spyware Removal
Removing Banbra.cc Spyware

Senna Backdoor

How To Remove Senna?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Senna is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Senna It also known as:

[Panda]Backdoor Program;
[Computer Associates]Backdoor/Senna.B

Senna Symptoms:

Files:
[%SYSTEM%]\ssftpsvr.exe
[%SYSTEM%]\ssftpsvr.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing CWS.MSOffice Hijacker
Remove Serstroy Trojan

Chisyne!generic Trojan

How To Remove Chisyne!generic?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Chisyne!generic is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Chisyne!generic Symptoms:

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Desktop.Spy Spyware Removal instruction

Win32.Fsvict Trojan

How To Remove Win32.Fsvict?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.Fsvict is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Win32.Fsvict It also known as:

[Kaspersky]TrojanDownloader.Win32.Crypter;
[Panda]Trojan Horse;
[Computer Associates]Win32/Gema.A!Trojan,Win32.Gema.B

Win32.Fsvict Symptoms:

Files:
[%PROFILE_TEMP%]\pixel32
[%DESKTOP%]\HotSurprise.lnk
[%PROFILE_TEMP%]\dxsty
[%PROGRAMS%]\HotSurprise.lnk
[%STARTMENU%]\HotSurprise.lnk
[%SYSTEM%]\dxsty.exe
[%SYSTEM%]\pixel32.exe
[%PROFILE_TEMP%]\pixel32
[%DESKTOP%]\HotSurprise.lnk
[%PROFILE_TEMP%]\dxsty
[%PROGRAMS%]\HotSurprise.lnk
[%STARTMENU%]\HotSurprise.lnk
[%SYSTEM%]\dxsty.exe
[%SYSTEM%]\pixel32.exe

Folders:
[%PROGRAM_FILES%]\pvm

Registry Keys:
HKEY_LOCAL_MACHINE\software\pvm
HKEY_CLASSES_ROOT\.yull
HKEY_CLASSES_ROOT\mime\database\content type\application\x-yull
HKEY_CLASSES_ROOT\yull file
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\pixel32
HKEY_CURRENT_USER\software\pvm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hotsurprise

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\dxsty
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\dxsty
HKEY_CURRENT_USER\software\netscape\netscape navigator\suffixes
HKEY_CURRENT_USER\software\netscape\netscape navigator\user trusted external applications
HKEY_CURRENT_USER\software\netscape\netscape navigator\viewers
HKEY_CURRENT_USER\software\netscape\netscape navigator\viewers
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Small.fe Trojan Symptoms

Seek99 Toolbar

How To Remove Seek99?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Seek99 is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


Seek99 Symptoms:

Files:
[%SYSTEM%]\seek99.dll
[%WINDOWS%]\system\seek99.dll
[%SYSTEM%]\seek99.dll
[%WINDOWS%]\system\seek99.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{22998d24-b789-4ca2-a7fc-cd7ce7deb14c}
HKEY_CLASSES_ROOT\clsid\{7c24a476-8b03-46ed-8ccf-ce8ae7213c99}
HKEY_LOCAL_MACHINE\software\classes\clsid\{22998d24-b789-4ca2-a7fc-cd7ce7deb14c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7c24a476-8b03-46ed-8ccf-ce8ae7213c99}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.AVDO Trojan Removal instruction
Removing Bubble Trojan
Remove Tetozee Downloader
Zlob.ProtectionBar Trojan Information
Remove Hamesup3 Backdoor

FavSearch BHO

How To Remove FavSearch?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
FavSearch is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


FavSearch Symptoms:

Files:
[%DESKTOP%]\favsearch.lnk
[%DESKTOP%]\harmony hollow on the web.lnk
[%DESKTOP%]\favsearch.lnk
[%DESKTOP%]\harmony hollow on the web.lnk

Folders:
[%FAVORITES%]\free software
[%PROGRAM_FILES%]\favsearch
[%PROGRAMS%]\favsearch 1.0
[%PROGRAMS%]\favsearch 1.5
[%PROGRAMS%]\final ares complete edition
[%PROGRAM_FILES%]\final ares complete edition

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\favsearch_is1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\final ares complete edition

Registry Values:
HKEY_LOCAL_MACHINE\software\gentee\paths


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing CMD Backdoor
Hidden.Recorder Spyware Cleaner

Seekmo.Search.Assistant Adware

How To Remove Seekmo.Search.Assistant?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Seekmo.Search.Assistant is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Seekmo.Search.Assistant Symptoms:

Files:
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
[%PROGRAM_FILES%]\seekmo\seekmo.exe
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
[%PROGRAM_FILES%]\Seekmo Programs\Seekmo Toolbar\SeekmoTBUninstaller.exe
[%PROGRAM_FILES%]\seekmo\seekmo.exe

Folders:
[%COMMON_PROGRAMS%]\Seekmo Search Assistant
[%PROGRAM_FILES%]\Seekmo
[%PROGRAM_FILES%]\Seekmo Programs

Registry Keys:
HKEY_CLASSES_ROOT\appid\seekmotb.dll
HKEY_CLASSES_ROOT\appid\{21b8997e-251a-412c-a805-b0a4f791b03e}
HKEY_CLASSES_ROOT\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}
HKEY_CLASSES_ROOT\interface\{aa06de54-7b8a-4366-9209-d1fa2fd5e680}
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband.1
HKEY_CLASSES_ROOT\typelib\{b3a2ecda-1487-4e7b-815e-d91e43ac79dc}
HKEY_CLASSES_ROOT\clsid\{53e0b6e8-a51d-448b-b692-40b67b285543}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Search123 Adware Removal instruction
Remove Install Provider Adware
Pigeon.EMU Trojan Cleaner
Remove WebHancer Spyware
DIYToolbar Adware Cleaner

Ttad.exe Trojan

How To Remove Ttad.exe?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Ttad.exe is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Ttad.exe Symptoms:

Files:
[%WINDOWS%]\application data\ttad.exe
[%WINDOWS%]\application data\ttad.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing VB.hb Backdoor
Remove Spot.Bot Trojan
SunShineSpy Ransomware Symptoms
Remove Matcash Trojan

Alicia Trojan

How To Remove Alicia?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Alicia is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.



Alicia It also known as:

[Kaspersky]Backdoor.Alicia.a,Backdoor.Alicia.b,Backdoor.Alicia.i;
[Eset]Win32/Alicia.A trojan,Win32/Alicia.E trojan,Win32/NewsTick trojan,Win32/Alicia.I trojan,Win32/Alicia.C trojan;
[McAfee]BackDoor-GZ.gen;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program.LC,Bck/Alicia,Bck/NewsTick,Bck/Alicia.i,Bck/Alicia.C;
[Computer Associates]Backdoor/Alicia.a,Backdoor/Alicia.e,Win32.Gooble.H,Backdoor/NewsTick Server,Win32.NewsTick,Backdoor/Alicia.c,Win32.Jade

Alicia Symptoms:

Files:
[%WINDOWS%]\start menu\programs\startup\fastfinder.exe
[%WINDOWS%]\start menu\programs\startup\newstick.exe
[%WINDOWS%]\start menu\programs\startup\fastfinder.exe
[%WINDOWS%]\start menu\programs\startup\newstick.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.IBH Trojan Cleaner
Vxidl.AWE Trojan Symptoms

IEBAR Hijacker

How To Remove IEBAR?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IEBAR is dangerous virus:
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


IEBAR Symptoms:

Files:
[%WINDOWS%]\Downloaded Program Files\barhelp24.0.dll
[%WINDOWS%]\Downloaded Program Files\iebar.inf
[%WINDOWS%]\Downloaded Program Files\iebar23.0.dll
[%WINDOWS%]\Downloaded Program Files\barhelp24.0.dll
[%WINDOWS%]\Downloaded Program Files\iebar.inf
[%WINDOWS%]\Downloaded Program Files\iebar23.0.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_CURRENT_USER\software\hdt
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{56a7dc70-e102-4408-a34a-ae06fef01586}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\barhelp24.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\iebar23.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\toolbar.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\winio.vxd
HKEY_CLASSES_ROOT\clsid\{3b076ce5-601e-4a74-9548-4197fd5b4b1e}
HKEY_CLASSES_ROOT\clsid\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_CLASSES_ROOT\downloadbho.t2bho
HKEY_CLASSES_ROOT\downloadbho.t2bho.1
HKEY_CLASSES_ROOT\interface\{5e186ddb-6152-4c73-a7d4-4899140178e9}
HKEY_CLASSES_ROOT\interface\{691cc615-cd3f-41ff-920d-60769d3dcf5b}
HKEY_CLASSES_ROOT\interface\{9aaabfe1-22a9-4e0d-8f4a-48b9696a199b}
HKEY_CLASSES_ROOT\interface\{b93a0050-ac9e-4609-b55b-a4064bfd0059}
HKEY_CLASSES_ROOT\lanbar3.multimediasite
HKEY_CLASSES_ROOT\lanbar3.multimediasite.1
HKEY_CLASSES_ROOT\lan_bar.lan_barobj
HKEY_CLASSES_ROOT\lan_bar.lan_barobj.1
HKEY_CLASSES_ROOT\typelib\{1f77f67e-bd08-4932-af5a-15fd532eedb1}
HKEY_CLASSES_ROOT\typelib\{e35306d7-b44c-4530-a2ce-94c60f8cc4dc}
HKEY_CURRENT_USER\software\lan\lanbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b1d147e7-873e-4909-8127-695d9bb78728}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\barhelp24.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\iebar23.0.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\toolbar.bmp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\urlinfo.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.sys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\winio.vxd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lanbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hdtbar.xml
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/hdtbar.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Zhongsou Adware
Tactslay Trojan Cleaner
Removing LIGHTS Trojan
SillyDl.CFQ Downloader Removal

Smart.Keystroke.Recorder Spyware

How To Remove Smart.Keystroke.Recorder?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Smart.Keystroke.Recorder is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


Smart.Keystroke.Recorder Symptoms:

Files:
[%DESKTOP%]\Free Undetectable Keylogger.lnk
[%DESKTOP%]\Smart Keystroke Recorder Pro.lnk
[%DESKTOP%]\Free Undetectable Keylogger.lnk
[%DESKTOP%]\Smart Keystroke Recorder Pro.lnk

Folders:
[%PROGRAMS%]\Smart Keystroke Recorder
[%PROGRAM_FILES%]\Smart Keystroke Recorder

Registry Keys:
HKEY_CLASSES_ROOT\browsersniffer.iesniffer
HKEY_CLASSES_ROOT\browsersniffer.iesniffer.1
HKEY_CLASSES_ROOT\clsid\{b6ade150-743d-11d4-8141-00e029626f6a}
HKEY_CLASSES_ROOT\typelib\{b6ade143-743d-11d4-8141-00e029626f6a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b6ade150-743d-11d4-8141-00e029626f6a}
HKEY_LOCAL_MACHINE\software\smart keystroke recorder
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\smartkeystrokerecorderappid_is1

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
JScript.CSSPopup Hijacker Removal
Removing Internal Trojan
Bancos.ICV Trojan Cleaner
Zlob.Adware downloader Trojan Symptoms

Wollf Trojan

How To Remove Wollf?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Wollf is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Virus can copy itself and infect a computer without
permission or knowledge of the user.


Wollf It also known as:

[Panda]Bck/ABM.A;
[Computer Associates]Backdoor/Wollf.14

Wollf Symptoms:

Files:
[%SYSTEM%]\STSS.exe
[%SYSTEM%]\wrm.exe
[%SYSTEM%]\STSS.exe
[%SYSTEM%]\wrm.exe

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_sslts
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_wrm
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sslts
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wrm


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
BAT.DelSys Trojan Information
Removing StartPage.zb Hijacker
DelFin.Media.Viewer Trojan Information
Remove RingZero.gen Trojan
Win32.Agent.dp Rootkit Removal

Win32.DlFeer Downloader

How To Remove Win32.DlFeer?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.DlFeer is dangerous virus:
Trojans-downloaders downloads and installs new malware or adware on the computer.



Win32.DlFeer It also known as:

[Kaspersky]Backdoor.mIRC-based,TrojanDownloader.Win32.WebDown.10;
[Eset]Win32/TrojanDownloader.Apher.070 trojan;
[Computer Associates]Win32.DlFeer

Win32.DlFeer Symptoms:

Files:
[%SYSTEM%]\fin\bor.exe
[%SYSTEM%]\fin\crim.exe
[%SYSTEM%]\fin\dcrr.bat
[%SYSTEM%]\fin\dll.exe
[%SYSTEM%]\fin\hia.exe
[%SYSTEM%]\fin\men.bat
[%SYSTEM%]\fin\nyw.exe
[%SYSTEM%]\fin\roudstid.exe
[%SYSTEM%]\fin\sxdex.bat
[%SYSTEM%]\fin\sxed.exe
[%SYSTEM%]\fin\yny.exe
[%WINDOWS%]\fonts\fonts\bor.exe
[%WINDOWS%]\fonts\fonts\dot.exe
[%WINDOWS%]\fonts\fonts\hema.exe
[%SYSTEM%]\fin\bor.exe
[%SYSTEM%]\fin\crim.exe
[%SYSTEM%]\fin\dcrr.bat
[%SYSTEM%]\fin\dll.exe
[%SYSTEM%]\fin\hia.exe
[%SYSTEM%]\fin\men.bat
[%SYSTEM%]\fin\nyw.exe
[%SYSTEM%]\fin\roudstid.exe
[%SYSTEM%]\fin\sxdex.bat
[%SYSTEM%]\fin\sxed.exe
[%SYSTEM%]\fin\yny.exe
[%WINDOWS%]\fonts\fonts\bor.exe
[%WINDOWS%]\fonts\fonts\dot.exe
[%WINDOWS%]\fonts\fonts\hema.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Error32 Spyware Cleaner
TrojanDropper.Win32.VB.bk Trojan Cleaner
Actual.Keylogger Spyware Removal instruction
Trufout Trojan Information
Swizzor Trojan Symptoms

MediaCharger\MoviePlace Adware

How To Remove MediaCharger\MoviePlace?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
MediaCharger\MoviePlace is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



MediaCharger\MoviePlace Symptoms:

Files:
[%PROGRAMS%]\iopus password recovery xp\help manual.lnk
[%PROGRAMS%]\iopus password recovery xp\iopus password recovery xp.lnk
[%PROGRAMS%]\iopus password recovery xp\license.lnk
[%PROGRAMS%]\iopus password recovery xp\uninstall.lnk
[%PROGRAM_FILES%]\movieplace\movieplace.exe
[%WINDOWS%]\temp\icd3.tmp\activeinstall.dll
[%PROGRAMS%]\iopus password recovery xp\help manual.lnk
[%PROGRAMS%]\iopus password recovery xp\iopus password recovery xp.lnk
[%PROGRAMS%]\iopus password recovery xp\license.lnk
[%PROGRAMS%]\iopus password recovery xp\uninstall.lnk
[%PROGRAM_FILES%]\movieplace\movieplace.exe
[%WINDOWS%]\temp\icd3.tmp\activeinstall.dll

Folders:
[%DESKTOP%]\iopus password recovery xp.lnk
[%PROFILE%]\start menu\programs\iopus password recovery xp
[%PROGRAM_FILES%]\iopus password recovery xp

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iopus password recovery xp

Registry Values:
HKEY_LOCAL_MACHINE\software\iopuspasswordrecovery\info
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\the silicon realms toolworks\armadillo


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove StatWin Spyware

Tudprie Trojan

How To Remove Tudprie?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Tudprie is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Tudprie It also known as:

[Kaspersky]AdWare.Win32.WSearch.I,AdWare.Win32.Dm.y,Trojan.Win32.BHO.aw,AdWare.Win32.Dm.ba;
[McAfee]Adware.BDSearch,Adware-BDSearch;
[Other]Trojan.Adclicker,Adware.Roogoo,Adware.Rugo

Tudprie Symptoms:

Files:
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat
[%PROFILE_TEMP%]\_BHO.dll
[%PROFILE_TEMP%]\_Inst.dll
[%PROFILE_TEMP%]\_play.dll
[%PROFILE_TEMP%]\_ser.exe
[%SYSTEM%]\-65-4876-30
[%SYSTEM%]\-81-4876-30
[%SYSTEM%]\1b1.dll
[%SYSTEM%]\37a
[%SYSTEM%]\60e41.exe
[%SYSTEM%]\b601.dll
[%WINDOWS%]\-106-4876-30
[%WINDOWS%]\031.bmp
[%WINDOWS%]\3fa1.exe
[%WINDOWS%]\96d04ce2
[%WINDOWS%]\fa7c1.txt
[%WINDOWS%]\xxxx.bat

Folders:
[%APPDATA%]\t

Registry Keys:
HKEY_CLASSES_ROOT\appid\{ccf11a98-dc8c-40a9-abaa-df9c4d6dd923}
HKEY_CLASSES_ROOT\CLSID\{FAAAC0F6-94BE-4466-934B-7C53666A2F41}
HKEY_CLASSES_ROOT\dbho.ff
HKEY_CLASSES_ROOT\dbho.ff.1
HKEY_CLASSES_ROOT\interface\{90c84f29-48af-4822-80aa-c959808a210b}
HKEY_CLASSES_ROOT\typelib\{0fecb569-7e71-4adb-ac44-f3c1c0e8ef2d}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAAAC0F6-94BE-4466-934B-7C53666A2F41}
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_ms_2fax
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\ms_2fax
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ms_2fax
HKEY_CLASSES_ROOT\appid\{1f8f0995-f170-4793-a812-d3cd5cacc3e1}
HKEY_CLASSES_ROOT\clsid\{3aa0903b-1e13-4865-b114-15792d413c41}
HKEY_CLASSES_ROOT\clsid\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701}
HKEY_CLASSES_ROOT\clsid\{faaac0f6-94be-4466-934b-7c53666a2f41}
HKEY_CLASSES_ROOT\iehpr.invoke
HKEY_CLASSES_ROOT\iehpr.invoke.1
HKEY_CLASSES_ROOT\interface\{27ff85bc-ff68-40b9-bb0d-e92d065c0370}
HKEY_CLASSES_ROOT\interface\{c8eb3e47-64a2-4b1d-bda7-2f6b1b100ece}
HKEY_CLASSES_ROOT\typelib\{1c605e21-c217-41cd-99bf-347f09f122a3}
HKEY_CLASSES_ROOT\typelib\{abbf3e09-6453-43cc-bc46-879c5dc5cb07}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3aa0903b-1e13-4865-b114-15792d413c41}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5fb8c5d4-929f-4870-89e2-7e3ee26ee701}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{faaac0f6-94be-4466-934b-7c53666a2f41}

Registry Values:
HKEY_CLASSES_ROOT\appid\dbho.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
MyBHOSpy Adware Removal

CommonName.Agent Hijacker

How To Remove CommonName.Agent?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CommonName.Agent is dangerous virus:
When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.


CommonName.Agent Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_CLASSES_ROOT\clsid\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Briss Spyware
Remove Sivka.Burka RAT

Spy Spyware

How To Remove Spy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Spy is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.
DoS programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.




Spy It also known as:

[Kaspersky]Backdoor.Spy.13,Backdoor.Back.259,Backdoor.Back.260;
[McAfee]BackDoor-UE,BackDoor-VU;
[F-Prot]security risk or a "backdoor" program;
[Panda]Backdoor Program,Bck/Spy.13,Bck/Spy.13.a,Bck/Spy.13.b,Bck/Back.259,Bck/Back.260,Univ;
[Computer Associates]Backdoor/13!Spy,Backdoor/13.Boot!Spy,Backdoor/13.Stop!Spy,Backdoor/13.TSR!Spy,Spy.13,Win32/201!PWS!Spy!Trojan,Win32/SpyControl.A!Trojan,Win32/SpyControl.B!Trojan,Spy.447

Spy Symptoms:

Files:
[%DESKTOP%]\i-spy.lnk
[%PROGRAM_FILES%]\helper\help.exe
[%PROGRAM_FILES%]\Helper\I-Spy.url
[%PROGRAM_FILES%]\Helper\min.dat
[%PROGRAM_FILES%]\Helper\readme.txt
[%PROGRAM_FILES%]\Helper\unins000.dat
[%PROGRAM_FILES%]\Helper\unins000.exe
[%SYSTEM%]\cat.dll
[%WINDOWS%]\ispy.dll
[%WINDOWS%]\system\msmsngs.exe
[%WINDOWS%]\system\ypager.exe
[%WINDOWS%]\system\yupdater.exe
[%WINDOWS%]\temp\_istmp0.dir\strap.exe
[%DESKTOP%]\i-spy.lnk
[%PROGRAM_FILES%]\helper\help.exe
[%PROGRAM_FILES%]\Helper\I-Spy.url
[%PROGRAM_FILES%]\Helper\min.dat
[%PROGRAM_FILES%]\Helper\readme.txt
[%PROGRAM_FILES%]\Helper\unins000.dat
[%PROGRAM_FILES%]\Helper\unins000.exe
[%SYSTEM%]\cat.dll
[%WINDOWS%]\ispy.dll
[%WINDOWS%]\system\msmsngs.exe
[%WINDOWS%]\system\ypager.exe
[%WINDOWS%]\system\yupdater.exe
[%WINDOWS%]\temp\_istmp0.dir\strap.exe

Folders:
[%PROGRAMS%]\help

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\i-spy

Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Fear.and.Hope Backdoor Symptoms

Dumador.cr Backdoor

How To Remove Dumador.cr?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Dumador.cr is dangerous virus:
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.



Dumador.cr Symptoms:

Registry Keys:
HKEY_CURRENT_USER\software\sars


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing BAT.SMF Trojan

Konik Backdoor

How To Remove Konik?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Konik is dangerous virus:
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.


Konik It also known as:

[Kaspersky]Backdoor.Konik.06b,Backdoor.Win32.Konik.06b;
[McAfee]BackDoor-TL,SennaSpy2001;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Konik.06;
[Computer Associates]Backdoor/Konik,Win32.Konik.06

Konik Symptoms:

Files:
[%WINDOWS%]\system\modsys.exe
[%WINDOWS%]\system\modsys.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove HBJ Backdoor

Cinmus Trojan

How To Remove Cinmus?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Cinmus is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Cinmus It also known as:

[Kaspersky]AdWare.Win32.Cinmus.b,AdWare.Win32.Cinmus.A,AdWare.Win32.Cinmus.f,AdWare.Win32.Cinmus.g,Adware.Win32.Cimus.h,AdWare.Win32.Cinmus.j,AdWare.Win32.Cinmus.w,AdWare.Win32.Cinmus.ai,AdWare.Win32.Cinmus.acc;
[McAfee]Adware-Cinmus;
[F-Prot]W32/AdwareX.ART;
[Other]Trojan.Dropper,Trojan.Adclicker,Trojan.Cinmeng,Trojan.Win32/Cinmeng,Trojan:Win32.Cinmeng,Trojan:Win32/Nsil.A

Cinmus Symptoms:

Files:
[%PROFILE_TEMP%]\nsa3.tmp\System.dll
[%PROFILE_TEMP%]\nsc1F5.tmp\System.dll
[%PROFILE_TEMP%]\nsc3.tmp\System.dll
[%PROFILE_TEMP%]\nscCD.tmp\System.dll
[%PROFILE_TEMP%]\nsdB.tmp\System.dll
[%PROFILE_TEMP%]\nseB.tmp\System.dll
[%PROFILE_TEMP%]\nsf15.tmp\System.dll
[%PROFILE_TEMP%]\nsh4.tmp\System.dll
[%PROFILE_TEMP%]\nsi3.tmp\System.dll
[%PROFILE_TEMP%]\nsj215.tmp\System.dll
[%PROFILE_TEMP%]\nsm4.tmp\System.dll
[%PROFILE_TEMP%]\nsmB.tmp\System.dll
[%PROFILE_TEMP%]\nso1AD.tmp\System.dll
[%PROFILE_TEMP%]\nsr1A8.tmp\System.dll
[%PROFILE_TEMP%]\nsr223.tmp\System.dll
[%PROFILE_TEMP%]\nsv16B.tmp\System.dll
[%PROFILE_TEMP%]\nsv4.tmp\System.dll
[%PROFILE_TEMP%]\nsxD.tmp\System.dll
[%PROFILE_TEMP%]\nsz14.tmp\System.dll
[%WINDOWS%]\TEMP\nsn9085.TMP\System.dll
[%PROFILE_TEMP%]\dodolook111.exe
[%SYSTEM%]\cnwin.dll
[%SYSTEM%]\inst.dat
[%SYSTEM%]\keystrokes.html
[%SYSTEM%]\pk.bin
[%SYSTEM%]\web.dat
[%SYSTEM%]\websites.html
[%WINDOWS%]\system\dodolook027.exe
[%WINDOWS%]\system\dodolook068.exe
[%PROFILE_TEMP%]\nsa3.tmp\System.dll
[%PROFILE_TEMP%]\nsc1F5.tmp\System.dll
[%PROFILE_TEMP%]\nsc3.tmp\System.dll
[%PROFILE_TEMP%]\nscCD.tmp\System.dll
[%PROFILE_TEMP%]\nsdB.tmp\System.dll
[%PROFILE_TEMP%]\nseB.tmp\System.dll
[%PROFILE_TEMP%]\nsf15.tmp\System.dll
[%PROFILE_TEMP%]\nsh4.tmp\System.dll
[%PROFILE_TEMP%]\nsi3.tmp\System.dll
[%PROFILE_TEMP%]\nsj215.tmp\System.dll
[%PROFILE_TEMP%]\nsm4.tmp\System.dll
[%PROFILE_TEMP%]\nsmB.tmp\System.dll
[%PROFILE_TEMP%]\nso1AD.tmp\System.dll
[%PROFILE_TEMP%]\nsr1A8.tmp\System.dll
[%PROFILE_TEMP%]\nsr223.tmp\System.dll
[%PROFILE_TEMP%]\nsv16B.tmp\System.dll
[%PROFILE_TEMP%]\nsv4.tmp\System.dll
[%PROFILE_TEMP%]\nsxD.tmp\System.dll
[%PROFILE_TEMP%]\nsz14.tmp\System.dll
[%WINDOWS%]\TEMP\nsn9085.TMP\System.dll
[%PROFILE_TEMP%]\dodolook111.exe
[%SYSTEM%]\cnwin.dll
[%SYSTEM%]\inst.dat
[%SYSTEM%]\keystrokes.html
[%SYSTEM%]\pk.bin
[%SYSTEM%]\web.dat
[%SYSTEM%]\websites.html
[%WINDOWS%]\system\dodolook027.exe
[%WINDOWS%]\system\dodolook068.exe

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
HKEY_CLASSES_ROOT\interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0}
HKEY_CLASSES_ROOT\typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
HKEY_CLASSES_ROOT\clsid\{e5a7a15f-213f-4fcf-8de7-d388f9fb09eb}
HKEY_CLASSES_ROOT\interface\{dbfc15c2-d969-4327-8461-b6bcc5f2b9b6}
HKEY_CLASSES_ROOT\interface\{e5a7a15d-213f-4fcf-8de7-d388f9fb09eb}
HKEY_CLASSES_ROOT\typelib\{e5a7a15e-213f-4fcf-8de7-d388f9fb09eb}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5a7a15f-213f-4fcf-8de7-d388f9fb09eb}


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing SearchScout Adware
Removing Puper Trojan
Wotch Tracking Cookie Symptoms