Friday, December 12, 2008

BrowserAid.FindIt.Quick BHO

How To Remove BrowserAid.FindIt.Quick?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
BrowserAid.FindIt.Quick is dangerous virus:
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


BrowserAid.FindIt.Quick Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{72ceae02-df9c-49f3-9689-10d1b82dc343}
HKEY_LOCAL_MACHINE\software\classes\clsid\{72ceae02-df9c-49f3-9689-10d1b82dc343}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
WhenU.Desktop Toolbar Information
Proha Trojan Cleaner
Vxidl.AQU Trojan Cleaner
ExPup Trojan Removal
RIP.2003a Trojan Cleaner

Donnic Trojan

How To Remove Donnic?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Donnic is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


Donnic It also known as:

[Kaspersky]AdWare.win32.AdMedia.c,AdWare.Win32.AdMedia.c;
[McAfee]Downloader-AEU;
[Other]Win32/Donnic,Win32/Donnic.A,Win32/Donnic.C,Trojan Horse,W32/Smalltroj.KJC

Donnic Symptoms:

Files:
[%SYSTEM%]\soundmix.dll
[%SYSTEM%]\soundmix.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.DHR Trojan Removal instruction

Win32.Revop Trojan

How To Remove Win32.Revop?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Win32.Revop is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


Win32.Revop It also known as:

[Panda]Trj/Revop.C,Trj/Revop.A,Trj/Revop.H,Trj/Revop.K,Trj/Revop.J,Spyware/Adclicker

Win32.Revop Symptoms:

Files:
[%SYSTEM%]\32toplw.exe
[%SYSTEM%]\ANL.exe
[%SYSTEM%]\asnapi.exe
[%SYSTEM%]\atsrvutc.exe
[%SYSTEM%]\BAMEV.exe
[%SYSTEM%]\bdbasew.exe
[%SYSTEM%]\bdcz1k.exe
[%SYSTEM%]\bdheptk.exe
[%SYSTEM%]\bdkyrk.exe
[%SYSTEM%]\cdefg.exe
[%SYSTEM%]\ciseqm.exe
[%SYSTEM%]\ctivedsa.exe
[%SYSTEM%]\dbccu32o.exe
[%SYSTEM%]\dbcjt32o.exe
[%SYSTEM%]\dmioctlw.exe
[%SYSTEM%]\drawd.exe
[%SYSTEM%]\dsaddinr.exe
[%SYSTEM%]\erfc009p.exe
[%SYSTEM%]\erftsp.exe
[%SYSTEM%]\etrapn.exe
[%SYSTEM%]\etui2n.exe
[%SYSTEM%]\f3216m.exe
[%SYSTEM%]\fmapis.exe
[%SYSTEM%]\ftif11nl.exe
[%SYSTEM%]\ga64kv.exe
[%SYSTEM%]\gfxhenui.exe
[%SYSTEM%]\gfxhnori.exe
[%SYSTEM%]\gfxhrusi.exe
[%SYSTEM%]\hciT.exe
[%SYSTEM%]\hginas.exe
[%SYSTEM%]\indexm.exe
[%SYSTEM%]\indf.exe
[%SYSTEM%]\luginp.exe
[%SYSTEM%]\mtaskm.exe
[%SYSTEM%]\mvcore2w.exe
[%SYSTEM%]\NNERADINSTALLI.exe
[%SYSTEM%]\odemuim.exe
[%SYSTEM%]\omdlg32c.exe
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\pzids01h.exe
[%SYSTEM%]\reInstallP.exe
[%SYSTEM%]\rfc009pe.exe
[%SYSTEM%]\rflbmsgp.exe
[%SYSTEM%]\sasn1m.exe
[%SYSTEM%]\sassl.exe
[%SYSTEM%]\sauditem.exe
[%SYSTEM%]\sconfm.exe
[%SYSTEM%]\shatmw.exe
[%SYSTEM%]\sim.exe
[%SYSTEM%]\smr.exe
[%SYSTEM%]\smuir.exe
[%SYSTEM%]\Srev23M.exe
[%SYSTEM%]\srrtosau.exe
[%SYSTEM%]\srsrvc.exe
[%SYSTEM%]\tdlln.exe
[%SYSTEM%]\ti3d1aga.exe
[%SYSTEM%]\tlanui2n.exe
[%SYSTEM%]\tmartan.exe
[%SYSTEM%]\tmr.exe
[%SYSTEM%]\tmsevtn.exe
[%SYSTEM%]\TPCTF.exe
[%SYSTEM%]\wcfgf.exe
[%SYSTEM%]\wwind.exe
[%SYSTEM%]\xsnd300F.exe
[%SYSTEM%]\xtrac32e.exe
[%SYSTEM%]\ydocsm.exe
[%SYSTEM%]\_737c.exe
[%SYSTEM%]\_857c.exe
[%WINDOWS%]\actulice.exe
[%WINDOWS%]\file.exe
[%WINDOWS%]\ft1_02_0_402_gepfah.exe
[%WINDOWS%]\preInsTT.exe
[%SYSTEM%]\323h.exe
[%SYSTEM%]\apiuit.exe
[%SYSTEM%]\mvcorew.exe
[%SYSTEM%]\olstorep.exe
[%SYSTEM%]\pg2spltm.exe
[%SYSTEM%]\raphs32g.exe
[%SYSTEM%]\sycfilta.exe
[%SYSTEM%]\tdsapin.exe
[%SYSTEM%]\uartzq.exe
[%WINDOWS%]\kmg14100.exe
[%WINDOWS%]\preinstt.exe
[%SYSTEM%]\32toplw.exe
[%SYSTEM%]\ANL.exe
[%SYSTEM%]\asnapi.exe
[%SYSTEM%]\atsrvutc.exe
[%SYSTEM%]\BAMEV.exe
[%SYSTEM%]\bdbasew.exe
[%SYSTEM%]\bdcz1k.exe
[%SYSTEM%]\bdheptk.exe
[%SYSTEM%]\bdkyrk.exe
[%SYSTEM%]\cdefg.exe
[%SYSTEM%]\ciseqm.exe
[%SYSTEM%]\ctivedsa.exe
[%SYSTEM%]\dbccu32o.exe
[%SYSTEM%]\dbcjt32o.exe
[%SYSTEM%]\dmioctlw.exe
[%SYSTEM%]\drawd.exe
[%SYSTEM%]\dsaddinr.exe
[%SYSTEM%]\erfc009p.exe
[%SYSTEM%]\erftsp.exe
[%SYSTEM%]\etrapn.exe
[%SYSTEM%]\etui2n.exe
[%SYSTEM%]\f3216m.exe
[%SYSTEM%]\fmapis.exe
[%SYSTEM%]\ftif11nl.exe
[%SYSTEM%]\ga64kv.exe
[%SYSTEM%]\gfxhenui.exe
[%SYSTEM%]\gfxhnori.exe
[%SYSTEM%]\gfxhrusi.exe
[%SYSTEM%]\hciT.exe
[%SYSTEM%]\hginas.exe
[%SYSTEM%]\indexm.exe
[%SYSTEM%]\indf.exe
[%SYSTEM%]\luginp.exe
[%SYSTEM%]\mtaskm.exe
[%SYSTEM%]\mvcore2w.exe
[%SYSTEM%]\NNERADINSTALLI.exe
[%SYSTEM%]\odemuim.exe
[%SYSTEM%]\omdlg32c.exe
[%SYSTEM%]\owercfgp.exe
[%SYSTEM%]\pzids01h.exe
[%SYSTEM%]\reInstallP.exe
[%SYSTEM%]\rfc009pe.exe
[%SYSTEM%]\rflbmsgp.exe
[%SYSTEM%]\sasn1m.exe
[%SYSTEM%]\sassl.exe
[%SYSTEM%]\sauditem.exe
[%SYSTEM%]\sconfm.exe
[%SYSTEM%]\shatmw.exe
[%SYSTEM%]\sim.exe
[%SYSTEM%]\smr.exe
[%SYSTEM%]\smuir.exe
[%SYSTEM%]\Srev23M.exe
[%SYSTEM%]\srrtosau.exe
[%SYSTEM%]\srsrvc.exe
[%SYSTEM%]\tdlln.exe
[%SYSTEM%]\ti3d1aga.exe
[%SYSTEM%]\tlanui2n.exe
[%SYSTEM%]\tmartan.exe
[%SYSTEM%]\tmr.exe
[%SYSTEM%]\tmsevtn.exe
[%SYSTEM%]\TPCTF.exe
[%SYSTEM%]\wcfgf.exe
[%SYSTEM%]\wwind.exe
[%SYSTEM%]\xsnd300F.exe
[%SYSTEM%]\xtrac32e.exe
[%SYSTEM%]\ydocsm.exe
[%SYSTEM%]\_737c.exe
[%SYSTEM%]\_857c.exe
[%WINDOWS%]\actulice.exe
[%WINDOWS%]\file.exe
[%WINDOWS%]\ft1_02_0_402_gepfah.exe
[%WINDOWS%]\preInsTT.exe
[%SYSTEM%]\323h.exe
[%SYSTEM%]\apiuit.exe
[%SYSTEM%]\mvcorew.exe
[%SYSTEM%]\olstorep.exe
[%SYSTEM%]\pg2spltm.exe
[%SYSTEM%]\raphs32g.exe
[%SYSTEM%]\sycfilta.exe
[%SYSTEM%]\tdsapin.exe
[%SYSTEM%]\uartzq.exe
[%WINDOWS%]\kmg14100.exe
[%WINDOWS%]\preinstt.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Web1.RealTracker.com Tracking Cookie

IstBar Trojan

How To Remove IstBar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
IstBar is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.


IstBar It also known as:

[Kaspersky]TrojanDownloader.Win32.IstBar.e,TrojanDownloader.Win32.IstBar.p,TrojanDownloader.Win32.IstBar.t,Trojan-Downloader.Win32.IstBar.gen,Trojan-Downloader.JS.IstBar.ai,Trojan-Downloader.Win32.Small.gl,Trojan-Downlaoder.Win32.IstBar.gen,Trojan-Downloader.Win32.IstBar.pb,Trojan-Downloader.Win32.IstBar.gz;
[McAfee]Adware-ISTbar.dldr;
[Panda]Adware/nCase,Spyware/ISTbar,Trj/W32.IST,Trojan Horse;
[Computer Associates]Win32/IstBar.ce!Downloader,Win32/PMagic.A!Trojan,Win32/IstBar.i!Downloader;
[Other]Win32/Istbar.Y,Adware.Istbar,Win32/ISTbar.BX,Win32/Istbar.CV,Troj/Small-GL,Win32/Istbar.CX,Adware.YourSiteBar

IstBar Symptoms:

Files:
[%FAVORITES%]\fun & games\betting.lnk
[%FAVORITES%]\fun & games\casino palace.lnk
[%FAVORITES%]\fun & games\casino.lnk
[%FAVORITES%]\fun & games\games.lnk
[%FAVORITES%]\fun & games\horoscope.lnk
[%PROFILE_TEMP%]\bb.exe
[%PROFILE_TEMP%]\fKdUCcQ.exe
[%PROFILE_TEMP%]\iinstall.exe
[%PROFILE_TEMP%]\isinst.exe
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\optimize.exe
[%PROFILE_TEMP%]\Rar$EX03.204\YSB_toolBar.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for ----- spyaxe serial.zip\setup.exe
[%PROGRAM_FILES%]\girls25\default.skn
[%PROGRAM_FILES%]\girls25\NaughtyPlayer.exe
[%PROGRAM_FILES%]\girls25\skins\default.skn
[%PROGRAM_FILES%]\Internet Optimizer\optimize.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\70tovmto.ini
[%SYSTEM%]\acsproxy.dll
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\ap9h4qmo.ini
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\bln02nqv.ini
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\fwntoolbar.dll
[%SYSTEM%]\gah95on6.ini
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\pics.dat
[%SYSTEM%]\trkgif.exe
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\Downloaded Program Files\ISTactivex.dll
[%WINDOWS%]\Downloaded Program Files\ysbactivex.dll
[%WINDOWS%]\ehiuri.exe
[%WINDOWS%]\espam.exe
[%WINDOWS%]\lnuvuhm.exe
[%WINDOWS%]\lrihhxvv.exe
[%WINDOWS%]\naqpbtvc.exe
[%WINDOWS%]\ohjxdbs.exe
[%WINDOWS%]\xcrwtu.exe
[%WINDOWS%]\kjsyjgjo.exe
[%DESKTOP%]\1187662\fmeCa1n.exe
[%DESKTOP%]\free travel voucher.url
[%PROFILE%]\desktop\free amature movie.lnk
[%PROFILE_TEMP%]\bundlersi.exe
[%PROFILE_TEMP%]\ist_install.exe
[%SYSTEM%]\a95kfrhe.ini
[%SYSTEM%]\aenhl3qr.html
[%SYSTEM%]\ap9h4qmo.exe
[%SYSTEM%]\dbm42.exe
[%SYSTEM%]\dgrdntld.exe
[%SYSTEM%]\fpuos7h2.html
[%SYSTEM%]\gamma.exe
[%SYSTEM%]\istbar.dll
[%SYSTEM%]\kmisxk.exe
[%SYSTEM%]\loudc.exe
[%SYSTEM%]\mqtqtz32.exe
[%SYSTEM%]\msyutils.exe
[%SYSTEM%]\nah.exe
[%SYSTEM%]\srchbar.dll
[%WINDOWS%]\downloaded program files\istactivex.dll
[%WINDOWS%]\fon14100.exe
[%WINDOWS%]\fyd.exe
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\nem218.dll
[%WINDOWS%]\system\istbar.dll
[%WINDOWS%]\temp\istbar.dll
[%WINDOWS%]\unstsa3.exe
[%FAVORITES%]\fun & games\betting.lnk
[%FAVORITES%]\fun & games\casino palace.lnk
[%FAVORITES%]\fun & games\casino.lnk
[%FAVORITES%]\fun & games\games.lnk
[%FAVORITES%]\fun & games\horoscope.lnk
[%PROFILE_TEMP%]\bb.exe
[%PROFILE_TEMP%]\fKdUCcQ.exe
[%PROFILE_TEMP%]\iinstall.exe
[%PROFILE_TEMP%]\isinst.exe
[%PROFILE_TEMP%]\istsv_.exe
[%PROFILE_TEMP%]\jfgudk.exe
[%PROFILE_TEMP%]\optimize.exe
[%PROFILE_TEMP%]\Rar$EX03.204\YSB_toolBar.exe
[%PROFILE_TEMP%]\Temporary Directory 2 for ----- spyaxe serial.zip\setup.exe
[%PROGRAM_FILES%]\girls25\default.skn
[%PROGRAM_FILES%]\girls25\NaughtyPlayer.exe
[%PROGRAM_FILES%]\girls25\skins\default.skn
[%PROGRAM_FILES%]\Internet Optimizer\optimize.exe
[%PROGRAM_FILES%]\ISTsvc\istsvc.exe
[%SYSTEM%]\70tovmto.ini
[%SYSTEM%]\acsproxy.dll
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\ap9h4qmo.ini
[%SYSTEM%]\bln02nqv.exe
[%SYSTEM%]\bln02nqv.ini
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\fwntoolbar.dll
[%SYSTEM%]\gah95on6.ini
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\pics.dat
[%SYSTEM%]\trkgif.exe
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\70tovmto.exe
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\Downloaded Program Files\ISTactivex.dll
[%WINDOWS%]\Downloaded Program Files\ysbactivex.dll
[%WINDOWS%]\ehiuri.exe
[%WINDOWS%]\espam.exe
[%WINDOWS%]\lnuvuhm.exe
[%WINDOWS%]\lrihhxvv.exe
[%WINDOWS%]\naqpbtvc.exe
[%WINDOWS%]\ohjxdbs.exe
[%WINDOWS%]\xcrwtu.exe
[%WINDOWS%]\kjsyjgjo.exe
[%DESKTOP%]\1187662\fmeCa1n.exe
[%DESKTOP%]\free travel voucher.url
[%PROFILE%]\desktop\free amature movie.lnk
[%PROFILE_TEMP%]\bundlersi.exe
[%PROFILE_TEMP%]\ist_install.exe
[%SYSTEM%]\a95kfrhe.ini
[%SYSTEM%]\aenhl3qr.html
[%SYSTEM%]\ap9h4qmo.exe
[%SYSTEM%]\dbm42.exe
[%SYSTEM%]\dgrdntld.exe
[%SYSTEM%]\fpuos7h2.html
[%SYSTEM%]\gamma.exe
[%SYSTEM%]\istbar.dll
[%SYSTEM%]\kmisxk.exe
[%SYSTEM%]\loudc.exe
[%SYSTEM%]\mqtqtz32.exe
[%SYSTEM%]\msyutils.exe
[%SYSTEM%]\nah.exe
[%SYSTEM%]\srchbar.dll
[%WINDOWS%]\downloaded program files\istactivex.dll
[%WINDOWS%]\fon14100.exe
[%WINDOWS%]\fyd.exe
[%WINDOWS%]\msbb.exe
[%WINDOWS%]\nem218.dll
[%WINDOWS%]\system\istbar.dll
[%WINDOWS%]\temp\istbar.dll
[%WINDOWS%]\unstsa3.exe

Folders:
[%PROGRAM_FILES_COMMON%]\totem shared
[%PROGRAM_FILES%]\istsvc
[%PROGRAM_FILES%]\common files\totem shared
[%PROGRAM_FILES%]\free amature movie
[%PROGRAM_FILES%]\search bar

Registry Keys:
HKEY_CLASSES_ROOT\appid\loaderx.exe
HKEY_CLASSES_ROOT\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}
HKEY_CLASSES_ROOT\clsid\{771a1334-6b08-4a6b-aedc-cf994ba2cebe}
HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
HKEY_CLASSES_ROOT\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
HKEY_CLASSES_ROOT\clsid\{ef86873f-04c2-4a95-a373-5703c08efc7b}
HKEY_CLASSES_ROOT\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
HKEY_CLASSES_ROOT\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}
HKEY_CLASSES_ROOT\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}
HKEY_CLASSES_ROOT\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}
HKEY_CLASSES_ROOT\istactivex.installer
HKEY_CLASSES_ROOT\istactivex.installer.2
HKEY_CLASSES_ROOT\istbar.barobj
HKEY_CLASSES_ROOT\istx.installer.2
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\testcontentmatchcontrol1.contentmatchtag
HKEY_CLASSES_ROOT\testcontentmatchcontrol1.contentmatchtag.1
HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
HKEY_CLASSES_ROOT\typelib\{cc257918-f435-4a33-8231-2b8195990cca}
HKEY_CLASSES_ROOT\typelib\{db447818-96b4-40df-8a55-720da496f514}
HKEY_CLASSES_ROOT\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}
HKEY_CLASSES_ROOT\ysbactivex.installer
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\istbar
HKEY_LOCAL_MACHINE\software\classes\clsid\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98a8315e-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\classes\imgconv.clsimgconv
HKEY_LOCAL_MACHINE\software\classes\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_LOCAL_MACHINE\software\classes\interface\{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315d-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315f-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}
HKEY_LOCAL_MACHINE\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_LOCAL_MACHINE\software\classes\interface\{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d}
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer.2
HKEY_LOCAL_MACHINE\software\classes\typelib\{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{308a04d3-084d-43aa-a3e6-0d12bcca3ce6}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\istbar
HKEY_LOCAL_MACHINE\software\istsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{12398DD6-40AA-4C40-A4EC-A42CFC0DE797}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbaristbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc
HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_CLASSES_ROOT\clsid\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\clsid\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_CLASSES_ROOT\clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
HKEY_CLASSES_ROOT\interface\{dc065fa6-08f9-4c50-99dc-275d16cfc5bd}
HKEY_CLASSES_ROOT\istactivex.installer.1
HKEY_CLASSES_ROOT\istx.installer
HKEY_CLASSES_ROOT\pugi.pugiobj
HKEY_CLASSES_ROOT\pugi.pugiobj.1
HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
HKEY_CLASSES_ROOT\typelib\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\typelib\{89a10d64-83bf-41a4-86a3-7aaf1f8f3d1b}
HKEY_CLASSES_ROOT\typelib\{8d038f3d-7a31-42fa-8233-edf3ddd9fc25}
HKEY_CURRENT_USER\software\1stbar
HKEY_CURRENT_USER\software\iesearchbar
HKEY_CURRENT_USER\software\ist_exe_start
HKEY_LOCAL_MACHINE\software\classes\typelib\{7c9e9a74-1922-409e-ab46-e48784336c3a}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_LOCAL_MACHINE\software\microsoft\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iesearchbariesearchbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\70tovmto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\70tovmto
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Win32.Makecall Trojan

Flasher Trojan

How To Remove Flasher?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Flasher is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Flasher It also known as:

[F-Prot]->copycursor.exe,->readme.htm

Flasher Symptoms:

Files:
[%SYSTEM%]\bpk.dat
[%SYSTEM%]\bpkhk.dll
[%SYSTEM%]\bpk.dat
[%SYSTEM%]\bpkhk.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Lao.Doung Trojan Cleaner
Remove Microspy Spyware
Dechiver Trojan Cleaner
Removing TrojanDropper.Small Trojan
MiniCli RAT Removal instruction

Freak Trojan

How To Remove Freak?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Freak is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
Often the backdoor will not be visible in the log of active programs.
Many trojans and backdoors now have remote administration capabilities
allowing an individual to control the victim's computer.
Many times a file called the server must be opened on the victim's computer before
the trojan can have access to it.

These are generally sent through email, P2P file sharing software,
and in internet downloads. They are usually disguised as a legitimate program or file.
Many server files will display a fake error message when opened, to make it seem like it didn't open.
Some will also kill antivirus and firewall software.


Freak It also known as:

[Kaspersky]Backdoor.Delf.dl,Backdoor.Freak;
[McAfee]BackDoor-PX;
[F-Prot]security risk or a "backdoor" program;
[Panda]Bck/Delf,Backdoor Program.LC,Bck/Delf.dl,Bck/Freak;
[Computer Associates]Backdoor/Delf.dl,Backdoor/Freak.101,Win32.Freak.101,Backdoor/Freak!Server

Freak Symptoms:

Files:
[%WINDOWS%]\system\freak trojan 2k.exe
[%WINDOWS%]\win_.exe
[%WINDOWS%]\system\freak trojan 2k.exe
[%WINDOWS%]\win_.exe

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Zmk Trojan Removal
Denutaro Trojan Cleaner
Brunme Trojan Cleaner
zope.net Tracking Cookie Removal
AdultP2P Adware Removal instruction

Zlob.Fam.FreeVideo Trojan

How To Remove Zlob.Fam.FreeVideo?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Zlob.Fam.FreeVideo is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware is the class of programs that place advertisements on your screen.
These may be in the form of pop-ups, pop-unders, advertisements embedded in programs,
advertisements placed on top of ads in web sites, or any other way the authors can
think of showing you an ad.

The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.
They may show up when you are playing a game, writing a document, listening to music,
or anything else. Should you be surfing, the advertisements will often be related to
the web page you are viewing.


Zlob.Fam.FreeVideo Symptoms:

Folders:
[%PROGRAM_FILES%]\FreeVideo

Registry Keys:
HKEY_CLASSES_ROOT\freevideo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeVideo


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove SillyDl.DEA Trojan
Pigeon.DZG Trojan Information

Aenima Trojan

How To Remove Aenima?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Aenima is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Hacker Tools are designed to penetrate remote computers
in order to use them as zombies or to download other malicious programs to computer.
These programs attack web servers by sending numerous requests to the specified server,
often causing it to crash under an excessive volume of requests.

DoS trojans conduct such attacks from a single computer with the consent of the user.

Worms can carry a DoS procedure as part of their payload.


Aenima It also known as:

[Kaspersky]Flooder.MailSpam.Aenima.15,Flooder.MailSpam.Aenima.17,Flooder.MailSpam.Aenima.20;
[Eset]Win32/Spammer.Aenima.17 trojan;
[McAfee]Spam-Aenima;
[F-Prot]security risk or a "backdoor" program;
[Panda]SPAM/Aenima,Spammer/Aenima.2.0;
[Computer Associates]Win32/Aenima.17_Spammer!Trojan

Aenima Symptoms:

Files:
[%WINDOWS%]\4unst.exe
[%WINDOWS%]\4unst.exe

Folders:
[%PROGRAMS%]\passwordtools
[%PROGRAM_FILES%]\passwordtools

Registry Keys:
HKEY_LOCAL_MACHINE\software\classes\password.tools\shell\recover password\command
HKEY_LOCAL_MACHINE\software\classes\winzip\shell\recover password\command
HKEY_LOCAL_MACHINE\software\classes\wordpad.document.1\shell\recover password\command
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\passwordtools
HKEY_LOCAL_MACHINE\software\vitas\passwordtools\last
HKEY_LOCAL_MACHINE\software\vitas\passwordtools\v4.0.3175

Registry Values:
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\passwordtools.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
SillyDl.CFW Downloader Removal instruction
Spy Spyware Symptoms
Killstart Trojan Cleaner

Perfect.Cleaner Ransomware

How To Remove Perfect.Cleaner?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Perfect.Cleaner is dangerous virus:
A cryptovirus, cryptotrojan or cryptoworm is a type of
malware that encrypts the data belonging to an individual on a computer,
demanding a ransom for its restoration.

The term ransomware is commonly used to describe software that encrypts the data
belonging to an individual on a computer, demanding a ransom for its restoration.
Although the field known as cryptovirology predates the term "ransomware".


Perfect.Cleaner Symptoms:

Files:
[%COMMON_DESKTOPDIRECTORY%]\PerfectCleaner.lnk
[%COMMON_DESKTOPDIRECTORY%]\PerfectCleaner.lnk

Folders:
[%COMMON_PROGRAMS%]\PerfectCleaner
[%PROGRAM_FILES%]\PerfectCleaner

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\perfectcleaner
HKEY_LOCAL_MACHINE\software\perfectcleaner

Registry Values:
HKEY_LOCAL_MACHINE\software\antispyware
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Bancos.FYV Trojan Cleaner
Removing Pigeon.AWIE Trojan
Removing Bruc Trojan
Hoho Trojan Removal

Small.iz Trojan

How To Remove Small.iz?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Small.iz is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.


Small.iz Symptoms:

Files:
[%PROFILE_TEMP%]\unst.exe
[%PROFILE_TEMP%]\unst.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Pigeon.AWH Trojan
Remove SdBot.br Backdoor
Supnalk Trojan Symptoms
Win32.SMS.Bomber.Troja DoS Information
Zlob Trojan Symptoms

wow Trojan

How To Remove wow?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
wow is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.


wow Symptoms:

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{9c0cfa58-3a6f-51ba-9efe-5320f4f621ba}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
IDonate BHO Removal
Remove IRC.Drizand Backdoor
Remove TurboDownload Adware
Remove VB.bh Adware

Meldsimp Trojan

How To Remove Meldsimp?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Meldsimp is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.


Meldsimp It also known as:

[Kaspersky]Trojan-Proxy.Win32.Small.du,Trojan-Proxy.Win32.Small.gl,Trojan-Proxy.Win32.Small.gk,Trojan.Win32.Agent.asu;
[McAfee]BackDoor-CWM;
[F-Prot]W32/Backdoor.VBIS,W32/TrojanX.ACHF,W32/TrojanX.ABZS,W32/Trojan.VBAA;
[Other]Win32/Meldsimp,Win32/Meldsimp.J,Hacktool,Win32/Meldsimp.AC,Virus:Win32/Grum.G,W32/Smalltroj.BKOX,Mal/Generic-A,Trojan Horse,W32/agent.BZHW,Troj/ASU-Gen,Backdoor.Trojan

Meldsimp Symptoms:

Files:
[%PROFILE_TEMP%]\winlogon.exe
[%SYSTEM%]\mpcsvc.exe
[%SYSTEM%]\ogysteo.exe
[%PROFILE_TEMP%]\winlogon.exe
[%SYSTEM%]\mpcsvc.exe
[%SYSTEM%]\ogysteo.exe

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop
HKEY_CURRENT_USER\software\microsoft\internet explorer\security
HKEY_CURRENT_USER\software\microsoft\internet explorer\security
HKEY_CURRENT_USER\software\microsoft\internet explorer\security
HKEY_CURRENT_USER\software\microsoft\internet explorer\security
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Active.Key.Logger Spyware

Russian.Searchbar Toolbar

How To Remove Russian.Searchbar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Russian.Searchbar is dangerous virus:
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


Russian.Searchbar Symptoms:

Files:
[%SYSTEM%]\yndbar.dll
[%WINDOWS%]\system\yndbar.dll
[%SYSTEM%]\yndbar.dll
[%WINDOWS%]\system\yndbar.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}
HKEY_LOCAL_MACHINE\software\classes\clsid\{91397d20-1446-11d4-8af4-0040ca1127b6}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
ControlTotal.beta Trojan Information
RedSherriff Tracking Cookie Removal instruction

Digital.Spy Backdoor

How To Remove Digital.Spy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Digital.Spy is dangerous virus:
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.


Digital.Spy It also known as:

[Kaspersky]Backdoor.Digispy,HackTool.Win32.Evigen;
[McAfee]New BackDoor1;
[Panda]Hacktool Program;
[Computer Associates]Backdoor/Digispy!Server

Digital.Spy Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Naras Trojan
Remove Pigeon.EQV Trojan

CoolSavings Adware

How To Remove CoolSavings?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
CoolSavings is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


CoolSavings Symptoms:

Files:
[%PROFILE_TEMP%]\CoolCache\Piggy.CGD
[%WINDOWS%]\downloaded program files\cpnmgr.dll
[%WINDOWS%]\TEMP\CoolCache\Piggy.CGD
[%PROFILE_TEMP%]\CoolCache\Piggy.CGD
[%WINDOWS%]\downloaded program files\cpnmgr.dll
[%WINDOWS%]\TEMP\CoolCache\Piggy.CGD

Folders:
[%PROFILE_TEMP%]\coolcache

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{549f957e-2f89-11d6-8cfe-00c04f52b225}
HKEY_CLASSES_ROOT\cpnmgr.cmv5
HKEY_CLASSES_ROOT\cpnmgr.cmv5.3
HKEY_CLASSES_ROOT\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}
HKEY_CLASSES_ROOT\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}
HKEY_CLASSES_ROOT\typelib\{549f9571-2f89-11d6-8cfe-00c04f52b225}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{549F957E-2F89-11D6-8CFE-00C04F52B225}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\cpnmgr.dll
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{549f957e-2f89-11d6-8cfe-00c04f52b225}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\cpnmgr.dll

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/cpnmgr.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cpnmgr.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cpnmgr.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Neutron Trojan Cleaner
ClientMan.MSMC Trojan Removal instruction
Remove InstitutionFB Trojan
Remove Mystic Trojan

Mechbot Backdoor

How To Remove Mechbot?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Mechbot is dangerous virus:
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.


Mechbot It also known as:

[Kaspersky]Backdoor.Win32.Mechbot,Backdoor.Win32.Mechbot.a;
[McAfee]W32/IRCbot.gen.f;
[Other]W32.IRCBot,Backdoor.Win32.Mechbot.d,BKDR_MECHBOT.D,Win32/Chembot.A,Backdoor.Trojan

Mechbot Symptoms:

Folders:
[%SYSTEM%]\dllcache\audio

Registry Keys:
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_mrtserv
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mrtserv


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
PunchDatuk Trojan Cleaner
Bookmarker Trojan Cleaner
Flue Trojan Cleaner
Bancos.HYM Trojan Information
Win32.Exploit.MS03 Trojan Removal

Zdesnado Downloader

How To Remove Zdesnado?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Zdesnado is dangerous virus:
Trojans-downloaders downloads and installs new malware or adware on the computer.



Zdesnado Symptoms:

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Sapik.Modem DoS Symptoms
Assasins.Bot DoS Cleaner
Removing BackDoor.CCT Backdoor
Zytric Trojan Removal

WordMacro.Volcano Trojan

How To Remove WordMacro.Volcano?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
WordMacro.Volcano is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Backdoors are the most dangerous type of Trojans and the most popular.
Backdoors open infected machines to external control via Internet.
They function in the same way as legal remote administration programs used by system administrators.
This makes them difficult to detect.

Backdoors are installed and launched without the consent of the user of computer.
Often the backdoor will not be visible in the log of active programs.

Once a backdoor has been successfully launched, the computer is wide open.
Backdoor functions can include:


  • Launching/ deleting files

  • Sending/ receiving files

  • Deleting data

  • Displaying notification

  • Rebooting the machine

  • Executing files




Backdoors are used by virus writers to detect and download confidential information,
execute malicious code, destroy data, include the machine in bot networks and so forth.
Backdoors combine the functionality of most other types of in one package.

Backdoors have one especially dangerous sub-class: variants that can propagate like worms.
Trojans-downloaders downloads and installs new malware or adware on the computer.

DoS trojans conduct attacks from a single computer with the consent of the user.


WordMacro.Volcano It also known as:

[Panda]WM/Volcano.A;
[Computer Associates]WordMacro/Volcano.A

WordMacro.Volcano Symptoms:

Files:
[%PROGRAM_FILES%]\Network Monitor\netmon.exe
[%WINDOWS%]\uninstall_nmon.vbs
[%PROGRAM_FILES%]\Network Monitor\netmon.exe
[%WINDOWS%]\uninstall_nmon.vbs

Registry Keys:
HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}
HKEY_CURRENT_USER\Software\intexp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Pigeon.EKQ Trojan Symptoms

WinPup32 Trojan

How To Remove WinPup32?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
WinPup32 is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.


WinPup32 It also known as:

[Kaspersky]Trojan.Win32.Revop.b,Trojan-Clicker.Win32.VB.ae,TrojanClicker.Win32.VB.o;
[Panda]Dialer.DB,Spyware/Adclicker,Trojan Horse

WinPup32 Symptoms:

Files:
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\inf\banner.inf
[%PROGRAM_FILES%]\over.exe
[%PROGRAM_FILES%]\pup.exe
[%SYSTEM%]\20444887.exe
[%SYSTEM%]\23777407.exe
[%SYSTEM%]\24065798.exe
[%SYSTEM%]\25199526.exe
[%SYSTEM%]\27032107.exe
[%SYSTEM%]\39197939.exe
[%SYSTEM%]\4026430.exe
[%SYSTEM%]\61692446.exe
[%SYSTEM%]\64075869.exe
[%SYSTEM%]\6904238.exe
[%SYSTEM%]\73934572.exe
[%SYSTEM%]\75082033.exe
[%SYSTEM%]\77946108.exe
[%SYSTEM%]\8439272.exe
[%SYSTEM%]\92135256.exe
[%SYSTEM%]\96062868.exe
[%SYSTEM%]\astapir.exe
[%SYSTEM%]\en2232v.exe
[%SYSTEM%]\input8d.exe
[%SYSTEM%]\inverw.exe
[%SYSTEM%]\mdrvm.exe
[%SYSTEM%]\onsolec.exe
[%SYSTEM%]\ppmgra.exe
[%SYSTEM%]\winpup.exe
[%SYSTEM%]\winpup32.exe
[%SYSTEM%]\_932c.exe
[%WINDOWS%]\buddy.exe
[%WINDOWS%]\hdciffgq.ini
[%WINDOWS%]\pup.exe
[%WINDOWS%]\system\allbackf.exe
[%WINDOWS%]\system\cctresa.exe
[%WINDOWS%]\system\dvdq.exe
[%WINDOWS%]\system\hellexts.exe
[%WINDOWS%]\system\lb32v.exe
[%WINDOWS%]\system\lethk32o.exe
[%WINDOWS%]\system\m20f.exe
[%WINDOWS%]\system\mcompata.exe
[%WINDOWS%]\system\msdmodw.exe
[%WINDOWS%]\system\nternati.exe
[%WINDOWS%]\system\ommdlgc.exe
[%WINDOWS%]\system\pg2spltm.exe
[%WINDOWS%]\system\prservm.exe
[%WINDOWS%]\system\sound3dd.exe
[%WINDOWS%]\system\sratelcm.exe
[%WINDOWS%]\system\storesp.exe
[%WINDOWS%]\system\taigfxi.exe
[%WINDOWS%]\system\winpup32.exe
[%WINDOWS%]\system\ysinfos.exe
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\inf\banner.inf
[%PROGRAM_FILES%]\over.exe
[%PROGRAM_FILES%]\pup.exe
[%SYSTEM%]\20444887.exe
[%SYSTEM%]\23777407.exe
[%SYSTEM%]\24065798.exe
[%SYSTEM%]\25199526.exe
[%SYSTEM%]\27032107.exe
[%SYSTEM%]\39197939.exe
[%SYSTEM%]\4026430.exe
[%SYSTEM%]\61692446.exe
[%SYSTEM%]\64075869.exe
[%SYSTEM%]\6904238.exe
[%SYSTEM%]\73934572.exe
[%SYSTEM%]\75082033.exe
[%SYSTEM%]\77946108.exe
[%SYSTEM%]\8439272.exe
[%SYSTEM%]\92135256.exe
[%SYSTEM%]\96062868.exe
[%SYSTEM%]\astapir.exe
[%SYSTEM%]\en2232v.exe
[%SYSTEM%]\input8d.exe
[%SYSTEM%]\inverw.exe
[%SYSTEM%]\mdrvm.exe
[%SYSTEM%]\onsolec.exe
[%SYSTEM%]\ppmgra.exe
[%SYSTEM%]\winpup.exe
[%SYSTEM%]\winpup32.exe
[%SYSTEM%]\_932c.exe
[%WINDOWS%]\buddy.exe
[%WINDOWS%]\hdciffgq.ini
[%WINDOWS%]\pup.exe
[%WINDOWS%]\system\allbackf.exe
[%WINDOWS%]\system\cctresa.exe
[%WINDOWS%]\system\dvdq.exe
[%WINDOWS%]\system\hellexts.exe
[%WINDOWS%]\system\lb32v.exe
[%WINDOWS%]\system\lethk32o.exe
[%WINDOWS%]\system\m20f.exe
[%WINDOWS%]\system\mcompata.exe
[%WINDOWS%]\system\msdmodw.exe
[%WINDOWS%]\system\nternati.exe
[%WINDOWS%]\system\ommdlgc.exe
[%WINDOWS%]\system\pg2spltm.exe
[%WINDOWS%]\system\prservm.exe
[%WINDOWS%]\system\sound3dd.exe
[%WINDOWS%]\system\sratelcm.exe
[%WINDOWS%]\system\storesp.exe
[%WINDOWS%]\system\taigfxi.exe
[%WINDOWS%]\system\winpup32.exe
[%WINDOWS%]\system\ysinfos.exe

Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\pup
HKEY_CLASSES_ROOT\pup.setup
HKEY_LOCAL_MACHINE\software\pup

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
WinAntiVirus.Pro Trojan Removal
Removing HllP.RanDir Trojan
KNotZsImZ DoS Removal

Urname Hostile Code

How To Remove Urname?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Urname is dangerous virus:
Hostile code is any process running on a system that is
not authorized by the system administrator, such as Trojans, viruses, or spyware.


Urname Symptoms:

Files:
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\48\518827f0-12c78c93
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\urname.class-4f7db2f1-4759d7bd.class
[%APPDATA%]\Sun\Java\Deployment\cache\6.0\48\518827f0-12c78c93
[%APPDATA%]\Sun\Java\Deployment\cache\javapi\v1.0\file\urname.class-4f7db2f1-4759d7bd.class


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Video Trojan Removal instruction
Bancos.IGC Trojan Cleaner
Remove SillyDl.CTF Trojan
Agent.BJO Downloader Cleaner
Removing Trivial.30d Trojan

TypeAgent Spyware

How To Remove TypeAgent?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
TypeAgent is dangerous virus:
Spyware programs can collect various types of personal information,
such as Internet surfing habit, sites that have been visited,
but can also interfere with user control of the computer in other ways,
such as installing additional software, redirecting Web browser activity,
accessing websites blindly that will cause more harmful viruses,
or diverting advertising revenue to a third party.


TypeAgent Symptoms:

Files:
[%COMMON_PROGRAMS%]\TypeAgent.lnk
[%COMMON_STARTUP%]\TypeAgent.lnk
[%COMMON_PROGRAMS%]\TypeAgent.lnk
[%COMMON_STARTUP%]\TypeAgent.lnk

Folders:
[%PROGRAM_FILES%]\TypeAgent

Registry Keys:
HKEY_CLASSES_ROOT\installer\features\e52e32a086ad9ae4a96024c4ad72b27d
HKEY_CLASSES_ROOT\installer\products\e52e32a086ad9ae4a96024c4ad72b27d
HKEY_CLASSES_ROOT\installer\upgradecodes\d8ea19f002b927842a9d8aada2d8ff26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\d8ea19f002b927842a9d8aada2d8ff26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{0a23e25e-da68-4ea9-9a06-424cda272bd7}
HKEY_LOCAL_MACHINE\software\rampell\typeagentl

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Obsd.Fun DoS
Removing Praize Toolbar
Keylogger.Common.Components Spyware Cleaner

Windows.Search.Bar BHO

How To Remove Windows.Search.Bar?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Windows.Search.Bar is dangerous virus:
BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.


Windows.Search.Bar Symptoms:

Files:
[%SYSTEM%]\winsb.dll
[%WINDOWS%]\system\winsb.dll
[%SYSTEM%]\winsb.dll
[%WINDOWS%]\system\winsb.dll

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1e432263-6841-4653-8f02-366a2f77e339}
HKEY_CLASSES_ROOT\CLSID\{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C}
HKEY_CLASSES_ROOT\CLSID\{A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F}
HKEY_CLASSES_ROOT\windowssb.autosearch
HKEY_CLASSES_ROOT\windowssb.autosearch.1
HKEY_CLASSES_ROOT\windowssb.band
HKEY_CLASSES_ROOT\windowssb.band.1
HKEY_CLASSES_ROOT\windowssb.eventhandler
HKEY_CLASSES_ROOT\windowssb.eventhandler.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a1dd937d-71e1-4bb5-bd5d-1b01b9cb1c2f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C}
HKEY_CLASSES_ROOT\clsid\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}
HKEY_CLASSES_ROOT\clsid\{a1dd937d-71e1-4bb5-bd5d-1b01b9cb1c2f}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}

Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Alexa BHO

SavingsHound Adware

How To Remove SavingsHound?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SavingsHound is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.



SavingsHound Symptoms:

Files:
[%DESKTOP%]\savingshound.lnk
[%DESKTOP%]\savingshound.lnk

Folders:
[%PROGRAM_FILES%]\savingshound

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{0088edd4-e83a-4c8c-a2c8-840d4deeb86a}
HKEY_CLASSES_ROOT\clsid\{14fd2098-9f9e-4fbc-a1a5-bafbb6ef475a}
HKEY_CLASSES_ROOT\clsid\{325338f0-aed0-45f6-a0da-b5b09e6a07ed}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b80-469e-c0ff-fd7ff4d5fa7f}
HKEY_CLASSES_ROOT\clsid\{56352d61-c28c-4e43-8280-38afff4f4c50}
HKEY_CLASSES_ROOT\interface\{548406a4-c9cc-4f3f-bf03-e235c8650e1f}
HKEY_CLASSES_ROOT\interface\{587c0f8d-80cd-4588-a439-7a2731edb13d}
HKEY_CLASSES_ROOT\interface\{8440fe1b-c609-49aa-8cdc-1915f83e0b69}
HKEY_CLASSES_ROOT\interface\{91ee7889-7385-4f66-8790-539a1686f661}
HKEY_CLASSES_ROOT\savingshound.csinstallinformation
HKEY_CLASSES_ROOT\savingshound.csinstallinformation.1
HKEY_CLASSES_ROOT\savingshound.savingshoundbar
HKEY_CLASSES_ROOT\savingshound.savingshoundbar.1
HKEY_CLASSES_ROOT\savingshound.savingshoundbarh
HKEY_CLASSES_ROOT\savingshound.savingshoundbarh.1
HKEY_CLASSES_ROOT\savingshoundbar.savingshoundbho
HKEY_CLASSES_ROOT\savingshoundbar.savingshoundbho.1
HKEY_CLASSES_ROOT\savingshoundbhoclass
HKEY_CLASSES_ROOT\typelib\{b5f8e28b-0471-4be1-90ba-4f17dec6f146}
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\{9750935b-0f6c-46d5-b7bf-8e682ea73329}
HKEY_CURRENT_USER\software\savingshound
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{325338f0-aed0-45f6-a0da-b5b09e6a07ed}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\savingshound
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sbar

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Jman Trojan

Rameh Downloader

How To Remove Rameh?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Rameh is dangerous virus:
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


Rameh Symptoms:

Files:
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%SYSTEM%]\pdfzzy.dll
[%PROGRAM_FILES%]\AOL Toolbar\toolbar.dll
[%SYSTEM%]\pdfzzy.dll


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
ComAnywhere RAT Removal
SuperMM.NT RAT Removal instruction
Price Trojan Symptoms
VirTool.ABM Backdoor Information
Removing PSW.NetMail Trojan

SpyBuddy Spyware

How To Remove SpyBuddy?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
SpyBuddy is dangerous virus:
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.


SpyBuddy Symptoms:

Files:
[%WINDOWS%]\sbconfig.dat
[%WINDOWS%]\sbconfig.dat

Folders:
[%PROGRAM_FILES%]\exploreanywhere
[%APPDATA%]\winsyscfg
[%DESKTOP%]\spybuddy
[%PROGRAMS%]\spybuddy

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spybuddy


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Removing Alcalup Trojan
Mutters Trojan Symptoms
SecondThought.ai Trojan Removal

ClientMan.MSMC Trojan

How To Remove ClientMan.MSMC?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
ClientMan.MSMC is dangerous virus:
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.


ClientMan.MSMC It also known as:

[Kaspersky]Trojan.Win32.Small.i;
[Panda]Trj/Small.AQ;
[Computer Associates]Win32.Siboco.B,Win32/Siboco.B!Trojan

ClientMan.MSMC Symptoms:

Files:
[%SYSTEM%]\msccof.exe
[%SYSTEM%]\msccof.exe


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Internet.Optimizer Adware Removal