Necessary At your option Useless Dangerous Application database
Startupapps.com recommends you:

Detect and remove hidden rootkits using UnHackMe UnHackMe - Rootkit Killer Free fully functional 30-days trial.

RegRun Security Suite = 24 system utilities for protecting your computer. Try now!

Buy Now!

I would like to say that RegRun has helped me on more than 1 occasion when it comes to spyware/adware by letting me know automatically that a piece of it got added to Windows startup. There is so much spyware/addware out there today it's hard to imagine being without RegRun. I like many other features too including the daily registry backups and file protection.

Chris Wagers

%system%\bloodred.exe
%windir%\lsass.exe
%windir%_e51.exe
.exe
winpal32.dll
x-mas.exe
!readme.exe
!update.exe
"%program files%\common files\%generated clsid%\update.exe" mc-110-12-0000272
"%windir%\acdsee demo.exe"
"%windir%\system\system copy.exe"
"renamed server".exe
##exmodul.exe
$_3472452.exe
$sys$drmserver.exe
$sys$sonytimer.exe
$sys$sos$sys$.exe
$sys$welovemccol.exe
%common files%\delsim\del.exe
%common files%\services\svchost.exe
%downloaded program files%\explorer.exe
%program files%\180search assistant\hsr.dll
%program files%\180search assistant\sachook.dll
%program files%\180search assistant\sain.exe
%program files%\180search assistant\sau.dll
%program files%\180search assistant\sauhook.dll
%program files%\2search\getst.exe
%program files%\2search\main.exe
%program files%\2search\plugin.dll
%program files%\5whgue21\5whgue21.exe
%program files%\acm\acmconfig.exe
%program files%\acm\acmdll.dll
%program files%\acm\acmservice.exe
%program files%\acm\zshook.dll
%program files%\acs-style\acs.exe
%program files%\activity keylogger\actik.exe
%program files%\activity keylogger\akeylogger.exe
%program files%\activity keylogger\hidden.dll
%program files%\activity logger\alaware.dll
%program files%\activity logger\alogcfg.exe
%program files%\activity logger\alogger.exe
%program files%\activity logger\alsys.exe
%program files%\activity logger\emailer.dll
%program files%\activity logger\logexp.dll
%program files%\activity logger\mfc42.dll
%program files%\activity logger\msvcrt.dll
%program files%\activity logger\slgrl.dll
%program files%\activity logger\swkbhkl.dll
%program files%\actual spy\actualspy.exe
%program files%\actual spy\hkdll.dll
%program files%\actual spy\hprog.dll
%program files%\adobe\acrobat.exe
%program files%\adstatcomm.dll
%program files%\advsearch\cliner.exe
%program files%\advsearch\finddll.dll
%program files%\advsearch\mailbook.exe
%program files%\advsearch\mailbookproxy.dll
%program files%\advsearch\mydll.dll
%program files%\advsearch\nn7dll.dll
%program files%\advsearch\nndll.dll
%program files%\advsearch\spredirect.dll
%program files%\advsearch\updater.exe
%program files%\advsearch\updaterproxy.dll
%program files%\aolx\as.exe
%program files%\appstraka\appstraka.exe
%program files%\appstraka\unins000.exe
%program files%\archive.exe
%program files%\ardamax keylogger\il.dll
%program files%\ardamax keylogger\kh.dll
%program files%\asys\stb.exe
%program files%\asys\vfx8.0-1.exe
%program files%\auto keylogger\kbhook4.dll
%program files%\auto keylogger\kl.exe
%program files%\auto keylogger\klkernel.exe
%program files%\autosearch.dll
%program files%\autoupdate\autoupdate.exe
%program files%\bazookabar\activewin32.exe
%program files%\bazookabar\bar.exe
%program files%\bazookabar\bazookabar.exe
%program files%\bazookabar\regmfc.exe
%program files%\bazookabar\userstararticsbar.dll
%program files%\bifrost\server.exe
%program files%\blackbox7\class0117.exe
%program files%\blackbox7\console.exe
%program files%\blackbox7\dll\integ.dll
%program files%\blackbox7\dll\ldll.dll
%program files%\blackbox7\dll\sysclass.dll
%program files%\browser pal\adblck.dll
%program files%\browser pal\adblck.exe
%program files%\browser pal\babarwnd.dll
%program files%\browser pal\blckbho.dll
%program files%\browser pal\blckhk.dll
%program files%\browser pal\bp.exe
%program files%\browser pal\bptlb.dll
%program files%\btv\breg_inst.exe
%program files%\btv\btv.exe
%program files%\btv\btvclean.exe
%program files%\buddylinks.net\blpref.exe
%program files%\bullseye network\bin\adv.exe
%program files%\bullseye network\bin\adx.exe
%program files%\calorie-count.com toolbar\toolbar.dll
%program files%\cas\client\casmf.dll
%program files%\casstub\casstub.exe
%program files%\catcher.dll
%program files%\chironexsoftware\browserspy\browserspy.dll
%program files%\chironexsoftware\browserspy\scilexer.dll
%program files%\clearsearch\csaolinst.dll
%program files%\clearsearch\csie.dll
%program files%\clearsearch\csieinst.dll
%program files%\clearsearch\csldrupdater.dll
%program files%\clearsearch\csp001.exe
%program files%\clearsearch\delete me.exe
%program files%\cmapp\client\cmappclient.exe
%program files%\cmapp\client\cmappmf.dll
%program files%\cmapp\cmappstub.exe
%program files%\coding workshop\cnalvin.exe
%program files%\coding workshop\cnalvwsi.exe
%program files%\common files\installshield\driver\7\intel 32\_isres1033.dll
%program files%\common files\installshield\driver\7\intel 32\idriver.exe
%program files%\common files\installshield\driver\7\intel 32\iscript7.dll
%program files%\common files\installshield\driver\7\intel 32\isrt.dll
%program files%\common files\installshield\driver\7\intel 32\iuser7.dll
%program files%\common files\installshield\driver\7\intel 32\objps7.dll
%program files%\common files\java\breg.exe
%program files%\common files\psd tools\blaim.dll
%program files%\common files\psd tools\bldll.exe
%program files%\common files\psd tools\blengine.dll
%program files%\common files\psd tools\blengine.exe
%program files%\common files\services.exe
%program files%\common files\system\ado\mssrv.exe
%program files%\common files\systemdata\svchost.exe
%program files%\common files\update\update.exe
%program files%\common files\updmgr\updmgr.exe
%program files%\cwebpage.dll
%program files%\dap\dapbho.dll
%program files%\dashbar.dll
%program files%\dashbar25.dll
%program files%\dbau.exe
%program files%\desktop scout 3\dtsview.dll
%program files%\desktop scout 3\dtsview.exe
%program files%\desktop scout 3\svcagnt.exe
%program files%\digikeygen\digikeygen.exe
%program files%\ds\config.exe
%program files%\ds\dspy.exe
%program files%\ds\unwise.exe
%program files%\e2g\iebhos.dll
%program files%\eiafasrk.dll
%program files%\eitcwd\eitcwd.exe
%program files%\eitcwd\eitwmon.exe
%program files%\eqadvice\eqadvice.exe
%program files%\esyndicate\esyn.dll
%program files%\evol.exe
%program files%\fastfinder\fftoolbar.dll
%program files%\firefly\windebug.exe
%program files%\freemovies.exe
%program files%\ggauoxh\abjc.exe
%program files%\gui.exe
%program files%\hamemov.exe
%program files%\hqvideo\uninstall.exe
%program files%\humour toolbar\humour.dll
%program files%\ietoolbar\toolbar.dll
%program files%\instafink\instafin.dll
%program files%\instafink\instafinder_inst.exe
%program files%\instafink\instafinderk_inst.exe
%program files%\instafink\instafink.dll
%program files%\internet explorer\setup12.exe
%program files%\internet explorer\syssmss.exe
%program files%\internet explorer\systrsy.exe
%program files%\internet keyword\inetmgr.exe
%program files%\ipwins\ipwins.exe
%program files%\jthabckeylogger\abckey.dll
%program files%\jthabckeylogger\forgotpass.exe
%program files%\keycl\keytrial.exe
%program files%\keykey\keykey.exe
%program files%\keykey\kkmon.exe
%program files%\keykey\slman.exe
%program files%\keykey\slview.exe
%program files%\mbkwbar\ietoolbar.dll
%program files%\mch.exe
%program files%\media access\mediaaccc.dll
%program files%\messenger\msmsgs.exe.exe
%program files%\mirc\downloads\wwe divas.exe
%program files%\moviecommander\uninstall.exe
%program files%\movies.exe
%program files%\movload.exe
%program files%\msaolim\msaolim.exe
%program files%\msaolim\unins.exe
%program files%\msmovies.exe
%program files%\mv99.exe
%program files%\mywebsearch\bar\2.bin\mwsbar.dll
%program files%\mywebsearch\bar\2.bin\mwsoemon.exe
%program files%\mywebsearch\bar\2.bin\mwsoestb.dll
%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
%program files%\need2find\bar\1.bin\nd2fnbar.dll
%program files%\newdot~1.dll\newdot~1.dll
%program files%\newdot~1\newdot.exe
%program files%\newdot~1\newdot~2.dll
%program files%\newdotnet\newdotnet7_22.dll
%program files%\nsk\akl.exe
%program files%\nsk\akv.exe
%program files%\nsk\nsk.exe
%program files%\odsp\blowfish.dll
%program files%\odsp\cximage.dll
%program files%\odsp\encrypt.dll
%program files%\odsp\flash.exe
%program files%\odsp\killproc.exe
%program files%\odsp\messagebox.exe
%program files%\odsp\odsphost.dll
%program files%\odsp\odsphost_nt.exe
%program files%\odsp\odsplay.exe
%program files%\odsp\utility.dll
%program files%\odsp\welcome.exe
%program files%\odsp\xt1931lib.dll
%program files%\outlook express\serop.exe
%program files%\pcs\pcs.exe
%program files%\peoplepc\toolbar\ppctoolbar.dll
%program files%\pesttrap\pesttrap.exe
%program files%\playdvdmovie.exe
%program files%\playmovie.exe
%program files%\prevadcomm.dll
%program files%\printv~1\pvmodule.exe
%program files%\qyule\qyuleinstall.exe
%program files%\recommended hotfix - 421701d\v15\rh.dll
%program files%\recommended hotfix - 421701d\v15\rh.exe
%program files%\sacc\sacc.exe
%program files%\save\save.exe
%program files%\sbss\sbss.exe
%program files%\screenspy\winacsr.exe
%program files%\searchnet\serveup.exe
%program files%\security toolbar\security toolbar.dll
%program files%\sed\se.exe
%program files%\sed\sed.exe
%program files%\seekmo\seekmohook.dll
%program files%\shopperreports\bin\1.1.0.0\shprrprt.dll
%program files%\sk51\sk51.exe
%program files%\sk51\sk51config.exe
%program files%\sk60\sk60.exe
%program files%\sk62\sku62.exe
%program files%\sony\vaio action setup\msvbdll32.exe
%program files%\spytech software\spytech spyagent\deploy.exe
%program files%\spyware cleaner\scservice.exe
%program files%\spyware cleaner\spywarecleaner.exe
%program files%\spyware stormer\spywarestormer.exe
%program files%\spywarequake\spywarequake.exe
%program files%\spywarestormer\spywarestormer.exe
%program files%\starr\starrcmd.exe
%program files%\stwwsrvs\zmgci4rn.exe
%program files%\svchost.exe
%program files%\svhost32.exe
%program files%\swis\wsw.exe
%program files%\swpr\web.dll
%program files%\tbon.exe
%program files%\time sync\time.exe
%program files%\unspypc\unspypc.exe
%program files%\unspypc\unspypcupdate.exe
%program files%\update.exe
%program files%\video access activex object\pmsnrr.exe
%program files%\vvylx.exe
%program files%\weirdontheweb\weirdontheweb.exe
%program files%\whenusearch\search.exe
%program files%\windows adstatus\winstatcomm.dll
%program files%\windows media player\ wmlaunch .exe
%program files%\windows nt\dialer.exe
%program files%\winproject.dll
%program files%\winrecon\codex.exe
%program files%\winrecon\condex.exe
%program files%\winrecon\dataview.exe
%program files%\winrecon\sp5.exe
%program files%\winskjp.dll
%program files%\wintaskad.exe
%program files%\wintective\wintective.exe
%program files%\wv\wv.exe
%program files%\wv\wvh.dll
%program files%\xpcspypro\keyspy.dll
%program files%\xsoftware\working\appmon.dll
%program files%\xsoftware\working\iemon.dll
%program files%\xsoftware\working\keymon.dll
%program files%\xsoftware\working\xpcspypro.exe
%program files%\xsoftware\xpcspypro\appspy.dll
%program files%\xsoftware\xpcspypro\iespy.dll
%program files%\ykpmd\ykpnd.exe
%program files%\zango applications\zango tv times\cryptoapi.dll
%program files%\zango applications\zango tv times\tvskin.dll
%program files%\zango applications\zango tv times\zangotvtimes.exe
%program files%\zango programs\zango toolbar\zangotb.dll
%program files%\zangoclient\zanu.exe
%program files%\zangoclient\zanuhook.dll
%programfiles%\errclean\sysrep.exe
%programfiles%\intcodec\uninst.exe
%programfiles%\internet exp1orer\iexplore.exe
%programfiles%\quick launch\mousehook.dll
%programfiles%\safestrip\sysbackup\explorer.exe
%programfiles%\safestrip\sysbackup\ntoskrnl.exe
%programfiles%\safestrip\sysbackup\wininet.dll
%programfiles%\winspy demo\riched32.dll
%sysdir%\ ymagic.dll
%sysdir%\$sys$drv.exe
%sysdir%\$sys$filesystem\aries.sys
%sysdir%\$sys$xp.exe
%sysdir%\%sysdir%\xptptt.dll
%sysdir%\?user.exe
%sysdir%\[random letters]\svchost.exe
%sysdir%\\loader.exe
%sysdir%\\windrive.exe
%sysdir%\___j.dll
%sysdir%\_accwiz.exe
%sysdir%\_kerne1.exe
%sysdir%\_msopen.exe
%sysdir%\{fbd2ebd0-e6df-456e-b300-a4d10a90c683}.dll
%sysdir%\007guard.exe
%sysdir%\0mcamcap.exe
%sysdir%\0pengld.exe
%sysdir%\1021\services.exe
%sysdir%\1sass.exe
%sysdir%\1u7.exe
%sysdir%\2_0_1browserhelper2.dll
%sysdir%\28.tmp
%sysdir%\2searchinstaller.exe
%sysdir%\33.exe
%sysdir%\3d_sound.exe
%sysdir%\4d.tmp
%sysdir%\56171d04\e5c5bdb4.exe
%sysdir%\8g.dll
%sysdir%\a15svcs.exe
%sysdir%\a1g.exe
%sysdir%\aantx.dll
%sysdir%\ab1dll.dll
%sysdir%\abcedg21.dll
%sysdir%\abrada.dll
%sysdir%\abrada.exe
%sysdir%\abradal.dll
%sysdir%\abradaload.dll
%sysdir%\acctrse.dll
%sysdir%\accwizz.exe
%sysdir%\accwizzz.exe
%sysdir%\ace16win.dll
%sysdir%\acespy\asycfilt.dll
%sysdir%\acespy\comcat.dll
%sysdir%\acespy\ijl11.dll
%sysdir%\acespy\ktkbdhk.dll
%sysdir%\acespy\makecab.exe
%sysdir%\acespy\riched32.dll
%sysdir%\acespy\shlwapi.dll
%sysdir%\acespy\systune.exe
%sysdir%\aclservice.exe
%sysdir%\acmcc.exe
%sysdir%\activeds.exe
%sysdir%\adbar.dll
%sysdir%\addde.exe
%sysdir%\adprot.exe
%sysdir%\adservice.dll
%sysdir%\adshook.dll
%sysdir%\adstation.exe
%sysdir%\adwarz.exe
%sysdir%\agent.dll
%sysdir%\agentsvr32.exe
%sysdir%\agetlke.exe
%sysdir%\agetlktsyr.exe
%sysdir%\agetlktz.exe
%sysdir%\agetltfs.exe
%sysdir%\agpbrdg5.sys
%sysdir%\ahui32.exe
%sysdir%\aimplugin.exe
%sysdir%\akeylg32.dll
%sysdir%\alerter.exe
%sysdir%\alerter16.exe
%sysdir%\alg2.exe
%sysdir%\algesetp.exe
%sysdir%\algs.exe
%sysdir%\ali.exe
%sysdir%\angelex.exe
%sysdir%\animalss.exe
%sysdir%\ansmtp.dll
%sysdir%\anti_troj.exe
%sysdir%\antiav_dll.dll
%sysdir%\antiav_exe.exe
%sysdir%\antivirus update.exe
%sysdir%\antivirus_update.exe
%sysdir%\apigrab.dll
%sysdir%\apitsk32.exe
%sysdir%\appcheck.dll
%sysdir%\appdlg32.dll
%sysdir%\applog.dll
%sysdir%\appmgmt.dll
%sysdir%\appwiz.dll
%sysdir%\arpo412.exe
%sysdir%\arprmdg0.dll
%sysdir%\arptutdn.dll
%sysdir%\ash.dll
%sysdir%\askearth17.exe
%sysdir%\associates.exe
%sysdir%\asvhost.exe
%sysdir%\ataste.exe
%sysdir%\atchk.dll
%sysdir%\atiupdate.exe
%sysdir%\atiysnpn.dll
%sysdir%\atldm.dll
%sysdir%\atmclk.exe
%sysdir%\atmon.exe
%sysdir%\atmsvc.dll
%sysdir%\atomic-x27.exe
%sysdir%\au.exe
%sysdir%\auditchk.exe
%sysdir%\aunps2.dll
%sysdir%\autorun.exe
%sysdir%\autoupdatev2.exe
%sysdir%\autowxckn.exe
%sysdir%\avg.exe
%sysdir%\avguard.exe
%sysdir%\avkill.exe
%sysdir%\avp.exe
%sysdir%\avpe32.dll
%sysdir%\avpe64.sys
%sysdir%\avpi32.dll
%sysdir%\avpu32.dll
%sysdir%\avpu64.sys
%sysdir%\avpx.exe
%sysdir%\avpx32.dll
%sysdir%\avpx32.sys
%sysdir%\awext32.dll
%sysdir%\awtqr.dll
%sysdir%\awtsr.dll
%sysdir%\awvvv.dll
%sysdir%\axe.exe
%sysdir%\b0ff.exe
%sysdir%\barbho.dll
%sysdir%\bartent32.exe
%sysdir%\beegees.exe
%sysdir%\bewldr32.exe
%sysdir%\bhsv.exe
%sysdir%\bihupdate.exe
%sysdir%\bios.exe
%sysdir%\biosserv.exe
%sysdir%\birdihuy.dll
%sysdir%\blackice.exe
%sysdir%\blubb.exe
%sysdir%\bluetooth16.dll
%sysdir%\bluetooth32.dll
%sysdir%\boler.exe
%sysdir%\boln.dll
%sysdir%\boot32.sys
%sysdir%\bootconfig.exe
%sysdir%\botzor.exe
%sysdir%\bpool.exe
%sysdir%\bps.exe
%sysdir%\bps2.dll
%sysdir%\br32srv.exe
%sysdir%\breatle.exe
%sysdir%\browsela.dll
%sysdir%\browseti.dll
%sysdir%\bt.exe
%sysdir%\bum483.exe
%sysdir%\bum80.exe
%sysdir%\c_28usic.dll
%sysdir%\cac1s.exe
%sysdir%\capp.exe
%sysdir%\carta.exe
%sysdir%\cartao.exe
%sysdir%\cashsaverbho.dll
%sysdir%\caudio.exe
%sysdir%\ccapp1.exe
%sysdir%\ccsys_control.dll
%sysdir%\certificado.exe
%sysdir%\cgiagent.exe
%sysdir%\cgy32win.exe
%sysdir%\checkreg.exe
%sysdir%\checkweb.dll
%sysdir%\child.dll
%sysdir%\chkdisk32.exe
%sysdir%\chkdsk64.exe
%sysdir%\chkdskw.exe
%sysdir%\chke.dll
%sysdir%\chkntsv.exe
%sysdir%\chp.dll
%sysdir%\ciaraf.exe
%sysdir%\civil.exe
%sysdir%\ckots.exe
%sysdir%\clcbt.exe
%sysdir%\clipservr.exe
%sysdir%\clmss.exe
%sysdir%\clsas32.exe
%sysdir%\clsass32.exe
%sysdir%\cmd-brontok.exe
%sysdir%\cmd-brontokd.exe
%sysdir%\cmrss.exe
%sysdir%\cmss.exe
%sysdir%\codll.exe
%sysdir%\cokmgl32.dll
%sysdir%\com\inf\[4 blank spaces].exe
%sysdir%\com\lsass.exe
%sysdir%\combo.exe
%sysdir%\comclg32.dll
%sysdir%\commamd.exe
%sysdir%\command.pif
%sysdir%\commcos2.dll
%sysdir%\comnt32.dll
%sysdir%\comsrm.dll
%sysdir%\comysrdx.dll
%sysdir%\conf.com
%sysdir%\config\rundll32.exe
%sysdir%\config\win.exe
%sysdir%\configsetup32.exe
%sysdir%\confmser.dll
%sysdir%\contextual.exe
%sysdir%\contig\csrss.exe
%sysdir%\cool.exe
%sysdir%\countrydial.exe
%sysdir%\cpnotify.exe
%sysdir%\cppomuoqgd\csrss.exe
%sysdir%\cpudev.sys
%sysdir%\cpxp.exe
%sysdir%\crc32stats.exe
%sysdir%\crease.exe
%sysdir%\crvy32.exe
%sysdir%\cscrs.exe
%sysdir%\csm.exe
%sysdir%\csmsv.exe
%sysdir%\csrcmd.exe
%sysdir%\csrcs.exe
%sysdir%\csrdeu32.exe
%sysdir%\csrnvrt.exe
%sysdir%\csrrss.exe
%sysdir%\csrss.dll
%sysdir%\csrssv.exe
%sysdir%\csrwjd.exe
%sysdir%\csrwnd.exe
%sysdir%\cstsm.exe
%sysdir%\csuninstall.exe
%sysdir%\csyah.exe
%sysdir%\ctadl3.dll
%sysdir%\ctfm0n.exe
%sysdir%\ctfmon.dll
%sysdir%\ctxpopup.dll
%sysdir%\d3dclsrv.dll
%sysdir%\dab1.dll
%sysdir%\dapdll.exe
%sysdir%\dartftp.dll
%sysdir%\dartsock.dll
%sysdir%\datalayer.exe
%sysdir%\datasys.exe
%sysdir%\dbexeccom.exe
%sysdir%\dcomcfg.exe
%sysdir%\dcompcss.exe
%sysdir%\dcomuser.exe
%sysdir%\dczwin32.exe
%sysdir%\ddcyw.dll
%sysdir%\ddr64.dll
%sysdir%\death.exe
%sysdir%\dec25.exe
%sysdir%\defragfatz.exe
%sysdir%\defragment.exe
%sysdir%\deneme.exe
%sysdir%\desktop.exe
%sysdir%\devcode.exe
%sysdir%\devcode32.exe
%sysdir%\dflnl.exe
%sysdir%\dfrgsrv.exe
%sysdir%\dgfgql.exe
%sysdir%\dhcp.exe
%sysdir%\dhcpclient.exe
%sysdir%\diagent.exe
%sysdir%\dialer423.exe
%sysdir%\dijpg.dll
%sysdir%\dioxin.exe
%sysdir%\directout.sys
%sysdir%\directprt.sys
%sysdir%\directpt.dll
%sysdir%\directut.dll
%sysdir%\directxsvi.dll
%sysdir%\dl.exe
%sysdir%\dlhost.exe
%sysdir%\dllcache\cybershots.exe
%sysdir%\dllcache\mslogon.exe
%sysdir%\dllcache\msupdprx.dll
%sysdir%\dllcache\msxml32.dll
%sysdir%\dllcache\mutex.exe
%sysdir%\dllcache\qxchost.exe
%sysdir%\dllcache\tcpip.sys
%sysdir%\dllcache\win32\csrss.exe
%sysdir%\dllcache\winsony.exe
%sysdir%\dllcachev2.exe
%sysdir%\dllcboxz.dll
%sysdir%\dllcnfg.exe
%sysdir%\dllconfig\cache\dllcache.exe
%sysdir%\dllhook.dll
%sysdir%\dllonet.dll
%sysdir%\dllscan.exe
%sysdir%\dllsys.dll
%sysdir%\dllvnet.dll
%sysdir%\dlsp2mx.exe
%sysdir%\dlyinf.exe
%sysdir%\dma.exe
%sysdir%\dmcoj.exe
%sysdir%\dmcpyt.dll
%sysdir%\dmgrd.exe
%sysdir%\dmonwv.dll
%sysdir%\dmsrv.dll
%sysdir%\dnsclt.exe
%sysdir%\dnsresolver.exe
%sysdir%\dnssvc.exe
%sysdir%\doc.exe
%sysdir%\dom.dll
%sysdir%\doser.exe
%sysdir%\dosw.exe
%sysdir%\down.exe
%sysdir%\downloaddll.dll
%sysdir%\dpnet.exe
%sysdir%\dpnetmsg.exe
%sysdir%\dpnmdlib.exe
%sysdir%\draw32.dll
%sysdir%\driver\ntsrv.exe
%sysdir%\drivers\abhcop.sys
%sysdir%\drivers\bdguard.sys
%sysdir%\drivers\bridges.sys
%sysdir%\drivers\bzr.exe
%sysdir%\drivers\copy38.exe
%sysdir%\drivers\core.sys
%sysdir%\drivers\csrss.exe
%sysdir%\drivers\detport.sys
%sysdir%\drivers\elpow_spy.sys
%sysdir%\drivers\etc\jesse.exe
%sysdir%\drivers\ispubdrv.sys
%sysdir%\drivers\lsass.exe
%sysdir%\drivers\lsassig.exe
%sysdir%\drivers\mdojtgmr.sys
%sysdir%\drivers\mnsystem.dll
%sysdir%\drivers\msksvrtss.exe
%sysdir%\drivers\ncscv32.exe
%sysdir%\drivers\netsvcs.sys
%sysdir%\drivers\ntndis.exe
%sysdir%\drivers\ntndis.sys
%sysdir%\drivers\nze.exe
%sysdir%\drivers\removejk.exe
%sysdir%\drivers\rvdport.sys
%sysdir%\drivers\rze.exe
%sysdir%\drivers\sdqgvqcm.sys
%sysdir%\drivers\spoolsys.exe
%sysdir%\drivers\sysbus32.sys
%sysdir%\drivers\syswav.sys
%sysdir%\drivers\sza.exe
%sysdir%\drivers\taskmgr.exe
%sysdir%\drivers\uninstall.exe
%sysdir%\drivers\uzn.exe
%sysdir%\drivers\videoati0.sys
%sysdir%\drivers\winlogon.exe
%sysdir%\drivers\winmon.sys
%sysdir%\drivers\zxbnredm.sys
%sysdir%\drivxp.exe
%sysdir%\drvnetw.dll
%sysdir%\drvnetw.exe
%sysdir%\drvwtsn32.dll
%sysdir%\drwtsn64.exe
%sysdir%\dskchk.dll
%sysdir%\dskmon32.exe
%sysdir%\dsktrf.dll
%sysdir%\duck.exe
%sysdir%\duel_v2.exe
%sysdir%\dvb03a.dll
%sysdir%\dvd4free.dll
%sysdir%\dvdkernl.sys
%sysdir%\dvdrealm.sys
%sysdir%\dvdsdtl.dll
%sysdir%\dx32cxlp.exe
%sysdir%\dxdiags.exe
%sysdir%\dy9mw.dll
%sysdir%\ebay.exe
%sysdir%\ebmqbx.exe
%sysdir%\edlm2.exe
%sysdir%\eetvpn.sys
%sysdir%\efsdfgxg.exe
%sysdir%\elite.exe
%sysdir%\eliteflf32.exe
%sysdir%\elitelsj32.exe
%sysdir%\emconv.exe
%sysdir%\emgfx.exe
%sysdir%\encodex.dll
%sysdir%\enzxp.exe
%sysdir%\ersvc.exe
%sysdir%\esmtp.exe
%sysdir%\espynow-v2.0\esnowun.dll
%sysdir%\eulapart.dll
%sysdir%\eulsass.dll
%sysdir%\eventwvr.exe
%sysdir%\exdl0.exe
%sysdir%\exdl1.exe
%sysdir%\exeha2.exe
%sysdir%\exeha3.exe
%sysdir%\exelib.dll
%sysdir%\exp.exe
%sysdir%\expi0rer.exe
%sysdir%\explore32.exe
%sysdir%\exploreff.exe
%sysdir%\explorer.exe
%sysdir%\explorer32\autoupdate.dll
%sysdir%\explorer32\autoupdateclient.exe
%sysdir%\explorer32\chattext.dll
%sysdir%\explorer32\msn6mngr.exe
%sysdir%\explorer32\netlogon.exe
%sysdir%\explorer32\winsysmngr.exe
%sysdir%\explorerl.exe
%sysdir%\explores.exe
%sysdir%\express.exe
%sysdir%\external.exe
%sysdir%\fatpammy.exe
%sysdir%\fciara.exe
%sysdir%\fdd.exe
%sysdir%\ffisearch.exe
%sysdir%\ffservice.exe
%sysdir%\filesaver32.exe
%sysdir%\fingen.exe
%sysdir%\firefox.exe
%sysdir%\firewall.bat
%sysdir%\firewall.exe
%sysdir%\firewallingv10.exe
%sysdir%\firewall-updatev9.exe
%sysdir%\firewire.exe
%sysdir%\fixapi.exe
%sysdir%\fixupdattr.exe
%sysdir%\flashmovie.exe
%sysdir%\flcss.exe
%sysdir%\fldrsys.dll
%sysdir%\flsmngr.dll
%sysdir%\flxper.exe
%sysdir%\fmwabe.exe
%sysdir%\fonr.exe
%sysdir%\foro.exe
%sysdir%\foxdhend.exe
%sysdir%\foxdhsend.exe
%sysdir%\foxrxjh.exe
%sysdir%\fpdrnznx.dll
%sysdir%\freeimagex.dll
%sysdir%\frundlll.exe
%sysdir%\frxhser.exe
%sysdir%\fservice.exe
%sysdir%\fsmgntfs.dll
%sysdir%\fswan.exe
%sysdir%\fswanqq.exe
%sysdir%\fuck.exe
%sysdir%\fumeta.exe
%sysdir%\fwms32.exe
%sysdir%\gcassav32.exe
%sysdir%\gdien32.exe
%sysdir%\gdsys\dxtlist.dll
%sysdir%\gdsys\excalendar.dll
%sysdir%\gdsys\eztoolslib.dll
%sysdir%\gdsys\gdadmin.exe
%sysdir%\gdsys\gdh.dll
%sysdir%\gdsys\gdmgr.exe
%sysdir%\gdsys\instlsp.exe
%sysdir%\gdsys\strace.dll
%sysdir%\gdsys\vbalflbr6.dll
%sysdir%\geeby.dll
%sysdir%\gld.dll
%sysdir%\gld.exe
%sysdir%\globalc.dll
%sysdir%\goidr.exe
%sysdir%\gomex.exe
%sysdir%\google.exe
%sysdir%\googlebar.dll
%sysdir%\goot.exe
%sysdir%\gorsys32.dll
%sysdir%\grplscd.exe
%sysdir%\gsp.dll
%sysdir%\gtrack.dll
%sysdir%\guisetup.exe
%sysdir%\gunist.exe
%sysdir%\gvjpeg32.dll
%sysdir%\h3.exe
%sysdir%\hachimitsu-lemon.exe
%sysdir%\hacker.exe
%sysdir%\hbguard.exe
%sysdir%\hbmail.exe
%sysdir%\hd32.dll
%sysdir%\hdcontroller.exe
%sysdir%\hdi.exe
%sysdir%\hdkp5b.exe
%sysdir%\help.exe
%sysdir%\helpersvchostss.exe
%sysdir%\heomstool.exe
%sysdir%\hg1dll.dll
%sysdir%\hgakheg.dll
%sysdir%\hgqhp.exe
%sysdir%\hhn11n1g.exe
%sysdir%\hicom.exe
%sysdir%\hid.exe
%sysdir%\hkernel32.exe
%sysdir%\hldrrr.exe
%sysdir%\hleader_dll.dll
%sysdir%\hloader_exe.exe
%sysdir%\holewatch.exe
%sysdir%\hookdump.exe
%sysdir%\hookreg.dll
%sysdir%\hosts.dll
%sysdir%\hostsvc.exe
%sysdir%\howiper.exe
%sysdir%\hp91ae.tmp
%sysdir%\hpdll.exe
%sysdir%\hpdriver.sys
%sysdir%\hpmanager.exe
%sysdir%\hpsebc087.exe
%sysdir%\hpsys.exe
%sysdir%\hr6s05j7e.dll
%sysdir%\huy.exe
%sysdir%\huy2.exe
%sysdir%\huysosat.exe
%sysdir%\hwdetect.exe
%sysdir%\hxdefdrv.sys
%sysdir%\i386p.sys
%sysdir%\i75-d2\dkernel.exe
%sysdir%\icntrl.exe
%sysdir%\icq2002.exe
%sysdir%\icqchk.exe
%sysdir%\idemlog.exe
%sysdir%\ieaccess2.dll
%sysdir%\iedld32.dll
%sysdir%\ieen445f8764.dll
%sysdir%\iehelperex.dll
%sysdir%\iejava.exe
%sysdir%\ieredir.exe
%sysdir%\ies4dll.dll
%sysdir%\ies4service.sys
%sysdir%\iesdl4l.dll
%sysdir%\iespr.sys
%sysdir%\iewatch.exe
%sysdir%\iexplor.dll
%sysdir%\iexplor.exe
%sysdir%\iexplor2.dll
%sysdir%\iexplore.dll
%sysdir%\iexplore.exe
%sysdir%\ign32.pif
%sysdir%\ihsvc.exe
%sysdir%\iisload.dll
%sysdir%\im_2.exe
%sysdir%\imevtmgr.exe
%sysdir%\imgcom.dll
%sysdir%\imms16.dll
%sysdir%\impai.exe
%sysdir%\imupdate.exe
%sysdir%\inetapi32.dll
%sysdir%\inetconnect.dll
%sysdir%\inetfuel.exe
%sysdir%\inetlog.dll
%sysdir%\inetsxa.dll
%sysdir%\informe.exe
%sysdir%\initsvc.exe
%sysdir%\injg.exe
%sysdir%\injobs.exe
%sysdir%\inks.exe
%sysdir%\inotify.exe
%sysdir%\installer2.exe
%sysdir%\installerv3.exe
%sysdir%\instsrv.exe
%sysdir%\intell32.exe
%sysdir%\intell321.exe
%sysdir%\intenat.exe
%sysdir%\interserv.exe
%sysdir%\intfaxui.exe
%sysdir%\intmon.exe
%sysdir%\intnets.exe
%sysdir%\inzax.exe
%sysdir%\ipchk.dll
%sysdir%\ipconfx.exe
%sysdir%\ipdb.dll
%sysdir%\ipreg.exe
%sysdir%\iprotect.exe
%sysdir%\iprun.exe
%sysdir%\ipsec.dll
%sysdir%\ipsec6mon.dll
%sysdir%\ipsp.dll
%sysdir%\ipv4mons.dll
%sysdir%\ipv6mons.dll
%sysdir%\ipwf.exe
%sysdir%\ipy.exe
%sysdir%\ir50psrv.exe
%sysdir%\ispsupport.exe
%sysdir%\ist2.exe
%sysdir%\isystem.exe
%sysdir%\itstore.dll
%sysdir%\itune.exe
%sysdir%\itunes.exe
%sysdir%\itunesff.exe
%sysdir%\iueninet.dll
%sysdir%\ivhost.exe
%sysdir%\jaicg.exe
%sysdir%\jarule.exe
%sysdir%\javams64.exe
%sysdir%\jdbgmgr.exe
%sysdir%\jkkjj.dll
%sysdir%\jkwbhew.dll
%sysdir%\jobdb.dll
%sysdir%\jorgf.exe
%sysdir%\kaboom.dll
%sysdir%\kane.dll
%sysdir%\karnal32.dll
%sysdir%\kazaabackupfiles\download_me.exe
%sysdir%\kb32.exe
%sysdir%\kbd1uery.dll
%sysdir%\kbdaemon.exe
%sysdir%\kbdusb.dll
%sysdir%\kbdyl.dll
%sysdir%\kbhook.dll
%sysdir%\kdc.dll
%sysdir%\kdcmt.exe
%sysdir%\ke7dnl.sys
%sysdir%\kernal64.exe
%sysdir%\kerne0110.exe
%sysdir%\kerne0223.exe
%sysdir%\kerne121.exe
%sysdir%\kerne1211.exe
%sysdir%\kerne14.exe
%sysdir%\kerne1412.exe
%sysdir%\kernel66.dll
%sysdir%\kernlx86.exe
%sysdir%\keybhook.dll
%sysdir%\keyboard.exe
%sysdir%\keyboard10.exe
%sysdir%\keygen.exe
%sysdir%\keylogger.dll
%sysdir%\keylogir.dll
%sysdir%\kiamarsi.exe
%sysdir%\kkdrv.dll
%sysdir%\klogini.dll
%sysdir%\kpaccess.dll
%sysdir%\kpunzip.dll
%sysdir%\kpzip.dll
%sysdir%\krnlmgr.dll
%sysdir%\krnlmgr.exe
%sysdir%\ksdt1983.sys
%sysdir%\ksrv32.exe
%sysdir%\kwatch1.sys
%sysdir%\kwinkqaf.exe
%sysdir%\kxrnxl32.dll
%sysdir%\l074.exe
%sysdir%\laziqn.exe
%sysdir%\ld1d1e.tmp
%sysdir%\ldr64.dll
%sysdir%\ldriver.exe
%sysdir%\ldrmsvbvm06.dll
%sysdir%\leeman.exe
%sysdir%\lf66prc.exe
%sysdir%\lfyockaa.dll
%sysdir%\lien vande kelder.exe
%sysdir%\lien.exe
%sysdir%\lifefuxor.exe
%sysdir%\list32.exe
%sysdir%\live.exe
%sysdir%\livetest_bar.dll
%sysdir%\llsass.exe
%sysdir%\lmamanager.exe
%sysdir%\lmhosts.dll
%sysdir%\lmmib20.dll
%sysdir%\lmovie.exe
%sysdir%\lmrtend.dll
%sysdir%\lo71.exe
%sysdir%\loadadv64
%sysdir%\loadadv710.exe
%sysdir%\loadadv711.exe
%sysdir%\loadadv712.exe
%sysdir%\loadadv713.exe
%sysdir%\loadhw.exe
%sysdir%\loadkk.exe
%sysdir%\loadwin.exe
%sysdir%\loc1.exe
%sysdir%\localsp.dll
%sysdir%\lockbr.exe
%sysdir%\lockx.exe
%sysdir%\lodcst.exe
%sysdir%\logic.exe
%sysdir%\logo_1.exe
%sysdir%\logon.exe
%sysdir%\logonnui.exe
%sysdir%\love.exe
%sysdir%\lsa.exe
%sysdir%\lsa2srv.exe
%sysdir%\lsadst.exe
%sysdir%\lsamgr.exe
%sysdir%\lsas32.exe
%sysdir%\lsasa.exe
%sysdir%\lsasrv.exe
%sysdir%\lsasser.exe
%sysdir%\lserv.exe
%sysdir%\lservice.exe
%sysdir%\lsmss.exe
%sysdir%\lssass.exe
%sysdir%\lssrv.exe
%sysdir%\lup.exe
%sysdir%\lvsrev.exe
%sysdir%\m0use.exe
%sysdir%\mabryobj.dll
%sysdir%\mac.dll
%sysdir%\main.sys
%sysdir%\mainsv.exe
%sysdir%\mame.exe
%sysdir%\marya.exe
%sysdir%\mastoer32.dll
%sysdir%\maxd.exe
%sysdir%\mbprot.dll
%sysdir%\mcafe.exe
%sysdir%\mcafee.exe
%sysdir%\mcafeeav32.exe
%sysdir%\mccm.exe
%sysdir%\mcconfig.dll
%sysdir%\mcfcc4.dll
%sysdir%\mciole.dll
%sysdir%\mcioles16.dll
%sysdir%\mcsmss.exe
%sysdir%\mdm.exe
%sysdir%\mdmmirrxxx.dll
%sysdir%\mdms.exe
%sysdir%\mdojtgmr.dll
%sysdir%\mdsdev.exe
%sysdir%\memloader.exe
%sysdir%\memlow.sys
%sysdir%\memreader.exe
%sysdir%\mesg.dll
%sysdir%\messengers.exe
%sysdir%\mfcmse.exe
%sysdir%\mfs.exe
%sysdir%\mgeekremove.exe
%sysdir%\mgrshell.exe
%sysdir%\mgs_32.dll
%sysdir%\microsoft\fixcomdos.exe
%sysdir%\microsoftie0110.dll
%sysdir%\microsoftie1211.dll
%sysdir%\microsoftie21.dll
%sysdir%\microsoftie4.dll
%sysdir%\microsoftie412.dll
%sysdir%\mididef32.exe
%sysdir%\mimex.dll
%sysdir%\ming.exe
%sysdir%\miq.dll
%sysdir%\mljjj.dll
%sysdir%\mljkk.dll
%sysdir%\mmc.exe
%sysdir%\mmsvc32.exe
%sysdir%\mmtask.exe
%sysdir%\mmx19g.sys
%sysdir%\mmxf32.dll
%sysdir%\mneck.exe
%sysdir%\mnswinsx.exe
%sysdir%\mnsys.exe
%sysdir%\moode.exe
%sysdir%\mousebm.exe
%sysdir%\mousecrm.exe
%sysdir%\mousedrv.exe
%sysdir%\mousemm.exe
%sysdir%\mousepad10.exe
%sysdir%\mousesync.exe
%sysdir%\mouseutils.exe
%sysdir%\mpcsvc.exe
%sysdir%\mpr16.dll
%sysdir%\mqadonfg.dll
%sysdir%\mqssl;.exe
%sysdir%\mrno4236.exe
%sysdir%\ms06365874237.exe
%sysdir%\ms32.exe
%sysdir%\msaol.dll
%sysdir%\msaol32dll.exe
%sysdir%\msaol32drv.exe
%sysdir%\msaoldrv.exe
%sysdir%\msapplg.exe
%sysdir%\msaq.exe
%sysdir%\msautou.exe
%sysdir%\msbcs.exe
%sysdir%\msbd32.dll
%sysdir%\msbitsec.exe
%sysdir%\msbnc.exe
%sysdir%\msbnk.dll
%sysdir%\mschk.dll
%sysdir%\mscom32.dll
%sysdir%\msconfgh.exe
%sysdir%\msconfig.exe
%sysdir%\mscos.dll
%sysdir%\mscrt32.exe
%sysdir%\mscsclient.exe
%sysdir%\msctl32.dll
%sysdir%\msctr.dll
%sysdir%\mscunt32.exe
%sysdir%\msdconfig.exe
%sysdir%\msdef.exe
%sysdir%\msdef3.exe
%sysdir%\msdev32.exe
%sysdir%\msdf.exe
%sysdir%\msdhcps.exe
%sysdir%\msdirect.exe
%sysdir%\msdirect.sys
%sysdir%\msdl32.exe
%sysdir%\msdll.dll
%sysdir%\msdos.dll
%sysdir%\msdtsc.exe
%sysdir%\msdupd.exe
%sysdir%\msed32.exe
%sysdir%\msek.exe
%sysdir%\msem.exe
%sysdir%\msevent.dll
%sysdir%\msexreg.exe
%sysdir%\msfiles.exe
%sysdir%\msfsr.sys
%sysdir%\msftcpip.sys
%sysdir%\msg117.dll
%sysdir%\msgfix32.exe
%sysdir%\msgina32.exe
%sysdir%\msgms.exe
%sysdir%\msgs.exe
%sysdir%\msgsm32.exe
%sysdir%\msguid32.dll
%sysdir%\msgupdat32.exe
%sysdir%\msgupdated.exe
%sysdir%\mshatma.exe
%sysdir%\mshelp32.exe
%sysdir%\mshms.exe
%sysdir%\mshost.exe
%sysdir%\mshost32.exe
%sysdir%\mshotmon.exe
%sysdir%\msiecfg.exe
%sysdir%\msiehelp.exe
%sysdir%\msiesetup.exe
%sysdir%\msiexec.dll
%sysdir%\msiisdrv.exe
%sysdir%\msime.exe
%sysdir%\msinet.exe
%sysdir%\msinfmgr.exe
%sysdir%\msisexec.exe
%sysdir%\msitinit.dll
%sysdir%\msits.exe
%sysdir%\msiz.exe
%sysdir%\msjcf.exe
%sysdir%\msjdbc11.dll
%sysdir%\msjet62.dll
%sysdir%\msjp32.exe
%sysdir%\msjt32.exe
%sysdir%\mskg.exe
%sysdir%\mskik32c.exe
%sysdir%\mskiks.exe
%sysdir%\mskl.exe
%sysdir%\msld.dll
%sysdir%\mslogon.dll
%sysdir%\mslti32.exe
%sysdir%\msmail.exe
%sysdir%\msmgs.exe
%sysdir%\msmnart32.exe
%sysdir%\msmntgnt.exe
%sysdir%\msmntjbe.exe
%sysdir%\msmntush.exe
%sysdir%\msmnwin.exe
%sysdir%\msmsg.exe
%sysdir%\msmsgr.exe
%sysdir%\msmsgs.exe
%sysdir%\msmsngr.exe
%sysdir%\msn32.dll
%sysdir%\msn32.exe
%sysdir%\msn5.exe
%sysdir%\msnadp32.exe
%sysdir%\msnchecker.exe
%sysdir%\msnd32.exe
%sysdir%\msndrvsys.dll
%sysdir%\msndrvsys.exe
%sysdir%\msnethlp32.dll
%sysdir%\msnethlp32.exe
%sysdir%\msnfilen.exe
%sysdir%\msnimsgr.exe
%sysdir%\msniu.exe
%sysdir%\msniu3.exe
%sysdir%\msnl.exe
%sysdir%\msnmesgr.exe
%sysdir%\msnmessenger.exe
%sysdir%\msnmsgr.exe
%sysdir%\msnmsgr16.exe
%sysdir%\msnmsr.exe
%sysdir%\msnn.exe
%sysdir%\msnnm.exe
%sysdir%\msnq3insller.exe
%sysdir%\msnscps.dll
%sysdir%\msnscr.exe
%sysdir%\msnserve.exe
%sysdir%\msnsmgs.exe
%sysdir%\msnsrcdv.exe
%sysdir%\msnsupdate.exe
%sysdir%\msnsyst32win.exe
%sysdir%\msnt.exe
%sysdir%\msnvl.exe
%sysdir%\msnwindows.exe
%sysdir%\msnxpexe.exe
%sysdir%\msnxpsp.exe
%sysdir%\msof.exe
%sysdir%\msoff.exe
%sysdir%\msoffwz.exe
%sysdir%\msoy.exe
%sysdir%\mspatch32.exe
%sysdir%\mspdnx.dll
%sysdir%\msping.exe
%sysdir%\mspostsp.exe
%sysdir%\msproto3.dll
%sysdir%\msqn32.dll
%sysdir%\msrdr2.sys
%sysdir%\msrep32.dll
%sysdir%\msriv1.sys
%sysdir%\msrll.exe
%sysdir%\msrsvp.exe
%sysdir%\mssck.exe
%sysdir%\msscript.exe
%sysdir%\mssearchnet.exe
%sysdir%\mssetupconf.exe
%sysdir%\msshed32.exe
%sysdir%\msshell.dll
%sysdir%\mssign30.dll
%sysdir%\mssnt.exe
%sysdir%\mssql.dll
%sysdir%\msstill.exe
%sysdir%\mssvc32.exe
%sysdir%\mssvcc.exe
%sysdir%\msswebcheck32.dll
%sysdir%\mssyncr.exe
%sysdir%\mssys.dll
%sysdir%\mssysstems.exe
%sysdir%\mst32init.exe
%sysdir%\mstc.exe
%sysdir%\mstcpmon.exe
%sysdir%\mstf.exe
%sysdir%\mstrc32.dll
%sysdir%\msudp4.sys
%sysdir%\msupdate.dll
%sysdir%\msupdte32.exe
%sysdir%\msusvc.exe
%sysdir%\msutil.exe
%sysdir%\msvbvm06.dll
%sysdir%\msvcp.exe
%sysdir%\msvcrl.dll
%sysdir%\msvgr.exe
%sysdir%\msviral.exe
%sysdir%\msvnc.sys
%sysdir%\msvsres.dll
%sysdir%\msw54.exe
%sysdir%\mswapi.dll
%sysdir%\mswfp.dll
%sysdir%\mswinme.exe
%sysdir%\mswinscks.exe
%sysdir%\mswinsdq.exe
%sysdir%\mswpi32.exe
%sysdir%\msws2_32.exe
%sysdir%\mswsa32.exe
%sysdir%\mswsck2.dll
%sysdir%\mswshell.dll
%sysdir%\mswu.exe
%sysdir%\msx.dll
%sysdir%\msxbde40.exe
%sysdir%\msxml3a.dll
%sysdir%\msxml3a.exe
%sysdir%\msxmlpp.dll
%sysdir%\msyk32.dll
%sysdir%\mszsrn32.dll
%sysdir%\mszv.exe
%sysdir%\mtask.exe
%sysdir%\mtrnqs.exe
%sysdir%\muff.exe
%sysdir%\muie.exe
%sysdir%\multiran.exe
%sysdir%\mvr4l99q1.dll
%sysdir%\mvsql.exe
%sysdir%\mxdll.dl
%sysdir%\mygame.exe
%sysdir%\mygeek.dll
%sysdir%\mysql.exe
%sysdir%\mythkernel32.exe
%sysdir%\n.dll
%sysdir%\n0tepad.exe
%sysdir%\navapsvc.exe
%sysdir%\navihelper.dll
%sysdir%\navupdt.exe
%sysdir%\nawdll32.exe
%sysdir%\nbthlp.exe
%sysdir%\nconfig.exe
%sysdir%\ndisfilter.sys
%sysdir%\ndsdavsrv.sys
%sysdir%\netchk.dll
%sysdir%\netcog.exe
%sysdir%\netddesrv.exe
%sysdir%\netdrvr.exe
%sysdir%\netf.dll
%sysdir%\nethelper.dll
%sysdir%\netkey.exe
%sysdir%\netkk.exe
%sysdir%\netlogin.dll
%sysdir%\netmeeting.exe
%sysdir%\netpt.sys
%sysdir%\netsync.exe
%sysdir%\nettemp.dll
%sysdir%\netwrap.dll
%sysdir%\new winzip file.exe
%sysdir%\newdial.exe
%sysdir%\newdll2.exe
%sysdir%\newname10.exe
%sysdir%\nexom.exe
%sysdir%\ngpw36.exe
%sysdir%\ngpw36.exe.exe
%sysdir%\ngsh33.dll
%sysdir%\nibie.exe
%sysdir%\ninfoie.exe
%sysdir%\nixfver.exe
%sysdir%\nkgfs.sys
%sysdir%\nkn.exe
%sysdir%\nkunpack.dll
%sysdir%\nlsmon.exe
%sysdir%\nlsrv.dll
%sysdir%\nlsrv.exe
%sysdir%\nlsrv_hook.dll
%sysdir%\nnmzoq.exe
%sysdir%\noat.exe
%sysdir%\noctrn.dll
%sysdir%\nodantivir.sys
%sysdir%\norton update.exe
%sysdir%\nortonav.exe
%sysdir%\nortonguard.exe
%sysdir%\notkelvir.exe
%sysdir%\npfmontr.exe
%sysdir%\npfmontr32.exe
%sysdir%\npmsys.exe
%sysdir%\ns.dll
%sysdir%\nsmscrs.exe
%sysdir%\nsutil.exe
%sysdir%\nsys.exe
%sysdir%\ntctl.exe
%sysdir%\ntdat32.exe
%sysdir%\ntdhcp.exe
%sysdir%\ntdll32.dll
%sysdir%\ntdsapp.dll
%sysdir%\ntdvrlib.dll
%sysdir%\ntinvisible.dll
%sysdir%\ntkernell32.exe
%sysdir%\ntmapast.dll
%sysdir%\ntms.dll
%sysdir%\ntoskrnl.dll
%sysdir%\ntqb.exe
%sysdir%\ntrshp.dll
%sysdir%\ntsys.exe
%sysdir%\ntsystem.exe
%sysdir%\ntsysv.exe
%sysdir%\ntxp2.exe
%sysdir%\nub-san.exe
%sysdir%\nvcpl.exe
%sysdir%\nvhost.exe
%sysdir%\nvidiadrvers.exe
%sysdir%\nvrsnl.exe
%sysdir%\nvsvcd.exe
%sysdir%\o8660ijse8o60.dll
%sysdir%\obepro32.dll
%sysdir%\odbc16.dll
%sysdir%\office.exe
%sysdir%\oleadm.dll
%sysdir%\oleadm32.dll
%sysdir%\oleext.dll
%sysdir%\oleext32.dll
%sysdir%\oleupdate.exe
%sysdir%\om4r.exe
%sysdir%\omniband.dll
%sysdir%\omniscienthook.dll
%sysdir%\onde.exe
%sysdir%\oobe\isperror\shell.exe
%sysdir%\oobe\setup\corpstats.exe
%sysdir%\opls.dll
%sysdir%\order.exe
%sysdir%\osalogbe.exe
%sysdir%\osethk32.dll
%sysdir%\outlookexpressupdate.exe
%sysdir%\owmngr.exe
%sysdir%\pal\css\atl71.dll
%sysdir%\pal\css\cpu.exe
%sysdir%\pal\css\ijl15.dll
%sysdir%\pal\css\klpf.exe
%sysdir%\pal\css\mfc71.dll
%sysdir%\pal\css\mkshort.exe
%sysdir%\pal\css\msvcp71.dll
%sysdir%\pal\css\msvcr71.dll
%sysdir%\pal\css\run32dll.exe
%sysdir%\pal\css\thehook.dll
%sysdir%\pal\css\thehookxp.dll
%sysdir%\param32.dll
%sysdir%\parvulus.exe
%sysdir%\patch32.dll
%sysdir%\pattonat.dll
%sysdir%\paydial.exe
%sysdir%\paytime.exe
%sysdir%\pbukv2.dll
%sysdir%\pctt.exe
%sysdir%\per.exe
%sysdir%\perfhmon.exe
%sysdir%\perfmnt.exe
%sysdir%\perfont.exe
%sysdir%\performent202.dll
%sysdir%\performent217.dll
%sysdir%\phde32.sys
%sysdir%\photes.exe
%sysdir%\photoandarticle.exe
%sysdir%\picx.exe
%sysdir%\pilif.exe
%sysdir%\pimp.exe
%sysdir%\pio12.dll
%sysdir%\pipe.exe
%sysdir%\pkerme12.dll
%sysdir%\pkguard32.exe
%sysdir%\pl.dll
%sysdir%\playboy1.exe
%sysdir%\plou.exe
%sysdir%\plscx.exe
%sysdir%\pluginenlog.dll
%sysdir%\pmkhf.dll
%sysdir%\pnezhftx.dll
%sysdir%\pnpsrv.exe
%sysdir%\pob2res.exe
%sysdir%\poker.exe
%sysdir%\poker3.exe
%sysdir%\polarcrypto.dll
%sysdir%\polo.exe
%sysdir%\pop_up.dll
%sysdir%\postcard.gif.exe
%sysdir%\powerprof.exe
%sysdir%\ppl.exe
%sysdir%\pptp24.sys
%sysdir%\pptp32.dll
%sysdir%\pptp64.sys
%sysdir%\pramery.exe
%sysdir%\printer32.dll
%sysdir%\printers.exe
%sysdir%\printpnp.dll
%sysdir%\procman.exe
%sysdir%\procmsg.exe
%sysdir%\produto.exe
%sysdir%\prognam.exe
%sysdir%\programs\keylogger5\krnlmod.exe
%sysdir%\programs\keylogger5\ntpsapi.dll
%sysdir%\programs\keylogger5\watchdll.dll
%sysdir%\protstrg.dll
%sysdir%\prt47sys.sys
%sysdir%\prutpct.exe
%sysdir%\prutsct.exe
%sysdir%\pruttct.exe
%sysdir%\psaload32.exe
%sysdir%\psecure.exe
%sysdir%\pshwr.exe
%sysdir%\ptech.exe
%sysdir%\ptool32.exe
%sysdir%\pup.exe
%sysdir%\pwinqrag.exe
%sysdir%\q_sys.dll
%sysdir%\qabar.dll
%sysdir%\qb.exe
%sysdir%\qbtool.exe
%sysdir%\qbuninstaller.exe
%sysdir%\qcbar.dll
%sysdir%\qossrv\csrss.ex
%sysdir%\qqgame.exe
%sysdir%\qqhook.dll
%sysdir%\qsecue.exe
%sysdir%\qtask.exe
%sysdir%\quq.dll
%sysdir%\qwinsyst32.exe
%sysdir%\qz.dll
%sysdir%\r.exe
%sysdir%\ranx.dll
%sysdir%\rapcklo.dll
%sysdir%\rapking.exe
%sysdir%\rastapi.exe
%sysdir%\rastnlio.dll
%sysdir%\rastuefs.dll
%sysdir%\rauth.exe
%sysdir%\ravmond.exe
%sysdir%\ravseteyi.exe
%sysdir%\rbwinx1.dll
%sysdir%\rcf.exe
%sysdir%\rdrlib.dll
%sysdir%\reaiplayer.exe
%sysdir%\realsched.exe
%sysdir%\realupd32.exe
%sysdir%\reboot.exe
%sysdir%\recyclecl.exe
%sysdir%\redtrsha.dll
%sysdir%\reg.sys
%sysdir%\reg_ssh32.exe
%sysdir%\reg2.exe
%sysdir%\reg6523.exe
%sysdir%\regc64.dll
%sysdir%\regisp32.exe
%sysdir%\registryinfo2.dll
%sysdir%\regkey32.dll
%sysdir%\regmaping.exe
%sysdir%\regperf.exe
%sysdir%\regptmens.exe
%sysdir%\regsv.exe
%sysdir%\regsync.exe
%sysdir%\rejoice.dll
%sysdir%\rejoice.exe
%sysdir%\remotelog.dll
%sysdir%\repairs303169572.dll
%sysdir%\requester.11.exe
%sysdir%\rfa2.dll
%sysdir%\rftqbym.exe
%sysdir%\rftqbyma.exe
%sysdir%\rgtcvc32.dll
%sysdir%\richedtr.dll
%sysdir%\richup.exe
%sysdir%\richword.exe
%sysdir%\rmdsregm.exe
%sysdir%\rmtct.exe
%sysdir%\rnll32.exe
%sysdir%\rnull32.dll
%sysdir%\rodll.dll
%sysdir%\rpc32.dll
%sysdir%\rpc32.exe
%sysdir%\rpccenter.exe
%sysdir%\rpclocator.exe
%sysdir%\rpe.sys
%sysdir%\rsasec.dll
%sysdir%\rservers.exe
%sysdir%\rsn.exe
%sysdir%\rtkit.exe
%sysdir%\rtkit\npf.sys
%sysdir%\rtneg.dll
%sysdir%\rull32.dll
%sysdir%\run.exe
%sysdir%\run_dll.exe
%sysdir%\rund013.exe
%sysdir%\rund1132.exe
%sysdir%\rundll32.dll
%sysdir%\rundll32.exe setupapi,installhinfsection marketplacelinkinstall 896 %systemroot%\inf\ie.inf
%sysdir%\rundll32.exe windhcp.ocx,start
%sysdir%\rundll64.dll
%sysdir%\runlli32.exe
%sysdir%\runsrv32.dll
%sysdir%\runsrv32.exe
%sysdir%\runt32.exe
%sysdir%\rx.exe
%sysdir%\rxdll.dll
%sysdir%\ryzo32.exe
%sysdir%\sachostb.exe
%sysdir%\sachostc.exe
%sysdir%\sachostm.exe
%sysdir%\sachostp.exe
%sysdir%\sachosts.exe
%sysdir%\sachostw.exe
%sysdir%\samx.exe
%sysdir%\sanlib.dll
%sysdir%\satdll.dll
%sysdir%\savservices.exe
%sysdir%\scalpe91.exe
%sysdir%\scanregw.exe
%sysdir%\scapp.exe
%sysdir%\scardclnt.exe
%sysdir%\scardsvr32.dll
%sysdir%\scardsvr32.exe
%sysdir%\scchostc.exe
%sysdir%\schedsvc32.exe
%sysdir%\scheduler.exe
%sysdir%\scpr32b.exe
%sysdir%\screenlog.dll
%sysdir%\screenrx\scrspy21.exe
%sysdir%\screenrx\win16dll.exe
%sysdir%\scridows.exe
%sysdir%\scrigz.exe
%sysdir%\scrss.exe
%sysdir%\scvhost2.exe
%sysdir%\sdqgvqcm.sys
%sysdir%\sdsys.exe
%sysdir%\searchdll.dll
%sysdir%\sec5dec.exe
%sysdir%\secarik.exe
%sysdir%\securenetbios.exe
%sysdir%\securewinload32x.exe
%sysdir%\security\bin\bugslayerutil.dll
%sysdir%\security\bin\die.exe
%sysdir%\security\bin\jasfv.dll
%sysdir%\security\bin\psexec.exe
%sysdir%\security\bin\secure.exe
%sysdir%\security\bin\tzolibr.dll
%sysdir%\security\bin\xscan.exe
%sysdir%\security32.exe
%sysdir%\semd32.dll
%sysdir%\semd64.sys
%sysdir%\sendmsg.dll
%sysdir%\serv3manager.exe
%sysdir%\servce.exe
%sysdir%\server.exe
%sysdir%\serverx.exe
%sysdir%\service.exe
%sysdir%\service.exe
%sysdir%\service\explorer.exe
%sysdir%\servicemgrz.exe
%sysdir%\servicer.exe
%sysdir%\services.dll
%sysdir%\servicos..exe
%sysdir%\servics.bat
%sysdir%\servise64.exe
%sysdir%\servms.dll
%sysdir%\servr.dll
%sysdir%\servza.exe
%sysdir%\setupex.exe
%sysdir%\sfc32.exe
%sysdir%\sfool.exe
%sysdir%\sfrcdlg32.exe
%sysdir%\sftmouse.dll
%sysdir%\sgmf__mc.exe
%sysdir%\shdll.dll
%sysdir%\she11.dll
%sysdir%\shell64.dll
%sysdir%\shellexec.exe
%sysdir%\shellexpl.exe
%sysdir%\shellext\svchs0t.exe
%sysdir%\shellext\syscntr.exe
%sysdir%\shellload.dll
%sysdir%\shellload.exe
%sysdir%\shimgapi.dll
%sysdir%\shlapiw.dll
%sysdir%\shlapiw32.dll
%sysdir%\showff.exe
%sysdir%\skinboxer43.dll
%sysdir%\sks2drvr.sys
%sysdir%\sksdll.dll
%sysdir%\sksdrvr2.sys
%sysdir%\skull.exe
%sysdir%\skunk.exe
%sysdir%\skybot.exe
%sysdir%\skybotx.exe
%sysdir%\skype.exe
%sysdir%\skytown.exe
%sysdir%\slay7383.exe
%sysdir%\sldrv.dll
%sysdir%\slinder.exe
%sysdir%\slm32.sys
%sysdir%\slserver.exe
%sysdir%\slssystem.exe
%sysdir%\smartmenuxp.dll
%sysdir%\smart-ps.exe
%sysdir%\smcfg32.exe
%sysdir%\smlo8thk.exe
%sysdir%\smoc.exe
%sysdir%\smres.exe
%sysdir%\smrrs.exe
%sysdir%\smschk.exe
%sysdir%\smsogx32.exe
%sysdir%\smsonx32.exe
%sysdir%\smss32.exe
%sysdir%\smss64.exe
%sysdir%\smsxir32.exe
%sysdir%\smszac32.exe
%sysdir%\smtpx.dll
%sysdir%\sndctl32.dll
%sysdir%\snddrv.exe
%sysdir%\snddrv32.dll
%sysdir%\sndmixex.dll
%sysdir%\sndsrvice.exe
%sysdir%\snim.dll
%sysdir%\socks.dll
%sysdir%\soemuav.dll
%sysdir%\soft.exe
%sysdir%\softok.exe
%sysdir%\soundlog.dll
%sysdir%\spdr.dll
%sysdir%\spdr.exe
%sysdir%\spollsv.exe
%sysdir%\spool\prtprocs\update.exe
%sysdir%\spool_dll.dll
%sysdir%\spooler.exe
%sysdir%\spoolsac.exe
%sysdir%\spoolsub.exe
%sysdir%\spoolsurf.exe
%sysdir%\spoolvs.exe
%sysdir%\sporder.dll
%sysdir%\spsys.exe
%sysdir%\spview.exe
%sysdir%\spvspool.exe
%sysdir%\sqlexp.exe
%sysdir%\sqlexp1.exe
%sysdir%\sqlexp2.exe
%sysdir%\sqlexp3.exe
%sysdir%\sqlnc.exe
%sysdir%\sqlssl.doc .exe
%sysdir%\srcss.exe
%sysdir%\srpcsrv32.dll
%sysdir%\srshostu.exe
%sysdir%\srvexc.exe
%sysdir%\srwhost.exe
%sysdir%\ssdpcl.dll
%sysdir%\sservice.exe
%sysdir%\ssh32.exe
%sysdir%\ssl.exe
%sysdir%\ssldr32.dll
%sysdir%\ssms.exe
%sysdir%\ssmss.exe
%sysdir%\ssp2.exe
%sysdir%\sspe.exe
%sysdir%\sspng.dll
%sysdir%\ssqrp.dll
%sysdir%\ssrms.exe
%sysdir%\ssttu.dll
%sysdir%\standalone.exe
%sysdir%\statslist.exe
%sysdir%\stisvc32.exe
%sysdir%\stney.exe
%sysdir%\suchost.exe
%sysdir%\suchostp.exe
%sysdir%\suchosts.exe
%sysdir%\supdate2.dll
%sysdir%\susp.exe
%sysdir%\svc.exe
%sysdir%\svc\svchost.exe
%sysdir%\svc0host.exe
%sysdir%\svc23.exe
%sysdir%\svcc.exe
%sysdir%\svcclient.exe
%sysdir%\svcctl32.exe
%sysdir%\svcdata.exe
%sysdir%\svced.exe
%sysdir%\svchcst.exe
%sysdir%\svchoes.exe
%sysdir%\svchop.exe
%sysdir%\svchorsst.exe
%sysdir%\svchose.exe
%sysdir%\svchosl.pif
%sysdir%\svchost.dll
%sysdir%\svchost1.exe
%sysdir%\svchost32.dll
%sysdir%\svchostl.exe
%sysdir%\svchosts.dll
%sysdir%\svchosts.exe -e mc-110-12-0000627
%sysdir%\svchostss.exe
%sysdir%\svchoxt.exe
%sysdir%\svchsot.exe
%sysdir%\svchst.exe
%sysdir%\svcnost.exe
%sysdir%\svcohos1at.exe
%sysdir%\svcroot.dll
%sysdir%\svcroot.exe
%sysdir%\svcsshost32.exe
%sysdir%\svcsvh32.exe
%sysdir%\svcsys.dll
%sysdir%\svids.dll
%sysdir%\svkvpn.sys
%sysdir%\svlmngr.exe
%sysdir%\svshost.dll
%sysdir%\svshotc.exe
%sysdir%\svwhost.dll
%sysdir%\svwhost.exe
%sysdir%\svzhost.exe
%sysdir%\swhost.exe
%sysdir%\swords.exe
%sysdir%\sxlntr.exe
%sysdir%\sygate.exe
%sysdir%\sym.exe
%sysdir%\symantecav2.exe
%sysdir%\symcsvc.exe
%sysdir%\symlcs.exe
%sysdir%\sys02423736587.exe
%sysdir%\sys22.exe
%sysdir%\sys32.dll
%sysdir%\sys32conf.exe
%sysdir%\sysc.exe
%sysdir%\syscache\drwatson32.exe
%sysdir%\syscom.exe
%sysdir%\syscom32.exe
%sysdir%\syscom832.exe
%sysdir%\sysctl32.dll
%sysdir%\sysd.dll
%sysdir%\sysdll32.dll
%sysdir%\sysdrc.dll
%sysdir%\sysdre.exe
%sysdir%\syser.exe
%sysdir%\sysex.exe
%sysdir%\sysformat.exe
%sysdir%\syshid.exe
%sysdir%\syshosts.exe
%sysdir%\sysinfer.exe
%sysdir%\sysinfo.dll
%sysdir%\sysinfo32.exe
%sysdir%\sysinit.exe
%sysdir%\sysldr.dll
%sysdir%\syslog.dll
%sysdir%\syslogin.exe
%sysdir%\syslogon.exe
%sysdir%\sysmng.exe
%sysdir%\sysmntrc.exe
%sysdir%\sysmon.dll
%sysdir%\sysmon.exe
%sysdir%\sysmon32.exe
%sysdir%\sysmonnt.exe
%sysdir%\sysmsg.dll
%sysdir%\sysmsn.exe
%sysdir%\sysnd.exe
%sysdir%\sysop.exe
%sysdir%\syspol.exe
%sysdir%\sysreg.exe
%sysdir%\syssql.exe
%sysdir%\systanten.exe
%sysdir%\systcom32.exe
%sysdir%\systdl.exe
%sysdir%\system08.exe
%sysdir%\system23.exe
%sysdir%\system32.dll
%sysdir%\system32.vbs
%sysdir%\system32dir2a.exe
%sysdir%\system32x.exe
%sysdir%\systemdev.exe
%sysdir%\systemdll.exe
%sysdir%\systemlff.dll
%sysdir%\systemloader.exe
%sysdir%\systemlr.dll
%sysdir%\systemmonitor.exe
%sysdir%\systemnt.exe
%sysdir%\systemout.exe
%sysdir%\systemupd.exe
%sysdir%\systen.dll
%sysdir%\systhin.dll
%sysdir%\systm.exe
%sysdir%\sysupdates.dll
%sysdir%\sysvcs.exe
%sysdir%\sysword.exe
%sysdir%\sywsvcs.exe
%sysdir%\szwi.exe
%sysdir%\t1dll.dll
%sysdir%\tage32.sys
%sysdir%\tapiras.exe
%sysdir%\taskdir.dll
%sysdir%\taskdir.exe
%sysdir%\taskdrv32.exe
%sysdir%\taskfile.exe
%sysdir%\taskgr.exe
%sysdir%\taskimg.exe
%sysdir%\taskimgr.exe
%sysdir%\tasklist32.exe
%sysdir%\taskmam.exe
%sysdir%\taskmamngr.exe
%sysdir%\taskmegr.exe
%sysdir%\taskmgn.exe
%sysdir%\taskmgr.bat
%sysdir%\taskmn.exe
%sysdir%\taskmnegr.exe
%sysdir%\taskmng.exe
%sysdir%\taskmngr.exe
%sysdir%\task-mngr.exe
%sysdir%\taskmngrs.exe
%sysdir%\taskmone.exe
%sysdir%\taskmrg.exe
%sysdir%\tasksmanagers.exe
%sysdir%\tasksys.exe
%sysdir%\tasta.exe
%sysdir%\tbsvc32.exe
%sysdir%\tcpic.exe
%sysdir%\telcoms.exe
%sysdir%\tellcoma.exe
%sysdir%\temp32.exe
%sysdir%\templatedongle.exe
%sysdir%\teskmangr.exe
%sysdir%\test.exe
%sysdir%\test2.exe
%sysdir%\test3.exe
%sysdir%\testtest.exe
%sysdir%\tetriz3.exe
%sysdir%\thefunk.exe
%sysdir%\thematrixhasyou.exe
%sysdir%\thun.dll
%sysdir%\thun32.dll
%sysdir%\tibs.exe
%sysdir%\timemanager.exe
%sysdir%\tkbellexe.exe
%sysdir%\tmhk.dll
%sysdir%\tmlib.dll
%sysdir%\tmutils.dll
%sysdir%\tntsetp.exe
%sysdir%\tools\restart.exe
%sysdir%\toxikx.exe
%sysdir%\trace32.exe
%sysdir%\treemqoa.dll
%sysdir%\trgen.dll
%sysdir%\trks.dll
%sysdir%\trkw.dll
%sysdir%\tsasi.exe
%sysdir%\tskmgr32.vbs
%sysdir%\tstdmc.dll
%sysdir%\twain_16.dll
%sysdir%\twunk_18.exe
%sysdir%\txfdb32.dll
%sysdir%\udagent.exe
%sysdir%\uhtcnvzk.exe
%sysdir%\uninstallpctt.exe
%sysdir%\unstsa2.exe
%sysdir%\unve.exe
%sysdir%\updat.exe
%sysdir%\updata32.dll
%sysdir%\updata32.exe
%sysdir%\update.exe
%sysdir%\update_ob.exe
%sysdir%\update32.exe
%sysdir%\updatecfg.exe
%sysdir%\updatem.exe
%sysdir%\updater32.exe
%sysdir%\updaterui.exe
%sysdir%\updates.exe
%sysdir%\updatex.exe
%sysdir%\updatexp.exe
%sysdir%\updatexp64.exe
%sysdir%\updatr.exe
%sysdir%\updinstall.exe
%sysdir%\updjsjas.dll
%sysdir%\updtscheduler.exe
%sysdir%\uprootkit.exe
%sysdir%\ups32.dll
%sysdir%\ups32.exe
%sysdir%\usaplug.exe
%sysdir%\usb2chk.exe
%sysdir%\usbadpt32.dll
%sysdir%\usbcontrol.exe
%sysdir%\usbdrv.exe
%sysdir%\usbdrvw.dll
%sysdir%\usbhub.exe
%sysdir%\usbservice.exe
%sysdir%\usbtest.sys
%sysdir%\usbtskmgr.exe
%sysdir%\user32rem.exe
%sysdir%\usergdl.exe
%sysdir%\userid.dll
%sysdir%\userinit32.exe
%sysdir%\userx.exe
%sysdir%\usrnt\windrg32.exe
%sysdir%\utgrbe.dll
%sysdir%\utlsrv.exe
%sysdir%\uupgqem.exe
%sysdir%\uwyrl.exe
%sysdir%\vanhoutt.exe
%sysdir%\vb6stkit.dll
%sysdir%\vbn.dll
%sysdir%\vbuninstall.exe
%sysdir%\vcsystem.exe
%sysdir%\vdt_16.exe
%sysdir%\version.exe
%sysdir%\vesdtm32.dll
%sysdir%\vgatune.exe
%sysdir%\via.exe
%sysdir%\view2sp.exe
%sysdir%\vinm32.dll
%sysdir%\virdr.sys
%sysdir%\viri-check.exe
%sysdir%\vistax.dll
%sysdir%\visty.exe
%sysdir%\vistys.exe
%sysdir%\vjoytl32.dll
%sysdir%\vlbft.exe
%sysdir%\vld5750.dll
%sysdir%\vm.dll
%sysdir%\vm2.dll
%sysdir%\vmlib.exe
%sysdir%\vmmon32.exe
%sysdir%\vnetbsh.dll
%sysdir%\vook.sys
%sysdir%\voot.sys
%sysdir%\vport1.1.exe
%sysdir%\vschosts.exe
%sysdir%\vshell.exe
%sysdir%\vssmon.exe
%sysdir%\vtd_16.exe
%sysdir%\vtstr.dll
%sysdir%\vtstt.dll
%sysdir%\vturr.dll
%sysdir%\vwix32.exe
%sysdir%\vxgame1.exe
%sysdir%\vxgame2.exe
%sysdir%\vxgame3.exe
%sysdir%\vxgame4.exe
%sysdir%\vxgame5.exe
%sysdir%\vxgame6.exe
%sysdir%\vxh8jkdq2.exe
%sysdir%\vxh8jkdq6.exe
%sysdir%\vxvgfv.sys
%sysdir%\w?auclt.exe
%sysdir%\w16.dll
%sysdir%\w16s.dll
%sysdir%\w32.ajm.worm
%sysdir%\w32_ss.exe
%sysdir%\w3264.exe
%sysdir%\w32secm.exe
%sysdir%\w32t.dll
%sysdir%\w32time.exe
%sysdir%\w32tm.exe
%sysdir%\w3ssveds.exe
%sysdir%\w8673492.exe
%sysdir%\wali.dll
%sysdir%\wali\svcs\walimain.exe
%sysdir%\walib32.dll
%sysdir%\wartsrv.exe
%sysdir%\waruclt.exe
%sysdir%\watcher.dll
%sysdir%\watchole.exe
%sysdir%\wbem\irjit.dll,export 1087
%sysdir%\wbem\wmiadapt.exe
%sysdir%\wbem\wmiprv.dll
%sysdir%\wbev\windrg32.exe
%sysdir%\wbtvsffd.exe
%sysdir%\wcmd.exe
%sysdir%\wcsys.exe
%sysdir%\wcupshell.exe
%sysdir%\wdata32.dll
%sysdir%\wdate.dll
%sysdir%\wdmfmc32.dll
%sysdir%\wdns33.exe
%sysdir%\web.exe
%sysdir%\wftestb.exe
%sysdir%\wgse.exe
%sysdir%\wheax.exe
%sysdir%\why-.exe
%sysdir%\wiatwain.dll
%sysdir%\wid32.exe
%sysdir%\wiinlogon.exe
%sysdir%\win.dll
%sysdir%\win.exe.exe
%sysdir%\win_rar.dll
%sysdir%\win32.dll
%sysdir%\win052.exe
%sysdir%\win24.exe
%sysdir%\win32.dll
%sysdir%\win3206365874237.exe
%sysdir%\win32bat.exe
%sysdir%\win32debug.exe
%sysdir%\win32dll.exe
%sysdir%\win32i.exe
%sysdir%\win32imapsvr.exe
%sysdir%\win32lib.exe
%sysdir%\win32op.exe
%sysdir%\win32scs.exe
%sysdir%\winacpi.dll
%sysdir%\winamp.exe
%sysdir%\winats.dll
%sysdir%\winb2s32.dll
%sysdir%\winbery.exe
%sysdir%\winbin.exe
%sysdir%\winbrume.dll
%sysdir%\wincmd.exe
%sysdir%\wincom32.sys
%sysdir%\winconfig.exe
%sysdir%\wincontrol.dll
%sysdir%\wincontxt.dll
%sysdir%\wincqt32.dll
%sysdir%\wind2ll2.exe
%sysdir%\windash.exe
%sysdir%\windasz-updote.exe
%sysdir%\windat32.exe
%sysdir%\windates.exe
%sysdir%\windbg32.exe
%sysdir%\windesktop.exe
%sysdir%\windinit.exe
%sysdir%\windio778.exe
%sysdir%\windiqew.exe
%sysdir%\windir32.exe
%sysdir%\windky.dll
%sysdir%\windlhhl.exe
%sysdir%\windll2.exe
%sysdir%\windll32lib.exe
%sysdir%\windlls.exe
%sysdir%\windllsys32.exe
%sysdir%\windows.exe
%sysdir%\windows_kernel32.exe
%sysdir%\windows32.exe
%sysdir%\windowsfirewall.exe
%sysdir%\windowsfw.exe
%sysdir%\windowsp.exe
%sysdir%\windowssp2.exe
%sysdir%\windowsx.exe
%sysdir%\windrvrs32.exe
%sysdir%\windsns.exe
%sysdir%\windspl.exe
%sysdir%\windump.exe
%sysdir%\winet.dll
%sysdir%\winet.exe
%sysdir%\winewtpas.dll
%sysdir%\winexplore.exe
%sysdir%\wingmt32.exe
%sysdir%\wingo.exe
%sysdir%\winguis.dll
%sysdir%\wingv32.exe
%sysdir%\winhcek32.exe
%sysdir%\winin.exe
%sysdir%\wininet.exe
%sysdir%\wininit.exe
%sysdir%\winint.exe
%sysdir%\wininv.dll
%sysdir%\winiogom.exe
%sysdir%\winjava.exe
%sysdir%\winjjq32.dll
%sysdir%\winjvd32.dll
%sysdir%\winkeam.exe
%sysdir%\winkey.dll
%sysdir%\winkut.exe
%sysdir%\winkwgz.exe
%sysdir%\winl32xe.exe
%sysdir%\winldr.exe
%sysdir%\winligon.exe
%sysdir%\winlite.exe
%sysdir%\winload.exe
%sysdir%\winlog.dll
%sysdir%\winlogi.exe
%sysdir%\winlogo.exe
%sysdir%\winlogon64.exe
%sysdir%\winlow.sys
%sysdir%\winm32.dll
%sysdir%\winm32.sys
%sysdir%\winm64.sys
%sysdir%\win-mang.exe
%sysdir%\winmedia.exe
%sysdir%\winmedia32.exe
%sysdir%\winmedl.dll
%sysdir%\winmer.exe
%sysdir%\winmgnt_hook.dll
%sysdir%\winmgr.exe
%sysdir%\winmon.exe
%sysdir%\winmssg.exe
%sysdir%\winmsx.exe
%sysdir%\winmuse.exe
%sysdir%\winmx32.exe
%sysdir%\winnnn.dll
%sysdir%\winntcreate.exe
%sysdir%\winntupdate.exe
%sysdir%\winoie789.exe
%sysdir%\winowl32.dll
%sysdir%\winpn32.exe
%sysdir%\winpnp32.exe
%sysdir%\winpup.exe
%sysdir%\winpup32.exe
%sysdir%\winresw.exe
%sysdir%\winrpmsg.dll
%sysdir%\wins\svchost.exe
%sysdir%\wins32.dll
%sysdir%\winsass.exe
%sysdir%\winscket.dll
%sysdir%\winscntrl.exe
%sysdir%\winscure.exe
%sysdir%\winsecurityxp\rk.exe
%sysdir%\winselect.exe
%sysdir%\winserv.dll
%sysdir%\winserv32.dll
%sysdir%\winserver.exe
%sysdir%\winsetup.exe
%sysdir%\winsfc.exe
%sysdir%\winsgr32.exe
%sysdir%\winsis32.dll
%sysdir%\winskype.dll
%sysdir%\winskype.exe
%sysdir%\winsook.dll
%sysdir%\winsp9.exe
%sysdir%\winspkn.exe
%sysdir%\winspol.exe
%sysdir%\winspoolwowexec.exe
%sysdir%\winsrt.exe
%sysdir%\winsrv.exe
%sysdir%\winsrvhk.dll
%sysdir%\winss.exe
%sysdir%\winssh.exe
%sysdir%\winssx.exe
%sysdir%\winstyle2.dll
%sysdir%\winsv.exe
%sysdir%\winsvc.exe
%sysdir%\winsvc\svc\google.exe
%sysdir%\winsvc32.exe
%sysdir%\winsyei.dll
%sysdir%\winsys32.exe
%sysdir%\winsys33.exe
%sysdir%\winsys64mnger.exe
%sysdir%\winsystema\freevideo5.exe
%sysdir%\winsystems.exe
%sysdir%\winsysupd.exe
%sysdir%\winsysupd10.exe
%sysdir%\winsysupd9.exe
%sysdir%\wintbp.exe
%sysdir%\wintbpx.exe
%sysdir%\wintective.dll
%sysdir%\wintems.exe
%sysdir%\wintft.dll
%sysdir%\wintnl.exe
%sysdir%\wintnpx.exe
%sysdir%\wintt1.dll
%sysdir%\winudll.exe
%sysdir%\winunits.dll
%sysdir%\winupdate128.exe
%sysdir%\winupdatexx.exe
%sysdir%\winupdats.exe
%sysdir%\winupdmon.exe
%sysdir%\winupgrad.exe
%sysdir%\winupl.exe
%sysdir%\winvex32.dll
%sysdir%\winvnc.exe
%sysdir%\winword.exe
%sysdir%\winxpro.exe
%sysdir%\winxpser.exe
%sysdir%\winxpsp2.exe
%sysdir%\winyvo32.dll
%sysdir%\winz0r.exe
%sysdir%\winzbp.exe
%sysdir%\winzep.exe
%sysdir%\winzip.exe
%sysdir%\winzip_tmp.exe
%sysdir%\winzsq.exe
%sysdir%\wiper.exe
%sysdir%\wisp.exe
%sysdir%\wisvcc.exe
%sysdir%\wksssv.exe
%sysdir%\wldr.dll
%sysdir%\wlmsngr.exe
%sysdir%\wmdrtc32.dll
%sysdir%\wmedia32.exe
%sysdir%\wmiapi.exe
%sysdir%\wmimgr.exe
%sysdir%\wmiprvi.dll
%sysdir%\wmisg.exe
%sysdir%\wmp.exe
%sysdir%\wmpdrm.dll
%sysdir%\wndfxyfi.dll
%sysdir%\wndl.exe
%sysdir%\wnuserv.exe
%sysdir%\woaisaomm.exe
%sysdir%\wookckse.exe
%sysdir%\wpa.exe
%sysdir%\wpabaln32.exe
%sysdir%\wpwdmgr.exe
%sysdir%\wrmana32.exe
%sysdir%\ws3lib.exe
%sysdir%\wsa32.dll
%sysdir%\wsa32.exe
%sysdir%\wsa32\beconfig.exe
%sysdir%\wsa32\bewrep.exe
%sysdir%\wsa32\rmbew.exe
%sysdir%\wscnty.exe
%sysdir%\wscpmset.dll
%sysdir%\wscpmwcl.dll
%sysdir%\wskrnl.exe
%sysdir%\wskrnlb.dll
%sysdir%\wskrnlb.exe
%sysdir%\wskrnlc.dll
%sysdir%\wskrnld.dll
%sysdir%\wskrnle.dll
%sysdir%\wsl21655.dll
%sysdir%\wsl22764.dll
%sysdir%\wsl7421.dll
%sysdir%\wsnfty.exe
%sysdir%\wsnpoem\audio.dll
%sysdir%\wsnpoem\video.dll
%sysdir%\wsock32.exe
%sysdir%\wstart.dll
%sysdir%\wstask32.exe
%sysdir%\wstime.exe
%sysdir%\wsys32.exe
%sysdir%\wtemp32.exe
%sysdir%\wuamclt32.exe
%sysdir%\wuamgrb.exe
%sysdir%\wuamkop.exe
%sysdir%\wuamkoppnp.exe
%sysdir%\wuaumqr.exe
%sysdir%\wucualt.exe
%sysdir%\wudates.exe
%sysdir%\wudpcom.exe
%sysdir%\wuinit.exe
%sysdir%\wupdates.exe
%sysdir%\wurmgrd32.exe
%sysdir%\wuuaclt.exe
%sysdir%\wxtwdx.dll
%sysdir%\wys.dll
%sysdir%\wys.exe
%sysdir%\wys5.dll
%sysdir%\wztoid.exe
%sysdir%\xcttgs.dll
%sysdir%\xflash.exe
%sysdir%\xmchai.exe
%sysdir%\xmsk32.dll
%sysdir%\xmsk64.sys
%sysdir%\xpiupdate.exe
%sysdir%\xploognt.exe
%sysdir%\xptpmm.sys
%sysdir%\xpupdate.exe
%sysdir%\xxvyaj.exe
%sysdir%\xxxdefdrv.sys
%sysdir%\ydsvga.sys
%sysdir%\ydsvgd.sys
%sysdir%\ygyfrmrh.sys
%sysdir%\yvpp01.dll
%sysdir%\yvpp01.sys
%sysdir%\yvpp02.sys
%sysdir%\yxgunlzu.dll
%sysdir%\zcjflmoj.sys
%sysdir%\zhopaizdupla.exe
%sysdir%\zip32.dll
%sysdir%\zipped files.exe
%sysdir%\zlib.dll
%sysdir%\znksvc32.exe
%sysdir%\zopenssl.dll
%sysdir%\zopenssld.sys
%sysdir%\zsydll.dll
%sysdir%\zsyhide.dll
%sysdir%\zsys.exe
%sysdir%\zsys1.dll
%sysdir%\zsys2.dll
%sysdir%\zxbnredm.dll
%sysdir%\zxbnredm.sys
%sysdir%\zztp\svchost.exe
%sysdir\\f4k3\dirote.exe
%system%\a.exe
%system%\bridge.dll
%system%\cmd32.exe
%system%\dx32cxlp.exe
%system%\load32.exe
%system%\msjet62.dll
%system%\ntsvc.exe
%system%\regedit.exe
%system%\run32.exe
%system%\rundll16.exe
%system%\system.exe
%system%\taskmon.exe
%system%\windll.exe
%system%\windll32.exe
%system%\winsystems.exe
%system%\winupd.exe
%system%\wmiprvse.exe
%systemdrive%\documents and settings\all users\application data\microsoft\pctools\pctools.dll
%temp%\atl.dll
%temp%\pe386.sys
%temp%\pm.exe
%tmp%\cartao522.exe
%tmp%\dtmp106.exe
%tmp%\hadb31.exe
%tmp%\mc26.tmp
%tmp%\mc29bd.tmp
%tmp%\mc2a.tmp
%tmp%\mhs.exe
%tmp%\msdoc.exe
%tmp%\msie.exe
%tmp%\mstemp.exe
%tmp%\pork.exe
%tmp%\registryfix.exe
%tmp%\rudll.exe
%tmp%\services.exe
%tmp%\sexxx.exe
%tmp%\showinfo.exe
%tmp%\step1.exe
%tmp%\svchost.exe
%tmp%\vgt.exe
%tmp%\vmmreg32.dll
%tmp%\winkgcbmt.exe
%tmp%\winword.exe
%tmp%\xxmp82.exe
%user%\local settings\application data\winlogon.exe
%userprofile%\local settings\temp\winlogon.exe
%userprofile%\my documents\minesweeper.exe
%userprofile%\start menu\programs\startup\ctfmon.exe
%windir%\@@@\mydll.exe
%windir%\_meaoi.exe
%windir%\1zu7m84a.exe
%windir%\2020search.dll
%windir%\2020search2.dll
%windir%\80xfire.exe
%windir%\896588appinit.dll
%windir%\abcdefg.exe
%windir%\abcdefg23.exe
%windir%\abox.exe
%windir%\acdsee demo.exe
%windir%\acls.exe
%windir%\adblockxp.exe
%windir%\addins\svchost.exe
%windir%\admdll.dll
%windir%\aig.exe
%windir%\aim.dll
%windir%\aimclient.exe
%windir%\antivirus32.exe
%windir%\aornidle.dll
%windir%\aornum.exe
%windir%\aornumax.dll
%windir%\appevent.exe
%windir%\arcoiris.exe
%windir%\asbltzun.exe
%windir%\ask\ask.dll
%windir%\ask\ask.exe
%windir%\ask\scrcap.exe
%windir%\ask\smtpsender.exe
%windir%\asnftpd.exe
%windir%\assistse.exe
%windir%\assistseex.exe
%windir%\asus.exe
%windir%\atomicpartc.exe
%windir%\au.exe
%windir%\avguard.exe
%windir%\avp.exe
%windir%\avpsvc.exe
%windir%\axdcfasb.exe
%windir%\bagle.exe
%windir%\banmanpro.exe
%windir%\banner.dll
%windir%\batserv2.exe
%windir%\bi.dll
%windir%\biprep.exe
%windir%\boby.exe
%windir%\boot.exe
%windir%\browsvr.dll
%windir%\bslogitech.exe
%windir%\btgrab.dll
%windir%\btuihgter.exe
%windir%\c.dll
%windir%\calc.exe
%windir%\caner.exe
%windir%\cbphook.dll
%windir%\cbsys32.dll
%windir%\cbtril32.dll
%windir%\cdfs.exe
%windir%\cdplay.exe
%windir%\ced.dll
%windir%\celebrita.exe
%windir%\charmmpxp.exe
%windir%\chatlogs.dll
%windir%\chckntfs.exe
%windir%\checkers5.exe
%windir%\cjet.exe
%windir%\clmss.exe
%windir%\cmdpipe.exe
%windir%\comctsvc.exe
%windir%\command\sistrai.exe
%windir%\command\sistray.exe
%windir%\config\easy.windows.monitoring.exe.exe
%windir%\config\system.update.exe.exe
%windir%\confini.exe
%windir%\conmand.exe
%windir%\cp.exe
%windir%\cpds.exe
%windir%\crazy.exe
%windir%\crrst32.exe
%windir%\crssr.exe
%windir%\csrs.exe
%windir%\csrss.exe
%windir%\ctflog.exe
%windir%\cu.exe
%windir%\cursors\services.exe
%windir%\cytob.exe
%windir%\d3tl32.exe
%windir%\data\services.exe
%windir%\dc.exe
%windir%\dcmhelp.exe
%windir%\dcznetv2.exe
%windir%\dealhlpr.dll
%windir%\debug\debugprogram.exe
%windir%\deomen.exe
%windir%\devldr.exe
%windir%\dfp.exe
%windir%\dhbrowser.exe
%windir%\dhcp.exe
%windir%\dhp.dll
%windir%\dhsvr.exe
%windir%\dhu.exe
%windir%\dhupdt.exe
%windir%\dialer\_antispy.exe
%windir%\dinst.exe
%windir%\dlcomcnf.exe
%windir%\dllhlp.exe
%windir%\dlmax.dll
%windir%\dodrrr.exe
%windir%\downloaded program files\cnshook.dll
%windir%\downloaded program files\downloadhtml.dll
%windir%\downloaded program files\gsda.dll
%windir%\downloaded program files\hbinstie.dll
%windir%\downloaded program files\load.exe
%windir%\downloaded program files\mediaaccx.dll
%windir%\downloaded program files\monpop.exe
%windir%\downloaded program files\pop225.dll
%windir%\downloaded program files\pophook4.dll
%windir%\downloaded program files\popsrv225.exe
%windir%\downloaded program files\potwbar.dll
%windir%\dr.exe
%windir%\dskcheck.exe
%windir%\dsndup.exe
%windir%\dtreg.exe
%windir%\dupadirect.exe
%windir%\dupadupam1.exe
%windir%\dupadupam2.exe
%windir%\dvpd.dll
%windir%\edit.exe
%windir%\eid.exe
%windir%\einfo.exe
%windir%\eiunin2.exe
%windir%\eksplorasi.exe
%windir%\elitemediapop.exe
%windir%\emape.exe
%windir%\empavms.exe
%windir%\eodbngt.exe
%windir%\ermasys32.exe
%windir%\errorhandler.exe
%windir%\errorlog.exe
%windir%\etb\nt_hide78.dll
%windir%\exeload.exe
%windir%\exeroute.exe
%windir%\explcrer.exe
%windir%\extel.exe
%windir%\extract.exe
%windir%\fi49.exe
%windir%\fontloader.exe
%windir%\fonts\smss.exe
%windir%\freecell.exe
%windir%\g.exe
%windir%\g_server.dll
%windir%\g_server.exe
%windir%\g_server_hook.dll
%windir%\g_server1.2.exe
%windir%\g_server2.0.exe
%windir%\g_serverkey.dll
%windir%\g1_server.dll
%windir%\g1_server.exe
%windir%\g1_server_hook.dll
%windir%\gbesgr.exe
%windir%\gencroot.exe
%windir%\german.exe
%windir%\gpinstall.exe
%windir%\gserver2.exe
%windir%\h00kdll.dll
%windir%\hacker.com.cn.exe
%windir%\head24.exe
%windir%\help\d563ba79b410.exe
%windir%\help\mshook.dll
%windir%\help\mspass.exe
%windir%\help_dcc.dll
%windir%\help_ecc.dll
%windir%\helper101.dll
%windir%\hhbveeed.exe
%windir%\hide_evr2.sys
%windir%\hiderun.exe
%windir%\hiklmnop27.exe
%windir%\ho2stdll.exe
%windir%\hpsv.exe
%windir%\htmlsync.exe
%windir%\ibm00001.dll
%windir%\ibm00001.exe
%windir%\ibm00002.dll
%windir%\iccontrol.exe
%windir%\ie\md1.exe
%windir%\ie\winb_.exe
%windir%\iexplore32.dll
%windir%\iexplorex.dll
%windir%\iisdll.dll.vbs
%windir%\image.exe
%windir%\ime\svchost.exe
%windir%\imsins.exe
%windir%\imsins_hook.dll
%windir%\inet20004\winlogon.exe
%windir%\inetinfomon.exe
%windir%\inetndata\services.exe
%windir%\inf\norbtok.exe
%windir%\inf\services.exe
%windir%\inf\smss.exe
%windir%\inf\stray.exe
%windir%\inf3cted.exe
%windir%\injobw.exe
%windir%\inlook.exe
%windir%\installer2.0.28.exe
%windir%\interbase.exe
%windir%\internat.exe
%windir%\ioptixxx.dll
%windir%\ip.dll
%windir%\ipconfig32.exe
%windir%\ipservers.dll
%windir%\is-i9h1v.exe
%windir%\isnsys.dll
%windir%\isnsys32zx.dll
%windir%\is-puhug.exe
%windir%\is-qv2pm.exe
%windir%\isrvs\desktop.exe
%windir%\isrvs\ffisearch.exe
%windir%\isun0404.exe
%windir%\isun0804.exe
%windir%\isysuninst.exe
%windir%\ita.exe
%windir%\iun6002.exe
%windir%\java.dll
%windir%\java\classes\java.dll
%windir%\jdbgmgrnt.exe
%windir%\jif.exe
%windir%\kane.exe
%windir%\karen.exe
%windir%\kernelsxp.exe
%windir%\kesenjangansosial.exe
%windir%\keyhook.dll
%windir%\keyls.dll
%windir%\killer.exe
%windir%\klg.dll
%windir%\kmc.dll
%windir%\kmonitor.exe
%windir%\lasiaf.exe
%windir%\lass.dll
%windir%\lass.exe
%windir%\lastgood\system32\oleaut32.dll
%windir%\lastgood\system32\olepro32.dll
%windir%\lel.exe
%windir%\lemonyt.exe
%windir%\libimg.dll
%windir%\libparse.exe
%windir%\loaddll.dll
%windir%\loaddll.exe
%windir%\lodctr32.exe
%windir%\logins32.exe
%windir%\logo1_.exe
%windir%\lovcx.exe
%windir%\lsa.exe
%windir%\lsass.exe
%windir%\lsass1.exe
%windir%\lsass32.exe
%windir%\lsassftpdz.exe
%windir%\lsmass.exe
%windir%\mach.exe
%windir%\mache.exe
%windir%\mapserver.exe
%windir%\master.exe
%windir%\mcafeescanplus.exe
%windir%\mdkiaf.exe
%windir%\mdm.exe
%windir%\messenger.exe
%windir%\mgsev.exe
%windir%\miconfig.exe
%windir%\microsoft webserver.exe
%windir%\microsoft.net\framework\v1.0.3705\cvtres.exe
%windir%\mmsg\mcafee.update.exe.exe
%windir%\mmsg\mmsg.exe.exe
%windir%\modlb.exe
%windir%\molino110.exe
%windir%\moo.dll
%windir%\morphacl.dll
%windir%\mpgcom.dll
%windir%\mpm.exe
%windir%\mrgtask.exe
%windir%\ms32.exe
%windir%\msapps\msinfo\msappts32.exe
%windir%\msarch.exe
%windir%\msbf32.exe
%windir%\msbpx32.dll
%windir%\mscalc.exe
%windir%\mscarrt32.exe
%windir%\msccl.dll
%windir%\msclean.exe
%windir%\msconfig32x.exe
%windir%\msconig.exe
%windir%\mscore32.dll
%windir%\msdeff.exe
%windir%\msdefr.exe
%windir%\msdevmgr32.exe
%windir%\msdnupdate32.exe
%windir%\msdt.exe
%windir%\msdvd.exe
%windir%\msftupdatexp.exe
%windir%\msgupdater.exe
%windir%\mshelp.exe
%windir%\mshelpdsk.exe
%windir%\mshotfix.exe
%windir%\msie.exe
%windir%\mslx32.exe
%windir%\msmedia.exe
%windir%\msmedia32.exe
%windir%\msmsgredss.exe
%windir%\msmsgrs.exe
%windir%\msmsgs.exe
%windir%\msmv32.dll
%windir%\msn.exe
%windir%\msnarrator.exe
%windir%\msndr.exe
%windir%\msngrabber.exe
%windir%\msnlive.exe
%windir%\msnmgr.exe
%windir%\msnmsg.exe
%windir%\msnmsnr.exe
%windir%\msnupdate.exe
%windir%\msnzx.exe
%windir%\msoevc.exe
%windir%\mspath.exe
%windir%\mspathfinder
%windir%\msput.exe
%windir%\msrundll32.exe
%windir%\mssetup.exe
%windir%\mssmbios.exe
%windir%\mssol.dll
%windir%\mstask.exe
%windir%\mstdel32.exe
%windir%\mstempf.exe
%windir%\msupdate.exe
%windir%\msvcrt.exe
%windir%\msvisi.exe
%windir%\msvm_sti.exe
%windir%\mswindll32.exe
%windir%\msxp32.exe
%windir%\muamgr.exe
%windir%\mwfibpx.exe
%windir%\mwfirebpx.exe
%windir%\mwfirewall.exe
%windir%\mxtarget.dll
%windir%\myd00m.exe
%windir%\nail.exe
%windir%\nakedx.exe
%windir%\natydave1.exe
%windir%\navapw32.exe
%windir%\nb32ext2.exe
%windir%\nddenb.exe
%windir%\ndppbzn.exe
%windir%\nemxxx.dll
%windir%\net5ky.exe
%windir%\netconf32.exe
%windir%\netmon.exe
%windir%\nhtml.dll
%windir%\niteaim.exe
%windir%\niw.exe
%windir%\nm32.dll
%windir%\nm32.exe
%windir%\nnmgr.exe
%windir%\nomtojz.exe
%windir%\norton_antivirus.exe
%windir%\notepa.exe
%windir%\notepad.exe
%windir%\notepad.exe.exe
%windir%\nssrv.exe
%windir%\ntdlr.dll
%windir%\ntdlr.exe
%windir%\ntdlr_hook.dll
%windir%\nted.exe
%windir%\ntinvisible.dll
%windir%\nvidcgui.exe
%windir%\nvidguiv.exe
%windir%\nvmsgdwn.exe
%windir%\nwf.exe
%windir%\nwisse.exe
%windir%\nwqgqgo.exe
%windir%\omi.dll
%windir%\osrwin32.exe
%windir%\p2sys.dll
%windir%\package_ieplugin4.exe
%windir%\pchealth\pcguard.exe
%windir%\pclk.exe
%windir%\pi1.exe
%windir%\playavi.exe
%windir%\pooldata\csrss.exe
%windir%\popadstop.exe
%windir%\prntsvra.dll
%windir%\process.exe
%windir%\psexec.exe
%windir%\ptmens.exe
%windir%\ptsnoop.exe
%windir%\pwrtst32.dll
%windir%\pxckdlauninstall.exe
%windir%\pynix.dll
%windir%\q4keygen.exe
%windir%\quicktmelib.dll
%windir%\rakyatkelaparan.exe
%windir%\ramex.exe
%windir%\rasdfgl32.exe
%windir%\ratsou.exe
%windir%\rdriv.sys
%windir%\recycled.exe
%windir%\regedit.dll
%windir%\regedit2.exe
%windir%\registry1.dll
%windir%\registry2.dll
%windir%\regmon32.exe
%windir%\rejoice_06.exe
%windir%\rejoice_06.exehook.dll
%windir%\restart.exe
%windir%\rfa.dll
%windir%\rgrt.exe
%windir%\rmagentoutput.dll
%windir%\rogger.exe
%windir%\rsr2b.exe
%windir%\rudll.exe
%windir%\rundll132.exe
%windir%\rundll32.exe
%windir%\runwin32.exe
%windir%\sa55er.exe
%windir%\sachostx.exe
%windir%\saveruser.exe
%windir%\sbrowse.exe
%windir%\sc_reader.exe
%windir%\scan.exe
%windir%\scerver.dll
%windir%\scerver_hook.dll
%windir%\scerverkey.dll
%windir%\schedul3.exe
%windir%\sclureg32a.dll
%windir%\screen.dll
%windir%\scrsss.exe
%windir%\sdktemp.exe
%windir%\secure2.exe
%windir%\seli.exe
%windir%\sererver.dll
%windir%\sererver.exe
%windir%\sererver_hook.dll
%windir%\sererverkey.dll
%windir%\server.dll
%windir%\server.exe
%windir%\server_hook.dll
%windir%\serverkey.dll
%windir%\service.exe
%windir%\service32.exe
%windir%\services.exe
%windir%\services32.exe
%windir%\setdebugnt.exe
%windir%\shared\aim_hack.exe
%windir%\shared\ftp_crack.exe
%windir%\shared\icq_hack.exe
%windir%\shared\msn_crack.exe
%windir%\shared\xp_keygen.exe
%windir%\shellnew\bronstab.exe
%windir%\shellnew\elnorb.exe
%windir%\shellnew\sempalong.exe
%windir%\shtasks.exe
%windir%\sistem32\svchost.exe
%windir%\skype32.exe
%windir%\sllserv.exe
%windir%\smgr.exe
%windir%\sminst\launcher.exe
%windir%\smncs.exe
%windir%\smsc.exe
%windir%\smsg.exe
%windir%\smss.exe
%windir%\smtpsvc.exe
%windir%\snbho.exe
%windir%\sndman.exe
%windir%\sngpw36.exe
%windir%\sngsh33.dll
%windir%\snuninst.exe
%windir%\softdwind.exe
%windir%\sonudman.exe
%windir%\sonudmon.exe
%windir%\soundfun.exe
%windir%\sp2ydave1.exe
%windir%\spcmon\hook.dll
%windir%\spcmon\spylo.exe
%windir%\spcmon\wsys.dll
%windir%\spcmon\wsys.exe
%windir%\spcmon\wsyssrv.exe
%windir%\speer2.dll
%windir%\speeryox.dll
%windir%\spoder.dll
%windir%\spoolmgr.exe
%windir%\spoolsv.exe
%windir%\spoolsvr.exe
%windir%\sqlserv.exe
%windir%\sqltob.exe
%windir%\sserver.dll
%windir%\sserver.exe
%windir%\ssmc.dll
%windir%\startupmgr.exe
%windir%\story.exe
%windir%\stubbish.exe
%windir%\suhoy112.exe
%windir%\suhoy330.exe
%windir%\suniu.exe
%windir%\svch0st.dll
%windir%\svch0st_hook.dll
%windir%\svch0stkey.dll
%windir%\svchost.exe
%windir%\svchost.exe.exe
%windir%\svchost_hook.dll
%windir%\svchostt.exe
%windir%\svehost32.exe
%windir%\svhost.exe
%windir%\svhosts.exe
%windir%\svhosts32.exe
%windir%\svlhost.exe
%windir%\svohcst.exe
%windir%\svohost.exe
%windir%\svshost.exe
%windir%\switpa.exe
%windir%\switpb.exe
%windir%\symantecg.exe
%windir%\sys\mccagent.exe
%windir%\sys32dll.exe
%windir%\sysboot.dll
%windir%\sysc00.exe
%windir%\syscfg16.exe
%windir%\syscvhost.exe
%windir%\sysldr32.exe
%windir%\sysload.exe
%windir%\sysnet.exe
%windir%\sysninit.dll
%windir%\sysop.exe
%windir%\syspw32.exe
%windir%\systb.exe
%windir%\syste32.dll
%windir%\system idle procese
%windir%\system proess.dll
%windir%\system proess.exe
%windir%\system proess_hook.dll
%windir%\system proesskey.dll
%windir%\system\cscript.exe
%windir%\system\csrss.exe
%windir%\system\ctfmon.exe
%windir%\system\installgallery.exe
%windir%\system\lsass.exe
%windir%\system\service.exe
%windir%\system\smss.exe
%windir%\system\svchost.exe
%windir%\system\svchost.exe
%windir%\system\winlogin.exe
%windir%\system\winlogon.exe
%windir%\system\winpw32.exe
%windir%\system_dll.exe
%windir%\system16.exe
%windir%\system32\internat.exe
%windir%\system32\rundll.exe
%windir%\system32\vmss\vmss.exe
%windir%\system32\wsxsvc\wsxsvc.exe
%windir%\systemsa32.dll
%windir%\systemxpsp2.dll
%windir%\systen.exe
%windir%\systools.exe
%windir%\systra.exe
%windir%\sysw.dll
%windir%\syswindows
%windir%\syswvh.dll
%windir%\syswvmail.dll
%windir%\syswvnt.dll
%windir%\syswvwin.dll
%windir%\t1jmqu5etw\command.exe
%windir%\t42qvknq.dll
%windir%\t593.exe
%windir%\task.exe
%windir%\taskbar.exe
%windir%\taskbarmngr.exe
%windir%\taskmanager.exe
%windir%\taskmanes.exe
%windir%\taskmgrnt.exe
%windir%\taskmng.exe
%windir%\taskmsve.dll
%windir%\taskmsve.exe
%windir%\taskmsve_hook.dll
%windir%\tcpctrl.exe
%windir%\temp\comxt.exe
%windir%\temp\csrse.exe
%windir%\temp\mc2b.tmp
%windir%\temp\rundll32.exe
%windir%\temp\start5\msg.exe
%windir%\temp\start5\start.exe
%windir%\temp\startdrv.exe
%windir%\termsvcs.exe
%windir%\termsvrs.exe
%windir%\tool2.exe
%windir%\topcontext.exe
%windir%\trace.exe
%windir%\tsecure.exe
%windir%\tsrv.exe
%windir%\tsuninst.exe
%windir%\tw725.dll
%windir%\tw725.exe
%windir%\twain_32.exe
%windir%\twunk_64.exe
%windir%\uninstiu.exe
%windir%\unwn.exe
%windir%\userconfig9x.dll
%windir%\userlogon.exe
%windir%\users.dll
%windir%\userun32.exe
%windir%\vbarun.dll
%windir%\vcmnet11.exe
%windir%\vcualts32.exe
%windir%\vfprotect.exe
%windir%\vfprotect2.exe
%windir%\virtualmgr\mssvc128.exe
%windir%\virtualmgr\winsock.dll
%windir%\virtualmgr\winsock.dll
%windir%\visfxun.exe
%windir%\vmlmod.dll
%windir%\vnn.exe
%windir%\voiceip.dll
%windir%\volumec.exe
%windir%\volumeco.exe
%windir%\vtemp.dll
%windir%\vttrayp.exe
%windir%\w32appsrv.exe
%windir%\waudio.exe
%windir%\wbehqot.exe
%windir%\wcsrss.exe
%windir%\wdfmgr.exe
%windir%\wdskctl.exe
%windir%\web\sys.exe
%windir%\wernell87.exe
%windir%\wheax.dll
%windir%\whitsoft.exe
%windir%\wimanager.exe
%windir%\win16svc.exe
%windir%\win2sys.dll
%windir%\win320874-9913630.exe
%windir%\win32ssr.exe
%windir%\wincmdxp.exe
%windir%\wind.dll
%windir%\windos.exe
%windir%\windowo.exe
%windir%\windows.exe
%windir%\windows33.exe
%windir%\windowsbackup.exe
%windir%\windowssecurityupdate.exe
%windir%\windrvrs32.exe
%windir%\windupdate.exe
%windir%\winexec.exe
%windir%\winfog.exe
%windir%\winfws.exe
%windir%\wingerver2.0.exe
%windir%\winhlp.exe
%windir%\winime.exe
%windir%\wininits.exe
%windir%\winkernel32.exe
%windir%\winl0gon.exe
%windir%\winlog.exe
%windir%\winlogin.dll
%windir%\winlogin.exe
%windir%\winlogin_hook.dll
%windir%\winloginkey.dll
%windir%\winlogon.exe
%windir%\winlogon32.dll
%windir%\winmgnt.dll
%windir%\winmgntkey.dll
%windir%\winmic.exe
%windir%\winmod32.exe
%windir%\winnite.exe
%windir%\winnod.exe
%windir%\winnt.exe
%windir%\winoi.exe
%windir%\winproc.exe
%windir%\winred.exe
%windir%\winrv3e.exe
%windir%\winserv.ila
%windir%\winset.exe
%windir%\winsmc.exe
%windir%\winsms.dll
%windir%\winsock_32a.dll
%windir%\winsress.exe
%windir%\winsscap.dll
%windir%\winstats.exe
%windir%\winsvcmgr.exe
%windir%\winsys.exe
%windir%\winsysnet.exe
%windir%\wintray.exe
%windir%\wintroters.dll
%windir%\wintroters.exe
%windir%\winupdmon.exe
%windir%\winupgrm.exe
%windir%\winuping.exe
%windir%\winvid32.exe
%windir%\winwinker.exe
%windir%\winword.exe
%windir%\wiwn.exe
%windir%\wkfxi.js
%windir%\wkssvc.exe
%windir%\wmapsrvs.exe
%windir%\wmedia16.exe
%windir%\wmisp.exe
%windir%\wnilogon.exe
%windir%\wscntfy.exe
%windir%\wscntify.exe
%windir%\wsemxxx.dll
%windir%\wssys\ks.exe
%windir%\wssys\mc.exe
%windir%\wssys\wpiunst.exe
%windir%\wssys\wssys.exe
%windir%\wucihyn.dll
%windir%\wucrtupd.exe
%windir%\wupdmgr.exe
%windir%\wupdt.exe
%windir%\wxpdll32.exe
%windir%\xtb.exe
%windir%\yahoodll.dll
%windir%\yak_tw.dll
%windir%\yak_tw.exe
%windir%\yak_tw_hook.dll
%windir%\yak_twkey.dll
%windir%\ydave1.exe
%windir%\ysbagree.exe
%windir%\z~c\url_mon.dll
%windir%\z~c\url_mon32.exe
%windir%\zdjqw.exe
%windir%\zlibc.exe
%windir%\zprot32.exe
%windir%\zvkfzbx.exe
.exe
??chost.exe
@keylogger@.exe
@tour_ww[1].exe
\scandisk.exe
_.exe
___.exe
___r.exe
___synmgr.exe
__adware1__.dll
__adware2__.dll
__bho_dll__.dll
__ns_service
__ns_service_2
__ns_service_3
_backup.exe
_backup.exe.exe
_ctcp.dll
_ctcp.exe
_filesafer23.exe
_hideme_myfile.sys
_inst321.exe
_mzu_stonedrv2.exe
_mzu_stonedrv3.exe
_mzu_stonedrv8.exe
_ntrdlhost.exe
_ntrrs.exe
_qbotinj.exe
_svchost_.exe
_tdicli_.exe
_webcache_.exe
_win32.dll
_win32.exe
_x-finder.exe
Dangerous  DANGEROUS - ?,0-9
Updated weekly. Last update: August 29 2010

We recommend! Click Here to Update All your PC's Outdated drivers

%system%\bloodred.exe
W32.Netsky.AE@mm is a mass-mailing worm.
1. Copies it body to the following files:
%System%\bloodred.exe
%System%\Windows_kernel32.exe
%Windir%\bloodred.zip (A zipped copy of the worm. The file name within is Urgent_Info.pif.)
%System%\base64exe.sys (detected as W32.Netsky.AE@mm!enc)
%System%\base64zip.sys (detected as W32.Netsky.AE@mm!enc)
2. Adds the value:
"Microsoft Kernel"="%System%\Windows_kernel32.exe"
to registry Run key.
3. Infects the HOSTS file.
Blocks access to antiviral sites and to Microsoft update.
4. Sends e-mails.

Removal:
Remove it from startup using RegRun Startup Optimizer.
Restore the HOSTS file using RegRun Anti-Spyware.
Stop the service and set it to disabled state.
Remove files.

%windir%\lsass.exe
Nickser trojan program.
When run the trojan copies itself under the name lsass.exe name to the Windows directory and registers itself in the registry run key.
It allows to fully control victim computer.
Suggest to stop it by RegRun Startup Optimizer.

%windir%_e51.exe
%WINDIR%_E51.EXE is Trojan/Backdoor.
Related files:
1 :%CACHE%\CONTENT.IE5\????????\WINDOWS_E[1].EXE
2 :%profiles%\default user\l...s\content.ie5\8heb0peb\WINDOWS_E[1].EXE
3 :?:\%WINDIR%_E52.EXE
4 :?:\~temp\WINDOWS_E51.EXE
5 :?:\091106\WINDOWS_E51.EXE
6 :?:\WINDOWS_E51.EXE
Read more: http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the process %WINDIR%_E51.EXE and remove %WINDIR%_E51.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

.exe
VL RAT. 5.3.0 trojan

winpal32.dll
winpal32.dll is Adware.Look2ME.
Kill the file winpal32.dll and remove winpal32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

x-mas.exe
Worm / Macro trojan / Virus dropper
Can load plug-ins from the Internet. From the start it used "Source of Chaos" in Japan.

!readme.exe
!readme.exe is worm Apost.
Kill the process !readme.exe and remove !readme.exe from Windows startup.
Read more:
http://www.f-secure.com/v-descs/readme.s...

!update.exe
!update.exe is Adware component.
Kill the process !update.exe and remove !update.exe from Windows startup.

"%program files%\common files\%generated clsid%\update.exe" mc-110-12-0000272
"%PROGRAM FILES%\Common Files\%generated CLSID%\Update.exe" mc-110-12-0000272 is Trojan.DR.MultiDrop.AL.
Read more: http://www.avira.com/en/threats/section/...
Kill the file "%PROGRAM FILES%\Common Files\%generated CLSID%\Update.exe" and remove "%PROGRAM FILES%\Common Files\%generated CLSID%\Update.exe" mc-110-12-0000272 from Windows startup using RegRun Reanimator.
http://www.regrun.com

"%windir%\acdsee demo.exe"
Mass mailing worm W32.Salga.A@mm.
Copies itself to the Windows, Programs Files, Documents and Settings folders.
Creates the file D:\autorun.inf containing the following lines:
[autorun]
open=FUN.ZIP.EXE
And the similar files to all disks.
Opens a Web browser and displays a Web page from the domain originalicons.com.
Creates the file D:\new computer worm alert\virus alert.txt.
Sends its body by e-mail.
Remove it from startup. Delete all copies from hard disk.

"%windir%\system\system copy.exe"
Mass mailing worm W32.Salga.A@mm.
Copies itself to the Windows, Programs Files, Documents and Settings folders.
Creates the file D:\autorun.inf containing the following lines:
[autorun]
open=FUN.ZIP.EXE
And the similar files to all disks.
Opens a Web browser and displays a Web page from the domain originalicons.com.
Creates the file D:\new computer worm alert\virus alert.txt.
Sends its body by e-mail.
Remove it from startup. Delete all copies from hard disk.

"renamed server".exe
Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

##exmodul.exe
##exmodul.exe is Trojan/Backdoor (## - numbers).
Kill the process ##exmodul.exe and remove ##exmodul.exe from Windows startup using RegRun.
www.regrun.com

$_3472452.exe
$_3472452.exe is Trojan/Backdoor.
Kill the process $_3472452.exe and remove $_3472452.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

$sys$drmserver.exe
$sys$DRMServer.exe is Sony DRM rootkit.
$sys$DRMServer.exe installed as system service 'Plug and Play Device Manager'.
Kill the process $sys$DRMServer.exe and remove $sys$DRMServer.exe from Windows startup.
More info:
http://www.bleepingcomputer.com/forums/t...

$sys$sonytimer.exe
$sys$sonytimer.exe is Trojan.Welomoch.
Trojan.Welomoch is a Trojan horse that attempts to utilize XCP software to hide W32.HLLW.Antinny, which it drops on to the compromised computer. The XCP software is installed by inserting certain Sony BMG content-protected music CDs into the computer.
Related files:
%System%\$sys$WeLoveMcCOL.exe
%System%\$sys$sos$sys$.exe
%System%\$sys$sonyTimer.exe
Read more: http://www.symantec.com/security_respons...
Kill the process $sys$sonytimer.exe and remove $sys$sonytimer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

$sys$sos$sys$.exe
$sys$sos$sys$.exe is Trojan.Welomoch.
Trojan.Welomoch is a Trojan horse that attempts to utilize XCP software to hide W32.HLLW.Antinny, which it drops on to the compromised computer. The XCP software is installed by inserting certain Sony BMG content-protected music CDs into the computer.
Related files:
%System%\$sys$WeLoveMcCOL.exe
%System%\$sys$sos$sys$.exe
%System%\$sys$sonyTimer.exe
Read more: http://www.symantec.com/security_respons...
Kill the process $sys$sos$sys$.exe and remove $sys$sos$sys$.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

$sys$welovemccol.exe
$sys$welovemccol.exe is Trojan.Welomoch.
Trojan.Welomoch is a Trojan horse that attempts to utilize XCP software to hide W32.HLLW.Antinny, which it drops on to the compromised computer. The XCP software is installed by inserting certain Sony BMG content-protected music CDs into the computer.
Related files:
%System%\$sys$WeLoveMcCOL.exe
%System%\$sys$sos$sys$.exe
%System%\$sys$sonyTimer.exe
Read more: http://www.symantec.com/security_respons...
Kill the process $sys$welovemccol.exe and remove $sys$welovemccol.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%common files%\delsim\del.exe
%Common Files%\delsim\del.exe is Win32/Yaptaf.A.
Read more: http://ca.com/ru/securityadvisor/virusin...
Kill the process %Common Files%\delsim\del.exe and remove %Common Files%\delsim\del.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%common files%\services\svchost.exe
We suggest you to remove %Common Files%\services\svchost.exe from your computer as soon as possible.
%Common Files%\services\svchost.exe is W32/Hoxe-B.
Read more: http://www.sophos.com/security/analyses/...
Kill the process %Common Files%\services\svchost.exe and remove %Common Files%\services\svchost.exe from Windows startup.

%downloaded program files%\explorer.exe
%Downloaded Program Files%\explorer.exe is Troj/Crybot-G.
Read more: http://www.sophos.com/security/analyses/...
Kill the process %Downloaded Program Files%\explorer.exe and remove %Downloaded Program Files%\explorer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\180search assistant\hsr.dll
Hsr.dll is an adware program Adware.180Search (180Solutions).
Hsr.dll monitors the contents of Web browser windows.
Hsr.dll opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove hsr.dll from Windows startup using RegRun Startup Optimizer.

%program files%\180search assistant\sachook.dll
Sachook.dll is an adware program Adware.180Search (180Solutions).
Sachook.dll monitors the contents of Web browser windows.
Sachook.dll opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove sachook.dll from Windows startup using RegRun Startup Optimizer.

%program files%\180search assistant\sain.exe
Sain.exe is an adware program Adware.180Search (180Solutions).
Sain.exe monitors the contents of Web browser windows.
Sain.exe opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill sain.exe process and remove sain.exe from Windows startup using RegRun Startup Optimizer.

%program files%\180search assistant\sau.dll
Sau.dll is an adware program Adware.180Search (180Solutions).
Sau.dll monitors the contents of Web browser windows.
Sau.dll opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove sau.dll from Windows startup using RegRun Startup Optimizer.

%program files%\180search assistant\sauhook.dll
Sauhook.dll is an adware program Adware.180Search (180Solutions).
Sauhook.dll monitors the contents of Web browser windows.
Sauhook.dll opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove sauhook.dll from Windows startup using RegRun Startup Optimizer.

%program files%\2search\getst.exe
Getst.exe is a Adware.2search.
Getst.exe monitors user Internet activity.
Related files:
C:\Program Files\2Search\getst.exe
C:\Program Files\2Search\main.exe
C:\Program Files\2Search\plugin.dll
C:\Program Files\2Search\svchost.exe
%System%\007guard.exe
%System%\2searchinstaller.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill getst.exe process and remove getst.exe from Windows startup using RegRun Startup Optimizer.

%program files%\2search\main.exe
Main.exe is a Adware.2search.
Main.exe monitors user Internet activity.
Related files:
C:\Program Files\2Search\getst.exe
C:\Program Files\2Search\main.exe
C:\Program Files\2Search\plugin.dll
C:\Program Files\2Search\svchost.exe
%System%\007guard.exe
%System%\2searchinstaller.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill main.exe process and remove main.exe from Windows startup using RegRun Startup Optimizer.

%program files%\2search\plugin.dll
Plugin.dll is a Adware.2search.
Plugin.dll monitors user Internet activity.
Related files:
C:\Program Files\2Search\getst.exe
C:\Program Files\2Search\main.exe
C:\Program Files\2Search\plugin.dll
C:\Program Files\2Search\svchost.exe
%System%\007guard.exe
%System%\2searchinstaller.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove plugin.dll from Windows startup using RegRun Startup Optimizer.

%program files%\5whgue21\5whgue21.exe
5whgue21.exe is an adware program Adware.ClearSearch.
5whgue21.exe downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill 5whgue21.exe process and remove 5whgue21.exe from Windows startup using RegRun Startup Optimizer.

%program files%\acm\acmconfig.exe
ACMConfig.exe is a Spyware.ACM.
ACMConfig.exe monitors all forms of user activity on a computer.
Related files:
%ProgramFiles%\ACM\ACMConfig.exe
%ProgramFiles%\ACM\ACMDLL.dll
%ProgramFiles%\ACM\ACMService.exe
%ProgramFiles%\ACM\polarcrypto.dll
%ProgramFiles%\ACM\PolarZIPLight.dll
%ProgramFiles%\ACM\zsHook.dll
%ProgramFiles%\ACM\unins000.exe
%System%\ccrpTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ACMConfig.exe process and remove ACMConfig.exe from Windows startup using RegRun Startup Optimizer.

%program files%\acm\acmdll.dll
ACMDLL.dll is a Spyware.ACM.
ACMDLL.dll monitors all forms of user activity on a computer.
Related files:
%ProgramFiles%\ACM\ACMConfig.exe
%ProgramFiles%\ACM\ACMDLL.dll
%ProgramFiles%\ACM\ACMService.exe
%ProgramFiles%\ACM\polarcrypto.dll
%ProgramFiles%\ACM\PolarZIPLight.dll
%ProgramFiles%\ACM\zsHook.dll
%ProgramFiles%\ACM\unins000.exe
%System%\ccrpTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove ACMDLL.dll from Windows startup using RegRun Startup Optimizer.

%program files%\acm\acmservice.exe
ACMService.exe is a Spyware.ACM.
ACMService.exe monitors all forms of user activity on a computer.
Related files:
%ProgramFiles%\ACM\ACMConfig.exe
%ProgramFiles%\ACM\ACMDLL.dll
%ProgramFiles%\ACM\ACMService.exe
%ProgramFiles%\ACM\polarcrypto.dll
%ProgramFiles%\ACM\PolarZIPLight.dll
%ProgramFiles%\ACM\zsHook.dll
%ProgramFiles%\ACM\unins000.exe
%System%\ccrpTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ACMService.exe process and remove ACMService.exe from Windows startup using RegRun Startup Optimizer.

%program files%\acm\zshook.dll
zsHook.dll is a Spyware.ACM.
zsHook.dll monitors all forms of user activity on a computer.
Related files:
%ProgramFiles%\ACM\ACMConfig.exe
%ProgramFiles%\ACM\ACMDLL.dll
%ProgramFiles%\ACM\ACMService.exe
%ProgramFiles%\ACM\polarcrypto.dll
%ProgramFiles%\ACM\PolarZIPLight.dll
%ProgramFiles%\ACM\zsHook.dll
%ProgramFiles%\ACM\unins000.exe
%System%\ccrpTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove zsHook.dll from Windows startup using RegRun Startup Optimizer.

%program files%\acs-style\acs.exe
acs.exe is a worm W32.Kelvir.W.
acs.exe spreads by MSN Messenger and via open network shares .
acs.exe tries to terminate antiviral programs installed on a user computer.
acs.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ACS-Style\rxBot.exe
%ProgramFiles%\ACS-Style\acs.exe
%system%\winsystem32xp.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill acs.exe process and remove acs.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity keylogger\actik.exe
Actik.exe is a Spyware.ActivityKey.
Actik.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Keylogger\actik.exe
%ProgramFiles%\Activity Keylogger\black.lis
%ProgramFiles%\Activity Keylogger\help.chm
%ProgramFiles%\Activity Keylogger\hidden.dll
%ProgramFiles%\Activity Keylogger\License.txt
%ProgramFiles%\Activity Keylogger\Log\icons\unknownicon.bmp
%ProgramFiles%\Activity Keylogger\Log\null.htm
%ProgramFiles%\Activity Keylogger\readme.txt
%ProgramFiles%\Activity Keylogger\systemlog.txt
%ProgramFiles%\Activity Keylogger\unins000.dat
%ProgramFiles%\Activity Keylogger\unins000.exe
%ProgramFiles%\Activity Keylogger\warning.txt
%ProgramFiles%\Activity Keylogger\akeylogger.exe
%Windir%\aksettings.ini
%Windir%\chatlogs.dll
Adds the value:
"Activity" = "%ProgramFiles%\Activity Keylogger\actik.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill actik.exe process and remove actik.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity keylogger\akeylogger.exe
Akeylogger.exe is a Spyware.ActivityKey.
Akeylogger.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Keylogger\actik.exe
%ProgramFiles%\Activity Keylogger\black.lis
%ProgramFiles%\Activity Keylogger\help.chm
%ProgramFiles%\Activity Keylogger\hidden.dll
%ProgramFiles%\Activity Keylogger\License.txt
%ProgramFiles%\Activity Keylogger\Log\icons\unknownicon.bmp
%ProgramFiles%\Activity Keylogger\Log\null.htm
%ProgramFiles%\Activity Keylogger\readme.txt
%ProgramFiles%\Activity Keylogger\systemlog.txt
%ProgramFiles%\Activity Keylogger\unins000.dat
%ProgramFiles%\Activity Keylogger\unins000.exe
%ProgramFiles%\Activity Keylogger\warning.txt
%ProgramFiles%\Activity Keylogger\akeylogger.exe
%Windir%\aksettings.ini
%Windir%\chatlogs.dll
Adds the value:
"Activity" = "%ProgramFiles%\Activity Keylogger\actik.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill akeylogger.exe process and remove akeylogger.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity keylogger\hidden.dll
Hidden.dll is a Spyware.ActivityKey.
Hidden.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Keylogger\actik.exe
%ProgramFiles%\Activity Keylogger\black.lis
%ProgramFiles%\Activity Keylogger\help.chm
%ProgramFiles%\Activity Keylogger\hidden.dll
%ProgramFiles%\Activity Keylogger\License.txt
%ProgramFiles%\Activity Keylogger\Log\icons\unknownicon.bmp
%ProgramFiles%\Activity Keylogger\Log\null.htm
%ProgramFiles%\Activity Keylogger\readme.txt
%ProgramFiles%\Activity Keylogger\systemlog.txt
%ProgramFiles%\Activity Keylogger\unins000.dat
%ProgramFiles%\Activity Keylogger\unins000.exe
%ProgramFiles%\Activity Keylogger\warning.txt
%ProgramFiles%\Activity Keylogger\akeylogger.exe
%Windir%\aksettings.ini
%Windir%\chatlogs.dll
Adds the value:
"Activity" = "%ProgramFiles%\Activity Keylogger\actik.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove hidden.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\alaware.dll
Alaware.dll is a Spyware.ActivityLog.
Alaware.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove alaware.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\alogcfg.exe
Alogcfg.exe is a Spyware.ActivityLog.
Alogcfg.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill alogcfg.exe process and remove alogger.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\alogger.exe
Alogger.exe is a Spyware.ActivityLog.
Alogger.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill alogger.exe process and remove alogger.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\alsys.exe
Alsys.exe is a Spyware.ActivityLog.
Alsys.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill alsys.exe process and remove alsys.exe from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\emailer.dll
Emailer.dll is a Spyware.ActivityLog.
Emailer.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Emailer.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\logexp.dll
LogExp.dll is a Spyware.ActivityLog.
LogExp.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove LogExp.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\mfc42.dll
Mfc42.dll is a Spyware.ActivityLog.
Mfc42.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove mfc42.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\msvcrt.dll
Msvcrt.dll is a Spyware.ActivityLog.
Msvcrt.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove msvcrt.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\slgrl.dll
Slgrl.dll is a Spyware.ActivityLog.
Slgrl.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove slgrl.dll from Windows startup using RegRun Startup Optimizer.

%program files%\activity logger\swkbhkl.dll
Swkbhkl.dll is a Spyware.ActivityLog.
Swkbhkl.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Activity Logger\alogger.exe
%ProgramFiles%\Activity Logger\alaware.dll
%ProgramFiles%\Activity Logger\alogcfg.exe
%ProgramFiles%\Activity Logger\alsys.exe
%ProgramFiles%\Activity Logger\Emailer.dll
%ProgramFiles%\Activity Logger\slgrl.dll
%ProgramFiles%\Activity Logger\swkbhkl.dll
%ProgramFiles%\Activity Logger\ijl15.dll
%ProgramFiles%\Activity Logger\LogExp.dll
%ProgramFiles%\Activity Logger\mfc42.dll
%ProgramFiles%\Activity Logger\msvcrt.dll
Adds the value:
"AISys" = "C:\Program Files\Activity Logger\\[file name]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove swkbhkl.dll from Windows startup using RegRun Startup Optimizer.

%program files%\actual spy\actualspy.exe
ActualSpy.exe is a Spyware.ActualSpy.
ActualSpy.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Actual Spy\ActualSpy.chm
%ProgramFiles%\Actual Spy\ActualSpy.exe
%ProgramFiles%\Actual Spy\FILE_ID.DIZ
%ProgramFiles%\Actual Spy\hkdll.dll
%ProgramFiles%\Actual Spy\hprog.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ActualSpy.exe process and remove ActualSpy.exe from Windows startup using RegRun Startup Optimizer.

%program files%\actual spy\hkdll.dll
Hkdll.dll is a Spyware.ActualSpy.
Hkdll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Actual Spy\ActualSpy.chm
%ProgramFiles%\Actual Spy\ActualSpy.exe
%ProgramFiles%\Actual Spy\FILE_ID.DIZ
%ProgramFiles%\Actual Spy\hkdll.dll
%ProgramFiles%\Actual Spy\hprog.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove hkdll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\actual spy\hprog.dll
Hprog.dll is a Spyware.ActualSpy.
Hprog.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Actual Spy\ActualSpy.chm
%ProgramFiles%\Actual Spy\ActualSpy.exe
%ProgramFiles%\Actual Spy\FILE_ID.DIZ
%ProgramFiles%\Actual Spy\hkdll.dll
%ProgramFiles%\Actual Spy\hprog.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove hprog.dll from Windows startup using RegRun Startup Optimizer.

%program files%\adobe\acrobat.exe
%PROGRAM FILES%\Adobe\acrobat.exe is Trojan.Mdropper.V.
Related files:
%Temp%\ahah.exe - detected as Trojan.Dropper
%Temp%\sav.exe - detected as Backdoor.Trojan
%Temp%\temp.doc - a clean Microsoft Word file
C:\Program Files\Adobe\acrobat.exe - identical to %Temp%\sav.exe
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %PROGRAM FILES%\Adobe\acrobat.exe and remove %PROGRAM FILES%\Adobe\acrobat.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\adstatcomm.dll
AdStatComm.dll is an adware program Adware.WinTaskAd.
AdStatComm.dll downloads and displays advertisements.
Related files:
%ProgramFiles%\AdStatServ.exe
%ProgramFiles%\AdStatKeep.exe
%ProgramFiles%\AdStatComm.dll
%ProgramFiles%\PrevAdComm.dll
%ProgramFiles%\WinTaskAd.exe
%ProgramFiles%\WinSched.exe
%ProgramFiles%\WinProject.dll
%Windir%\Temp\creditdan_WinTaskAdInstPack.exe
Adds the value:
"Windows TaskAd" = "[path to Adware.WinTaskAd]"
"AdStatus Service" = "[path to Adware.WinTaskAd]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove AdStatComm.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\cliner.exe
Cliner.exe is a Spyware.ActualNames.
Cliner.exe is a Browser Helper Object.
Cliner.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill cliner.exe process and remove cliner.exe from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\finddll.dll
Finddll.dll is a Spyware.ActualNames.
Finddll.dll is a Browser Helper Object.
Finddll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove finddll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\mailbook.exe
Mailbook.exe is a Spyware.ActualNames.
Mailbook.exe is a Browser Helper Object.
Mailbook.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill mailbook.exe process and remove mailbook.exe from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\mailbookproxy.dll
Mailbookproxy.dll is a Spyware.ActualNames.
Mailbookproxy.dll is a Browser Helper Object.
Mailbookproxy.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove mailbookproxy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\mydll.dll
Mydll.dll is a Spyware.ActualNames.
Mydll.dll is a Browser Helper Object.
Mydll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove mydll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\nn7dll.dll
Nn7dll.dll is a Spyware.ActualNames.
Nn7dll.dll is a Browser Helper Object.
Nn7dll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove nn7dll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\nndll.dll
Nndll.dll is a Spyware.ActualNames.
Nndll.dll is a Browser Helper Object.
Nndll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove nndll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\spredirect.dll
Spredirect.dll is a Spyware.ActualNames.
Spredirect.dll is a Browser Helper Object.
Spredirect.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove spredirect.dll from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\updater.exe
Updater.exe is a Spyware.ActualNames.
Updater.exe is a Browser Helper Object.
Updater.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill updater.exe process and remove updater.exe from Windows startup using RegRun Startup Optimizer.

%program files%\advsearch\updaterproxy.dll
Updaterproxy.dll is a Spyware.ActualNames.
Updaterproxy.dll is a Browser Helper Object.
Updaterproxy.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\AdvSearch\cliner.exe
%ProgramFiles%\AdvSearch\finddll.dll
%ProgramFiles%\AdvSearch\findservice.exe
%ProgramFiles%\AdvSearch\mailbook.exe
%ProgramFiles%\AdvSearch\mailbookproxy.dll
%ProgramFiles%\AdvSearch\mydll.dll
%ProgramFiles%\AdvSearch\nn7dll.dll
%ProgramFiles%\AdvSearch\nndll.dll
%ProgramFiles%\AdvSearch\regsvr32.exe
%ProgramFiles%\AdvSearch\spredirect.dll
%ProgramFiles%\AdvSearch\update.exe
%ProgramFiles%\AdvSearch\updater.exe
%ProgramFiles%\AdvSearch\updaterproxy.dll
%ProgramFiles%\AdvSearch\unins000.exe
%ProgramFiles%\AdvSearch\unins000.dat
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove updaterproxy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\aolx\as.exe
As.exe is a Backdoor W32.Allim.B.
As.exe spreads through America Online Instant Messenger (AIM).
As.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\aolx\as.exe
%ProgramFiles%\aolx\proto.exe
%System%\procmsg.exe
Adds the value:
"Windows Generic Proc" = "procmsg.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill as.exe process and remove as.exe from Windows startup using RegRun Startup Optimizer.

%program files%\appstraka\appstraka.exe
AppsTraka.exe is a Spyware.AppsTraka.
AppsTraka.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Userprofile%\Start Menu\Programs\AppsTraka\AppsTraka.lnk
%Userprofile%\Desktop\AppsTraka.lnk
%ProgramFiles%\AppsTraka\AppsTraka.exe
%ProgramFiles%\AppsTraka\Appstraka.html
%ProgramFiles%\AppsTraka\Register.html
%ProgramFiles%\AppsTraka\unins000.dat
%ProgramFiles%\AppsTraka\unins000.exe
%System%\Akeylg32.dll
%System%\Appdlg32.dll
appstraka316.exe
Adds the value:
"ATSpooler" = ""C:\Program Files\AppsTraka\AppsTraka.exe" /r"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill AppsTraka.exe process and remove AppsTraka.exe from Windows startup using RegRun Startup Optimizer.

%program files%\appstraka\unins000.exe
unins000.exe is a Spyware.AppsTraka.
unins000.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Userprofile%\Start Menu\Programs\AppsTraka\AppsTraka.lnk
%Userprofile%\Desktop\AppsTraka.lnk
%ProgramFiles%\AppsTraka\AppsTraka.exe
%ProgramFiles%\AppsTraka\Appstraka.html
%ProgramFiles%\AppsTraka\Register.html
%ProgramFiles%\AppsTraka\unins000.dat
%ProgramFiles%\AppsTraka\unins000.exe
%System%\Akeylg32.dll
%System%\Appdlg32.dll
appstraka316.exe
Adds the value:
"ATSpooler" = ""C:\Program Files\AppsTraka\AppsTraka.exe" /r"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill unins000.exe process and remove unins000.exe from Windows startup using RegRun Startup Optimizer.

%program files%\archive.exe
Archive.exe is a Trojan.Dloadr-ABP.
Archive.exe opens a back door.
Archive.exe downloads code from the internet.
Related files:
%Program Files%\Archive\Archive.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill Archive.exe process and remove Archive.exe from Windows startup using RegRun Startup Optimizer.

%program files%\ardamax keylogger\il.dll
il.dll is a Spyware.Ardakey.B..
il.dll logs keystrokes.
Related files:
%ProgramFiles%\Ardamax Keylogger\AKL.exe
%ProgramFiles%\Ardamax Keylogger\AKV.exe
%ProgramFiles%\Ardamax Keylogger\kh.dll
%ProgramFiles%\Ardamax Keylogger\il.dll
Adds the value:
"Ardamax Keylogger" = "%ProgramFiles%\Ardamax Keylogger\akl.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove il.dll from Windows startup using RegRun Startup Optimizer.

%program files%\ardamax keylogger\kh.dll
kh.dll is a Spyware.Ardakey.B..
kh.dll logs keystrokes.
Related files:
%ProgramFiles%\Ardamax Keylogger\AKL.exe
%ProgramFiles%\Ardamax Keylogger\AKV.exe
%ProgramFiles%\Ardamax Keylogger\kh.dll
%ProgramFiles%\Ardamax Keylogger\il.dll
Adds the value:
"Ardamax Keylogger" = "%ProgramFiles%\Ardamax Keylogger\akl.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove kh.dll from Windows startup using RegRun Startup Optimizer.

%program files%\asys\stb.exe
Stb.exe is a Trojan.Cmapp.
Stb.exe downloads and display advertisements.
Stb.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Stb.exe process and remove Stb.exe from Windows startup using RegRun Startup Optimizer.

%program files%\asys\vfx8.0-1.exe
VFX8.0-1.exe is a Trojan.Cmapp.
VFX8.0-1.exe downloads and display advertisements.
VFX8.0-1.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill VFX8.0-1.exe process and remove VFX8.0-1.exe from Windows startup using RegRun Startup Optimizer.

%program files%\auto keylogger\kbhook4.dll
kbhook4.dll is a keylogger Spyware.IkitecKL.
kbhook4.dll records keystrokes typed in any window.
Related files:
%ProgramFiles%\Auto Keylogger\klkernel.dat
%ProgramFiles%\Auto Keylogger\kl.hlp
%ProgramFiles%\Auto Keylogger\kl.exe
%ProgramFiles%\Auto Keylogger\kl.cnt
%ProgramFiles%\Auto Keylogger\kbhook4.dll
%ProgramFiles%\Auto Keylogger\whatsnew.txt
%ProgramFiles%\Auto Keylogger\klkernel.exe
Adds the value:
"(Default)"="%ProgramFiles%\Auto Keylogger\kl.exe"
"WndMsg"="%ProgramFiles%\Auto Keylogger\klkernel.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove kbhook4.dll from Windows startup using RegRun Startup Optimizer.

%program files%\auto keylogger\kl.exe
kl.exe is a keylogger Spyware.IkitecKL.
kl.exe records keystrokes typed in any window.
Related files:
%ProgramFiles%\Auto Keylogger\klkernel.dat
%ProgramFiles%\Auto Keylogger\kl.hlp
%ProgramFiles%\Auto Keylogger\kl.exe
%ProgramFiles%\Auto Keylogger\kl.cnt
%ProgramFiles%\Auto Keylogger\kbhook4.dll
%ProgramFiles%\Auto Keylogger\whatsnew.txt
%ProgramFiles%\Auto Keylogger\klkernel.exe
Adds the value:
"(Default)"="%ProgramFiles%\Auto Keylogger\kl.exe"
"WndMsg"="%ProgramFiles%\Auto Keylogger\klkernel.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill kl.exe process and remove kl.exe from Windows startup using RegRun Startup Optimizer.

%program files%\auto keylogger\klkernel.exe
klkernel.exe is a keylogger Spyware.IkitecKL.
klkernel.exe records keystrokes typed in any window.
Related files:
%ProgramFiles%\Auto Keylogger\klkernel.dat
%ProgramFiles%\Auto Keylogger\kl.hlp
%ProgramFiles%\Auto Keylogger\kl.exe
%ProgramFiles%\Auto Keylogger\kl.cnt
%ProgramFiles%\Auto Keylogger\kbhook4.dll
%ProgramFiles%\Auto Keylogger\whatsnew.txt
%ProgramFiles%\Auto Keylogger\klkernel.exe
Adds the value:
"(Default)"="%ProgramFiles%\Auto Keylogger\kl.exe"
"WndMsg"="%ProgramFiles%\Auto Keylogger\klkernel.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill klkernel.exe process and remove klkernel.exe from Windows startup using RegRun Startup Optimizer.

%program files%\autosearch.dll
Autosearch.dll is a mass-mailing worm Adware.YellowPages.
Autosearch.dll installs an Internet Explorer toolbar.
Related files:
%ProgramFiles%\Autosearch.dll
Adds the value:
"windump"="%ProgramFiles%\autosearch.dll"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Autosearch.dll from Windows startup using RegRun Startup Optimizer.

%program files%\autoupdate\autoupdate.exe
AutoUpdate.exe is the new generation of VX2 adware components.
AutoUpdate.exe runs from Windows startup registry keys.
Also, AutoUpdate alters the AppInitDLLs registry value to track all started processes and Internet activity.
AutoUpdate copies its body to the Windows\System32 folder.
AutoUpdate can change WinSock2 LSP chain.
It inserts the dolsp.dll into the LSP chain.

Related files:
0er8k4va.exe
Mkfxut.exe
pkdacs.exe
ywrqku.exe
msnavc32.exe
AutoUpdate.exe
winntcreate.exe
vwix32.exe
sysmonnt.exe
winhcek32.exe
qlykdnb.dll
rypgvtoimrl.exe
spwgoc.exe
msnavc32.exe
sysmonnt
hpdll.exe
w?wexec.exe
ffisearch.exe

Delete the files.
They are may be hidden.

C:\Program Files\0er8k4va\0er8k4va.exe
C:\WINDOWS\System32\Mkfxut.exe
C:\WINDOWS\system32\pkdacs.exe
C:\WINDOWS\System32\ywrqku.exe
C:\windows\system32\msnavc32.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\winntcreate.exe
C:\WINDOWS\System32\vwix32.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\winhcek32.exe
C:\WINDOWS\System32\qlykdnb.dll
C:\WINDOWS\System32\rypgvtoimrl.exe
C:\WINDOWS\System32\spwgoc.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\System32\sysmonnt
C:\Program Files\hpdll\hpdll.exe
C:\WINDOWS\System32\w?wexec.exe
C:\WINDOWS\isrvs\ffisearch.exe

Removal:
Use RegRun.
Clear Browser Helper Objects list.
Reset to default the AppInitDlls (Anti Spyware module).
Recover LSP using RegRun Winsock2 recovery.
Kill the processes and remove the virus files from Windows startup.

%program files%\bazookabar\activewin32.exe
ActiveWin32.exe is a Spyware.Bazookabar.
ActiveWin32.exe monitors user Internet activity.
Related files:
%ProgramFiles%\BazookaBar\ActiveWin32.exe
%ProgramFiles%\BazookaBar\Bar.exe
%ProgramFiles%\BazookaBar\BazookaBar.exe
%ProgramFiles%\BazookaBar\CloseExplorer.exe
%ProgramFiles%\BazookaBar\CloseExploreru.exe
%ProgramFiles%\BazookaBar\RegMfc.exe
%ProgramFiles%\BazookaBar\userstararticsbar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ActiveWin32.exe process and remove ActiveWin32.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bazookabar\bar.exe
Bar.exe is a Spyware.Bazookabar.
Bar.exe monitors user Internet activity.
Related files:
%ProgramFiles%\BazookaBar\ActiveWin32.exe
%ProgramFiles%\BazookaBar\Bar.exe
%ProgramFiles%\BazookaBar\BazookaBar.exe
%ProgramFiles%\BazookaBar\CloseExplorer.exe
%ProgramFiles%\BazookaBar\CloseExploreru.exe
%ProgramFiles%\BazookaBar\RegMfc.exe
%ProgramFiles%\BazookaBar\userstararticsbar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Bar.exe process and remove Bar.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bazookabar\bazookabar.exe
BazookaBar.exe is a Spyware.Bazookabar.
BazookaBar.exe monitors user Internet activity.
Related files:
%ProgramFiles%\BazookaBar\ActiveWin32.exe
%ProgramFiles%\BazookaBar\Bar.exe
%ProgramFiles%\BazookaBar\BazookaBar.exe
%ProgramFiles%\BazookaBar\CloseExplorer.exe
%ProgramFiles%\BazookaBar\CloseExploreru.exe
%ProgramFiles%\BazookaBar\RegMfc.exe
%ProgramFiles%\BazookaBar\userstararticsbar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill BazookaBar.exe process and remove BazookaBar.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bazookabar\regmfc.exe
RegMfc.exe is a Spyware.Bazookabar.
RegMfc.exe monitors user Internet activity.
Related files:
%ProgramFiles%\BazookaBar\ActiveWin32.exe
%ProgramFiles%\BazookaBar\Bar.exe
%ProgramFiles%\BazookaBar\BazookaBar.exe
%ProgramFiles%\BazookaBar\CloseExplorer.exe
%ProgramFiles%\BazookaBar\CloseExploreru.exe
%ProgramFiles%\BazookaBar\RegMfc.exe
%ProgramFiles%\BazookaBar\userstararticsbar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill RegMfc.exe process and remove RegMfc.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bazookabar\userstararticsbar.dll
userstararticsbar.dll is a Spyware.Bazookabar.
userstararticsbar.dll monitors user Internet activity.
Related files:
%ProgramFiles%\BazookaBar\ActiveWin32.exe
%ProgramFiles%\BazookaBar\Bar.exe
%ProgramFiles%\BazookaBar\BazookaBar.exe
%ProgramFiles%\BazookaBar\CloseExplorer.exe
%ProgramFiles%\BazookaBar\CloseExploreru.exe
%ProgramFiles%\BazookaBar\RegMfc.exe
%ProgramFiles%\BazookaBar\userstararticsbar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove userstararticsbar.dll from Windows startup using RegRun Startup Optimizer.

%program files%\bifrost\server.exe
%PROGRAM FILES%\Bifrost\server.exe is Backdoor.Bifrose.I.
Related files:
%ProgramFiles%\Bifrost\server.exe
%ProgramFiles%\Bifrost\klog.dat
Backdoor.Bifrose.I is a Trojan horse that opens a back door on the compromised computer.
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %PROGRAM FILES%\Bifrost\server.exe and remove %PROGRAM FILES%\Bifrost\server.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\blackbox7\class0117.exe
Class0117.exe is a Spyware.Blackbox.
Class0117.exe monitors user Internet activity.
Related files:
%ProgramFiles%\Blackbox7\class0117.exe
%ProgramFiles%\Blackbox7\Console.exe
%ProgramFiles%\Blackbox7\Dll\integ.dll
%ProgramFiles%\Blackbox7\Dll\Ldll.dll
%ProgramFiles%\Blackbox7\Dll\sysclass.dll
Adds the value:
"Registry" = "C:\Program Files\Blackbox7\class0117.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill class0117.exe process and remove class0117.exe from Windows startup using RegRun Startup Optimizer.

%program files%\blackbox7\console.exe
Console.exe is a Spyware.Blackbox.
Console.exe monitors user Internet activity.
Related files:
%ProgramFiles%\Blackbox7\class0117.exe
%ProgramFiles%\Blackbox7\Console.exe
%ProgramFiles%\Blackbox7\Dll\integ.dll
%ProgramFiles%\Blackbox7\Dll\Ldll.dll
%ProgramFiles%\Blackbox7\Dll\sysclass.dll
Adds the value:
"Registry" = "C:\Program Files\Blackbox7\class0117.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Console.exe process and remove Console.exe from Windows startup using RegRun Startup Optimizer.

%program files%\blackbox7\dll\integ.dll
integ.dll is a Spyware.Blackbox.
integ.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Blackbox7\class0117.exe
%ProgramFiles%\Blackbox7\Console.exe
%ProgramFiles%\Blackbox7\Dll\integ.dll
%ProgramFiles%\Blackbox7\Dll\Ldll.dll
%ProgramFiles%\Blackbox7\Dll\sysclass.dll
Adds the value:
"Registry" = "C:\Program Files\Blackbox7\class0117.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove integ.dll from Windows startup using RegRun Startup Optimizer.

%program files%\blackbox7\dll\ldll.dll
Ldll.dll is a Spyware.Blackbox.
Ldll.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Blackbox7\class0117.exe
%ProgramFiles%\Blackbox7\Console.exe
%ProgramFiles%\Blackbox7\Dll\integ.dll
%ProgramFiles%\Blackbox7\Dll\Ldll.dll
%ProgramFiles%\Blackbox7\Dll\sysclass.dll
Adds the value:
"Registry" = "C:\Program Files\Blackbox7\class0117.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Ldll.dll from Windows startup using RegRun Startup Optimizer.

%program files%\blackbox7\dll\sysclass.dll
Sysclass.dll is a Spyware.Blackbox.
Sysclass.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Blackbox7\class0117.exe
%ProgramFiles%\Blackbox7\Console.exe
%ProgramFiles%\Blackbox7\Dll\integ.dll
%ProgramFiles%\Blackbox7\Dll\Ldll.dll
%ProgramFiles%\Blackbox7\Dll\sysclass.dll
Adds the value:
"Registry" = "C:\Program Files\Blackbox7\class0117.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove sysclass.dll from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\adblck.dll
Adblck.dll is an adware program Adware.BrowserPal.
Adblck.dll is a Browser Helper Object.
Bp.exe downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove adblck.dll from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\adblck.exe
Adblck.exe is an adware program Adware.BrowserPal.
Adblck.exe is a Browser Helper Object.
Adblck.exe downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill adblck.exe process and remove adblck.exe from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\babarwnd.dll
BABarWnd.dll is an adware program Adware.BrowserPal.
BABarWnd.dll is a Browser Helper Object.
BABarWnd.dll downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove BABarWnd.dll from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\blckbho.dll
Blckbho.dll is an adware program Adware.BrowserPal.
Blckbho.dll is a Browser Helper Object.
Blckbho.dll downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove blckbho.dll from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\blckhk.dll
Blckhk.dll is an adware program Adware.BrowserPal.
Blckhk.dll is a Browser Helper Object.
Blckhk.dll downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove blckhk.dll from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\bp.exe
Bp.exe is an adware program Adware.BrowserPal.
Bp.exe is a Browser Helper Object.
Bp.exe downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill bp.exe process and remove bp.exe from Windows startup using RegRun Startup Optimizer.

%program files%\browser pal\bptlb.dll
Bptlb.dll is an adware program Adware.BrowserPal.
Bptlb.dll is a Browser Helper Object.
Bptlb.dll downloads and displays advertisements.
Related files:
browserpal.exe
%ProgramFiles%\Browser Pal\adblck.dll
%ProgramFiles%\Browser Pal\adblck.exe
%ProgramFiles%\Browser Pal\BABarWnd.dll
%ProgramFiles%\Browser Pal\blckbho.dll
%ProgramFiles%\Browser Pal\blckhk.dll
%ProgramFiles%\Browser Pal\bp.exe
%ProgramFiles%\Browser Pal\bptlb.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove bptlb.dll from Windows startup using RegRun Startup Optimizer.

%program files%\btv\breg_inst.exe
Breg_inst.exe is a mass-mailing worm .
Breg_inst.exe monitors user Internet activity.
Breg_inst.exe displays advertising information.
Related files:
%ProgramFiles%\BTV\btv.exe
%ProgramFiles%\BTV\breg_inst.exe
%ProgramFiles%\BTV\btvclean.exe
%ProgramFiles%\Common Files\Java\breg.cfg
%ProgramFiles%\Common Files\Java\breg.exe
Adds the value:
"BTV"="%ProgramFiles%\BTV\btv.exe"
"Breg"="%ProgramFiles%\Common Files\Java\breg.exe"
"BtvC"="%ProgramFiles%\BTV\btvclean.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill breg_inst.exe process and remove breg_inst.exe from Windows startup using RegRun Startup Optimizer.

%program files%\btv\btv.exe
Btv.exe is a mass-mailing worm .
Btv.exe monitors user Internet activity.
Btv.exe displays advertising information.
Related files:
%ProgramFiles%\BTV\btv.exe
%ProgramFiles%\BTV\breg_inst.exe
%ProgramFiles%\BTV\btvclean.exe
%ProgramFiles%\Common Files\Java\breg.cfg
%ProgramFiles%\Common Files\Java\breg.exe
Adds the value:
"BTV"="%ProgramFiles%\BTV\btv.exe"
"Breg"="%ProgramFiles%\Common Files\Java\breg.exe"
"BtvC"="%ProgramFiles%\BTV\btvclean.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill btv.exe process and remove btv.exe from Windows startup using RegRun Startup Optimizer.

%program files%\btv\btvclean.exe
Btvclean.exe is a mass-mailing worm .
Btvclean.exe monitors user Internet activity.
Btvclean.exe displays advertising information.
Related files:
%ProgramFiles%\BTV\btv.exe
%ProgramFiles%\BTV\breg_inst.exe
%ProgramFiles%\BTV\btvclean.exe
%ProgramFiles%\Common Files\Java\breg.cfg
%ProgramFiles%\Common Files\Java\breg.exe
Adds the value:
"BTV"="%ProgramFiles%\BTV\btv.exe"
"Breg"="%ProgramFiles%\Common Files\Java\breg.exe"
"BtvC"="%ProgramFiles%\BTV\btvclean.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill btvclean.exe process and remove btvclean.exe from Windows startup using RegRun Startup Optimizer.

%program files%\buddylinks.net\blpref.exe
Blpref.exe is an adware program Adware.Buddylinks.
Blpref.exe spreads by AOL Instant Messenger.
Blpref.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\buddylinks.net\Blpref.exe
%ProgramFiles%\Common Files\PSD Tools\ChannelUp.exe
%ProgramFiles%\Common Files\PSD Tools\Blaim.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.exe
%ProgramFiles%\Common Files\PSD Tools\Bldll.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Blpref.exe process and remove Blpref.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bullseye network\bin\adv.exe
adv.exe is an adware program Adware.BargainBuddy.
adv.exe downloads and displays advertisements.
Related files:
Apuc.dll;
Autoheal.exe
%System%\angelex.exe
%System%\instsrv.exe
%System%\msexreg.exe
%System%\bbchk.exe
%System%\exclean.exe
%System%\exdl.exe
%System%\exdl0.exe
%System%\exdl1.exe
%System%\exul.exe
%System%\msbe.dll
%System%\msxct.exe
%ProgramFiles%\BullsEye Network\bin\adv.exe
%ProgramFiles%\BullsEye Network\bin\adx.exe
%ProgramFiles%\BullsEye Network\bin\bargains.exe
%ProgramFiles%\BullsEye Network\Uninstall.exe
%Windows%\bbchk.exe
%Windows%\exclean.exe
%Windows%\exdl.exe
%Windows%\exul.exe
%Windows%\msbe.dll
%Windows%\msxct.exe
%Windows%\zeta.exe
Adds the value:
"[File name of adware]" = "[File path to adware]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill adv.exe process and remove adv.exe from Windows startup using RegRun Startup Optimizer.

%program files%\bullseye network\bin\adx.exe
Adx.exe is an adware program Adware.BargainBuddy.
Adx.exe downloads and displays advertisements.
Related files:
Apuc.dll;
Autoheal.exe
%System%\angelex.exe
%System%\instsrv.exe
%System%\msexreg.exe
%System%\bbchk.exe
%System%\exclean.exe
%System%\exdl.exe
%System%\exdl0.exe
%System%\exdl1.exe
%System%\exul.exe
%System%\msbe.dll
%System%\msxct.exe
%ProgramFiles%\BullsEye Network\bin\adv.exe
%ProgramFiles%\BullsEye Network\bin\adx.exe
%ProgramFiles%\BullsEye Network\bin\bargains.exe
%ProgramFiles%\BullsEye Network\Uninstall.exe
%Windows%\bbchk.exe
%Windows%\exclean.exe
%Windows%\exdl.exe
%Windows%\exul.exe
%Windows%\msbe.dll
%Windows%\msxct.exe
%Windows%\zeta.exe
Adds the value:
"[File name of adware]" = "[File path to adware]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill adx.exe process and remove adx.exe from Windows startup using RegRun Startup Optimizer.

%program files%\calorie-count.com toolbar\toolbar.dll
%PROGRAM FILES%\Calorie-Count.com Toolbar\toolbar.dll is Calorie-Count.com Toolbar by Conduit/EffectiveBrand.
Read more: http://www.castlecops.com/tk31159-Calori...
Kill the file %PROGRAM FILES%\Calorie-Count.com Toolbar\toolbar.dll and remove %PROGRAM FILES%\Calorie-Count.com Toolbar\toolbar.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\cas\client\casmf.dll
Casmf.dll is an adware program Adware.CasinoClient.
Casmf.dll displays advertisements.
Casmf.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Cas\Client\casclient.exe
%ProgramFiles%\Cas\Client\casmf.dll
%ProgramFiles%\CasStub\casstub.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove casmf.dll from Windows startup using RegRun Startup Optimizer.

%program files%\casstub\casstub.exe
Casstub.exe is an adware program Adware.CasinoClient.
Casstub.exe displays advertisements.
Casstub.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Cas\Client\casclient.exe
%ProgramFiles%\Cas\Client\casmf.dll
%ProgramFiles%\CasStub\casstub.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill casstub.exe process and remove casstub.exe from Windows startup using RegRun Startup Optimizer.

%program files%\catcher.dll
Catcher.dll is an adware program Adware.Shorty.
Catcher.dll is a Browser Helper Object.
Catcher.dll monitors user Internet activity.
Related files:
CommonProgramFiles%\services.exe
%CommonProgramFiles%\system32.dll
%Temp%\version.txt
%ProgramFiles%\Catcher.dll
%ProgramFiles%\gui.exe
%ProgramFiles%\cwebpage.dll
%ProgramFiles%\version.txt
%ProgramFiles%\x.bmp
%ProgramFiles%\*.dat
Adds the value:
"DNS" = "%CommonProgramFiles%\[FILE NAME].exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Catcher.dll from Windows startup using RegRun Startup Optimizer.

%program files%\chironexsoftware\browserspy\browserspy.dll
BrowserSpy.dll is a Spyware.BrowserSpy.
BrowserSpy.dll is an Internet Explorer spy utility.
BrowserSpy.dll monitors user Internet activity.
Related files:
%ProgramFiles%\ChironexSoftware\BrowserSpy\BrowserSpy.dll
%ProgramFiles%\ChironexSoftware\BrowserSpy\SciLexer.dll
Adds the value:
"SciLexer"="%ProgramFiles%\ChironexSoftware\BrowserSpy\SciLexer.dll"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove BrowserSpy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\chironexsoftware\browserspy\scilexer.dll
SciLexer.dll is a Spyware.BrowserSpy.
SciLexer.dll is an Internet Explorer spy utility.
SciLexer.dll monitors user Internet activity.
Related files:
%ProgramFiles%\ChironexSoftware\BrowserSpy\BrowserSpy.dll
%ProgramFiles%\ChironexSoftware\BrowserSpy\SciLexer.dll
Adds the value:
"SciLexer"="%ProgramFiles%\ChironexSoftware\BrowserSpy\SciLexer.dll"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove SciLexer.dll from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\csaolinst.dll
csAOLinst.DLL is an adware program Adware.ClearSearch.
csAOLinst.DLL downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove csAOLinst.DLL from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\csie.dll
CSIE.dll is an adware program Adware.ClearSearch.
CSIE.dll downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove CSIE.dll from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\csieinst.dll
CSIEINST.dll is an adware program Adware.ClearSearch.
CSIEINST.dll downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove CSIEINST.dll from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\csldrupdater.dll
csLDRupdater.DLL is an adware program Adware.ClearSearch.
csLDRupdater.DLL downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove csLDRupdater.DLL from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\csp001.exe
CSP001.exe is an adware program Adware.ClearSearch.
CSP001.exe downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill CSP001.exe process and remove CSP001.exe from Windows startup using RegRun Startup Optimizer.

%program files%\clearsearch\delete me.exe
Delete me.exe is an adware program Adware.ClearSearch.
Delete me.exe downloads and displays advertisements.
Related files:
%Program Files%\ClearSearch\Loader.exe
%Program Files%\ClearSearch\Delete me.exe
%Program Files%\ClearSearch\CSP001.exe
%Program Files%\ClearSearch\csLDRupdater.DLL
%Program Files%\ClearSearch\csAOLinst.DLL
%Program Files%\ClearSearch\CSIE.dll
%Program Files%\ClearSearch\CSIEINST.dll
%ProgramFiles%\5whgue21\5whgue21.exe
Adds the value:
"ClrSchLoader" = "[original executable path]"
"CSV10P1" = "%ProgramFiles%\CSBB\CSP001.exe"
"5whgue21" = "%ProgramFiles%\5whgue21\5whgue21.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Delete me.exe process and remove Delete me.exe from Windows startup using RegRun Startup Optimizer.

%program files%\cmapp\client\cmappclient.exe
Cmappclient.exe is a Trojan.Cmapp.
Cmappclient.exe downloads and display advertisements.
Cmappclient.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill cmappclient.exe process and remove cmappclient.exe from Windows startup using RegRun Startup Optimizer.

%program files%\cmapp\client\cmappmf.dll
Cmappmf.dll is a Trojan.Cmapp.
Cmappmf.dll downloads and display advertisements.
Cmappmf.dll tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove cmappmf.dll from Windows startup using RegRun Startup Optimizer.

%program files%\cmapp\cmappstub.exe
Cmappstub.exe is a Trojan.Cmapp.
Cmappstub.exe downloads and display advertisements.
Cmappstub.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill cmappstub.exe process and remove cmappstub.exe from Windows startup using RegRun Startup Optimizer.

%program files%\coding workshop\cnalvin.exe
Cnalvin.exe is a Spyware.PCSuperSpy.
Cnalvin.exe logs keystrokes.
Cnalvin.exe monitors user Internet activity.
Related files:
%ProgramFiles%\Coding Workshop\cnalvin.exe
%ProgramFiles%\Coding Workshop\cnalvwsi.exe
%System%\SSPng.dll
%System%\SSubTmr6.dll
%System%\vbalGrid6.ocx
%System%\vbalIml6.ocx
%System%\vbar332.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill cnalvin.exe process and remove cnalvin.exe from Windows startup using RegRun Startup Optimizer.

%program files%\coding workshop\cnalvwsi.exe
Cnalvwsi.exe is a Spyware.PCSuperSpy.
Cnalvwsi.exe logs keystrokes.
Cnalvwsi.exe monitors user Internet activity.
Related files:
%ProgramFiles%\Coding Workshop\cnalvin.exe
%ProgramFiles%\Coding Workshop\cnalvwsi.exe
%System%\SSPng.dll
%System%\SSubTmr6.dll
%System%\vbalGrid6.ocx
%System%\vbalIml6.ocx
%System%\vbar332.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill cnalvwsi.exe process and remove cnalvwsi.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\_isres1033.dll
_ISRES1033.dll is a Spyware.PCTattletale.
_ISRES1033.dll logs keystrokes.
_ISRES1033.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove _ISRES1033.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\idriver.exe
IDriver.exe is a Spyware.PCTattletale.
IDriver.exe logs keystrokes.
IDriver.exe monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill IDriver.exe process and remove IDriver.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\iscript7.dll
IScript7.dll is a Spyware.PCTattletale.
IScript7.dll logs keystrokes.
IScript7.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove IScript7.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\isrt.dll
ISRT.dll is a Spyware.PCTattletale.
ISRT.dll logs keystrokes.
ISRT.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove ISRT.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\iuser7.dll
IUser7.dll is a Spyware.PCTattletale.
IUser7.dll logs keystrokes.
IUser7.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove IUser7.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\installshield\driver\7\intel 32\objps7.dll
objps7.dll is a Spyware.PCTattletale.
objps7.dll logs keystrokes.
objps7.dll monitors user Internet activity.
Related files:
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IScript7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\ISRT.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\IUser7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\objps7.dll
%ProgramFiles%\Common Files\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
%System%\explorer32\AutoUpdate.dll
%System%\explorer32\AutoUpdateClient.exe
%System%\explorer32\chattext.dll
%System%\explorer32\msn6mngr.exe
%System%\explorer32\Netlogon.exe
%System%\explorer32\Wincmd.exe
%System%\explorer32\WinSysMngr.exe
%System%\MSN32.dll
%System%\PCTT.exe
%System%\UninstallPCTT.exe
%System%\Unzip32.dll
%System%\WinLoad.exe
%System%\zip32.dll
Adds the value:
"(default)" = ""
"WinLoad" = "%System%\Winload.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove objps7.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\java\breg.exe
Breg.exe is a mass-mailing worm .
Breg.exe monitors user Internet activity.
Breg.exe displays advertising information.
Related files:
%ProgramFiles%\BTV\btv.exe
%ProgramFiles%\BTV\breg_inst.exe
%ProgramFiles%\BTV\btvclean.exe
%ProgramFiles%\Common Files\Java\breg.cfg
%ProgramFiles%\Common Files\Java\breg.exe
Adds the value:
"BTV"="%ProgramFiles%\BTV\btv.exe"
"Breg"="%ProgramFiles%\Common Files\Java\breg.exe"
"BtvC"="%ProgramFiles%\BTV\btvclean.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill breg.exe process and remove breg.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\psd tools\blaim.dll
Blaim.dll is an adware program Adware.Buddylinks.
Blaim.dll spreads by AOL Instant Messenger.
Blaim.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\buddylinks.net\Blpref.exe
%ProgramFiles%\Common Files\PSD Tools\ChannelUp.exe
%ProgramFiles%\Common Files\PSD Tools\Blaim.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.exe
%ProgramFiles%\Common Files\PSD Tools\Bldll.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Blaim.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\psd tools\bldll.exe
Bldll.exe is an adware program Adware.Buddylinks.
Bldll.exe spreads by AOL Instant Messenger.
Bldll.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\buddylinks.net\Blpref.exe
%ProgramFiles%\Common Files\PSD Tools\ChannelUp.exe
%ProgramFiles%\Common Files\PSD Tools\Blaim.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.exe
%ProgramFiles%\Common Files\PSD Tools\Bldll.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Bldll.exe process and remove Bldll.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\psd tools\blengine.dll
Blengine.dll is an adware program Adware.Buddylinks.
Blengine.dll spreads by AOL Instant Messenger.
Blengine.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\buddylinks.net\Blpref.exe
%ProgramFiles%\Common Files\PSD Tools\ChannelUp.exe
%ProgramFiles%\Common Files\PSD Tools\Blaim.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.exe
%ProgramFiles%\Common Files\PSD Tools\Bldll.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Blengine.dll from Windows startup using RegRun Startup Optimizer.

%program files%\common files\psd tools\blengine.exe
Blengine.exe is an adware program Adware.Buddylinks.
Blengine.exe spreads by AOL Instant Messenger.
Blengine.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\buddylinks.net\Blpref.exe
%ProgramFiles%\Common Files\PSD Tools\ChannelUp.exe
%ProgramFiles%\Common Files\PSD Tools\Blaim.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.dll
%ProgramFiles%\Common Files\PSD Tools\Blengine.exe
%ProgramFiles%\Common Files\PSD Tools\Bldll.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Blengine.exe process and remove Blengine.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\services.exe
Mass mailing worm W32.Crowt.
Adds the values:
"Services Logon" = "%Templates%\services.exe"
"Services Startup" = "%CommonProgramFiles%\services.exe"
to Windows startup registry keys.
%Templates% is a variable that refers to the Templates folder. By default this is C:\Documents and Settings\[user name]\Templates.
Opens a browser window displaying a Web page on the www.cnn.com domain.
Steals passwords to %Windir%\temp\keys.tmp.
Opens a backdoor by connecting to the host cocoazul.ath.cx on TCP port 80.
Allows teh remote control.
Kill it using RegRun Startup Optimizer,

%program files%\common files\system\ado\mssrv.exe
Mssrv.exe is a Trojan PWSteal.Drorar.
Mssrv.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\Common Files\system\ado\mssrv.exe
%Program Files%\Common Files\system\svchost.exe
%Windir%\WindowsUpdate.dat
%Windir%\sclureg32a.dll
%Windir%\winsock_32a.dll
Adds the value:
"PathName" = "%Windir%\winsock_32a.dll"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill mssrv.exe process and remove mssrv.exe from Windows startup using RegRun Startup Optimizer.

%program files%\common files\systemdata\svchost.exe
%PROGRAM FILES%\Common Files\Systemdata\svchost.exe is W32.Kenety.
W32.Kenety is a worm that opens a back door on the compromised computer and spreads by exploiting the RealVNC Remote Authentication Bypass Vulnerability (BID 17978).
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %PROGRAM FILES%\Common Files\Systemdata\svchost.exe and remove %PROGRAM FILES%\Common Files\Systemdata\svchost.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\common files\update\update.exe
%PROGRAM FILES%\Common Files\update\update.exe is Trojan.Dowiex.
Related files:
%ProgramFiles%\Common Files\update\update.exe
%ProgramFiles%\Common Files\update\update1.exe
%ProgramFiles%\Common Files\update\update2.exe
%ProgramFiles%\Common Files\update\update3.exe
%ProgramFiles%\Common Files\update\update4.exe
%ProgramFiles%\Common Files\update\update5.exe
%ProgramFiles%\Common Files\update\update6.exe
%ProgramFiles%\Common Files\update\update7.exe
%ProgramFiles%\Common Files\update\update8.exe
%ProgramFiles%\Common Files\update\update9.exe
%ProgramFiles%\Common Files\update\update0.exe
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %PROGRAM FILES%\Common Files\update\update.exe and remove %PROGRAM FILES%\Common Files\update\update.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\common files\updmgr\updmgr.exe
Adware supplied by eUniverse.com. KeenValue/v1 runs at startup, generates popup ads,
and is the original version. KeenValue/Incredifind adds capability, via a second process:
monitors web sites visited, so that ads may be targeted;

- hijacks the hosts file and redirects Netscape searches to incredifind.com;
- hijacks error pages and address bar searches to incredifind.com, which is then redirected to
sirsearch.com;
- adds an Internet Explorer toolbar providing a search field directed to sirsearch.com.
Read more:
http://pestpatrol.com/pestinfo/e/euniver...
Remove it from startup.

%program files%\cwebpage.dll
Cwebpage.dll is an adware program Adware.Shorty.
Cwebpage.dll is a Browser Helper Object.
Cwebpage.dll monitors user Internet activity.
Related files:
CommonProgramFiles%\services.exe
%CommonProgramFiles%\system32.dll
%Temp%\version.txt
%ProgramFiles%\Catcher.dll
%ProgramFiles%\gui.exe
%ProgramFiles%\cwebpage.dll
%ProgramFiles%\version.txt
%ProgramFiles%\x.bmp
%ProgramFiles%\*.dat
Adds the value:
"DNS" = "%CommonProgramFiles%\[FILE NAME].exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove cwebpage.dll from Windows startup using RegRun Startup Optimizer.

%program files%\dap\dapbho.dll
%PROGRAM FILES%\DAP\dapbho.dll is Adware.DAP.
Kill the file %PROGRAM FILES%\DAP\dapbho.dll and remove %PROGRAM FILES%\DAP\dapbho.dll from Windows startup using RegRun.
www.regrun.com
Read more: http://www.speedbit.com/Symantec_Securit...

%program files%\dashbar.dll
DashBar.dll is a spyware SPYW_DASHBAR.300.
DashBar.dll installs an Internet Explorer toolbar.
Related files:
%Program Files%\DashBar25.dll
%Program Files%\DashBarSetup.log
%Program Files%\DASHBARWEBSITE.URL
%Program Files%\DbAu.exe
%Program Files%\DashBar.dll
More info: http://www.trendmicro.com/vinfo/grayware...
Removal:
Remove DashBar.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\dashbar25.dll
DashBar25.dll is a spyware SPYW_DASHBAR.300.
DashBar25.dll installs an Internet Explorer toolbar.
Related files:
%Program Files%\DashBar25.dll
%Program Files%\DashBarSetup.log
%Program Files%\DASHBARWEBSITE.URL
%Program Files%\DbAu.exe
%Program Files%\DashBar.dll
More info: http://www.trendmicro.com/vinfo/grayware...
Removal:
Remove DashBar25.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\dbau.exe
DbAu.exe is a spyware SPYW_DASHBAR.300.
DbAu.exe installs an Internet Explorer toolbar.
Related files:
%Program Files%\DashBar25.dll
%Program Files%\DashBarSetup.log
%Program Files%\DASHBARWEBSITE.URL
%Program Files%\DbAu.exe
%Program Files%\DashBar.dll
More info: http://www.trendmicro.com/vinfo/grayware...
Removal:
Kill the process DbAu.exe and remove DbAu.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\desktop scout 3\dtsview.dll
Dtsview.dll is a Spyware.DesktopScout.
Dtsview.dll monitors user activity and can control the computer.
Related files:
%ProgramFiles%\Desktop Scout 3\svcagnt.exe
%ProgramFiles%\Desktop Scout 3\dtsview.exe
%ProgramFiles%\Desktop Scout 3\dtsview.dll
%ProgramFiles%\Desktop Scout 3\unins000.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove dtsview.dll from Windows startup using RegRun Startup Optimizer.

%program files%\desktop scout 3\dtsview.exe
Dtsview.exe is a Spyware.DesktopScout.
Dtsview.exe monitors user activity and can control the computer.
Related files:
%ProgramFiles%\Desktop Scout 3\svcagnt.exe
%ProgramFiles%\Desktop Scout 3\dtsview.exe
%ProgramFiles%\Desktop Scout 3\dtsview.dll
%ProgramFiles%\Desktop Scout 3\unins000.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill dtsview.exe process and remove dtsview.exe from Windows startup using RegRun Startup Optimizer.

%program files%\desktop scout 3\svcagnt.exe
Svcagnt.exe is a Spyware.DesktopScout.
Svcagnt.exe monitors user activity and can control the computer.
Related files:
%ProgramFiles%\Desktop Scout 3\svcagnt.exe
%ProgramFiles%\Desktop Scout 3\dtsview.exe
%ProgramFiles%\Desktop Scout 3\dtsview.dll
%ProgramFiles%\Desktop Scout 3\unins000.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill svcagnt.exe process and remove svcagnt.exe from Windows startup using RegRun Startup Optimizer.

%program files%\digikeygen\digikeygen.exe
%PROGRAM FILES%\DigiKeygen\digikeygen.exe is Trojan/Backdoor.
More info: http://www.sophos.com/virusinfo/analyses...
Kill the process digikeygen.exe and remove digikeygen.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\ds\config.exe
Config.exe is a Spyware.DSpy.
Config.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\DS\UNWISE.EXE
%System%\ijl11.dll
%System%\msvbvm60.dll
%ProgramFiles%\DS\DSPY.exe
%ProgramFiles%\DS\ijl11.dll
%ProgramFiles%\DS\Config.exe
%ProgramFiles%\DS\DSPY.cnt
%ProgramFiles%\DS\Dspy.hlp
Adds the value:
"DHPY" = "%ProgramFiles%\DS\DSPY.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Config.exe process and remove Config.exe from Windows startup using RegRun Startup Optimizer.

%program files%\ds\dspy.exe
DSPY.exe is a Spyware.DSpy.
DSPY.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\DS\UNWISE.EXE
%System%\ijl11.dll
%System%\msvbvm60.dll
%ProgramFiles%\DS\DSPY.exe
%ProgramFiles%\DS\ijl11.dll
%ProgramFiles%\DS\Config.exe
%ProgramFiles%\DS\DSPY.cnt
%ProgramFiles%\DS\Dspy.hlp
Adds the value:
"DHPY" = "%ProgramFiles%\DS\DSPY.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill DSPY.exe process and remove DSPY.exe from Windows startup using RegRun Startup Optimizer.

%program files%\ds\unwise.exe
UNWISE.EXE is a Spyware.DSpy.
UNWISE.EXE monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\DS\UNWISE.EXE
%System%\ijl11.dll
%System%\msvbvm60.dll
%ProgramFiles%\DS\DSPY.exe
%ProgramFiles%\DS\ijl11.dll
%ProgramFiles%\DS\Config.exe
%ProgramFiles%\DS\DSPY.cnt
%ProgramFiles%\DS\Dspy.hlp
Adds the value:
"DHPY" = "%ProgramFiles%\DS\DSPY.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill UNWISE.EXE process and remove UNWISE.EXE from Windows startup using RegRun Startup Optimizer.

%program files%\e2g\iebhos.dll
iebhos.dll is a Spyware.e2give.
iebhos.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\E2g\iebhos.dll
%Windir%\pi1.exe
%System%\pruttct.exe
%System%\skytown.exe
%System%\prutpct.exe
%System%\ptech.exe
%System%\prutsct.exe
%System%\ptech.exe
%System%\askearth17.exe
%UserProfile%\Desktop\filgmo.exe
%UserProfile%\Local Settings\Temp\ei.exe
Adds the value:
"pruttct" = "[path to Adware]"
"filgmo" = "C:\Documents and Settings\symantec\Desktop\filgmo.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove iebhos.dll from Windows startup using RegRun Startup Optimizer.

%program files%\eiafasrk.dll
eiafasrk.dll is a worm W32.Dasher-D.
eiafasrk.dll spreads by exploiting the MSDTC (MS05-051) vulnerability.
eiafasrk.dll tries to terminate antiviral programs installed on a user computer.
Related files:
%Program Files%\eiafasrk.dl1
%Program Files%\eiafasrk.dll
%Program Files%\eiafasrk.sys
%System%\wins\SqlExp.exe
%System%\wins\SqlExp1.exe
%System%\wins\SqlExp2.exe
%System%\wins\SqlExp3.exe
%System%\wins\SqlScan.exe
%System%\wins\Sqltob.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Remove eiafasrk.dll from Windows startup using RegRun Startup Optimizer.

%program files%\eitcwd\eitcwd.exe
Eitcwd.exe is a Spyware.ExploitChildWD.
Eitcwd.exe logs keystrokes.
Eitcwd.exe monitors user Internet activity.
Related files:
%ProgramFiles%\eitcwd\eitcwd.exe
%ProgramFiles%\eitcwd\eitwmon.exe
%System%\SSPng.dll
%System%\SSubTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill eitcwd.exe process and remove eitcwd.exe from Windows startup using RegRun Startup Optimizer.

%program files%\eitcwd\eitwmon.exe
Eitwmon.exe is a Spyware.ExploitChildWD.
Eitwmon.exe logs keystrokes.
Eitwmon.exe monitors user Internet activity.
Related files:
%ProgramFiles%\eitcwd\eitcwd.exe
%ProgramFiles%\eitcwd\eitwmon.exe
%System%\SSPng.dll
%System%\SSubTmr6.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill eitwmon.exe process and remove eitwmon.exe from Windows startup using RegRun Startup Optimizer.

%program files%\eqadvice\eqadvice.exe
%PROGRAM FILES%\eqadvice\eqadvice.exe is Trojan/Backdoor.
Kill the process eqadvice.exe and remove %PROGRAM FILES%\eqadvice\ from Windows.

%program files%\esyndicate\esyn.dll
Esyn.dll is an adware program Adware.eSyndicate.
Esyn.dll display advertisements.
Esyn.dll monitors user Internet activity.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\eSyndicate\esyn.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove esyn.dll from Windows startup using RegRun Startup Optimizer.

%program files%\evol.exe
Evol.exe is a mass-mailing worm W32.Alco.AB@mm.
Evol.exe opens a back door on random TCP port.
Evol.exe spreads by e-mail and via open network shares.
Related files:
%Windir%\Taskman.exe
%Windir%\Notepad.exe
%Windir%\Wjview.exe
%Windir%\Errorlog.exe
%ProgramFiles%\Evol.exe
%ProgramFiles%\Msn.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Evol.exe process and remove Evol.exe from Windows startup using RegRun Startup Optimizer.

%program files%\fastfinder\fftoolbar.dll
fftoolbar.dll is a Adware.FFToolBar.
fftoolbar.dll display advertisements.
Related files:
%ProgramFiles%\FastFinder\fftoolbar.dll
%System%\ShowFF.exe
%Windir%\CJet.exe
%Windir%\nnmgr.exe
%Windir%\omi.dll
Adds the value:
"ShowFF" = "C:\Windows\System32\ShowFF.exe"
"nnmgr" = "C:\Windows\nnmgr.exe"
"CJET" = "C:\Windows\CJet.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove fftoolbar.dll from Windows startup using RegRun Startup Optimizer.

%program files%\firefly\windebug.exe
WinDeBug.exe is a Trojan.FireFly-A.
WinDeBug.exe opens a back door.
Related files:
%Program Files%\FireFly\WinDeBug.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill WinDeBug.exe process and remove WinDeBug.exe from Windows startup using RegRun Startup Optimizer.

%program files%\freemovies.exe
freeMovies.exe is a Trojan.Myftu.
freeMovies.exe registers porn service without notification.
freeMovies.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill freeMovies.exe process and remove freeMovies.exe from Windows startup using RegRun Startup Optimizer.

%program files%\ggauoxh\abjc.exe
ABJC.EXE is Adware/Spyware.
Kill the process ABJC.EXE and remove ABJC.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\gui.exe
Gui.exe is an adware program Adware.Shorty.
Gui.exe is a Browser Helper Object.
Gui.exe monitors user Internet activity.
Related files:
CommonProgramFiles%\services.exe
%CommonProgramFiles%\system32.dll
%Temp%\version.txt
%ProgramFiles%\Catcher.dll
%ProgramFiles%\gui.exe
%ProgramFiles%\cwebpage.dll
%ProgramFiles%\version.txt
%ProgramFiles%\x.bmp
%ProgramFiles%\*.dat
Adds the value:
"DNS" = "%CommonProgramFiles%\[FILE NAME].exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill gui.exe process and remove gui.exe from Windows startup using RegRun Startup Optimizer.

%program files%\hamemov.exe
Hamemov.exe is a Trojan.Myftu.
Hamemov.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\hamemov.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill hamemov.exe process and remove hamemov.exe from Windows startup using RegRun Startup Optimizer.

%program files%\hqvideo\uninstall.exe
%Program Files%\HQvideo\Uninstall.exe is Trojan.Flush.J.
Related files:
%UserProfile%\Start Menu\Programs\HQvideo\Uninstall.lnk
%Program Files%\HQvideo\Uninstall.exe
%System%\[RANDOM NAME].exe
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %Program Files%\HQvideo\Uninstall.exe and remove %Program Files%\HQvideo\Uninstall.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\humour toolbar\humour.dll
%PROGRAM FILES%\Humour Toolbar\humour.dll is Adware.MegaKiss.
Kill the file %PROGRAM FILES%\Humour Toolbar\humour.dll and remove %PROGRAM FILES%\Humour Toolbar\humour.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\ietoolbar\toolbar.dll
%PROGRAM FILES%\IEToolbar\toolbar.dll is Spyware.IEToolbar.
Related files:
Searchit_toolbar.exe
searchit_toolbar.cab
Kill the file %PROGRAM FILES%\IEToolbar\toolbar.dll from Windows using RegRun.
www.regrun.com
Read more: http://securityresponse.symantec.com/avc...

%program files%\instafink\instafin.dll
instafin.dll is an Adware.InstaFinder.
instafin.dll is a Browser Helper Object.
instafin.dll displays advertisements.
instafin.dll downloads other adware programs.
Related files:
%ProgramFiles%\INSTAFINK\instafink.dll
%ProgramFiles%\INSTAFINK\instafin.dll
%ProgramFiles%\INSTAFINK\instafinderk_inst.exe
%ProgramFiles%\INSTAFINK\instafinder_inst.exe
Adds the value:
"InstaFinderK" = "%ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Remove instafin.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\instafink\instafinder_inst.exe
instafinder_inst.exe is an Adware.InstaFinder.
instafinder_inst.exe is a Browser Helper Object.
instafinder_inst.exe displays advertisements.
instafinder_inst.exe downloads other adware programs.
Related files:
%ProgramFiles%\INSTAFINK\instafink.dll
%ProgramFiles%\INSTAFINK\instafin.dll
%ProgramFiles%\INSTAFINK\instafinderk_inst.exe
%ProgramFiles%\INSTAFINK\instafinder_inst.exe
Adds the value:
"InstaFinderK" = "%ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process instafinder_inst.exe and remove instafinder_inst.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\instafink\instafinderk_inst.exe
instafinderk_inst.exe is an Adware.InstaFinder.
instafinderk_inst.exe is a Browser Helper Object.
instafinderk_inst.exe displays advertisements.
instafinderk_inst.exe downloads other adware programs.
Related files:
%ProgramFiles%\INSTAFINK\instafink.dll
%ProgramFiles%\INSTAFINK\instafin.dll
%ProgramFiles%\INSTAFINK\instafinderk_inst.exe
%ProgramFiles%\INSTAFINK\instafinder_inst.exe
Adds the value:
"InstaFinderK" = "%ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process instafinderk_inst.exe and remove instafinderk_inst.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\instafink\instafink.dll
instafink.dll is an Adware.InstaFinder.
instafink.dll is a Browser Helper Object.
instafink.dll displays advertisements.
instafink.dll downloads other adware programs.
Related files:
%ProgramFiles%\INSTAFINK\instafink.dll
%ProgramFiles%\INSTAFINK\instafin.dll
%ProgramFiles%\INSTAFINK\instafinderk_inst.exe
%ProgramFiles%\INSTAFINK\instafinder_inst.exe
Adds the value:
"InstaFinderK" = "%ProgramFiles%\INSTAFINK\InstaFinderK_inst.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Remove instafink.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\internet explorer\setup12.exe
%PROGRAM FILES%\internet explorer\setup12.exe is HotWebFinder.Winbrume adware.
Related files:
%PROGRAM_FILES%\ internet explorer\ lock.exe
%PROGRAM_FILES%\ internet explorer\ setup12.exe
%PROGRAM_FILES%\ internet explorer\ update.exe
%SYSTEM%\ ke7dnl.sys
%SYSTEM%\ win32hlp.exe
%SYSTEM%\ win32hp.dll
%SYSTEM%\ winbrume.dll
%windows%\ cpu.exe
0.exe
1184.exe
c:\ eexplek.exe
c:\ exefile.exe
c:\ hpdjyy.exe
c:\ tytymh.exe
exefile.exe
lock2.exe
new.exe
new2.exe
setup.exe
socks.exe
test.exe
tmp01.exe
w.exe
win32hp.dll
winbrume.dll
Read more: http://research.sunbelt-software.com/thr...
Kill the process %PROGRAM FILES%\internet explorer\setup12.exe and remove %PROGRAM FILES%\internet explorer\setup12.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\internet explorer\syssmss.exe
syssmss.exe is a Trojan.Lanxue-K.
syssmss.exe opens a back door.
syssmss.exe spreads via open network shares.
Related files:
%Program Files%\Internet Explorer\syssmss.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill syssmss.exe process and remove syssmss.exe from Windows startup using RegRun Startup Optimizer.

%program files%\internet explorer\systrsy.exe
Systrsy.exe is a Trojan.Cdtray.
Systrsy.exe opens and closes the CD-ROM drive.
Related files:
%ProgramFiles%\Internet Explorer\Systrsy.exe
%ProgramFiles%\Autorun.inf
Adds the value:
"(Default)" = "%Progam Files%\Internet Explorer\Systrsy.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Systrsy.exe process and remove Systrsy.exe from Windows startup using RegRun Startup Optimizer.

%program files%\internet keyword\inetmgr.exe
Internet Keyword\inetmgr.exe is Trojan/Backdoor.
Kill the process inetmgr.exe and remove %PROGRAM FILES%\Internet Keyword\inetmgr.exe from Windows startup.

%program files%\ipwins\ipwins.exe
%PROGRAM FILES%\ipwins\ipwins.exe is Adware Maxfiles.
Related files:
%APPDATA%\SECTASKMAN\IPWINS.EXE.Q_B744601_Q
%CACHE%\CONTENT.IE5\????????\119[1].AVI
%profiles%\owen\local set...s\content.ie5\fy8jftgh\119[1].AVI
Kill the process %PROGRAM FILES%\ipwins\ipwins.exe and remove %PROGRAM FILES%\ipwins\ipwins.exe from Windows startup using RegRun.
www.regrun.com

%program files%\jthabckeylogger\abckey.dll
Abckey.dll is a Spyware.ABCKeylogger.
Abckey.dll is a keystroke and screenshot-logging program.
Related files:
%ProgramFiles%\JthABCKeylogger\abckey.dll
%ProgramFiles%\JthABCKeylogger\forgotpass.exe
%ProgramFiles%\JthABCKeylogger\keylogger.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove abckey.dll from Windows startup using RegRun Startup Optimizer.

%program files%\jthabckeylogger\forgotpass.exe
Forgotpass.exe is a Spyware.ABCKeylogger.
Forgotpass.exe is a keystroke and screenshot-logging program.
Related files:
%ProgramFiles%\JthABCKeylogger\abckey.dll
%ProgramFiles%\JthABCKeylogger\forgotpass.exe
%ProgramFiles%\JthABCKeylogger\keylogger.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill forgotpass.exe process and remove forgotpass.exe from Windows startup using RegRun Startup Optimizer.

%program files%\keycl\keytrial.exe
keytrial.exe is a Spyware.KeyCollect.
keytrial.exe logs keystrokes.
Related files:
%Windir%\winrv3e.exe
%ProgramFiles%\keycl\keytrial.exe
%ProgramFiles%\keycl\readme.txt
Adds the value:
"Wdrvfig7" = "%Windir%\WINRV3E.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill keytrial.exe process and remove keytrial.exe from Windows startup using RegRun Startup Optimizer.

%program files%\keykey\keykey.exe
Keykey.exe is a Spyware.KeyKey.
Keykey.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\KEYKEY\slman.exe
%ProgramFiles%\KEYKEY\slview.exe
%System%\sldrv.dll
%System%\zlib.dll
%System%\loadwin.exe
%ProgramFiles%\KEYKEY\keykey.exe
%ProgramFiles%\KEYKEY\kkmon.exe
%System%\kkdrv.dll
%System%\loadkk.exe
Adds the value:
"SL Loader" = "loadwin.exe"
"KK Loader" = "%System%\loadkk.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill keykey.exe process and remove keykey.exe from Windows startup using RegRun Startup Optimizer.

%program files%\keykey\kkmon.exe
Kkmon.exe is a Spyware.KeyKey.
Kkmon.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\KEYKEY\slman.exe
%ProgramFiles%\KEYKEY\slview.exe
%System%\sldrv.dll
%System%\zlib.dll
%System%\loadwin.exe
%ProgramFiles%\KEYKEY\keykey.exe
%ProgramFiles%\KEYKEY\kkmon.exe
%System%\kkdrv.dll
%System%\loadkk.exe
Adds the value:
"SL Loader" = "loadwin.exe"
"KK Loader" = "%System%\loadkk.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill kkmon.exe process and remove kkmon.exe from Windows startup using RegRun Startup Optimizer.

%program files%\keykey\slman.exe
Slman.exe is a Spyware.KeyKey.
Slman.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\KEYKEY\slman.exe
%ProgramFiles%\KEYKEY\slview.exe
%System%\sldrv.dll
%System%\zlib.dll
%System%\loadwin.exe
%ProgramFiles%\KEYKEY\keykey.exe
%ProgramFiles%\KEYKEY\kkmon.exe
%System%\kkdrv.dll
%System%\loadkk.exe
Adds the value:
"SL Loader" = "loadwin.exe"
"KK Loader" = "%System%\loadkk.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill slman.exe process and remove slman.exe from Windows startup using RegRun Startup Optimizer.

%program files%\keykey\slview.exe
Slview.exe is a Spyware.KeyKey.
Slview.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\KEYKEY\slman.exe
%ProgramFiles%\KEYKEY\slview.exe
%System%\sldrv.dll
%System%\zlib.dll
%System%\loadwin.exe
%ProgramFiles%\KEYKEY\keykey.exe
%ProgramFiles%\KEYKEY\kkmon.exe
%System%\kkdrv.dll
%System%\loadkk.exe
Adds the value:
"SL Loader" = "loadwin.exe"
"KK Loader" = "%System%\loadkk.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill slview.exe process and remove slview.exe from Windows startup using RegRun Startup Optimizer.

%program files%\mbkwbar\ietoolbar.dll
IEToolBar.dll is an adware program Adware.MBKWbar.
IEToolBar.dll displays advertisements.
Related files:
%ProgramFiles%\MBKWBar\IEToolBar.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove IEToolBar.dll from Windows startup using RegRun Startup Optimizer.

%program files%\mch.exe
mch.exe is a Trojan.Myftu.
mch.exe registers porn service without notification.
mch.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill mch.exe process and remove mch.exe from Windows startup using RegRun Startup Optimizer.

%program files%\media access\mediaaccc.dll
MediaAccC.dll is a Trojan.Podrop-C.
MediaAccC.dll tries to terminate antiviral programs installed on a user computer.
Related files:
%Program Files%\Media Access\Info.txt
%Program Files%\Media Access\MediaAccC.dll
%Program Files%\Media Access\MediaAccK.exe
%Program Files%\Media Access\MediaAccess.exe
%Windows%\win.exe
%System%\nub-san.exe
%System%\xpjava.exe
%System%\msdirectx.sys
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Remove MediaAccC.dll from Windows startup using RegRun Startup Optimizer.

%program files%\messenger\msmsgs.exe.exe
msmsgs.exe.exe is a mass-mailing worm W32.Minusia-A.
msmsgs.exe.exe opens a back door on IRC channels.
msmsgs.exe.exe spreads by e-mail and via open network shares.
msmsgs.exe.exe deletes files off the computer.
msmsgs.exe.exe tries to terminate antiviral programs installed on a user computer.
msmsgs.exe.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\Messenger\msmsgs.exe.exe
%Windows%\Config\system.update.exe.exe
%Windows%\mmsg\mcAfee.Update.exe.exe
%Windows%\mmsg\mmsg.exe.exe
%System%\svchost.exe
%System%\ERSvc.exe
%Windows%\Registry1.dll
%Windows%\Registry2.dll
%Windows%\system_log.txt
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill the process msmsgs.exe.exe and remove msmsgs.exe.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\mirc\downloads\wwe divas.exe
WWE DIVAS.exe is a mass-mailing worm W32.Elitper.B@mm.
WWE DIVAS.exe spreads via open network shares.
WWE DIVAS.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%Windir%\TASKMANAGER.exe
%Program Files%\Windows Media Player\ wmlaunch .exe
%Program Files%\mIRC\Downloads\WWE DIVAS.exe
Adds the value:
"Firewall" = "%Program files%\Windows Media Player\[space]wmlaunch[space].exe"
"Protection" = "%Program files%\Internet Explorer\Firewall.exe"
"SysRes" = "%Windir%\TASKMANAGER.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill WWE DIVAS.exe process and remove WWE DIVAS.exe from Windows startup using RegRun Startup Optimizer.

%program files%\moviecommander\uninstall.exe
%PROGRAM FILES%\MovieCommander\Uninstall.exe is Trojan.Tvcodec.
Trojan.Tvcodec is a Trojan horse that installs a rootkit on the compromised computer.
Related files:
%UserProfile%\Administrator\Start Menu\Programs\MovieCommander\Uninstall.lnk
%ProgramFiles%\MovieCommander\Uninstall.exe
%System%\[FIVE RANDOM LETTERS].exe
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %PROGRAM FILES%\MovieCommander\Uninstall.exe and remove %PROGRAM FILES%\MovieCommander\Uninstall.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\movies.exe
movies.exe is a Trojan.Myftu.
movies.exe registers porn service without notification.
movies.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill movies.exe process and remove movies.exe from Windows startup using RegRun Startup Optimizer.

%program files%\movload.exe
movload.exe is a Trojan.Myftu.
movload.exe registers porn service without notification.
movload.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill movload.exe process and remove movload.exe from Windows startup using RegRun Startup Optimizer.

%program files%\msaolim\msaolim.exe
Msaolim.exe is a Spyware.MessageSpy.
Msaolim.exe records online chat conversations.
Related files:
%ProgramFiles%\msaolim\msaolim.exe
%ProgramFiles%\msaolim\unins.exe
%ProgramFiles%\msaolim\unins000.dat
%ProgramFiles%\msaolim\unins000.exe
%System%\polarcrypto.dll
%System%\polarziplight.dll
%System%\Richtx32.ocx
Adds the value:
"msaim" = "C:\Program Files\msaolim\msaolim.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill msaolim.exe process and remove msaolim.exe from Windows startup using RegRun Startup Optimizer.

%program files%\msaolim\unins.exe
Unins.exe is a Spyware.MessageSpy.
Unins.exe records online chat conversations.
Related files:
%ProgramFiles%\msaolim\msaolim.exe
%ProgramFiles%\msaolim\unins.exe
%ProgramFiles%\msaolim\unins000.dat
%ProgramFiles%\msaolim\unins000.exe
%System%\polarcrypto.dll
%System%\polarziplight.dll
%System%\Richtx32.ocx
Adds the value:
"msaim" = "C:\Program Files\msaolim\msaolim.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill unins.exe process and remove unins.exe from Windows startup using RegRun Startup Optimizer.

%program files%\msmovies.exe
MsMovies.exe is a worm W32.Alcra-E.
MsMovies.exe opens a back door.
Related files:
%Program Files%\MsMovies\MsMovies.exe
%Program Files%\MsMovies\p.zip
%System%\winlogi.exe
%System%\cmd.com
%System%\netstat.com
%System%\ping.com
%System%\regedit.com
%System%\taskkill.com
%System%\tasklist.com
%System%\tracert.com
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill MsMovies.exe process and remove MsMovies.exe from Windows startup using RegRun Startup Optimizer.

%program files%\mv99.exe
mv99.exe is a Trojan.Myftu.
mv99.exe registers porn service without notification.
mv99.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill mv99.exe process and remove mv99.exe from Windows startup using RegRun Startup Optimizer.

%program files%\mywebsearch\bar\2.bin\mwsbar.dll
Mwsbar.dll is a Spyware.MyWebSearch.
Mwsbar.dll is a Browser Helper Object.
Mwsbar.dll monitors user Internet activity.
Related files:
%Program Files%\MyWebSearch\bar\2.bin\MWSOEMON.EXE
%Program Files%\MyWebSearch\bar\2.bin\MWSOESTB.DLL
%program files%\mywebsearch\bar\2.bin\mwsbar.dll
%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
Removal:
Remove mwsbar.dll from Windows startup using RegRun Startup Optimizer.

%program files%\mywebsearch\bar\2.bin\mwsoemon.exe
MWSOEMON.EXE is a Spyware.MyWebSearch.
MWSOEMON.EXE is a Browser Helper Object.
MWSOEMON.EXE monitors user Internet activity.
Related files:
%Program Files%\MyWebSearch\bar\2.bin\MWSOEMON.EXE
%Program Files%\MyWebSearch\bar\2.bin\MWSOESTB.DLL
%program files%\mywebsearch\bar\2.bin\mwsbar.dll
%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
Removal:
Kill MWSOEMON.EXE process and remove MWSOEMON.EXE from Windows startup using RegRun Startup Optimizer.

%program files%\mywebsearch\bar\2.bin\mwsoestb.dll
MWSOESTB.DLL is a Spyware.MyWebSearch.
MWSOESTB.DLL is a Browser Helper Object.
MWSOESTB.DLL monitors user Internet activity.
Related files:
%Program Files%\MyWebSearch\bar\2.bin\MWSOEMON.EXE
%Program Files%\MyWebSearch\bar\2.bin\MWSOESTB.DLL
%program files%\mywebsearch\bar\2.bin\mwsbar.dll
%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
Removal:
Remove MWSOESTB.DLL from Windows startup using RegRun Startup Optimizer.

%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
Mwssrcas.dll is a Spyware.MyWebSearch.
Mwssrcas.dll is a Browser Helper Object.
Mwssrcas.dll monitors user Internet activity.
Related files:
%Program Files%\MyWebSearch\bar\2.bin\MWSOEMON.EXE
%Program Files%\MyWebSearch\bar\2.bin\MWSOESTB.DLL
%program files%\mywebsearch\bar\2.bin\mwsbar.dll
%program files%\mywebsearch\srchastt\2.bin\mwssrcas.dll
Removal:
Remove mwssrcas.dll from Windows startup using RegRun Startup Optimizer.

%program files%\need2find\bar\1.bin\nd2fnbar.dll
ND2FNBAR.DLL is a Spyware.W32.Gator (Need2Find).
ND2FNBAR.DLL displays advertisements.
Remove ND2FNBAR.DLL using RegRun "Scan for Viruses" feature.

%program files%\newdot~1.dll\newdot~1.dll
NEWDOT~1.DLL is a Spyware.NewDotNet.
Remove NEWDOT~1.DLL using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\newdot~1\newdot.exe
newdot.exe is a Spyware.NewDotNet.
Kill the process newdot.exe and remove newdot.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\newdot~1\newdot~2.dll
NEWDOT~2.DLL is a Spyware.NewDotNet.
Remove NEWDOT~2.DLL using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\newdotnet\newdotnet7_22.dll
newdotnet7_22.dll is an Adware.NewDotNet.
Remove newdotnet7_22.dll using RegRun "Scan for Viruses" feature.

%program files%\nsk\akl.exe
AKL.exe is a Spyware.Ardakey.
AKL.exe logs keystrokes.
Related files:
%ProgramFiles%\NSK\AKV.exe
%ProgramFiles%\NSK\AKL.EXE
%ProgramFiles%\NSK\NSK.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill AKL.exe process and remove AKL.exe from Windows startup using RegRun Startup Optimizer.

%program files%\nsk\akv.exe
AKV.exe is a Spyware.Ardakey.
AKV.exe logs keystrokes.
Related files:
%ProgramFiles%\NSK\AKV.exe
%ProgramFiles%\NSK\AKL.EXE
%ProgramFiles%\NSK\NSK.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill AKV.exe process and remove AKV.exe from Windows startup using RegRun Startup Optimizer.

%program files%\nsk\nsk.exe
NSK.exe is a Spyware.Ardakey.
NSK.exe logs keystrokes.
Related files:
%ProgramFiles%\NSK\AKV.exe
%ProgramFiles%\NSK\AKL.EXE
%ProgramFiles%\NSK\NSK.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill NSK.exe process and remove NSK.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\blowfish.dll
BLOWFISH.DLL is a Spyware.DsktopSurveil.
BLOWFISH.DLL monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove BLOWFISH.DLL from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\cximage.dll
Cximage.dll is a Spyware.DsktopSurveil.
Cximage.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove cximage.dll from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\encrypt.dll
Encrypt.dll is a Spyware.DsktopSurveil.
Encrypt.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Encrypt.dll from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\flash.exe
Flash.exe is a Spyware.DsktopSurveil.
Flash.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill flash.exe process and remove flash.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\killproc.exe
Killproc.exe is a Spyware.DsktopSurveil.
Killproc.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill killproc.exe process and remove killproc.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\messagebox.exe
MessageBox.exe is a Spyware.DsktopSurveil.
MessageBox.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill MessageBox.exe process and remove MessageBox.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\odsphost.dll
ODSPHost.dll is a Spyware.DsktopSurveil.
ODSPHost.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove ODSPHost.dll from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\odsphost_nt.exe
ODSPHost_NT.exe is a Spyware.DsktopSurveil.
ODSPHost_NT.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ODSPHost_NT.exe process and remove ODSPHost_NT.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\odsplay.exe
ODSPlay.exe is a Spyware.DsktopSurveil.
ODSPlay.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ODSPlay.exe process and remove ODSPlay.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\utility.dll
Utility.dll is a Spyware.DsktopSurveil.
Utility.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove Utility.dll from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\welcome.exe
Welcome.exe is a Spyware.DsktopSurveil.
Welcome.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill welcome.exe process and remove flash.exe from Windows startup using RegRun Startup Optimizer.

%program files%\odsp\xt1931lib.dll
XT1931Lib.dll is a Spyware.DsktopSurveil.
XT1931Lib.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\ODSP\BLOWFISH.DLL
%ProgramFiles%\ODSP\cximage.dll
%ProgramFiles%\ODSP\Encrypt.dll
%ProgramFiles%\ODSP\flash.exe
%ProgramFiles%\ODSP\killproc.exe
%ProgramFiles%\ODSP\MessageBox.exe
%ProgramFiles%\ODSP\mfc42.dll
%ProgramFiles%\ODSP\ODSPConfig.exe
%ProgramFiles%\ODSP\ODSPHost.dll
%ProgramFiles%\ODSP\ODSPHost_NT.exe
%ProgramFiles%\ODSP\ODSPlay.exe
%ProgramFiles%\ODSP\restart.bat
%ProgramFiles%\ODSP\Utility.dll
%ProgramFiles%\ODSP\welcome.exe
%ProgramFiles%\ODSP\XT1931Lib.dll
%Windir%\iun6002.exe
%Windir%\otnsdd32.dat
Adds the value:
"ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove XT1931Lib.dll from Windows startup using RegRun Startup Optimizer.

%program files%\outlook express\serop.exe
serop.exe is a Trojan.GrayBrd-I.
serop.exe opens a back door.
Related files:
%Program Files%\Outlook Express\serop.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill serop.exe process and remove serop.exe from Windows startup using RegRun Startup Optimizer.

%program files%\pcs\pcs.exe
pcs.exe is a Spyware.PCSpy.
pcs.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\PCS\pcs.exe
%Windir%\Crrst32.exe
%Windir%\Temp_Ig
Adds the value:
"Dconfig7"="%Windir%\crrst.32.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process pcs.exe and remove pcs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\peoplepc\toolbar\ppctoolbar.dll
%PROGRAM FILES%\peoplepc\toolbar\PPCToolbar.dll is Adware-PalToolbar.
This is not a virus or a Trojan. It is an adware application and may generate extra pop-up ads while using Internet Explorer.
Directory:
%PROGRAMFILES%\Peoplepc
Related files:
ppaluninst.exe
peoplepal.htm
peoplepc.ico
Read more: http://vil.nai.com/vil/content/v_136377....
Kill the file %PROGRAM FILES%\peoplepc\toolbar\PPCToolbar.dll and remove %PROGRAM FILES%\peoplepc\toolbar\PPCToolbar.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\pesttrap\pesttrap.exe
PestTrap\PestTrap.exe is Spyware.
Kill the process PestTrap.exe and remove PestTrap.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\playdvdmovie.exe
playDvdMovie.exe is a Trojan.Myftu.
playDvdMovie.exe registers porn service without notification.
playDvdMovie.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill playDvdMovie.exe process and remove playDvdMovie.exe from Windows startup using RegRun Startup Optimizer.

%program files%\playmovie.exe
playMovie.exe is a Trojan.Myftu.
playMovie.exe registers porn service without notification.
playMovie.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill playMovie.exe process and remove playMovie.exe from Windows startup using RegRun Startup Optimizer.

%program files%\prevadcomm.dll
PrevAdComm.dll is an adware program Adware.WinTaskAd.
PrevAdComm.dll downloads and displays advertisements.
Related files:
%ProgramFiles%\AdStatServ.exe
%ProgramFiles%\AdStatKeep.exe
%ProgramFiles%\AdStatComm.dll
%ProgramFiles%\PrevAdComm.dll
%ProgramFiles%\WinTaskAd.exe
%ProgramFiles%\WinSched.exe
%ProgramFiles%\WinProject.dll
%Windir%\Temp\creditdan_WinTaskAdInstPack.exe
Adds the value:
"Windows TaskAd" = "[path to Adware.WinTaskAd]"
"AdStatus Service" = "[path to Adware.WinTaskAd]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove PrevAdComm.dll from Windows startup using RegRun Startup Optimizer.

%program files%\printv~1\pvmodule.exe
%PROGRAM FILES%\PRINTV~1\pvmodule.exe is TR/Dldr.Agent.alb.
Note. The legitimate PrintView program locates in the C:\CBR folder.
Kill the process pvmodule.exe and remove pvmodule.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\qyule\qyuleinstall.exe
QyuleInstall.exe is a Trojan.Dloader-ZM.
QyuleInstall.exe downloads code from the internet.
Related files:
%Program Files%\Qyule\QyuleInstall.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill QyuleInstall.exe process and remove QyuleInstall.exe from Windows startup using RegRun Startup Optimizer.

%program files%\recommended hotfix - 421701d\v15\rh.dll
RH.dll is a Spyware.Look2Me.
RH.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Temp%nsdtmp09.dll
%Program Files%\Recommended Hotfix - 421701D\v15\RH.DLL
%Program Files%\Recommended Hotfix - 421701D\v15\RH.exe
%Program Files%\SED\SE.exe
%Program Files%\SED\SED.exe
%Windir%\system\UpdInstall.exe
%System%\InetFuel.exe
%System%\[random file name].dll
Adds the value:
"SESync" = "%Program Files%\SED\SED.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove RH.dll from Windows startup using RegRun Startup Optimizer.

%program files%\recommended hotfix - 421701d\v15\rh.exe
RH.exe is a Spyware.Look2Me.
RH.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Temp%nsdtmp09.dll
%Program Files%\Recommended Hotfix - 421701D\v15\RH.DLL
%Program Files%\Recommended Hotfix - 421701D\v15\RH.exe
%Program Files%\SED\SE.exe
%Program Files%\SED\SED.exe
%Windir%\system\UpdInstall.exe
%System%\InetFuel.exe
%System%\[random file name].dll
Adds the value:
"SESync" = "%Program Files%\SED\SED.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill RH.exe process and remove RH.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sacc\sacc.exe
Sacc.exe is an adware program Adware.SurfAccuracy.
Sacc.exe display advertisements.
Sacc.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\sacc\sacc.cfg
%ProgramFiles%\sacc\sacc.exe
Adds the value:
"SACC" = "%ProgramFiles%\sacc\sacc.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill sacc.exe process and remove sacc.exe from Windows startup using RegRun Startup Optimizer.

%program files%\save\save.exe
%PROGRAM FILES%\Save\Save.exe is WhenU.Save adware.
Read more: http://research.sunbelt-software.com/thr...
Kill the process Save.exe and remove Save.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\sbss\sbss.exe
Sbss.exe is an adware program Adware.SideBySide.
Sbss.exe displays advertisements.
Related files:
%ProgramFiles%\sbss\sbss.exe
%ProgramFiles%\sbss\Stop sbss.lnk
%ProgramFiles%\sbss\Uninstall sbss.exe
Adds the value:
"sbss Launcher" = "%ProgramFiles%\sbss\sbss.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill sbss.exe process and remove sbss.exe from Windows startup using RegRun Startup Optimizer.

%program files%\screenspy\winacsr.exe
Winacsr.exe is a Spyware.AceScreenSpy.
Winacsr.exe is a commercial screen logger program.
Related files:
%System%\SmartMenuXP.dll
%ProgramFiles%\ScreenSpy\winacsr.exe
Adds the value:
"Winacsr"="%ProgramFiles%\ScreenSpy\Winacsr.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill winacsr.exe process and remove winacsr.exe from Windows startup using RegRun Startup Optimizer.

%program files%\searchnet\serveup.exe
SERVEUP.EXE is Trojan/Backdoor.
Kill the process SERVEUP.EXE and remove SERVEUP.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\security toolbar\security toolbar.dll
%PROGRAM FILES%\Security Toolbar\Security Toolbar.dll is a Bundleware.
Kill the file %PROGRAM FILES%\Security Toolbar\Security Toolbar.dll and remove %PROGRAM FILES%\Security Toolbar\Security Toolbar.dll from Windows startup using RegRun.
www.regrun.com

%program files%\sed\se.exe
SE.exe is a Spyware.Look2Me.
SE.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Temp%nsdtmp09.dll
%Program Files%\Recommended Hotfix - 421701D\v15\RH.DLL
%Program Files%\Recommended Hotfix - 421701D\v15\RH.exe
%Program Files%\SED\SE.exe
%Program Files%\SED\SED.exe
%Windir%\system\UpdInstall.exe
%System%\InetFuel.exe
%System%\[random file name].dll
Adds the value:
"SESync" = "%Program Files%\SED\SED.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill SE.exe process and remove SE.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sed\sed.exe
SED.exe is a Spyware.Look2Me.
SED.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Temp%nsdtmp09.dll
%Program Files%\Recommended Hotfix - 421701D\v15\RH.DLL
%Program Files%\Recommended Hotfix - 421701D\v15\RH.exe
%Program Files%\SED\SE.exe
%Program Files%\SED\SED.exe
%Windir%\system\UpdInstall.exe
%System%\InetFuel.exe
%System%\[random file name].dll
Adds the value:
"SESync" = "%Program Files%\SED\SED.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill SED.exe process and remove SED.exe from Windows startup using RegRun Startup Optimizer.

%program files%\seekmo\seekmohook.dll
SEEKMOHOOK.DLL is an adware Seekmo180solutions.
Remove SEEKMOHOOK.DLL using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\shopperreports\bin\1.1.0.0\shprrprt.dll
SHPRRPRT.DLL is an Adware.HotBar/ShopperReports.Explorer Bar.
SHPRRPRT.DLL displays advertisements.
Remove SHPRRPRT.DLL using RegRun "Scan for Viruses" feature.

%program files%\sk51\sk51.exe
Sk51.exe is a Spyware.SaveKeys.
Sk51.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%PROGRAM FILES%\SK51\Sk51.exe
%PROGRAM FILES%\SK51\Sk51config.exe
%PROGRAM FILES%\SK62\sku62.exe
%PROGRAM FILES%\SK60\sk60.exe
%SysDir%\Regkey32.Dll
Adds the value:
"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Sk51.exe process and remove Sk51.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sk51\sk51config.exe
Sk51config.exe is a Spyware.SaveKeys.
Sk51config.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%PROGRAM FILES%\SK51\Sk51.exe
%PROGRAM FILES%\SK51\Sk51config.exe
%PROGRAM FILES%\SK62\sku62.exe
%PROGRAM FILES%\SK60\sk60.exe
%SysDir%\Regkey32.Dll
Adds the value:
"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Sk51config.exe process and remove Sk51config.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sk60\sk60.exe
Sk60.exe is a Spyware.SaveKeys.
Sk60.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%PROGRAM FILES%\SK51\Sk51.exe
%PROGRAM FILES%\SK51\Sk51config.exe
%PROGRAM FILES%\SK62\sku62.exe
%PROGRAM FILES%\SK60\sk60.exe
%SysDir%\Regkey32.Dll
Adds the value:
"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Sk60.exe process and remove Sk60.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sk62\sku62.exe
Sk62.exe is a Spyware.SaveKeys.
Sk62.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%PROGRAM FILES%\SK51\Sk51.exe
%PROGRAM FILES%\SK51\Sk51config.exe
%PROGRAM FILES%\SK62\sku62.exe
%PROGRAM FILES%\SK60\sk60.exe
%SysDir%\Regkey32.Dll
Adds the value:
"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Sk62.exe process and remove Sk62.exe from Windows startup using RegRun Startup Optimizer.

%program files%\sony\vaio action setup\msvbdll32.exe
Worm W32.Aimdes.A@mm.
MsVBdll spreads via e0mail and AOL Instant Messenger.
Adds the value:
"MsVBdll" = "%Windir%\MsVBdll.pif"
to the Windows startup registry keys.
Adds the registry entries:
"FirewallDisableNotify" = "1"
"UpdatesDisableNotify" = "1"
"AntiVirusDisableNotify" = "1"
to the following registry keys
HKEY_CURRENT_USER\Software\Microsoft\security center
HKEY_LOCAL_MACHINE\Software\Microsoft\security center
to lower computer security.
MsVBdll adds:
"DisableTaskMgr" = "1"
"DisableRegistryTools" = "1"
to the registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System
to disable access to the Windows Task Manager and registry editing tools.
MsVBdll adds the registry entry:
"NoAutoUpdate" = "1"
to the registry key
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
to disable Windows Update.
MsVBdll deletes the following registry key if present:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\
CurrentVersion\Run\"Windows" = "Auto Update.exe"
MsVBdll tries to copy itself to:
A:\homework.exe
Kills the system processes:
* svchost.exe
* lsass.exe
It will break network connections.

%program files%\spytech software\spytech spyagent\deploy.exe
Deploy.exe is a Spyware.SpyAgent.B.
Deploy.exe is a commercial keylogger/system-monitoring program.
Related files:
%System%\ntinvisible.dll
%Windir%\libimg.dll
%Windir%\sbrowse.exe
%Windir%\snmpapi.dll
%Windir%\yahoodll.dll
%ProgramFiles%\Spytech Software\Spytech SpyAgent\sagent.exe
%ProgramFiles%\Spytech Software\Spytech SpyAgent\deploy.exe
%ProgramFiles%\Spytech Software\Spytech SpyAgent\nostealth.exe
%ProgramFiles%\Spytech Software\Spytech SpyAgent\sysdiag.exe
Adds the value:
"System32"="%ProgramFiles%\Spytech Software\Spytech SpyAgent\sysdiag.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill deploy.exe process and remove deploy.exe from Windows startup using RegRun Startup Optimizer.

%program files%\spyware cleaner\scservice.exe
SCService.exe is a Trojan/Backdoor.
Kill the process SCService.exe and remove SCService.exe from Windows startup.

%program files%\spyware cleaner\spywarecleaner.exe
SpywareCleaner.Exe is a Trojan/Backdoor.
Kill the process SpywareCleaner.Exe and remove SpywareCleaner.Exe from Windows startup.

%program files%\spyware stormer\spywarestormer.exe
SpywareStormer.exe is a SpywareStormer.
Related files:
%ProgramFiles%\Spyware Stormer\Install.log
%ProgramFiles%\Spyware Stormer\Setup.exe
%ProgramFiles%\Spyware Stormer\SpyLog.txt
%ProgramFiles%\Spyware Stormer\DataBase.ref
%ProgramFiles%\Spyware Stormer\Spyware Stormer.url
%ProgramFiles%\Spyware Stormer\SpywareStormer.exe
%ProgramFiles%\Spyware Stormer\uninst.exe
%ProgramFiles%\Spyware Stormer\eula.txt
%ProgramFiles%\Spyware Stormer\Settings\CustomScan.stg
%ProgramFiles%\Spyware Stormer\Settings\IgnoreList.stg
%ProgramFiles%\Spyware Stormer\Settings\PrevHandle.stg
%ProgramFiles%\Spyware Stormer\Settings\ScanInfo.stg
%ProgramFiles%\Spyware Stormer\Settings\SelectedFolders.stg
%ProgramFiles%\Spyware Stormer\Settings\Settings.stg
%ProgramFiles%\Spyware Stormer\Settings\ListItems.stg
Adds the value:
"Spyware Stormer" = "%ProgramFiles%\Spyware Stormer\SpywareStormer.Exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process SpywareStormer.exe and remove SpywareStormer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\spywarequake\spywarequake.exe
SPYWAREQUAKE.EXE is a Spyware SpywareQuake.
Kill the process SPYWAREQUAKE.EXE and remove SPYWAREQUAKE.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\spywarestormer\spywarestormer.exe
%PROGRAM FILES%\SpywareStormer\SpywareStormer.Exe is Trojan/Backdoor.
Kill the process SpywareStormer.Exe and remove %PROGRAM FILES%\SpywareStormer\SpywareStormer.Exe from Windows using RegRun.
www.regrun.com
Read more: http://www.symantec.com/avcenter/venc/da...

%program files%\starr\starrcmd.exe
starrcmd.exe is Spyware.Starr.
starrcmd.exe is a spyware program that captures screenshots, logs keystrokes, and monitors Internet chatting.
starrcmd.exe can run in stealth mode.
Related files:
starrp.exe
ssys.exe
wsys.exe
wsys.dll.
Kill the process starrcmd.exe and remove starrcmd.exe from Windows startup using RegRun.
www.regrun.com
Read more: http://www.symantec.com/avcenter/venc/da...

%program files%\stwwsrvs\zmgci4rn.exe
ZMGCI4RN.EXE is Trojan/Backdoor.
Kill the process ZMGCI4RN.EXE and remove ZMGCI4RN.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\svchost.exe
Spyware.Spytech
Monitors the following items:
- Keystrokes typed
- Website visits
- Applications run
- Internet connections made
- Files and documents viewed
- Chat conversations
- Windows opened
- Outgoing email and webmail

This Spyware gives the person who installed it a Web-based interface with summaries of logged information on the host computer.

Copies itself as C:\Program Files\svchost.exe.
Adds the value: "Srv32Win" = "C:\Program Files\svchost.exe"
to the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Also can downloads updates from www.spytech-web.com.

Remove it with RegRun.

%program files%\svhost32.exe
Svhost32.exe is a Trojan PWSteal.Wowcraft.
Svhost32.exe tries to terminate antiviral programs installed on a user computer.
Svhost32.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\svhost32.exe
%ProgramFiles%\rundll32.exe
%ProgramFiles%\Internat.exe
%System%\msdll.dll
Adds the value:
"load" = "[Path of the dropped file from step 1]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill svhost32.exe process and remove svhost32.exe from Windows startup using RegRun Startup Optimizer.

%program files%\swis\wsw.exe
WSW.exe is a Spyware.WebSurfWatch.
WSW.exe monitors user Internet activity.
Related files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WIND0WS.EXE
%ProgramFiles%\SWIS\WSW.exe
%Windir%\RSR2B.EXE
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill WSW.exe process and remove WSW.exe from Windows startup using RegRun Startup Optimizer.

%program files%\swpr\web.dll
web.dll is a Spyware.StealthWebPage.
web.dll records Internet activity.
Related files:
%ProgramFiles%\SWPR\web.dll
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove web.dll from Windows startup using RegRun Startup Optimizer.

%program files%\tbon.exe
tbon.exe is an Adware.Tbon.The Best Offer Networks.
tbon.exe displays advertisements.
tbon.exe monitors user Internet activity.
Related files:
%Windir%\tboninst.cfg
%Windir%\TBONUnst.htm
%ProgramFiles%\tboninst.cfg
%ProgramFiles%\Uninstall.exe
%ProgramFiles%\tbon.exe
Adds the value:
"tbon" = "[PATH TO ADWARE] /r"
to the Windows startup registry keys.
More info:
Removal:
Kill the process tbon.exe and remove tbon.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\time sync\time.exe
%PROGRAM FILES%\TIME SYNC\TIME.EXE is Troj/Dloader-IO.
Read more: http://www.sophos.com/security/analyses/...
Kill the process %PROGRAM FILES%\TIME SYNC\TIME.EXE and remove %PROGRAM FILES%\TIME SYNC\TIME.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\unspypc\unspypc.exe
UnSpyPC.exe is an UnSpyPC.
Related files:
%ProgramFiles%\UnSpyPC\UnSpyPC.exe
%ProgramFiles%\UnSpyPC\UnSpyPCUpdate.exe
%ProgramFiles%\UnSpyPC\uninstall.exe
%ProgramFiles%\UnSpyPC\uns.ico
%ProgramFiles%\UnSpyPC\warez.dat
%ProgramFiles%\UnSpyPC\wover.dat
Adds the value:
"UnSpyPC" = "%ProgramFiles%\UnSpyPC\UnSpyPC.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process UnSpyPC.exe and remove UnSpyPC.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\unspypc\unspypcupdate.exe
UnSpyPCUpdate.exe is an UnSpyPC.
Related files:
%ProgramFiles%\UnSpyPC\UnSpyPC.exe
%ProgramFiles%\UnSpyPC\UnSpyPCUpdate.exe
%ProgramFiles%\UnSpyPC\uninstall.exe
%ProgramFiles%\UnSpyPC\uns.ico
%ProgramFiles%\UnSpyPC\warez.dat
%ProgramFiles%\UnSpyPC\wover.dat
Adds the value:
"UnSpyPC" = "%ProgramFiles%\UnSpyPC\UnSpyPC.exe"
to the Windows startup registry keys.
More info: http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process UnSpyPCUpdate.exe and remove UnSpyPCUpdate.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\update.exe
update.exe is a Trojan.Myftu.
update.exe registers porn service without notification.
update.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill update.exe process and remove update.exe from Windows startup using RegRun Startup Optimizer.

%program files%\video access activex object\pmsnrr.exe
%PROGRAM FILES%\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE is Trojan-Downloader.Zlob.Media-Codec.
Read more: http://research.sunbelt-software.com/thr...
Kill the process %PROGRAM FILES%\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE and remove %PROGRAM FILES%\VIDEO ACCESS ACTIVEX OBJECT\PMSNRR.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\vvylx.exe
%PROGRAM FILES%\VVYLX.EXE is Trojan/Backdoor.
Kill the process VVYLX.EXE and remove VVYLX.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\weirdontheweb\weirdontheweb.exe
weirdontheweb.exe is an adware program Adware.WeirdOnTheWeb.
weirdontheweb.exe downloads and displays advertisements.
Related files:
%ProgramFiles%\WeirdOnTheWeb\weirdontheweb.exe
Adds the value:
"WeirdOnTheWeb" = "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill weirdontheweb.exe process and remove weirdontheweb.exe from Windows startup using RegRun Startup Optimizer.

%program files%\whenusearch\search.exe
%PROGRAM FILES%\WhenUSearch\search.exe is Adware-WhenUSearch.
Related files:
search.exe
search.dll
whse.exe
uninst.exe
Read more: http://vil.nai.com/vil/content/v_124768....
Kill the process %PROGRAM FILES%\WhenUSearch\search.exe and remove %PROGRAM FILES%\WhenUSearch\search.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\windows adstatus\winstatcomm.dll
WinStatComm.dll is a virus W32.Bleshare!dr.
WinStatComm.dll spreads via open network shares.
Related files:
bleh.exe
slinstaller.exe
emote.exe
loudnew.exe
mmxharr0.exe
toolbar.exe
%Program Files%\windows adstatus\WinStat.exe
%Program Files%\windows adstatus\WinStatComm.dll
%Program Files%\windows adstatus\WinStatKeep.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove WinStatComm.dll from Windows startup using RegRun Startup Optimizer.

%program files%\windows media player\ wmlaunch .exe
wmlaunch .exe is a mass-mailing worm W32.Elitper.B@mm.
wmlaunch .exe spreads via open network shares.
wmlaunch .exe tries to terminate antiviral programs installed on a user computer.
Related files:
%Windir%\TASKMANAGER.exe
%Program Files%\Windows Media Player\ wmlaunch .exe
%Program Files%\mIRC\Downloads\WWE DIVAS.exe
Adds the value:
"Firewall" = "%Program files%\Windows Media Player\[space]wmlaunch[space].exe"
"Protection" = "%Program files%\Internet Explorer\Firewall.exe"
"SysRes" = "%Windir%\TASKMANAGER.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill wmlaunch .exe process and remove wmlaunch .exe from Windows startup using RegRun Startup Optimizer.

%program files%\windows nt\dialer.exe
%PROGRAM FILES%\Windows NT\dialer.exe is Worm/Rindu.D.
Related files:
%SYSDIR%\logonui.scr
%SYSDIR%\MyComp.scr
%SYSDIR%\userinit.exe
%SYSDIR%\sndvol32.exe
%SYSDIR%\calc.exe
%SYSDIR%\notepad.exe
%SYSDIR%\mspaint.exe
C:\MSOCache\dlcache\Lagu.scr
C:\MSOCache\dlcache\Gambar.scr
C:\MSOCache\dlcache\Film.scr
C:\MSOCache\dlcache\Dokumen Penting.scr
%PROGRAM FILES%\outlook express.scr
%PROGRAM FILES%\winamp.scr
%PROGRAM FILES%\Windows Media Player.scr
%PROGRAM FILES%\Windows NT\dialer.exe
%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE
Read more: http://www.avira.com/en/threats/section/...
Kill the process %PROGRAM FILES%\Windows NT\dialer.exe and remove %PROGRAM FILES%\Windows NT\dialer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%program files%\winproject.dll
WinProject.dll is an adware program Adware.WinTaskAd.
WinProject.dll downloads and displays advertisements.
Related files:
%ProgramFiles%\AdStatServ.exe
%ProgramFiles%\AdStatKeep.exe
%ProgramFiles%\AdStatComm.dll
%ProgramFiles%\PrevAdComm.dll
%ProgramFiles%\WinTaskAd.exe
%ProgramFiles%\WinSched.exe
%ProgramFiles%\WinProject.dll
%Windir%\Temp\creditdan_WinTaskAdInstPack.exe
Adds the value:
"Windows TaskAd" = "[path to Adware.WinTaskAd]"
"AdStatus Service" = "[path to Adware.WinTaskAd]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove WinProject.dll from Windows startup using RegRun Startup Optimizer.

%program files%\winrecon\codex.exe
Codex.exe is a Spyware.WinRecon.
Codex.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\WinRecon\codex.exe
%ProgramFiles%\WinRecon\condex.exe
%ProgramFiles%\WinRecon\Dataview.exe
%ProgramFiles%\WinRecon\sp5.exe
%System%\kpAccess.dll
%System%\kpunzip.dll
%System%\kpzip.dll
%System%\MSSTDFMT.DLL
%Windir%\LastGood\System32\OLEAUT32.DLL
%Windir%\LastGood\System32\OLEPRO32.DLL
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill codex.exe process and remove codex.exe from Windows startup using RegRun Startup Optimizer.

%program files%\winrecon\condex.exe
Condex.exe is a Spyware.WinRecon.
Condex.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\WinRecon\codex.exe
%ProgramFiles%\WinRecon\condex.exe
%ProgramFiles%\WinRecon\Dataview.exe
%ProgramFiles%\WinRecon\sp5.exe
%System%\kpAccess.dll
%System%\kpunzip.dll
%System%\kpzip.dll
%System%\MSSTDFMT.DLL
%Windir%\LastGood\System32\OLEAUT32.DLL
%Windir%\LastGood\System32\OLEPRO32.DLL
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill condex.exe process and remove condex.exe from Windows startup using RegRun Startup Optimizer.

%program files%\winrecon\dataview.exe
Dataview.exe is a Spyware.WinRecon.
Dataview.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\WinRecon\codex.exe
%ProgramFiles%\WinRecon\condex.exe
%ProgramFiles%\WinRecon\Dataview.exe
%ProgramFiles%\WinRecon\sp5.exe
%System%\kpAccess.dll
%System%\kpunzip.dll
%System%\kpzip.dll
%System%\MSSTDFMT.DLL
%Windir%\LastGood\System32\OLEAUT32.DLL
%Windir%\LastGood\System32\OLEPRO32.DLL
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill Dataview.exe process and remove Dataview.exe from Windows startup using RegRun Startup Optimizer.

%program files%\winrecon\sp5.exe
sp5.exe is a Spyware.WinRecon.
sp5.exe logs keystrokes and takes screenshots.
Related files:
%ProgramFiles%\WinRecon\codex.exe
%ProgramFiles%\WinRecon\condex.exe
%ProgramFiles%\WinRecon\Dataview.exe
%ProgramFiles%\WinRecon\sp5.exe
%System%\kpAccess.dll
%System%\kpunzip.dll
%System%\kpzip.dll
%System%\MSSTDFMT.DLL
%Windir%\LastGood\System32\OLEAUT32.DLL
%Windir%\LastGood\System32\OLEPRO32.DLL
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill sp5.exe process and remove sp5.exe from Windows startup using RegRun Startup Optimizer.

%program files%\winskjp.dll
WINSKJP.DLL is a Trojan.Myftu.
WINSKJP.DLL registers porn service without notification.
WINSKJP.DLL monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Program Files%\playMovie.exe
%Program Files%\playDvdMovie.exe
%Program Files%\update.exe
%Program Files%\mch.exe
%Program Files%\movies.exe
%Program Files%\movload.exe
%Program Files%\mv99.exe
%Program Files%\freeMovies.exe
%Program Files%\WINSKJP.DLL
%Program Files%\MSINET.OCX
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove WINSKJP.DLL from Windows startup using RegRun Startup Optimizer.

%program files%\wintaskad.exe
WinTaskAd.exe is an adware program Adware.WinTaskAd.
WinTaskAd.exe downloads and displays advertisements.
Related files:
%ProgramFiles%\AdStatServ.exe
%ProgramFiles%\AdStatKeep.exe
%ProgramFiles%\AdStatComm.dll
%ProgramFiles%\PrevAdComm.dll
%ProgramFiles%\WinTaskAd.exe
%ProgramFiles%\WinSched.exe
%ProgramFiles%\WinProject.dll
%Windir%\Temp\creditdan_WinTaskAdInstPack.exe
Adds the value:
"Windows TaskAd" = "[path to Adware.WinTaskAd]"
"AdStatus Service" = "[path to Adware.WinTaskAd]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill WinTaskAd.exe process and remove WinTaskAd.exe from Windows startup using RegRun Startup Optimizer.

%program files%\wintective\wintective.exe
Wintective.exe is a Spyware.Wintective.
Wintective.exe logs keystrokes.
Wintective.exe monitors user Internet activity.
Related files:
%ProgramFiles%\wintective\wintective.exe
%System%\VB6STKIT.DLL
%System%\wintective.dll
%Windir%\ST6UNST.EXE
Adds the value:
"wintective" = "%ProgramFiles%\wintective\wintective.exe"
"UninstallString" = "C:\WINDOWS\st6unst.exe -n "C:\Program Files\wintective\ST6UNST.LOG" "
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill wintective.exe process and remove wintective.exe from Windows startup using RegRun Startup Optimizer.

%program files%\wv\wv.exe
wv.exe is a Spyware.Winvest.
wv.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\wv\wvh.dll
%ProgramFiles%\wv\wvres.dll
%ProgramFiles%\wv\wv.exe
%Windir%\sysninit.dll
%Windir%\spoder.dll
%Windir%\syswvnt.dll
%Windir%\syswvh.dll
%Windir%\loaddll.exe
%Windir%\syswvwin.dll
%Windir%\syswvmail.dll
%Windir%\loaddll.dll
Adds the value:
"loaddll" = "loaddll.exe"
"(Default)" = "C:\Program Files\wv\wv.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill wv.exe process and remove wv.exe from Windows startup using RegRun Startup Optimizer.

%program files%\wv\wvh.dll
wvh.dll is a Spyware.Winvest.
wvh.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\wv\wvh.dll
%ProgramFiles%\wv\wvres.dll
%ProgramFiles%\wv\wv.exe
%Windir%\sysninit.dll
%Windir%\spoder.dll
%Windir%\syswvnt.dll
%Windir%\syswvh.dll
%Windir%\loaddll.exe
%Windir%\syswvwin.dll
%Windir%\syswvmail.dll
%Windir%\loaddll.dll
Adds the value:
"loaddll" = "loaddll.exe"
"(Default)" = "C:\Program Files\wv\wv.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove wvh.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xpcspypro\keyspy.dll
KeySpy.dll is a Spyware.XpcSpy.
KeySpy.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove KeySpy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\working\appmon.dll
AppMon.dll is a Spyware.XpcSpy.
AppMon.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove AppMon.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\working\iemon.dll
IEMon.dll is a Spyware.XpcSpy.
IEMon.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove IEMon.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\working\keymon.dll
KeyMon.dll is a Spyware.XpcSpy.
KeyMon.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove KeyMon.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\working\xpcspypro.exe
XPCSpyPro.exe is a Spyware.XpcSpy.
XPCSpyPro.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill XPCSpyPro.exe process and remove XPCSpyPro.exe from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\xpcspypro\appspy.dll
AppSpy.dll is a Spyware.XpcSpy.
AppSpy.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove AppSpy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\xsoftware\xpcspypro\iespy.dll
IESpy.dll is a Spyware.XpcSpy.
IESpy.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe
%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll
%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll
%ProgramFiles%\XSoftware\Working\AppMon.dll
%ProgramFiles%\XSoftware\Working\IEMon.dll
%ProgramFiles%\XSoftware\Working\KeyMon.dll
%System%\systemout.exe
%System%\SysDll32.dll
%System%\rx.exe
%System%\wintft.dll
Adds the value:
"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"
"ImagePath" = "%System%\systemout.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove IESpy.dll from Windows startup using RegRun Startup Optimizer.

%program files%\ykpmd\ykpnd.exe
YKPND.exe is a Spyware.CMK.
YKPND.exe tries to terminate antiviral programs installed on a user computer.
YKPND.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\YKPMD\EventScheduler.mdb
%ProgramFiles%\YKPMD\Help.rtf
%ProgramFiles%\YKPMD\riched32.dll
%ProgramFiles%\YKPMD\YKPND.exe
%Windir%\Installer\cf1272.msi
%System%\actskn43.ocx
%System%\dijpg.dll
%System%\richtx32.ocx
%System%\skinboxer43.dll
Adds the value:
"C:\Program Files\YKPMD\" = "YKPND.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill YKPND.exe process and remove YKPND.exe from Windows startup using RegRun Startup Optimizer.

%program files%\zango applications\zango tv times\cryptoapi.dll
CryptoAPI.dll is an adware program Adware.ZangoSearch.
CryptoAPI.dll monitors user Internet activity.
Related files:
%ProgramFiles%\ZangoClient\zanu.exe
%ProgramFiles%\ZangoClient\zanuhook.dll
%ProgramFiles%\Zango Applications\Zango TV Times\CryptoAPI.dll
%ProgramFiles%\Zango Applications\Zango TV Times\TvSkin.dll
%ProgramFiles%\Zango Applications\Zango TV Times\ZangoTVTimes.exe
Adds the value:
"zanu" = "%ProgramFiles%\ZangoClient\zanu.exe"
"Zango TvTimes" = ""C:\PROGRA~1\ZANGOA~1\ZANGOT~1\ZANGOT~1.EXE" :auto"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove CryptoAPI.dll from Windows startup using RegRun Startup Optimizer.

%program files%\zango applications\zango tv times\tvskin.dll
TvSkin.dll is an adware program Adware.ZangoSearch.
TvSkin.dll monitors user Internet activity.
Related files:
%ProgramFiles%\ZangoClient\zanu.exe
%ProgramFiles%\ZangoClient\zanuhook.dll
%ProgramFiles%\Zango Applications\Zango TV Times\CryptoAPI.dll
%ProgramFiles%\Zango Applications\Zango TV Times\TvSkin.dll
%ProgramFiles%\Zango Applications\Zango TV Times\ZangoTVTimes.exe
Adds the value:
"zanu" = "%ProgramFiles%\ZangoClient\zanu.exe"
"Zango TvTimes" = ""C:\PROGRA~1\ZANGOA~1\ZANGOT~1\ZANGOT~1.EXE" :auto"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove TvSkin.dll from Windows startup using RegRun Startup Optimizer.

%program files%\zango applications\zango tv times\zangotvtimes.exe
ZangoTVTimes.exe is an adware program Adware.ZangoSearch.
ZangoTVTimes.exe monitors user Internet activity.
Related files:
%ProgramFiles%\ZangoClient\zanu.exe
%ProgramFiles%\ZangoClient\zanuhook.dll
%ProgramFiles%\Zango Applications\Zango TV Times\CryptoAPI.dll
%ProgramFiles%\Zango Applications\Zango TV Times\TvSkin.dll
%ProgramFiles%\Zango Applications\Zango TV Times\ZangoTVTimes.exe
Adds the value:
"zanu" = "%ProgramFiles%\ZangoClient\zanu.exe"
"Zango TvTimes" = ""C:\PROGRA~1\ZANGOA~1\ZANGOT~1\ZANGOT~1.EXE" :auto"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill ZangoTVTimes.exe process and remove ZangoTVTimes.exe from Windows startup using RegRun Startup Optimizer.

%program files%\zango programs\zango toolbar\zangotb.dll
zangotb.dll is a 180Solutions Zango Spyware.
zangotb.dll downloads and displays advertisements.
zangotb.dll monitors user Internet activity.
Remove zangotb.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%program files%\zangoclient\zanu.exe
Zanu.exe is an adware program Adware.ZangoSearch.
Zanu.exe monitors user Internet activity.
Related files:
%ProgramFiles%\ZangoClient\zanu.exe
%ProgramFiles%\ZangoClient\zanuhook.dll
%ProgramFiles%\Zango Applications\Zango TV Times\CryptoAPI.dll
%ProgramFiles%\Zango Applications\Zango TV Times\TvSkin.dll
%ProgramFiles%\Zango Applications\Zango TV Times\ZangoTVTimes.exe
Adds the value:
"zanu" = "%ProgramFiles%\ZangoClient\zanu.exe"
"Zango TvTimes" = ""C:\PROGRA~1\ZANGOA~1\ZANGOT~1\ZANGOT~1.EXE" :auto"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill zanu.exe process and remove zanu.exe from Windows startup using RegRun Startup Optimizer.

%program files%\zangoclient\zanuhook.dll
Zanuhook.dll is an adware program Adware.ZangoSearch.
Zanuhook.dll monitors user Internet activity.
Related files:
%ProgramFiles%\ZangoClient\zanu.exe
%ProgramFiles%\ZangoClient\zanuhook.dll
%ProgramFiles%\Zango Applications\Zango TV Times\CryptoAPI.dll
%ProgramFiles%\Zango Applications\Zango TV Times\TvSkin.dll
%ProgramFiles%\Zango Applications\Zango TV Times\ZangoTVTimes.exe
Adds the value:
"zanu" = "%ProgramFiles%\ZangoClient\zanu.exe"
"Zango TvTimes" = ""C:\PROGRA~1\ZANGOA~1\ZANGOT~1\ZANGOT~1.EXE" :auto"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove zanuhook.dll from Windows startup using RegRun Startup Optimizer.

%programfiles%\errclean\sysrep.exe
%ProgramFiles%\ErrClean\SysRep.exe is a part of ErrClean software.
ErrClean is a misleading application that gives false reports of errors on the computer.
Related files:
%UserProfile%\Desktop\ErrClean.lnk
C:\Documents and Settings\All Users\Application Data\errclean\Data\em
C:\Documents and Settings\All Users\Application Data\errclean\Data\oid
C:\Documents and Settings\All Users\Application Data\errclean\Data\user
C:\Documents and Settings\All Users\Start Menu\Programs\ErrClean\Contact Customer Service.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrClean\ErrClean.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ErrClean\Uninstall ErrClean.lnk
%ProgramFiles%\ErrClean\SysRep.exe
%ProgramFiles%\ErrClean\ugescw.exe
%ProgramFiles%\ErrClean\License.rtf
%ProgramFiles%\ErrClean\Readme.rtf
%ProgramFiles%\ErrClean\Res\Main.ico
%ProgramFiles%\ErrClean\Res\RecycleBin.ico
%ProgramFiles%\ErrClean\rm.url
%ProgramFiles%\ErrClean\sr.log
%ProgramFiles%\ErrClean\swupd.log
%ProgramFiles%\ErrClean\SysRep.exe.cer
%ProgramFiles%\ErrClean\SysRep.exe.Log
%ProgramFiles%\ErrClean\SysRep.exe.xml
%ProgramFiles%\ErrClean\SysRep.url
%ProgramFiles%\ErrClean\unins000.dat
%ProgramFiles%\ErrClean\urls.ini
%UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS]\setup.exe
%UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS]\settings.ini
%UserProfile%\Local Settings\Temp\[RANDOM CHARACTERS]\setup.len
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %ProgramFiles%\ErrClean\SysRep.exe and remove %ProgramFiles%\ErrClean\SysRep.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\intcodec\uninst.exe
%ProgramFiles%\IntCodec\uninst.exe is Trojan.Emcodec.F.
Related files:
%ProgramFiles%\IntCodec\zcodec.exe (Trojan.Zlob)
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %ProgramFiles%\IntCodec\uninst.exe and remove %ProgramFiles%\IntCodec\uninst.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\internet exp1orer\iexplore.exe
%ProgramFiles%\Internet Exp1orer\iexplore.exe is W32.Lecna.D.
Related files:
%System%\netscv.exe
%System%\netsvcs.exe
%Windir%\DriverNum.dat
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %ProgramFiles%\Internet Exp1orer\iexplore.exe and remove %ProgramFiles%\Internet Exp1orer\iexplore.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\quick launch\mousehook.dll
%ProgramFiles%\Quick Launch\mousehook.dll is Spyware.QuickLaunch.
Related files:
%UserProfile%\Start Menu\Programs\Quick Launch\Help.lnk
%UserProfile%\Start Menu\Programs\Quick Launch\Quick Launch v1.5.lnk
%UserProfile%\Start Menu\Programs\Quick Launch\readme.lnk
%UserProfile%\Start Menu\Programs\Quick Launch\Uninstall Quick Launch Shortcut.lnk
%UserProfile%\Desktop\Quick Launch.lnk
%ProgramFiles%\Quick Launch\[Date].txt
%ProgramFiles%\Quick Launch\datetime.txt
%ProgramFiles%\Quick Launch\href.txt
%ProgramFiles%\Quick Launch\jkui.dll
%ProgramFiles%\Quick Launch\keystroke.chm
%ProgramFiles%\Quick Launch\Keystroke.exe
%ProgramFiles%\Quick Launch\letr.txt
%ProgramFiles%\Quick Launch\mousehook.dll
%ProgramFiles%\Quick Launch\powkbsys.dat
%ProgramFiles%\Quick Launch\readme.txt
%ProgramFiles%\Quick Launch\unins000.dat
%ProgramFiles%\Quick Launch\unins000.exe
%System%\sys.ini
Kill the file %ProgramFiles%\Quick Launch\mousehook.dll and remove %ProgramFiles%\Quick Launch\mousehook.dll from Windows startup using RegRun.
www.regrun.com
Read more: http://www.symantec.com/avcenter/venc/da...

%programfiles%\safestrip\sysbackup\explorer.exe
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe is a part of SafeStrip software.
SafeStrip is a misleading application that may give exaggerated reports about potential risks on the computer.
Related files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk
%UserProfile%\Desktop\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\Uninstall SafeStrip.lnk
%ProgramFiles%\SafeStrip\backup.lst
%ProgramFiles%\SafeStrip\helper.sys
%ProgramFiles%\SafeStrip\SafeStrip.exe
%ProgramFiles%\SafeStrip\SafeStrip.url
%ProgramFiles%\SafeStrip\SafeStripReminder.exe
%ProgramFiles%\SafeStrip\SafeStripUpdate.exe
%ProgramFiles%\SafeStrip\Scripts\FileInfo.script
%ProgramFiles%\SafeStrip\Scripts\HTMLReport.script
%ProgramFiles%\SafeStrip\Scripts\MD5.script
%ProgramFiles%\SafeStrip\Scripts\MonitorReport.script
%ProgramFiles%\SafeStrip\Scripts\PendDel.script
%ProgramFiles%\SafeStrip\Scripts\Quarantine.script
%ProgramFiles%\SafeStrip\Scripts\Reports.script
%ProgramFiles%\SafeStrip\spyware.dat
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll.md5
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll.md5
%ProgramFiles%\SafeStrip\unins000.dat
%ProgramFiles%\SafeStrip\unins000.exe
%ProgramFiles%\SafeStrip\ver.dar
%ProgramFiles%\SafeStrip\ver.dat
%ProgramFiles%\SafeStrip\whitelist.cfg
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %ProgramFiles%\SafeStrip\SysBackup\explorer.exe and remove %ProgramFiles%\SafeStrip\SysBackup\explorer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\safestrip\sysbackup\ntoskrnl.exe
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe is a part of SafeStrip software.
SafeStrip is a misleading application that may give exaggerated reports about potential risks on the computer.
Related files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk
%UserProfile%\Desktop\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\Uninstall SafeStrip.lnk
%ProgramFiles%\SafeStrip\backup.lst
%ProgramFiles%\SafeStrip\helper.sys
%ProgramFiles%\SafeStrip\SafeStrip.exe
%ProgramFiles%\SafeStrip\SafeStrip.url
%ProgramFiles%\SafeStrip\SafeStripReminder.exe
%ProgramFiles%\SafeStrip\SafeStripUpdate.exe
%ProgramFiles%\SafeStrip\Scripts\FileInfo.script
%ProgramFiles%\SafeStrip\Scripts\HTMLReport.script
%ProgramFiles%\SafeStrip\Scripts\MD5.script
%ProgramFiles%\SafeStrip\Scripts\MonitorReport.script
%ProgramFiles%\SafeStrip\Scripts\PendDel.script
%ProgramFiles%\SafeStrip\Scripts\Quarantine.script
%ProgramFiles%\SafeStrip\Scripts\Reports.script
%ProgramFiles%\SafeStrip\spyware.dat
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll.md5
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll.md5
%ProgramFiles%\SafeStrip\unins000.dat
%ProgramFiles%\SafeStrip\unins000.exe
%ProgramFiles%\SafeStrip\ver.dar
%ProgramFiles%\SafeStrip\ver.dat
%ProgramFiles%\SafeStrip\whitelist.cfg
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe and remove %ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\safestrip\sysbackup\wininet.dll
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll is a part of SafeStrip software.
SafeStrip is a misleading application that may give exaggerated reports about potential risks on the computer.
Related files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SafeStrip.lnk
%UserProfile%\Desktop\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\SafeStrip.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\SafeStrip\Uninstall SafeStrip.lnk
%ProgramFiles%\SafeStrip\backup.lst
%ProgramFiles%\SafeStrip\helper.sys
%ProgramFiles%\SafeStrip\SafeStrip.exe
%ProgramFiles%\SafeStrip\SafeStrip.url
%ProgramFiles%\SafeStrip\SafeStripReminder.exe
%ProgramFiles%\SafeStrip\SafeStripUpdate.exe
%ProgramFiles%\SafeStrip\Scripts\FileInfo.script
%ProgramFiles%\SafeStrip\Scripts\HTMLReport.script
%ProgramFiles%\SafeStrip\Scripts\MD5.script
%ProgramFiles%\SafeStrip\Scripts\MonitorReport.script
%ProgramFiles%\SafeStrip\Scripts\PendDel.script
%ProgramFiles%\SafeStrip\Scripts\Quarantine.script
%ProgramFiles%\SafeStrip\Scripts\Reports.script
%ProgramFiles%\SafeStrip\spyware.dat
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe
%ProgramFiles%\SafeStrip\SysBackup\explorer.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe
%ProgramFiles%\SafeStrip\SysBackup\ntoskrnl.exe.md5
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll
%ProgramFiles%\SafeStrip\SysBackup\shlwapi.dll.md5
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll
%ProgramFiles%\SafeStrip\SysBackup\wininet.dll.md5
%ProgramFiles%\SafeStrip\unins000.dat
%ProgramFiles%\SafeStrip\unins000.exe
%ProgramFiles%\SafeStrip\ver.dar
%ProgramFiles%\SafeStrip\ver.dat
%ProgramFiles%\SafeStrip\whitelist.cfg
Read more: http://www.symantec.com/enterprise/secur...
Kill the file %ProgramFiles%\SafeStrip\SysBackup\wininet.dll and remove %ProgramFiles%\SafeStrip\SysBackup\wininet.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

%programfiles%\winspy demo\riched32.dll
%ProgramFiles%\WinSpy Demo\riched32.dll is WinSpy software.
WinSpy is a misleading application that may give exaggerated reports about potential risks on the computer.
Related files:
%Windir%\Installer\[RANDOM NAME].msi
%UserProfile%\Application Data\AntiSpywareDAT\BlockedCookies.dat
%UserProfile%\Application Data\AntiSpywareDAT\date.dat
%UserProfile%\Application Data\AntiSpywareDAT\DirectoryDefinition.dat
%UserProfile%\Application Data\AntiSpywareDAT\ENoSignature.dat
%UserProfile%\Application Data\AntiSpywareDAT\ExeDefinition.dat
%UserProfile%\Application Data\AntiSpywareDAT\FileDefinition.dat
%UserProfile%\Application Data\AntiSpywareDAT\RegistryDefinition.dat
%UserProfile%\Application Data\AntiSpywareDAT\Safety.dat
%UserProfile%\Desktop\WinSpy Demo.lnk
%UserProfile%\Start Menu\Programs\WinSpy Software\WinSpy Demo\Readme-Help.lnk
%UserProfile%\Start Menu\Programs\WinSpy Software\WinSpy Demo\WinSpy Demo.lnk
%UserProfile%\Start Menu\Programs\WinSpy Software\WinSpy Demo\WinSpy.com.url
%ProgramFiles%\WinSpy Demo\WinSpyDemo.exe
%ProgramFiles%\WinSpy Demo\help.chm
%ProgramFiles%\WinSpy Demo\Localization.xml
%ProgramFiles%\WinSpy Demo\riched32.dll
%ProgramFiles%\WinSpy Demo\WinSpy.com.url
Read more: http://www.symantec.com/enterprise/secur...
Kill the file %ProgramFiles%\WinSpy Demo\riched32.dll and remove %ProgramFiles%\WinSpy Demo\riched32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\ ymagic.dll
%SysDir%\ YMagic.dll is Trojan/Backdoor.
Remove YMagic.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%sysdir%\$sys$drv.exe
$sys$drv.exe is a Trojan Backdoor.Ryknos.
$sys$drv.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\$sys$drv.exe
Adds the value:
"$sys$drv" = "$sys$drv.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill $sys$drv.exe process and remove $sys$drv.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\$sys$filesystem\aries.sys
aries.sys is rootkit SecurityRisk.First4DRM.
aries.sys is used to hide files, processes and registry with string “$sys$”.
aries.sys is a kernel mode rootkit.
Rootkit creates new system driver.
Related files:
%System%\$sys$filesystem\aries.sys
Adds the value:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\$sys$aries
to the Windows startup registry keys.
More info: http://www.symantec.com/security_respons...

%sysdir%\$sys$xp.exe
$sys$xp.exe is a Trojan.Stinx-F.
$sys$xp.exe opens a back door.
$sys$xp.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\$sys$xp.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill $sys$xp.exe process and remove $sys$xp.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\%sysdir%\xptptt.dll
%SysDir%\xptptt.dll is Trojan/Backdoor.
Remove xptptt.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%sysdir%\?user.exe
User.exe is a mass-mailing worm W32.Kedebe.D@mm.
User.exe tries to terminate antiviral programs installed on a user computer.
User.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\nbtstat.exe
%System%\usrinit.exe
%System%\user.exe
%System%\winhlp32.exe
%System%\telnet.exe
%System%\locator.exe
%System%\recover.exe
%System%\logman.exe
%System%\dlhost.exe
%System%\logonui.exe
%System%\winspol.exe
%System%\services.exe
%System%\svchost.exe
%System%\lsas.exe
%System%\rundl32.exe
%System%\regedt32.exe
%System%\winlogon.exe
%System%\wuauclt.exe
Adds the value:
"Run" = "[PATH TO %System%\[FILE NAME]]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill user.exe process and remove user.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\[random letters]\svchost.exe
%SysDir%\[RANDOM LETTERS]\svchost.exe is W32.Kelvir.LS.
Read more: http://www.symantec.com/enterprise/secur...
Kill the process %SysDir%\[RANDOM LETTERS]\svchost.exe and remove %SysDir%\[RANDOM LETTERS]\svchost.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\\loader.exe
%SysDir%\\Loader.exe is Trojan/Backdoor Backdoor.Simali.
Kill the process %SysDir%\\Loader.exe and remove %SysDir%\\Loader.exe from Windows startup.
Register itesf in Active Setup registry key.
http://securityresponse.symantec.com/avc...

%sysdir%\\windrive.exe
Trojan Backdoor.Sdbot.AF
Opens a backdoor on the infected computer by connecting to an IRC server at TCP port 6667 on one or more of the following hosts:
sizz.afraid.org
Spreads to the following network shares using pass dictionary.
Remove it from Windows startup using RegRun Startup Optimizer.

%sysdir%\___j.dll
___j.dll is rootkit W32.Maslan.A@mm.
___j.dll is used to hide files, processes and registry.
___j.dll is a user mode rootkit.
___j.dll opens a back door.
Rootkit injects itself into the svchost.exe process.
___j.dll tries to terminate antiviral programs installed on a user computer.
___j.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\___j.dll
%System%\___r.exe
%System%\___synmgr.exe
%System%\___n.exe
%System%\___e
%System%\___u
Adds the value:
"Microsoft Synchronization Manager" = "___synmgr.exe"
"Microsoft Windows DHCP" = "___r.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"Microsoft Synchronization Manager" = "___synmgr.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
to the Windows startup registry keys.
Added to registry:

More info: http://www.symantec.com/security_respons...

%sysdir%\_accwiz.exe
_accwiz.exe is a Trojan.Certif-N.
_accwiz.exe monitors user Internet activity and bank information.
It sends stolen data to a hacker site.
Related files:
%System%\_accwiz.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill _accwiz.exe process and remove _accwiz.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\_kerne1.exe
_Kerne1.exe is a Trojan.Lineage-AN.
_Kerne1.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\_Kerne1.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill _Kerne1.exe process and remove _Kerne1.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\_msopen.exe
_msopen.exe is a Trojan.Dremn-B.
_msopen.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\Policy\policy.dll
%System%\Policy\syspol.exe
%System%\_msopen.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill _msopen.exe process and remove _msopen.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\{fbd2ebd0-e6df-456e-b300-a4d10a90c683}.dll
%SysDir%\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll is Trojan/Backdoor BigMeanGorilla.
Kill the file %SysDir%\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll and remove %SysDir%\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll from Windows startup.

%sysdir%\007guard.exe
007guard.exe is a Adware.2search.
007guard.exe monitors user Internet activity.
Related files:
C:\Program Files\2Search\getst.exe
C:\Program Files\2Search\main.exe
C:\Program Files\2Search\plugin.dll
C:\Program Files\2Search\svchost.exe
%System%\007guard.exe
%System%\2searchinstaller.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill 007guard.exe process and remove 007guard.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\0mcamcap.exe
%SysDir%\0MCAMCAP.EXE is Trojan/Backdoor.
Kill the process 0MCAMCAP.EXE and remove 0MCAMCAP.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\0pengld.exe
0penGLD.exe is a worm W32.Yimp-A.
0penGLD.exe spreads via the Yahoo and AOL Instant Messenger IM clients.
Related files:
%System%\0penGLD.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill 0penGLD.exe process and remove 0penGLD.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\1021\services.exe
%SysDir%\1021\SERVICES.EXE is Trojan/Backdoor.
Kill the process %SysDir%\1021\SERVICES.EXE and remove %SysDir%\1021\SERVICES.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\1sass.exe
%SysDir%\1sass.exe is Trojan/Backdoor.
Kill the process 1sass.exe and remove %SysDir%\1sass.exe from Windows using RegRun.
www.regrun.com

%sysdir%\1u7.exe
1u7.exe is Trojan/Backdoor.
Kill the process 1u7.exe and remove 1u7.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\2_0_1browserhelper2.dll
2_0_1browserhelper2.dll is an adware program Adware.BlazeFind.
2_0_1browserhelper2.dll is a Browser Helper Object.
2_0_1browserhelper2.dll downloads and displays advertisements.
Related files:
%System%\2_0_1browserhelper2.dll
%System%\UnstSA2.exe
%System%\key2.txt
%System%\installer2.exe
%System%\Omniscienthook.dll
%System%\omniband.dll
%System%\wsaupdater.exe
Adds the value:
"Windows SA" = "[path to the adware program]"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove 2_0_1browserhelper2.dll from Windows startup using RegRun Startup Optimizer.

%sysdir%\28.tmp
%SysDir%\28.tmp is Trojan/Backdoor.
Installed as "Services" value.
Kill the process %SysDir%\28.tmp and remove %SysDir%\28.tmp from Windows startup.

%sysdir%\2searchinstaller.exe
2searchinstaller.exe is a Adware.2search.
2searchinstaller.exe monitors user Internet activity.
Related files:
C:\Program Files\2Search\getst.exe
C:\Program Files\2Search\main.exe
C:\Program Files\2Search\plugin.dll
C:\Program Files\2Search\svchost.exe
%System%\007guard.exe
%System%\2searchinstaller.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill 2searchinstaller.exe process and remove 2searchinstaller.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\33.exe
33.exe is a mass-mailing worm W32.Anpes@mm.
33.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\33.exe
%Windir%\vtemp.dll
%Windir%\vtemp.vbs
%Windir%\winsnav.vbs
%Windir%\win32sp.vbs
Adds the value:
"winXP" = "%System"\33.exe/background"
"windef" = "Win32sp.vbs -quiet"
"NAV Agent" = "%Windir%\winsnav.vbs"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill 33.exe process and remove 33.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\3d_sound.exe
3d_sound.exe is a Trojan.Riados-A.
3d_sound.exe opens a back door.
Related files:
%System%\3d_sound.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill 3d_sound.exe process and remove 3d_sound.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\4d.tmp
4D.TMP is Trojan/Backdoor.
Kill the file 4D.TMP and remove 4D.TMP from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\56171d04\e5c5bdb4.exe
E5C5BDB4.exe is an adware program Adware.CashSaver.
E5C5BDB4.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
csinstall.exe
%System%\mscsclient.exe
%System%\cashsaverbho.dll
%System%\csuninstall.exe
%System%\56171D04\E5C5BDB4.exe
%System%\csupdate.info
%System%\mscsclient.ekw
Adds the value:
"00D34A52" = "%System%\56171D04\E5C5BDB4.exe"
"MSCSCLIENT" = "%System%\mscsclient.exe"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill E5C5BDB4.exe process and remove E5C5BDB4.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\8g.dll
8g.DLL is a Trojan Backdoor.Graybird.O.
8g.DLL monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%ProgramFiles%\Server\Server.exe
%System%\8g.DLL
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove 8g.DLL from Windows startup using RegRun Startup Optimizer.

%sysdir%\a15svcs.exe
a15svcs.exe is a Trojan.PPdoor-Q.
a15svcs.exe opens a back door.
a15svcs.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\dpnetmsg.exe
%System%\iueninet.dll
%System%\fsmgntfs.dll
%System%\ntmapast.dll
%System%\ir50psrv.exe
%System%\kbd1uery.dll
%System%\lfyockaa.dll
%System%\a15svcs.exe
%System%\dpnmdlib.exe
%System%\c_28usic.dll
%System%\atiysnpn.dll
%System%\treemqoa.dll
%System%\arptutdn.dll
%System%\eulapart.dll
%System%\smlo8thk.exe
%System%\odbcfwci.ime
%System%\hgakheg.dll
%System%\jkwbhew.dll
%System%\testtest.exe
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Kill a15svcs.exe process and remove a15svcs.exe from Windows startup using RegRun Startup Optimizer.

%sysdir%\a1g.exe
W32.Atak.B@mm
Adds to Windows startup.
Uses own SMTP engine to send e-mails.
Remove it from startup using Regrun Startup Optimizer.

%sysdir%\aantx.dll
AANTX.DLL is a Adware.Getup.B.
AANTX.DLL is a Browser Helper Object.
AANTX.DLL displays advertisements.
Related files:
%System%\AANTX.DLL
%System%\WinExplore.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove AANTX.DLL from Windows startup using RegRun Startup Optimizer.

%sysdir%\ab1dll.dll
ab1dll.dll is Trojan.Lineage-BB.
ab1dll.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\explorer.exe
%System%\ab1dll.dll.
More info: http://www.sophos.com/virusinfo/analyses...
Removal:
Remove ab1dll.dll from Windows startup using RegRun Startup Optimizer.

%sysdir%\abcedg21.dll
Abcedg21.dll is a Trojan Backdoor.Homutex.
Abcedg21.dll spreads via open network shares.
Abcedg21.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\abcedg21.dll
%System%\drivers\usbcamd0.sys
Adds the value:
"PackedCatalogItem" = "%System%\abcedg21.dll"
to the Windows startup registry keys.
More info: http://securityresponse.symantec.com/avc...
Removal:
Remove abcedg21.dll from Windows startup using RegRun Startup Optimizer.

%sysdir%\abrada.dll
%SysDir%\abrada.dll is Trojan/Backdoor.
Remove abrada.dll using RegRun "Scan for Viruses" feature.
http://www.regrun.com

%sysdir%\abrada.exe
abrada.exe is a spyware TSPY_GOLDUN.CP.
abrada.exe spreads by e-mail.
abrada.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\abrada.dat
%System%\abrada.exe
%System%\abrada.ini
%System%\abradal.dll
%System%\abradaload.dll
More info: http://www.trendmicro.com/vinfo/grayware...
Removal:
Kill the process abrada.exe and remove abrada.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

%sysdir%\abradal.dll
abradal.dll is a spyware TSPY_GOLDUN.CP.
abradal.dll spreads by e-mail.
abradal.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\abrada.dat
%System%\abrada.exe
%System%\abrada.ini
%System%\a