Tuesday, December 30, 2008

Unknown Trojan

Unknown malware description and removal detail
Categories:Trojan,Adware,Spyware,BHO,Backdoor,RAT,Hijacker,Toolbar,Downloader,Hacker Tool,DoS
Also known as:

[Kaspersky]Trojan.Win32.StartPage.ar,Trojan.BAT.DeltreeY.bs,Trojan.Win32.Fynben.b,Trojan-Downloader.Win32.Agent.br,TrojanDownloader.Win32.Dluca.q,TrojanClicker.Win32.Bukaw,DoS.Win32.Drdos;
[Panda]Adware/BlazeFind,Adware/BrowseExample,Adware/ExactSearch,Adware/eZula,Adware/IEDriver,Adware/IEPageHelper,Adware/InstDollars,Adware/Lop,Adware/Midaddle,Adware/nCase,Adware/PortalScan,Adware/PurityScan,Adware/Replace,Adware/Twain-Tech,Adware/VirtualBouncer,Adware/XmlMimeFilter,Application/HideWindow.A,Application/PrcView.A,Application/Psexec.A,Bck/Zcrew.F,Dialer.BB,Dialer.LW,Dialer.PH,Dialer.QX,Trj/Downloader.CA,Trj/Downloader.KW,Trj/Iconz.A,Trj/Mirkaa.G,Trojan Horse,W32/Randon.Y.worm,Dialer.BL,Dialer.DW,Dialer.Gen,Dialer.IP,Dialer.JR,Dialer.JS,Dialer.JT,Dialer.JU,Dialer.JV,Dialer.JW,Dialer.JX,Dialer.KB,Dialer.KC,Dialer.KE,Dialer.KG,Dialer.KH,Dialer.KJ,Dialer.LJ,Dialer.MR,Dialer.QF,Dialer.QT,Spyware/Dluca,Spyware/Dyfuca,Trj/Subsearch.G,Adware/WinTools,Trj/Downloader.FV

Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROGRAM_FILES%]\Netscape\Communicator\Program\Plugins\NPMySrch.dll
[%SYSTEM%]\bhoecart.dll
[%SYSTEM%]\wtssvit.exe
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\suuco.exe
[%APPDATA%]\iestcrmfrood.dll
[%APPDATA%]\oagleehprv.dll
[%APPDATA%]\pntrlltsq.dll
[%DESKTOP%]\digital detective\tempfiles\fxspegrf.dll
[%DESKTOP%]\find a partner where you live.url
[%DESKTOP%]\hot petite girls.url
[%DESKTOP%]\learn to get into porn sites free.url
[%DESKTOP%]\milfs caught on camera.url
[%DESKTOP%]\party poker action.url
[%DESKTOP%]\sluts on the beach.url
[%DESKTOP%]\vip advantage card.url
[%FAVORITES%]\90. general\links\free aol & unlimited internet.url
[%FAVORITES%]\asgo\adtactics login.url
[%FAVORITES%]\asgo\regnow control panel.url
[%FAVORITES%]\boner stuff\bignaturals.com - sexual content warning.url
[%FAVORITES%]\channels\whatsnew.com channel\computers and technology\bonzi voice email.url
[%FAVORITES%]\channels\whatsnew.com channel\search\looksmart.url
[%FAVORITES%]\comic stuff\top 100 batman sites.url
[%FAVORITES%]\computers and technology\bonzi voice email.url
[%FAVORITES%]\cuba\msn search result for - cuba.url
[%FAVORITES%]\flight\worldwide flight sim top sites.url
[%FAVORITES%]\free strip poker.url
[%FAVORITES%]\links\like music - try aol!.url
[%FAVORITES%]\links\search the web.url
[%FAVORITES%]\links\searchnow.ws-the search portal.url
[%FAVORITES%]\links\web search.url
[%FAVORITES%]\mystuff\misc\ft.com.url
[%FAVORITES%]\net search\looksmart.url
[%FAVORITES%]\new stuff\free detergent.url
[%FAVORITES%]\new stuff\free nokia cell phone.url
[%FAVORITES%]\new stuff\free razors.url
[%FAVORITES%]\new stuff\like music - try aol!.url
[%FAVORITES%]\news\apbnews.com.url
[%FAVORITES%]\search\looksmart.url
[%FAVORITES%]\sex drugs - free!.url
[%FAVORITES%]\stuff\affiliate program software.url
[%FAVORITES%]\stuff\canadian topsites.url
[%FAVORITES%]\web building stuff\products\affiliate program software.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart clicks - member login.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart shops looksmart backoffice.url
[%FAVORITES%]\weight loss! new.url
[%FAVORITES%]\writing link lists\looksmart - search results for writing.url
[%FAVORITES%]\writing link lists\msn search result for - journalism jobs.url
[%FAVORITES%]\writing link lists\screenwriting.com top sites.url
[%FAVORITES%]\writing links\writers resources directory.url
[%PROFILE%]\my documents\dowload\virtuagirl.exe
[%PROGRAM_FILES%]\active~1\jugs mags camp.bin
[%PROGRAM_FILES%]\active~1\save corn.dll
[%PROGRAM_FILES%]\active~1\way media.dll
[%PROGRAM_FILES%]\dsb\dsb.exe
[%PROGRAM_FILES%]\gmsoft\dialers\orgycam\orgycam.exe
[%PROGRAM_FILES%]\infotempo toolbar\infotempo.dll
[%PROGRAM_FILES%]\infotempo toolbar\unins000.exe
[%PROGRAM_FILES%]\multij~1\chicreal.dll
[%PROGRAM_FILES%]\navpass\navpass.exe
[%PROGRAM_FILES%]\partme~2\cdrommix.dll
[%PROGRAM_FILES%]\saveba~1\bone1.exe
[%PROGRAM_FILES%]\scom\dialers\xxxmovie_se\xxxmovie_se.exe
[%SYSTEM%]\aacaif.dll
[%SYSTEM%]\adpjtif.dll
[%SYSTEM%]\advpyack.dll
[%SYSTEM%]\bho1.dll
[%SYSTEM%]\bregu.dll
[%SYSTEM%]\cnvffat.dll
[%SYSTEM%]\e2bho.dll
[%SYSTEM%]\elbs.dll
[%SYSTEM%]\epqwnen.exe
[%SYSTEM%]\fgnkc.dll
[%SYSTEM%]\fldbjfh.dll
[%SYSTEM%]\fnbko.dll
[%SYSTEM%]\fnhfilter.dll
[%SYSTEM%]\fxsrcom.dll
[%SYSTEM%]\gamhelper.dll
[%SYSTEM%]\gcffda.dll
[%SYSTEM%]\he3e3fc4.dll
[%SYSTEM%]\hosts.vbs
[%SYSTEM%]\hpdllhost.exe
[%SYSTEM%]\iasrejcst.dll
[%SYSTEM%]\iedcb1f5iedcb1f5.dll
[%SYSTEM%]\iel2cde8.dll
[%SYSTEM%]\ihp.dll
[%SYSTEM%]\iobmkaa.dll
[%SYSTEM%]\ipof.dll
[%SYSTEM%]\jafp.dll
[%SYSTEM%]\jcq5.exe
[%SYSTEM%]\kjbdcan.dll
[%SYSTEM%]\kjpd.dll
[%SYSTEM%]\kw3eef76.dll
[%SYSTEM%]\lbc.dll
[%SYSTEM%]\li01f948.dll
[%SYSTEM%]\lplleia.dll
[%SYSTEM%]\mcomrepl.dll
[%SYSTEM%]\mdlnp.dll
[%SYSTEM%]\mglbh.dll
[%SYSTEM%]\mshtmpre.dll
[%SYSTEM%]\mslink32.dll
[%SYSTEM%]\mvo8s0w.exe
[%SYSTEM%]\ndrv.dll
[%SYSTEM%]\ndrv.exe
[%SYSTEM%]\nf9.dll
[%SYSTEM%]\nzqflswi.dll
[%SYSTEM%]\odxmrtp.dll
[%SYSTEM%]\orpioqa.exe
[%SYSTEM%]\pkhoj.dll
[%SYSTEM%]\ppmpab.dll
[%SYSTEM%]\pwrsc037.dll
[%SYSTEM%]\qunzuuec.dll
[%SYSTEM%]\rdpwcxon.dll
[%SYSTEM%]\readdb40.dll
[%SYSTEM%]\rhin7.dll
[%SYSTEM%]\si91e44b.dll
[%SYSTEM%]\syslibie.dll
[%SYSTEM%]\vpataszc.exe
[%SYSTEM%]\vrttofhi.dll
[%SYSTEM%]\xbatt.dll
[%SYSTEM%]\yieynybd.dll
[%SYSTEM%]\ynodzw.exe
[%SYSTEM%]\zedd4.dll
[%SYSTEM%]\zestyfind.dll
[%SYSTEM%]\zxvhnl.dll
[%WINDOWS%]\adultx.exe
[%WINDOWS%]\downloaded program files\404search.dll
[%WINDOWS%]\downloaded program files\404sea~1.dll
[%WINDOWS%]\favorites\ games.url
[%WINDOWS%]\favorites\links\aol search.url
[%WINDOWS%]\free_sex_download_uk.exe
[%WINDOWS%]\hqr.exe
[%WINDOWS%]\iems.dll
[%WINDOWS%]\madise.dll
[%WINDOWS%]\mpjkoxef.dll
[%WINDOWS%]\pkqrlv.exe
[%WINDOWS%]\quyrpdch.exe
[%WINDOWS%]\system\bho1.dll
[%WINDOWS%]\system\e2bho.dll
[%WINDOWS%]\system\gamhelper.dll
[%WINDOWS%]\system\helper.exe
[%WINDOWS%]\system\iedcb1f5iedcb1f5.dll
[%WINDOWS%]\system\mshtmpre.dll
[%WINDOWS%]\system\mslink32.dll
[%WINDOWS%]\system\pwrsc037.dll
[%WINDOWS%]\system\syslibie.dll
[%WINDOWS%]\system\wstart.dll
[%WINDOWS%]\system\wtssvit.exe
[%WINDOWS%]\system\zestyfind.dll
[%WINDOWS%]\temp\lgycy.exe
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROGRAM_FILES%]\Netscape\Communicator\Program\Plugins\NPMySrch.dll
[%SYSTEM%]\bhoecart.dll
[%SYSTEM%]\wtssvit.exe
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\suuco.exe
[%APPDATA%]\iestcrmfrood.dll
[%APPDATA%]\oagleehprv.dll
[%APPDATA%]\pntrlltsq.dll
[%DESKTOP%]\digital detective\tempfiles\fxspegrf.dll
[%DESKTOP%]\find a partner where you live.url
[%DESKTOP%]\hot petite girls.url
[%DESKTOP%]\learn to get into porn sites free.url
[%DESKTOP%]\milfs caught on camera.url
[%DESKTOP%]\party poker action.url
[%DESKTOP%]\sluts on the beach.url
[%DESKTOP%]\vip advantage card.url
[%FAVORITES%]\90. general\links\free aol & unlimited internet.url
[%FAVORITES%]\asgo\adtactics login.url
[%FAVORITES%]\asgo\regnow control panel.url
[%FAVORITES%]\boner stuff\bignaturals.com - sexual content warning.url
[%FAVORITES%]\channels\whatsnew.com channel\computers and technology\bonzi voice email.url
[%FAVORITES%]\channels\whatsnew.com channel\search\looksmart.url
[%FAVORITES%]\comic stuff\top 100 batman sites.url
[%FAVORITES%]\computers and technology\bonzi voice email.url
[%FAVORITES%]\cuba\msn search result for - cuba.url
[%FAVORITES%]\flight\worldwide flight sim top sites.url
[%FAVORITES%]\free strip poker.url
[%FAVORITES%]\links\like music - try aol!.url
[%FAVORITES%]\links\search the web.url
[%FAVORITES%]\links\searchnow.ws-the search portal.url
[%FAVORITES%]\links\web search.url
[%FAVORITES%]\mystuff\misc\ft.com.url
[%FAVORITES%]\net search\looksmart.url
[%FAVORITES%]\new stuff\free detergent.url
[%FAVORITES%]\new stuff\free nokia cell phone.url
[%FAVORITES%]\new stuff\free razors.url
[%FAVORITES%]\new stuff\like music - try aol!.url
[%FAVORITES%]\news\apbnews.com.url
[%FAVORITES%]\search\looksmart.url
[%FAVORITES%]\sex drugs - free!.url
[%FAVORITES%]\stuff\affiliate program software.url
[%FAVORITES%]\stuff\canadian topsites.url
[%FAVORITES%]\web building stuff\products\affiliate program software.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart clicks - member login.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart shops looksmart backoffice.url
[%FAVORITES%]\weight loss! new.url
[%FAVORITES%]\writing link lists\looksmart - search results for writing.url
[%FAVORITES%]\writing link lists\msn search result for - journalism jobs.url
[%FAVORITES%]\writing link lists\screenwriting.com top sites.url
[%FAVORITES%]\writing links\writers resources directory.url
[%PROFILE%]\my documents\dowload\virtuagirl.exe
[%PROGRAM_FILES%]\active~1\jugs mags camp.bin
[%PROGRAM_FILES%]\active~1\save corn.dll
[%PROGRAM_FILES%]\active~1\way media.dll
[%PROGRAM_FILES%]\dsb\dsb.exe
[%PROGRAM_FILES%]\gmsoft\dialers\orgycam\orgycam.exe
[%PROGRAM_FILES%]\infotempo toolbar\infotempo.dll
[%PROGRAM_FILES%]\infotempo toolbar\unins000.exe
[%PROGRAM_FILES%]\multij~1\chicreal.dll
[%PROGRAM_FILES%]\navpass\navpass.exe
[%PROGRAM_FILES%]\partme~2\cdrommix.dll
[%PROGRAM_FILES%]\saveba~1\bone1.exe
[%PROGRAM_FILES%]\scom\dialers\xxxmovie_se\xxxmovie_se.exe
[%SYSTEM%]\aacaif.dll
[%SYSTEM%]\adpjtif.dll
[%SYSTEM%]\advpyack.dll
[%SYSTEM%]\bho1.dll
[%SYSTEM%]\bregu.dll
[%SYSTEM%]\cnvffat.dll
[%SYSTEM%]\e2bho.dll
[%SYSTEM%]\elbs.dll
[%SYSTEM%]\epqwnen.exe
[%SYSTEM%]\fgnkc.dll
[%SYSTEM%]\fldbjfh.dll
[%SYSTEM%]\fnbko.dll
[%SYSTEM%]\fnhfilter.dll
[%SYSTEM%]\fxsrcom.dll
[%SYSTEM%]\gamhelper.dll
[%SYSTEM%]\gcffda.dll
[%SYSTEM%]\he3e3fc4.dll
[%SYSTEM%]\hosts.vbs
[%SYSTEM%]\hpdllhost.exe
[%SYSTEM%]\iasrejcst.dll
[%SYSTEM%]\iedcb1f5iedcb1f5.dll
[%SYSTEM%]\iel2cde8.dll
[%SYSTEM%]\ihp.dll
[%SYSTEM%]\iobmkaa.dll
[%SYSTEM%]\ipof.dll
[%SYSTEM%]\jafp.dll
[%SYSTEM%]\jcq5.exe
[%SYSTEM%]\kjbdcan.dll
[%SYSTEM%]\kjpd.dll
[%SYSTEM%]\kw3eef76.dll
[%SYSTEM%]\lbc.dll
[%SYSTEM%]\li01f948.dll
[%SYSTEM%]\lplleia.dll
[%SYSTEM%]\mcomrepl.dll
[%SYSTEM%]\mdlnp.dll
[%SYSTEM%]\mglbh.dll
[%SYSTEM%]\mshtmpre.dll
[%SYSTEM%]\mslink32.dll
[%SYSTEM%]\mvo8s0w.exe
[%SYSTEM%]\ndrv.dll
[%SYSTEM%]\ndrv.exe
[%SYSTEM%]\nf9.dll
[%SYSTEM%]\nzqflswi.dll
[%SYSTEM%]\odxmrtp.dll
[%SYSTEM%]\orpioqa.exe
[%SYSTEM%]\pkhoj.dll
[%SYSTEM%]\ppmpab.dll
[%SYSTEM%]\pwrsc037.dll
[%SYSTEM%]\qunzuuec.dll
[%SYSTEM%]\rdpwcxon.dll
[%SYSTEM%]\readdb40.dll
[%SYSTEM%]\rhin7.dll
[%SYSTEM%]\si91e44b.dll
[%SYSTEM%]\syslibie.dll
[%SYSTEM%]\vpataszc.exe
[%SYSTEM%]\vrttofhi.dll
[%SYSTEM%]\xbatt.dll
[%SYSTEM%]\yieynybd.dll
[%SYSTEM%]\ynodzw.exe
[%SYSTEM%]\zedd4.dll
[%SYSTEM%]\zestyfind.dll
[%SYSTEM%]\zxvhnl.dll
[%WINDOWS%]\adultx.exe
[%WINDOWS%]\downloaded program files\404search.dll
[%WINDOWS%]\downloaded program files\404sea~1.dll
[%WINDOWS%]\favorites\ games.url
[%WINDOWS%]\favorites\links\aol search.url
[%WINDOWS%]\free_sex_download_uk.exe
[%WINDOWS%]\hqr.exe
[%WINDOWS%]\iems.dll
[%WINDOWS%]\madise.dll
[%WINDOWS%]\mpjkoxef.dll
[%WINDOWS%]\pkqrlv.exe
[%WINDOWS%]\quyrpdch.exe
[%WINDOWS%]\system\bho1.dll
[%WINDOWS%]\system\e2bho.dll
[%WINDOWS%]\system\gamhelper.dll
[%WINDOWS%]\system\helper.exe
[%WINDOWS%]\system\iedcb1f5iedcb1f5.dll
[%WINDOWS%]\system\mshtmpre.dll
[%WINDOWS%]\system\mslink32.dll
[%WINDOWS%]\system\pwrsc037.dll
[%WINDOWS%]\system\syslibie.dll
[%WINDOWS%]\system\wstart.dll
[%WINDOWS%]\system\wtssvit.exe
[%WINDOWS%]\system\zestyfind.dll
[%WINDOWS%]\temp\lgycy.exe

In order to ensure that the Unknown is launched automatically each time the system is booted, the Unknown adds a link to its executable file in the system registry:
HKLM\Microsoft\Windows\CurrentVersion\Run
[%PROFILE_TEMP%]\mtbs.exe
[%SYSTEM%]\wtssvit.exe
[%WINDOWS%]\suuco.exe
[%PROFILE%]\my documents\dowload\virtuagirl.exe
[%PROGRAM_FILES%]\dsb\dsb.exe
[%PROGRAM_FILES%]\gmsoft\dialers\orgycam\orgycam.exe
[%PROGRAM_FILES%]\infotempo toolbar\unins000.exe
[%PROGRAM_FILES%]\navpass\navpass.exe
[%PROGRAM_FILES%]\saveba~1\bone1.exe
[%PROGRAM_FILES%]\scom\dialers\xxxmovie_se\xxxmovie_se.exe
[%SYSTEM%]\epqwnen.exe
[%SYSTEM%]\hpdllhost.exe
[%SYSTEM%]\jcq5.exe
[%SYSTEM%]\mvo8s0w.exe
[%SYSTEM%]\ndrv.exe
[%SYSTEM%]\orpioqa.exe
[%SYSTEM%]\vpataszc.exe
[%SYSTEM%]\ynodzw.exe
[%WINDOWS%]\adultx.exe
[%WINDOWS%]\free_sex_download_uk.exe
[%WINDOWS%]\hqr.exe
[%WINDOWS%]\pkqrlv.exe
[%WINDOWS%]\quyrpdch.exe
[%WINDOWS%]\system\helper.exe
[%WINDOWS%]\system\wtssvit.exe
[%WINDOWS%]\temp\lgycy.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Unknown:

Files:
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROGRAM_FILES%]\Netscape\Communicator\Program\Plugins\NPMySrch.dll
[%SYSTEM%]\bhoecart.dll
[%SYSTEM%]\wtssvit.exe
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\suuco.exe
[%APPDATA%]\iestcrmfrood.dll
[%APPDATA%]\oagleehprv.dll
[%APPDATA%]\pntrlltsq.dll
[%DESKTOP%]\digital detective\tempfiles\fxspegrf.dll
[%DESKTOP%]\find a partner where you live.url
[%DESKTOP%]\hot petite girls.url
[%DESKTOP%]\learn to get into porn sites free.url
[%DESKTOP%]\milfs caught on camera.url
[%DESKTOP%]\party poker action.url
[%DESKTOP%]\sluts on the beach.url
[%DESKTOP%]\vip advantage card.url
[%FAVORITES%]\90. general\links\free aol & unlimited internet.url
[%FAVORITES%]\asgo\adtactics login.url
[%FAVORITES%]\asgo\regnow control panel.url
[%FAVORITES%]\boner stuff\bignaturals.com - sexual content warning.url
[%FAVORITES%]\channels\whatsnew.com channel\computers and technology\bonzi voice email.url
[%FAVORITES%]\channels\whatsnew.com channel\search\looksmart.url
[%FAVORITES%]\comic stuff\top 100 batman sites.url
[%FAVORITES%]\computers and technology\bonzi voice email.url
[%FAVORITES%]\cuba\msn search result for - cuba.url
[%FAVORITES%]\flight\worldwide flight sim top sites.url
[%FAVORITES%]\free strip poker.url
[%FAVORITES%]\links\like music - try aol!.url
[%FAVORITES%]\links\search the web.url
[%FAVORITES%]\links\searchnow.ws-the search portal.url
[%FAVORITES%]\links\web search.url
[%FAVORITES%]\mystuff\misc\ft.com.url
[%FAVORITES%]\net search\looksmart.url
[%FAVORITES%]\new stuff\free detergent.url
[%FAVORITES%]\new stuff\free nokia cell phone.url
[%FAVORITES%]\new stuff\free razors.url
[%FAVORITES%]\new stuff\like music - try aol!.url
[%FAVORITES%]\news\apbnews.com.url
[%FAVORITES%]\search\looksmart.url
[%FAVORITES%]\sex drugs - free!.url
[%FAVORITES%]\stuff\affiliate program software.url
[%FAVORITES%]\stuff\canadian topsites.url
[%FAVORITES%]\web building stuff\products\affiliate program software.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart clicks - member login.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart shops looksmart backoffice.url
[%FAVORITES%]\weight loss! new.url
[%FAVORITES%]\writing link lists\looksmart - search results for writing.url
[%FAVORITES%]\writing link lists\msn search result for - journalism jobs.url
[%FAVORITES%]\writing link lists\screenwriting.com top sites.url
[%FAVORITES%]\writing links\writers resources directory.url
[%PROFILE%]\my documents\dowload\virtuagirl.exe
[%PROGRAM_FILES%]\active~1\jugs mags camp.bin
[%PROGRAM_FILES%]\active~1\save corn.dll
[%PROGRAM_FILES%]\active~1\way media.dll
[%PROGRAM_FILES%]\dsb\dsb.exe
[%PROGRAM_FILES%]\gmsoft\dialers\orgycam\orgycam.exe
[%PROGRAM_FILES%]\infotempo toolbar\infotempo.dll
[%PROGRAM_FILES%]\infotempo toolbar\unins000.exe
[%PROGRAM_FILES%]\multij~1\chicreal.dll
[%PROGRAM_FILES%]\navpass\navpass.exe
[%PROGRAM_FILES%]\partme~2\cdrommix.dll
[%PROGRAM_FILES%]\saveba~1\bone1.exe
[%PROGRAM_FILES%]\scom\dialers\xxxmovie_se\xxxmovie_se.exe
[%SYSTEM%]\aacaif.dll
[%SYSTEM%]\adpjtif.dll
[%SYSTEM%]\advpyack.dll
[%SYSTEM%]\bho1.dll
[%SYSTEM%]\bregu.dll
[%SYSTEM%]\cnvffat.dll
[%SYSTEM%]\e2bho.dll
[%SYSTEM%]\elbs.dll
[%SYSTEM%]\epqwnen.exe
[%SYSTEM%]\fgnkc.dll
[%SYSTEM%]\fldbjfh.dll
[%SYSTEM%]\fnbko.dll
[%SYSTEM%]\fnhfilter.dll
[%SYSTEM%]\fxsrcom.dll
[%SYSTEM%]\gamhelper.dll
[%SYSTEM%]\gcffda.dll
[%SYSTEM%]\he3e3fc4.dll
[%SYSTEM%]\hosts.vbs
[%SYSTEM%]\hpdllhost.exe
[%SYSTEM%]\iasrejcst.dll
[%SYSTEM%]\iedcb1f5iedcb1f5.dll
[%SYSTEM%]\iel2cde8.dll
[%SYSTEM%]\ihp.dll
[%SYSTEM%]\iobmkaa.dll
[%SYSTEM%]\ipof.dll
[%SYSTEM%]\jafp.dll
[%SYSTEM%]\jcq5.exe
[%SYSTEM%]\kjbdcan.dll
[%SYSTEM%]\kjpd.dll
[%SYSTEM%]\kw3eef76.dll
[%SYSTEM%]\lbc.dll
[%SYSTEM%]\li01f948.dll
[%SYSTEM%]\lplleia.dll
[%SYSTEM%]\mcomrepl.dll
[%SYSTEM%]\mdlnp.dll
[%SYSTEM%]\mglbh.dll
[%SYSTEM%]\mshtmpre.dll
[%SYSTEM%]\mslink32.dll
[%SYSTEM%]\mvo8s0w.exe
[%SYSTEM%]\ndrv.dll
[%SYSTEM%]\ndrv.exe
[%SYSTEM%]\nf9.dll
[%SYSTEM%]\nzqflswi.dll
[%SYSTEM%]\odxmrtp.dll
[%SYSTEM%]\orpioqa.exe
[%SYSTEM%]\pkhoj.dll
[%SYSTEM%]\ppmpab.dll
[%SYSTEM%]\pwrsc037.dll
[%SYSTEM%]\qunzuuec.dll
[%SYSTEM%]\rdpwcxon.dll
[%SYSTEM%]\readdb40.dll
[%SYSTEM%]\rhin7.dll
[%SYSTEM%]\si91e44b.dll
[%SYSTEM%]\syslibie.dll
[%SYSTEM%]\vpataszc.exe
[%SYSTEM%]\vrttofhi.dll
[%SYSTEM%]\xbatt.dll
[%SYSTEM%]\yieynybd.dll
[%SYSTEM%]\ynodzw.exe
[%SYSTEM%]\zedd4.dll
[%SYSTEM%]\zestyfind.dll
[%SYSTEM%]\zxvhnl.dll
[%WINDOWS%]\adultx.exe
[%WINDOWS%]\downloaded program files\404search.dll
[%WINDOWS%]\downloaded program files\404sea~1.dll
[%WINDOWS%]\favorites\ games.url
[%WINDOWS%]\favorites\links\aol search.url
[%WINDOWS%]\free_sex_download_uk.exe
[%WINDOWS%]\hqr.exe
[%WINDOWS%]\iems.dll
[%WINDOWS%]\madise.dll
[%WINDOWS%]\mpjkoxef.dll
[%WINDOWS%]\pkqrlv.exe
[%WINDOWS%]\quyrpdch.exe
[%WINDOWS%]\system\bho1.dll
[%WINDOWS%]\system\e2bho.dll
[%WINDOWS%]\system\gamhelper.dll
[%WINDOWS%]\system\helper.exe
[%WINDOWS%]\system\iedcb1f5iedcb1f5.dll
[%WINDOWS%]\system\mshtmpre.dll
[%WINDOWS%]\system\mslink32.dll
[%WINDOWS%]\system\pwrsc037.dll
[%WINDOWS%]\system\syslibie.dll
[%WINDOWS%]\system\wstart.dll
[%WINDOWS%]\system\wtssvit.exe
[%WINDOWS%]\system\zestyfind.dll
[%WINDOWS%]\temp\lgycy.exe
[%PROFILE_TEMP%]\msntb.dll
[%PROFILE_TEMP%]\mtbs.exe
[%PROGRAM_FILES%]\Netscape\Communicator\Program\Plugins\NPMySrch.dll
[%SYSTEM%]\bhoecart.dll
[%SYSTEM%]\wtssvit.exe
[%WINDOWS%]\downloaded program files\installer.inf
[%WINDOWS%]\suuco.exe
[%APPDATA%]\iestcrmfrood.dll
[%APPDATA%]\oagleehprv.dll
[%APPDATA%]\pntrlltsq.dll
[%DESKTOP%]\digital detective\tempfiles\fxspegrf.dll
[%DESKTOP%]\find a partner where you live.url
[%DESKTOP%]\hot petite girls.url
[%DESKTOP%]\learn to get into porn sites free.url
[%DESKTOP%]\milfs caught on camera.url
[%DESKTOP%]\party poker action.url
[%DESKTOP%]\sluts on the beach.url
[%DESKTOP%]\vip advantage card.url
[%FAVORITES%]\90. general\links\free aol & unlimited internet.url
[%FAVORITES%]\asgo\adtactics login.url
[%FAVORITES%]\asgo\regnow control panel.url
[%FAVORITES%]\boner stuff\bignaturals.com - sexual content warning.url
[%FAVORITES%]\channels\whatsnew.com channel\computers and technology\bonzi voice email.url
[%FAVORITES%]\channels\whatsnew.com channel\search\looksmart.url
[%FAVORITES%]\comic stuff\top 100 batman sites.url
[%FAVORITES%]\computers and technology\bonzi voice email.url
[%FAVORITES%]\cuba\msn search result for - cuba.url
[%FAVORITES%]\flight\worldwide flight sim top sites.url
[%FAVORITES%]\free strip poker.url
[%FAVORITES%]\links\like music - try aol!.url
[%FAVORITES%]\links\search the web.url
[%FAVORITES%]\links\searchnow.ws-the search portal.url
[%FAVORITES%]\links\web search.url
[%FAVORITES%]\mystuff\misc\ft.com.url
[%FAVORITES%]\net search\looksmart.url
[%FAVORITES%]\new stuff\free detergent.url
[%FAVORITES%]\new stuff\free nokia cell phone.url
[%FAVORITES%]\new stuff\free razors.url
[%FAVORITES%]\new stuff\like music - try aol!.url
[%FAVORITES%]\news\apbnews.com.url
[%FAVORITES%]\search\looksmart.url
[%FAVORITES%]\sex drugs - free!.url
[%FAVORITES%]\stuff\affiliate program software.url
[%FAVORITES%]\stuff\canadian topsites.url
[%FAVORITES%]\web building stuff\products\affiliate program software.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart clicks - member login.url
[%FAVORITES%]\web building stuff\promotion and services\looksmart shops looksmart backoffice.url
[%FAVORITES%]\weight loss! new.url
[%FAVORITES%]\writing link lists\looksmart - search results for writing.url
[%FAVORITES%]\writing link lists\msn search result for - journalism jobs.url
[%FAVORITES%]\writing link lists\screenwriting.com top sites.url
[%FAVORITES%]\writing links\writers resources directory.url
[%PROFILE%]\my documents\dowload\virtuagirl.exe
[%PROGRAM_FILES%]\active~1\jugs mags camp.bin
[%PROGRAM_FILES%]\active~1\save corn.dll
[%PROGRAM_FILES%]\active~1\way media.dll
[%PROGRAM_FILES%]\dsb\dsb.exe
[%PROGRAM_FILES%]\gmsoft\dialers\orgycam\orgycam.exe
[%PROGRAM_FILES%]\infotempo toolbar\infotempo.dll
[%PROGRAM_FILES%]\infotempo toolbar\unins000.exe
[%PROGRAM_FILES%]\multij~1\chicreal.dll
[%PROGRAM_FILES%]\navpass\navpass.exe
[%PROGRAM_FILES%]\partme~2\cdrommix.dll
[%PROGRAM_FILES%]\saveba~1\bone1.exe
[%PROGRAM_FILES%]\scom\dialers\xxxmovie_se\xxxmovie_se.exe
[%SYSTEM%]\aacaif.dll
[%SYSTEM%]\adpjtif.dll
[%SYSTEM%]\advpyack.dll
[%SYSTEM%]\bho1.dll
[%SYSTEM%]\bregu.dll
[%SYSTEM%]\cnvffat.dll
[%SYSTEM%]\e2bho.dll
[%SYSTEM%]\elbs.dll
[%SYSTEM%]\epqwnen.exe
[%SYSTEM%]\fgnkc.dll
[%SYSTEM%]\fldbjfh.dll
[%SYSTEM%]\fnbko.dll
[%SYSTEM%]\fnhfilter.dll
[%SYSTEM%]\fxsrcom.dll
[%SYSTEM%]\gamhelper.dll
[%SYSTEM%]\gcffda.dll
[%SYSTEM%]\he3e3fc4.dll
[%SYSTEM%]\hosts.vbs
[%SYSTEM%]\hpdllhost.exe
[%SYSTEM%]\iasrejcst.dll
[%SYSTEM%]\iedcb1f5iedcb1f5.dll
[%SYSTEM%]\iel2cde8.dll
[%SYSTEM%]\ihp.dll
[%SYSTEM%]\iobmkaa.dll
[%SYSTEM%]\ipof.dll
[%SYSTEM%]\jafp.dll
[%SYSTEM%]\jcq5.exe
[%SYSTEM%]\kjbdcan.dll
[%SYSTEM%]\kjpd.dll
[%SYSTEM%]\kw3eef76.dll
[%SYSTEM%]\lbc.dll
[%SYSTEM%]\li01f948.dll
[%SYSTEM%]\lplleia.dll
[%SYSTEM%]\mcomrepl.dll
[%SYSTEM%]\mdlnp.dll
[%SYSTEM%]\mglbh.dll
[%SYSTEM%]\mshtmpre.dll
[%SYSTEM%]\mslink32.dll
[%SYSTEM%]\mvo8s0w.exe
[%SYSTEM%]\ndrv.dll
[%SYSTEM%]\ndrv.exe
[%SYSTEM%]\nf9.dll
[%SYSTEM%]\nzqflswi.dll
[%SYSTEM%]\odxmrtp.dll
[%SYSTEM%]\orpioqa.exe
[%SYSTEM%]\pkhoj.dll
[%SYSTEM%]\ppmpab.dll
[%SYSTEM%]\pwrsc037.dll
[%SYSTEM%]\qunzuuec.dll
[%SYSTEM%]\rdpwcxon.dll
[%SYSTEM%]\readdb40.dll
[%SYSTEM%]\rhin7.dll
[%SYSTEM%]\si91e44b.dll
[%SYSTEM%]\syslibie.dll
[%SYSTEM%]\vpataszc.exe
[%SYSTEM%]\vrttofhi.dll
[%SYSTEM%]\xbatt.dll
[%SYSTEM%]\yieynybd.dll
[%SYSTEM%]\ynodzw.exe
[%SYSTEM%]\zedd4.dll
[%SYSTEM%]\zestyfind.dll
[%SYSTEM%]\zxvhnl.dll
[%WINDOWS%]\adultx.exe
[%WINDOWS%]\downloaded program files\404search.dll
[%WINDOWS%]\downloaded program files\404sea~1.dll
[%WINDOWS%]\favorites\ games.url
[%WINDOWS%]\favorites\links\aol search.url
[%WINDOWS%]\free_sex_download_uk.exe
[%WINDOWS%]\hqr.exe
[%WINDOWS%]\iems.dll
[%WINDOWS%]\madise.dll
[%WINDOWS%]\mpjkoxef.dll
[%WINDOWS%]\pkqrlv.exe
[%WINDOWS%]\quyrpdch.exe
[%WINDOWS%]\system\bho1.dll
[%WINDOWS%]\system\e2bho.dll
[%WINDOWS%]\system\gamhelper.dll
[%WINDOWS%]\system\helper.exe
[%WINDOWS%]\system\iedcb1f5iedcb1f5.dll
[%WINDOWS%]\system\mshtmpre.dll
[%WINDOWS%]\system\mslink32.dll
[%WINDOWS%]\system\pwrsc037.dll
[%WINDOWS%]\system\syslibie.dll
[%WINDOWS%]\system\wstart.dll
[%WINDOWS%]\system\wtssvit.exe
[%WINDOWS%]\system\zestyfind.dll
[%WINDOWS%]\temp\lgycy.exe

Folders:
[%PROGRAM_FILES%]\dialers
[%PROGRAM_FILES%]\lec\translate dotnet
[%PROFILE%]\share-to-web upload folder
[%PROGRAM_FILES%]\comsoft\dialers\hotaction_jp
[%PROGRAM_FILES%]\gmsoft\dialers\videogirls_jp
[%PROGRAM_FILES%]\okaybi~1
[%PROGRAM_FILES%]\proc chin save

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{1dbab667-a486-421e-afe4-cf07dd0088e5}
HKEY_CLASSES_ROOT\CLSID\{79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B}
HKEY_CLASSES_ROOT\CLSID\{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D}
HKEY_CLASSES_ROOT\clsid\{da9a0b1e-9b7b-11d3-b8a4-00c04f79641c}
HKEY_CLASSES_ROOT\interface\{da9a0b1d-9b7b-11d3-b8a4-00c04f79641c}
HKEY_CLASSES_ROOT\interface\{da9a0b1f-9b7b-11d3-b8a4-00c04f79641c}
HKEY_CLASSES_ROOT\nsupdatelite.nsupdatelitectrl
HKEY_CLASSES_ROOT\nsupdatelite.nsupdatelitectrl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D}
HKEY_CLASSES_ROOT\clsid\{00000000-0000-0000-8835-3eff76bf2657}
HKEY_CLASSES_ROOT\clsid\{00000000-0000-47c5-a90f-2cde8f7638db}
HKEY_CLASSES_ROOT\clsid\{000e6ed5-e3fc-4c93-99e9-d38d2a9f9b09}
HKEY_CLASSES_ROOT\clsid\{00d6391e-0a95-4822-a486-6d71140b38fd}
HKEY_CLASSES_ROOT\clsid\{0575b04f-5ab0-47c8-9a55-519bff224b6b}
HKEY_CLASSES_ROOT\clsid\{08227b4b-54fe-4c4d-809f-bca46292fc5b}
HKEY_CLASSES_ROOT\clsid\{0ab101c3-bc7b-4923-ba37-f0bc08d51643}
HKEY_CLASSES_ROOT\clsid\{0ca7bd1e-6c6f-4662-a862-c3cd2af948c7}
HKEY_CLASSES_ROOT\clsid\{0d7dc475-59eb-4781-985f-a6f5d4e2bc73}
HKEY_CLASSES_ROOT\clsid\{16d86523-e534-26cc-8723-6d550da2286d}
HKEY_CLASSES_ROOT\clsid\{1a9f4606-9339-4eec-8af4-183bbc23a5e4}
HKEY_CLASSES_ROOT\clsid\{1e5ac1da-dcb2-48fe-82b8-37fd2a41296a}
HKEY_CLASSES_ROOT\clsid\{1f5c5d6b-164d-a8d2-9aba-ceee1f34b875}
HKEY_CLASSES_ROOT\clsid\{2033184e-d536-43e4-837f-6a53c48eb03f}
HKEY_CLASSES_ROOT\clsid\{207fa209-db2e-71f6-ca5f-85ea61cb9d36}
HKEY_CLASSES_ROOT\clsid\{22233f5a-a9bc-45a7-ae9c-8f4d82e61459}
HKEY_CLASSES_ROOT\clsid\{223405ec-01f9-48a2-bdbb-d519913e2765}
HKEY_CLASSES_ROOT\clsid\{27ac09ee-c20b-4ba4-8e27-f1c33d263875}
HKEY_CLASSES_ROOT\clsid\{28a19c3e-91e4-4bca-a623-baf3c43c4f49}
HKEY_CLASSES_ROOT\clsid\{28e37cc0-4719-1623-19a4-a5b226609789}
HKEY_CLASSES_ROOT\clsid\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_CLASSES_ROOT\clsid\{3314c264-cdde-dcb9-31b1-081242a4d00c}
HKEY_CLASSES_ROOT\clsid\{3429220b-0819-f8d0-88e2-d5acad1a4fac}
HKEY_CLASSES_ROOT\clsid\{34aadc13-3b6a-639e-f973-8541e36db1ac}
HKEY_CLASSES_ROOT\clsid\{358d3405-e434-20bc-8225-165508a22e1b}
HKEY_CLASSES_ROOT\clsid\{359e2bb3-5832-4d4e-90ad-c3c402b53bc5}
HKEY_CLASSES_ROOT\clsid\{36c98259-49be-4a55-b5e8-a1fe92fc797d}
HKEY_CLASSES_ROOT\clsid\{38a6658c-1890-43f0-8bd6-49a8fec332af}
HKEY_CLASSES_ROOT\clsid\{39a5e224-9717-473f-a72c-47760fc2a0d5}
HKEY_CLASSES_ROOT\clsid\{3a3dd302-21d6-4efd-86e9-53a4e155c383}
HKEY_CLASSES_ROOT\clsid\{4b8b8500-6df6-49f5-84fc-bcb29a610be5}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-eefd-ed6db186ce4d}
HKEY_CLASSES_ROOT\clsid\{4fa91654-bd31-0bbb-8251-66550daf2c1c}
HKEY_CLASSES_ROOT\clsid\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}
HKEY_CLASSES_ROOT\clsid\{57cd6d2e-0291-488f-b846-af101b367dd5}
HKEY_CLASSES_ROOT\clsid\{5cf8a355-f8c6-4883-9c25-49d01a7d25be}
HKEY_CLASSES_ROOT\clsid\{601f25ad-d536-4c71-b3af-5461d32efd53}
HKEY_CLASSES_ROOT\clsid\{64ff372b-c647-58b7-8757-105504a62918}
HKEY_CLASSES_ROOT\clsid\{671af29a-78da-4f96-b4dc-91d9828fd591}
HKEY_CLASSES_ROOT\clsid\{6a67c6a1-61be-6b12-f8cb-32bd91c5a443}
HKEY_CLASSES_ROOT\clsid\{6a6c5a51-f2ee-4aa1-8115-4ee8f196ce03}
HKEY_CLASSES_ROOT\clsid\{771814aa-173c-43ec-8b20-17c81eecbea6}
HKEY_CLASSES_ROOT\clsid\{79c03bc5-6c55-4b5b-921f-c02b6f1abd7b}
HKEY_CLASSES_ROOT\clsid\{7a2da135-a03b-2027-acd8-c7e5b6b55b63}
HKEY_CLASSES_ROOT\clsid\{7b6020c8-7f87-70b3-1aac-b50f918b8a79}
HKEY_CLASSES_ROOT\clsid\{7dad2714-eb48-4f4a-85e9-1446f04ae979}
HKEY_CLASSES_ROOT\clsid\{83dd9741-94b8-4be3-b577-828c752ac215}
HKEY_CLASSES_ROOT\clsid\{853448ae-cb90-7ab2-925d-74ea9d2c1250}
HKEY_CLASSES_ROOT\clsid\{888419d5-3fc7-4e87-bad9-256147bd9cda}
HKEY_CLASSES_ROOT\clsid\{8dd77666-3526-4624-d8f1-49b0f43de00d}
HKEY_CLASSES_ROOT\clsid\{9117b43c-d64e-4470-8d29-2eb65882467d}
HKEY_CLASSES_ROOT\clsid\{945fc858-eaf9-fe24-c98f-3de4c9bf59c4}
HKEY_CLASSES_ROOT\clsid\{94a12dba-015b-1abd-a2cb-a5bc6b81e2f4}
HKEY_CLASSES_ROOT\clsid\{94f3b4b5-d82b-4e2e-8d62-4ade1753d9a0}
HKEY_CLASSES_ROOT\clsid\{99881e4b-25c3-46c1-9202-c89e0b76d3ab}
HKEY_CLASSES_ROOT\clsid\{9a5b9cb5-37f4-4c4b-8738-6181fb29d565}
HKEY_CLASSES_ROOT\clsid\{9c686327-9288-4d89-b9b6-1c76c08d6ae1}
HKEY_CLASSES_ROOT\clsid\{9ec2e54e-2f3c-496c-ac8f-a12e5c4a27b5}
HKEY_CLASSES_ROOT\clsid\{9ee490a6-4079-7698-56ba-34c832f16bc9}
HKEY_CLASSES_ROOT\clsid\{a08ed5e1-c7f5-4408-97d5-a5abe56b3495}
HKEY_CLASSES_ROOT\clsid\{a5ba307e-f30b-4f25-a19d-70c77e15e76b}
HKEY_CLASSES_ROOT\clsid\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}
HKEY_CLASSES_ROOT\clsid\{a92535df-42d9-4d00-bc9c-d61ad8c36263}
HKEY_CLASSES_ROOT\clsid\{ad1454b5-8e44-c5ee-4fb3-f2a0418d8e8b}
HKEY_CLASSES_ROOT\clsid\{b0a68599-99ce-4d74-a98a-5bd635da6192}
HKEY_CLASSES_ROOT\clsid\{b0b0ba05-b522-49ab-84ca-d0395d268924}
HKEY_CLASSES_ROOT\clsid\{b34f3e88-5934-80e4-6251-b134315c69c6}
HKEY_CLASSES_ROOT\clsid\{b9d90b27-ad4a-413a-88cb-3e6ddc10dc2d}
HKEY_CLASSES_ROOT\clsid\{ba889c1a-1d48-4ab2-bb15-79298679f736}
HKEY_CLASSES_ROOT\clsid\{ba94f81e-99fc-40e1-824c-baa00b575f4a}
HKEY_CLASSES_ROOT\clsid\{beedb2d5-c8f3-199c-e330-fb7897e6a652}
HKEY_CLASSES_ROOT\clsid\{bfdc724f-a63f-4404-ba4c-bfa239defb3e}
HKEY_CLASSES_ROOT\clsid\{c13bbebc-3125-421b-abba-548adfcf0320}
HKEY_CLASSES_ROOT\clsid\{cf88efa8-d66e-4eae-9d60-2d3fb6c9d6a3}
HKEY_CLASSES_ROOT\clsid\{d010c25b-fa0d-444b-8f28-026b97785c69}
HKEY_CLASSES_ROOT\clsid\{dc569d0e-c7a9-42ca-bfd0-f39fa126110f}
HKEY_CLASSES_ROOT\clsid\{dfe134a7-928e-476c-8d80-1fbc1e1682a4}
HKEY_CLASSES_ROOT\clsid\{e12d3393-0b51-7fae-4fc7-95b9126c23dd}
HKEY_CLASSES_ROOT\clsid\{e55a2596-32a8-dc5d-9644-4f62f6beced3}
HKEY_CLASSES_ROOT\clsid\{e6c25bb5-958c-4d8f-ae1b-0bb50fd16187}
HKEY_CLASSES_ROOT\clsid\{efee6b59-addb-40eb-ba2c-af860f5b42b5}
HKEY_CLASSES_ROOT\clsid\{f195a1a9-4033-4e5b-b85c-848c3e31a83a}
HKEY_CLASSES_ROOT\clsid\{f1ae2c29-ecf5-939e-dca4-2c82ea18a32b}
HKEY_CLASSES_ROOT\clsid\{f2bed9d9-b281-af95-08a9-6305faed29b3}
HKEY_CLASSES_ROOT\clsid\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_CLASSES_ROOT\clsid\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-111111111111}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0d7dc475-59eb-4781-985f-a6f5d4e2bc73}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88ff-11d2-8d96-d7acac31337f}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{9896231a-c487-43a5-8369-6ec9b0a96cc0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f195a1a9-4033-4e5b-b85c-848c3e31a83a}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_CURRENT_USER\software\bssgglgllllfrie
HKEY_CURRENT_USER\software\carpediemvars
HKEY_CURRENT_USER\software\uckgrsgryvyieoa
HKEY_LOCAL_MACHINE\software\classes\clsid\{00d6391e-0a95-4822-a486-6d71140b38fd}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ab101c3-bc7b-4923-ba37-f0bc08d51643}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ca7bd1e-6c6f-4662-a862-c3cd2af948c7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0d7dc475-59eb-4781-985f-a6f5d4e2bc73}
HKEY_LOCAL_MACHINE\software\classes\clsid\{1e1b2879-88ff-11d2-8d96-d7acac31337f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_LOCAL_MACHINE\software\classes\clsid\{38a6658c-1890-43f0-8bd6-49a8fec332af}
HKEY_LOCAL_MACHINE\software\classes\clsid\{39a5e224-9717-473f-a72c-47760fc2a0d5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4b8b8500-6df6-49f5-84fc-bcb29a610be5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5cf8a355-f8c6-4883-9c25-49d01a7d25be}
HKEY_LOCAL_MACHINE\software\classes\clsid\{7dad2714-eb48-4f4a-85e9-1446f04ae979}
HKEY_LOCAL_MACHINE\software\classes\clsid\{83dd9741-94b8-4be3-b577-828c752ac215}
HKEY_LOCAL_MACHINE\software\classes\clsid\{888419d5-3fc7-4e87-bad9-256147bd9cda}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9117b43c-d64e-4470-8d29-2eb65882467d}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94a12dba-015b-1abd-a2cb-a5bc6b81e2f4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9c686327-9288-4d89-b9b6-1c76c08d6ae1}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9ec2e54e-2f3c-496c-ac8f-a12e5c4a27b5}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9ee490a6-4079-7698-56ba-34c832f16bc9}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a92535df-42d9-4d00-bc9c-d61ad8c36263}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b0b0ba05-b522-49ab-84ca-d0395d268924}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ba889c1a-1d48-4ab2-bb15-79298679f736}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cf88efa8-d66e-4eae-9d60-2d3fb6c9d6a3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_LOCAL_MACHINE\software\classes\clsid\{dc569d0e-c7a9-42ca-bfd0-f39fa126110f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f195a1a9-4033-4e5b-b85c-848c3e31a83a}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000ef1-0786-4633-87c6-1aa7a44296da}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9c691a33-7dda-4c2f-be4c-c176083f35cf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{d61570b1-61e1-6851-cbf7-b7915cbdfa4e}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{da9a0b1e-9b7b-11d3-b8a4-00c04f79641c}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{ef86873f-04c2-4a95-a373-5703c08efc7b}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{f7adcfe3-aa28-f99e-e665-b13ac332d249}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-0000-8835-3eff76bf2657}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-47c5-a90f-2cde8f7638db}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{000e6ed5-e3fc-4c93-99e9-d38d2a9f9b09}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00d6391e-0a95-4822-a486-6d71140b38fd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0575b04f-5ab0-47c8-9a55-519bff224b6b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{08227b4b-54fe-4c4d-809f-bca46292fc5b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ab101c3-bc7b-4923-ba37-f0bc08d51643}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ca7bd1e-6c6f-4662-a862-c3cd2af948c7}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0d7dc475-59eb-4781-985f-a6f5d4e2bc73}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{10149b7a-dc40-4a14-970b-31fa6131cfd8}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1678f7e1-c422-11d0-ad7d-00400515caaa}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{16d86523-e534-26cc-8723-6d550da2286d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1a9f4606-9339-4eec-8af4-183bbc23a5e4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88ff-11d2-8d96-d7acac31337f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e5ac1da-dcb2-48fe-82b8-37fd2a41296a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1f5c5d6b-164d-a8d2-9aba-ceee1f34b875}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2033184e-d536-43e4-837f-6a53c48eb03f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{207fa209-db2e-71f6-ca5f-85ea61cb9d36}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22233f5a-a9bc-45a7-ae9c-8f4d82e61459}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{234163a5-7d14-4a7f-a992-002bac9f5a0a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{27ac09ee-c20b-4ba4-8e27-f1c33d263875}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{28e37cc0-4719-1623-19a4-a5b226609789}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{29a38549-af6f-11d4-89d6-bc1dfd912b00}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3314c264-cdde-dcb9-31b1-081242a4d00c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3429220b-0819-f8d0-88e2-d5acad1a4fac}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{34aadc13-3b6a-639e-f973-8541e36db1ac}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{358d3405-e434-20bc-8225-165508a22e1b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{36c98259-49be-4a55-b5e8-a1fe92fc797d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{38a6658c-1890-43f0-8bd6-49a8fec332af}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{39a5e224-9717-473f-a72c-47760fc2a0d5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3a3dd302-21d6-4efd-86e9-53a4e155c383}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-469e-eefd-ed6db186ce4d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4fa91654-bd31-0bbb-8251-66550daf2c1c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{57cd6d2e-0291-488f-b846-af101b367dd5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{601f25ad-d536-4c71-b3af-5461d32efd53}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64ff372b-c647-58b7-8757-105504a62918}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{671af29a-78da-4f96-b4dc-91d9828fd591}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6a67c6a1-61be-6b12-f8cb-32bd91c5a443}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6a6c5a51-f2ee-4aa1-8115-4ee8f196ce03}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{771814aa-173c-43ec-8b20-17c81eecbea6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{79c03bc5-6c55-4b5b-921f-c02b6f1abd7b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7a2da135-a03b-2027-acd8-c7e5b6b55b63}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7dad2714-eb48-4f4a-85e9-1446f04ae979}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{853448ae-cb90-7ab2-925d-74ea9d2c1250}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8dd77666-3526-4624-d8f1-49b0f43de00d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9117b43c-d64e-4470-8d29-2eb65882467d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{945fc858-eaf9-fe24-c98f-3de4c9bf59c4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{94a12dba-015b-1abd-a2cb-a5bc6b81e2f4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{94f3b4b5-d82b-4e2e-8d62-4ade1753d9a0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{99881e4b-25c3-46c1-9202-c89e0b76d3ab}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9a5b9cb5-37f4-4c4b-8738-6181fb29d565}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9c686327-9288-4d89-b9b6-1c76c08d6ae1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9ec2e54e-2f3c-496c-ac8f-a12e5c4a27b5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a08ed5e1-c7f5-4408-97d5-a5abe56b3495}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a5ba307e-f30b-4f25-a19d-70c77e15e76b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a78cc2ff-6e4e-4556-b27c-d7c3a70d7a50}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a92535df-42d9-4d00-bc9c-d61ad8c36263}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{aa58ed58-01dd-4d91-8333-cf105774}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b0a68599-99ce-4d74-a98a-5bd635da6192}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b34f3e88-5934-80e4-6251-b134315c69c6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{b9d90b27-ad4a-413a-88cb-3e6ddc10dc2d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba889c1a-1d48-4ab2-bb15-79298679f736}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba94f81e-99fc-40e1-824c-baa00b575f4a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bfb5bfa8-b336-4961-9d0f-89214b72591a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bfdc724f-a63f-4404-ba4c-bfa239defb3e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c13bbebc-3125-421b-abba-548adfcf0320}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf88efa8-d66e-4eae-9d60-2d3fb6c9d6a3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d010c25b-fa0d-444b-8f28-026b97785c69}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d879a0f1-2b3b-4409-8879-fad6e49e1ea9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dc569d0e-c7a9-42ca-bfd0-f39fa126110f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{dfe134a7-928e-476c-8d80-1fbc1e1682a4}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e55a2596-32a8-dc5d-9644-4f62f6beced3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e6c25bb5-958c-4d8f-ae1b-0bb50fd16187}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e928c9bc-0cb7-be00-67b3-2926c12c69a5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{eff80427-f837-4b74-8834-baf18e0553fd}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f195a1a9-4033-4e5b-b85c-848c3e31a83a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f1ae2c29-ecf5-939e-dca4-2c82ea18a32b}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f2bed9d9-b281-af95-08a9-6305faed29b3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f36c1198-fc6b-4012-9928-dfa76fb56cc3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fa1a048a-3b99-4b86-9ece-5f7c197cbf39}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fc4c5eae-66ee-11d4-bc67-0000e8e582d2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-111111111111}

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\main
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\search
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\alifestyle\dialer
HKEY_LOCAL_MACHINE\software\alifestyle\dialer
HKEY_LOCAL_MACHINE\software\alifestyle\dialer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\search
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\para
HKEY_USERS\.default\software\microsoft\internet explore
HKEY_USERS\.default\software\microsoft\internet explorer
HKEY_USERS\.default\software\microsoft\internet explorer
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\main
HKEY_USERS\.default\software\microsoft\internet explorer\search
HKEY_USERS\.default\software\microsoft\internet explorer\search

Removing Unknown:

An up-to-date copy of ExterminateIt should detect and prevent infection from Unknown.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Unknown manually.

To completely manually remove Unknown malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Unknown.

  1. Use Task Manager to terminate the Unknown process.
  2. Delete the original Unknown file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users back up any important information on their computers, enable maximum protection from network attacks and malicious code on their computers, refrain from executing suspicious programs received from untrustworthy sources.


ExterminateIt effectively and automatically removes Unknown from you computer and is a good solution for those who are seeking easy and effective protection for their computer from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).

Download ExterminateIt! to instantly get rid of Unknown!


Also Be Aware of the Following Threats:
Remove Upeinpd Trojan

No comments: