Chip 2005 April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2005 April / CHIP_CD_2005-04.iso / software / superutil_hit / files / su.exe / {app} / sugui32.dll < prev next >

Wrap

Extensible Markup Language | 2005-01-03 | 636KB | 13,915 lines

<?xml version="1.0" encoding="utf-8"?> <NA> <SW NAME="7FaSSt"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="7search.dll" PATH="PFDir\\fs"></FILE> <FILE NAME="FSInstall_1 Control.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="7search"></COOKIE> <COOKIE NAME="fstrack"></COOKIE> <COOKIE NAME="emergency24"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{06dfedaa-6196-11d5-bfc8-00508b4a487d}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="7Search"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{669695bc-a811-4a9d-8cdf-ba8c795f261e}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\1" VALUE="x"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>7FaSSt is an IE toolbar which attaches to your browser. It further tracks your behavior through the use of cookies, and a unique user ID is assigned to you specifically to track your browsing</DESCRIPTION> </SW> <SW NAME="PopMonster"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="searchbar.dll" PATH="SysDir"></FILE> <FILE NAME="searchbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{85c76fbd-6218-4379-95c1-b4f37bf6180}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Homepage hijacker that changes your internet settings</DESCRIPTION> </SW> <SW NAME="Zzb"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="zzb.exe" PATH="SysDir"></FILE> <FILE NAME="zzb.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="zzb"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="zzb"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Stays resident in your system's memory which slows it down, known to be related to adware</DESCRIPTION> </SW> <SW NAME="DealHelper"> <DIRECTORIES> <DIR NAME="DealHelper.com Inc" PATH="PFDir"></DIR> <DIR NAME="TimeSync" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="dealhlpr.dll" PATH="SysDir"></FILE> <FILE NAME="dealhlpr.dll" PATH="Sys32Dir"></FILE> <FILE NAME="dealhlpr.dll" PATH="WinDir"></FILE> <FILE NAME="dhbrwsr.exe" PATH="WinDir"></FILE> <FILE NAME="DHUpdt.exe" PATH="WinDir"></FILE> <FILE NAME="dhsvr.exe" PATH="WinDir"></FILE> <FILE NAME="TimeSynchronize.exe" PATH="WinDir"></FILE> <FILE NAME="AppsInstalled.htm" PATH="WinDir"></FILE> <FILE NAME="msdhmd.dll" PATH="SysDir"></FILE> <FILE NAME="msdhmd.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ZipArchive.dll" PATH="SysDir"></FILE> <FILE NAME="ZipArchive.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\AppID" VALUE="dhbrwsr.EXE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\AppID" VALUE="{A1F53F1D-FB2D-4FE0-8EE8-7BBE69999D9F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{5E3E1DC0-239A-4067-A4A0-88902C108E58}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{8B477303-698C-4EED-B9F6-C715842FBE33}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{F00586DE-A432-4B9F-877D-E29CD87EFDD6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="Dealhlpr.Band"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="Dhbrwsr.BrowserWindows"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="Dhbrwsr.BrowserWindows.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="DHP.DHEvents"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="DHP.DHEvents.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="DHP.Popup"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="DHP.Popup.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{1DA40091-14B4-4C21-8170-A2CEEDE90B10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{3AFAE37A-56A3-4850-B599-4DA9A9104B82}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{A2CDAFB4-EB9C-4EFC-BCFC-A7AA6745FF7E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{DEBA1742-2BEC-4B78-A987-5837971193F7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{F3816084-9608-485A-B63B-CAD8F931577E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\TypeLib" VALUE="{5E19A321-635E-4BA5-8828-A5B6427CC61D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\TypeLib" VALUE="{771262E0-8FEB-4E78-B292-B01C4071B9D1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\TypeLib" VALUE="{B82B9ECF-40AE-46F2-B98E-B87CF17F70D0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="DealHelper"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="TimeSync"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="DealHelper"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="TimeSynchonization"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{d848a3ca-0bfb-4de0-ba9e-a57f0cca1c13}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="W32/Noala.b@MM"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wucrtupd.exe" PATH="WinDir"></FILE> <FILE NAME="i-worm_info.txt" PATH="WinDir"></FILE> <FILE NAME="lssice_info.txt" PATH="WinDir"></FILE> <FILE NAME="no_a_la_LSSICE.txt" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="CriticalUpdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that spreads via email and networks, reported to cause strange things to occur on your PC</DESCRIPTION> </SW> <SW NAME="TotalVelocity zSearch/Total Velocity"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="zsearch.dll" PATH=""></FILE> <FILE NAME="MSMGT.EXE" PATH="WinDir"></FILE> <FILE NAME="TINYINSTALLER.EXE" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="MSMGT"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{5886a6dc-aaf4-45e9-979a-8e5e6dee30e7}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MSMGT"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar used to deliver search results to your PC and Hijacks your browser and home page settings</DESCRIPTION> </SW> <SW NAME="SearchAndBrowse"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wst.dll" PATH="SysDir"></FILE> <FILE NAME="wst.dll" PATH="Sys32Dir"></FILE> <FILE NAME="wsr.dll" PATH="SysDir"></FILE> <FILE NAME="wsr.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{EC788B03-A743-4274-AC9E-DB4F2A03F515}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{EC788B03-A743-4274-AC9E-DB4F2A03F515}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer hijacker that provides a search box and adds favorites to IE</DESCRIPTION> </SW> <SW NAME="SCBar/ Search123"> <DIRECTORIES> <DIR NAME="scbar" PATH="PFDir"></DIR> <DIR NAME="winex" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="msietk1020.dll" PATH="WinDir"></FILE> <FILE NAME="winex.exe" PATH="PFDir\\winex\\v2"></FILE> <FILE NAME="scbar.exe" PATH="PFDir\\scbar\\v2"></FILE> <FILE NAME="scbar.exe" PATH="PFDir\\scbar"></FILE> <FILE NAME="scbar.dll" PATH="PFDir\\scbar\\v1"></FILE> <FILE NAME="winex.dll" PATH="PFDir\\winex\\v2"></FILE> <FILE NAME="winex.exe" PATH="PFDir\\winex"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{00041A26-7033-432C-94C7-6371DE343822}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{22941A26-7033-432C-94C7-6371DE343822}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{00041A26-7033-432C-94C7-6371DE343822}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{22941A26-7033-432C-94C7-6371DE343822}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="sclib" VALUE="{00041a26-7033-432c-94c7-6371de343822}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{a096a159-4e58-45a9-8ee6-b11466851181}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="searchenhancement"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="windowenhancer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Search and Error page hijacker that also spawns pop up advertisements</DESCRIPTION> </SW> <SW NAME="Regsvc32"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="regsvc32.exe" PATH="SysDir"></FILE> <FILE NAME="regsvc32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MSRegSvc"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="regsvc32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Changes your Internet Explorer settings and spawns adult advertisements</DESCRIPTION> </SW> <SW NAME="Search-Exe/ SearchExe"> <DIRECTORIES> <DIR NAME="se" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="se.exe" PATH="PFDir\\se\\v2"></FILE> <FILE NAME="se.dll" PATH="PFDir\\se\\v2"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Search-Exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Search-Exe is a internet explorer settings hijacker</DESCRIPTION> </SW> <SW NAME="AccessPlugin"> <DIRECTORIES> <DIR NAME="WebDialer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ngd.dll" PATH="SysDir"></FILE> <FILE NAME="xxxvideo.exe" PATH=""></FILE> <FILE NAME="hotporn.exe" PATH=""></FILE> <FILE NAME="dp0.dll" PATH=""></FILE> <FILE NAME="ngd.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="WebDialer"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>AccessPlugin is a dialer which can connect to phone numbers without your knowledge or permission - including 900 numbers</DESCRIPTION> </SW> <SW NAME="SearchCentrix"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wzhelper.dll" PATH="SysDir"></FILE> <FILE NAME="wzhelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="webalize.dll" PATH="SysDir"></FILE> <FILE NAME="webalize.dll" PATH="Sys32Dir"></FILE> <FILE NAME="somatic.dll" PATH="SysDir"></FILE> <FILE NAME="somatic.dll" PATH="Sys32Dir"></FILE> <FILE NAME="BarBHO.dll" PATH="SysDir"></FILE> <FILE NAME="BarBHO.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mygeek.dll" PATH="SysDir"></FILE> <FILE NAME="mygeek.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{CD2A865B-6C0F-44F9-BAA1-7CDB31E04BC8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4e7bd74f-2b8d-469e-c0fb-ef60b19da02a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{C431BF1E-9E71-4BB6-9C4E-8496D158DB1F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{C431BF1E-9E71-4BB6-9C4E-8496D158DB1F}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{4E7BD74F-2B8D-469E-D9FB-FA6BAD98FA7D}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{C431BF1E-9E71-4BB6-9C4E-8496D158DB1F}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{4E7BD74F-2B8D-469E-D7E4-F660B597BF2A}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Settings hijacker</DESCRIPTION> </SW> <SW NAME="ACXInstall"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="acx_install.ocx" PATH="PFDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="nocreditcard"></COOKIE> <COOKIE NAME="ispdialer"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{a4a435cf-3583-11d4-91bd-0048546a1450}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>ACXInstall installs expensive dialers without user consent, almost exclusively used by porn sites to deliver these dialers</DESCRIPTION> </SW> <SW NAME="AdBreak"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="SurfHelper.dll" PATH=""></FILE> <FILE NAME="floid.dll" PATH=""></FILE> <FILE NAME="floid.dr" PATH=""></FILE> <FILE NAME="wbeInst$.exe" PATH=""></FILE> <FILE NAME="cbinst$.exe" PATH=""></FILE> <FILE NAME="kvnab$.exe" PATH=""></FILE> <FILE NAME="liqad$.exe" PATH=""></FILE> <FILE NAME="kkcomp$.exe" PATH=""></FILE> <FILE NAME="xadbrk_.exe" PATH=""></FILE> <FILE NAME="fhfmm-Uninstaller.exe" PATH=""></FILE> <FILE NAME="liqui-Uninstaller.exe" PATH=""></FILE> <FILE NAME="wbeCheck.exe" PATH="WinDir"></FILE> <FILE NAME="exrem.ini" PATH="WinDir"></FILE> <FILE NAME="wbeCheck.tmp" PATH="WinDir"></FILE> <FILE NAME="wbeCheck.old" PATH="WinDir"></FILE> <FILE NAME="hcwprn.exe" PATH="WinDir"></FILE> <FILE NAME="settn.dll" PATH="WinDir"></FILE> <FILE NAME="odidbu.ini" PATH="WinDir"></FILE> <FILE NAME="plotpp.tmp" PATH="WinDir"></FILE> <FILE NAME="ltosie.old" PATH="WinDir"></FILE> <FILE NAME="kvnab.exe" PATH="WinDir"></FILE> <FILE NAME="kvnab.dll" PATH="WinDir"></FILE> <FILE NAME="kvnab.ini" PATH="WinDir"></FILE> <FILE NAME="kvnab.tmp" PATH="WinDir"></FILE> <FILE NAME="kvnab.old" PATH="WinDir"></FILE> <FILE NAME="liqad.exe" PATH="WinDir"></FILE> <FILE NAME="liqad.dll" PATH="WinDir"></FILE> <FILE NAME="liqad.ini" PATH="WinDir"></FILE> <FILE NAME="liqad.tmp" PATH="WinDir"></FILE> <FILE NAME="liqad.old" PATH="WinDir"></FILE> <FILE NAME="kkcomp.exe" PATH="WinDir"></FILE> <FILE NAME="kkcomp.dll" PATH="WinDir"></FILE> <FILE NAME="kkcomp.tmp" PATH="WinDir"></FILE> <FILE NAME="kkcomp.old" PATH="WinDir"></FILE> <FILE NAME="xadbrk.exe" PATH="WinDir"></FILE> <FILE NAME="xadbrk.dll" PATH="WinDir"></FILE> <FILE NAME="xabrk.dll" PATH="WinDir"></FILE> <FILE NAME="xadbrk1.tmp" PATH="WinDir"></FILE> <FILE NAME="xadbrk2.tmp" PATH="WinDir"></FILE> <FILE NAME="xadbrk3.tmp" PATH="WinDir"></FILE> <FILE NAME="fhfmm.exe" PATH="WinDir"></FILE> <FILE NAME="fhfmm.dll" PATH="WinDir"></FILE> <FILE NAME="fhfmm.txt" PATH="WinDir"></FILE> <FILE NAME="fhfmm1.tmp" PATH="WinDir"></FILE> <FILE NAME="fhfmm2.tmp" PATH="WinDir"></FILE> <FILE NAME="fhfmm3.tmp" PATH="WinDir"></FILE> <FILE NAME="liqui.exe" PATH="WinDir"></FILE> <FILE NAME="liqui.dll" PATH="WinDir"></FILE> <FILE NAME="liqui.txt" PATH="WinDir"></FILE> <FILE NAME="liqui1.tmp" PATH="WinDir"></FILE> <FILE NAME="liqui2.tmp" PATH="WinDir"></FILE> <FILE NAME="liqui3.tmp" PATH="WinDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="larint"></COOKIE> <COOKIE NAME="adbreak"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="AdBreak"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="OpenData"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CCB Enhancement"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce" VALUE="AdBreak"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>AdBreak is a browser helper object that hijacks your home page, search page, and error pages</DESCRIPTION> </SW> <SW NAME="AdultChat dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="adult_chat.exe" PATH="WinDir"></FILE> <FILE NAME="bzhdr[1].js" PATH=""></FILE> <FILE NAME="myinitialsetup1.0.0.3.inf" PATH=""></FILE> <FILE NAME="xxxdial.dun" PATH=""></FILE> <FILE NAME="adult_chat.lnk" PATH=""></FILE> <FILE NAME="dialer.inf" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>AdultChat dialer is a dialer program that dials a very expensive number to access pornography, many times without user's knowledge</DESCRIPTION> </SW> <SW NAME="Adult-Links"> <DIRECTORIES> <DIR NAME="adult links" PATH="favorites"></DIR> <DIR NAME="adultsearch" PATH="favorites"></DIR> <DIR NAME="adult links" PATH="favorites\\links"></DIR> <DIR NAME="adultsearch" PATH="favorites\\links"></DIR> </DIRECTORIES> <FILES> <FILE NAME="allch.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="NullCtrl Class.inf" PATH="PFDir\\Downloaded Program Files"></FILE> <FILE NAME="Adult Links Daily.lnk" PATH=""></FILE> <FILE NAME="qabar.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="qabar.inf" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> <COOKIE NAME="mainentrypoint"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="QcBar"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="QcBar.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="Allch.IEObj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="Allch.IEObj.1"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="LinkZZ"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units" VALUE="{765E6B09-6832-4738-BDBE-25F226BA2AB0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="QcBar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="QcBar.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="Allch.IEObj"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="Allch.IEObj.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{765E6B09-6832-4738-BDBE-25F226BA2AB0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{D6FC35D1-04AB-4D40-94CF-2E5AE4D0F8D2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Interface" VALUE="{ED7D1356-F7C2-4A27-A87C-C0DFEB3A628F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Interface" VALUE="{242CA913-1637-4F74-9729-EA349AF3ECAC}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\TypeLib" VALUE="{C02EE3A0-1881-419F-A5ED-737223463292}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\TypeLib" VALUE="{60381D4B-8129-449A-A5F2-5417AD0571CC}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{765e6b09-6832-4738-bdbe-25f226ba2ab0}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="qcbar"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="qcbar.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{60381d4b-8129-449a-a5f2-5417ad0571cc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{242ca913-1637-4f74-9729-ea349af3ecac}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d6fc35d1-04ab-4d40-94cf-2e5ae4d0f8d2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{ed7d1356-f7c2-4a27-a87c-c0dfeb3a628f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c02ee3a0-1881-419f-a5ed-737223463292}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="QcBar"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="QcBar.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="Allch.IEObj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="Allch.IEObj.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{765E6B09-6832-4738-BDBE-25F226BA2AB0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{ED7D1356-F7C2-4A27-A87C-C0DFEB3A628F}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{C02EE3A0-1881-419F-A5ED-737223463292}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{242CA913-1637-4F74-9729-EA349AF3ECAC}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{60381D4B-8129-449A-A5F2-5417AD0571CC}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{765E6B09-6832-4738-BDBE-25F226BA2AB0}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="765E6B09-6832-4738-BDBE-25F226BA2AB0}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Adult-Links is adware that modifies your search options, adds a browser toolbar, and monitors your browsing activity. Almost exclusively delivers adult themed popups and annoyances</DESCRIPTION> </SW> <SW NAME="ASpam"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ASPAM.EXE" PATH=""></FILE> <FILE NAME="drvman32.DLL" PATH="SysDir"></FILE> <FILE NAME="AMCIS32.DLL" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="AMCIS32.IEClass"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{657B9354-BB3B-4500-A9B0-109B4FA64815}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{657B9354-BB3B-4500-A9B0-109B4FA64815}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="DRVMAN32.IEClass"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{499DB658-1909-420B-931A-4A8CAEFD232F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{499DB658-1909-420B-931A-4A8CAEFD232F}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>ASpam is a trojan that allows a remote attacker user level access on your machine, allowing them to delete/access anything they wish</DESCRIPTION> </SW> <SW NAME="Aureate"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="advert.dll" PATH="SysDir"></FILE> <FILE NAME="advert.dll" PATH="Sys32Dir"></FILE> <FILE NAME="advert.dll" PATH="PFDir\\mediaring talk"></FILE> <FILE NAME="tfde.dll" PATH="SysDir"></FILE> <FILE NAME="tfde.dll" PATH="Sys32Dir"></FILE> <FILE NAME="adimage.dll" PATH="Sys32Dir"></FILE> <FILE NAME="adimage.dll" PATH="SysDir"></FILE> <FILE NAME="amcis.dll" PATH="SysDir"></FILE> <FILE NAME="amcis.dll" PATH="Sys32Dir"></FILE> <FILE NAME="amcis2.dll" PATH="SysDir"></FILE> <FILE NAME="amcis2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="amcis3.dll" PATH="SysDir"></FILE> <FILE NAME="amcis3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="anadsc.ocx" PATH="SysDir"></FILE> <FILE NAME="anadsc.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="anadscb.ocx" PATH="SysDir"></FILE> <FILE NAME="anadscb.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="htmdeng.exe" PATH="SysDir"></FILE> <FILE NAME="htmdeng.exe" PATH="Sys32Dir"></FILE> <FILE NAME="ipcclient.dll" PATH="SysDir"></FILE> <FILE NAME="ipcclient.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ipclient.dll" PATH="SysDir"></FILE> <FILE NAME="ipclient.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msipcsv.exe" PATH="SysDir"></FILE> <FILE NAME="msipcsv.exe" PATH="Sys32Dir"></FILE> <FILE NAME="edit your profile.lnk" PATH="ProfilePath\\start menu\\programs\\radiate\\advertising"></FILE> <FILE NAME="uninstall.lnk" PATH="ProfilePath\\start menu\\programs\\radiate\\advertising"></FILE> <FILE NAME="free software.url" PATH="ProfilePath\\start menu\\programs\\radiate"></FILE> <FILE NAME="privacy policy.url" PATH="ProfilePath\\start menu\\programs\\radiate"></FILE> <FILE NAME="radiate web site.url" PATH="ProfilePath\\start menu\\programs\\radiate"></FILE> </FILES> <COOKIES> <COOKIE NAME="devgames"></COOKIE> <COOKIE NAME="aureate"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{EBBFE27C-BDF0-11D2-BBE5-00609419F467}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{EBBFE27C-BDF0-11D2-BBE5-00609419F467}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{6d0bb051-a1a3-11d3-a67c-0050da2ce984}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{141c673d-4515-4482-905d-a2caa68538a1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{6d0bb050-a1a3-11d3-a67c-0050da2ce984}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{6d0bb053-a1a3-11d3-a67c-0050da2ce984}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{8a2a68ae-9a25-444c-965b-b560105ed0a0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{e670155f-7d8c-4bba-8cfe-24e5b5a31760}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{e976a28e-3b3d-4e18-a7d4-255a9f0e8ade}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{6d0bb056-a1a3-11d3-a67c-0050da2ce984}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="radiate advertising"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Aureate is installed completely without user permission. It causes your operating system to be unstable, delivers ads, and causes general system annoyances</DESCRIPTION> </SW> <SW NAME="BargainBuddy"> <DIRECTORIES> <DIR NAME="Bargain Buddy" PATH="PFDir"></DIR> <DIR NAME="adp" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="bargains.exe" PATH="PFDir\\bargain buddy\\bin2"></FILE> <FILE NAME="adp.exe" PATH=""></FILE> <FILE NAME="bargains.exe" PATH="PFDir\\bargain buddy\\bin"></FILE> <FILE NAME="apuc.dll" PATH="PFDir\\bargain buddy\\bin"></FILE> <FILE NAME="apuc.dll" PATH="PFDir\\bargain buddy\\bin2"></FILE> <FILE NAME="CC_Versn.dll" PATH="PFDir\\Net2Phone CommCenter"></FILE> </FILES> <COOKIES> <COOKIE NAME="Ikena"></COOKIE> <COOKIE NAME="exactadvertising"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Bargains"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft" VALUE="adp"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="adp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BargainBuddy"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Bargain Buddy"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bargains"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>BargainBuddy delivers ads, as well as silently updates itself. Causes general system instability as well as internet connectivity issues, as it is constantly connecting to its host PCs</DESCRIPTION> </SW> <SW NAME="Bulla"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IEPlugin.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="IEPlugin"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Bulla slows browsing, as it searches all pages you view and replaces advertisements with advertisements sponsored by Bulla</DESCRIPTION> </SW> <SW NAME="BuddyLinks/BuddyPicture/TalkStocks"> <DIRECTORIES> <DIR NAME="Cache" PATH="PFDir\\Common Files\\PSD Tools"></DIR> </DIRECTORIES> <FILES> <FILE NAME="atrwzpca.dll" PATH=""></FILE> <FILE NAME="qpmytsxh.dll" PATH=""></FILE> <FILE NAME="blengine.exe" PATH="PFDir\\Common Files\\PSD Tools"></FILE> <FILE NAME="ShellInstaller.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="ShellInstallerRaptor.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="blengine.dll" PATH="PFDir\\Common Files\\PSD Tools"></FILE> <FILE NAME="blaim.dll" PATH="PFDir\\Common Files\\PSD Tools"></FILE> <FILE NAME="bldll.dll" PATH="PFDir\\Common Files\\PSD Tools"></FILE> <FILE NAME="ChannelUp.exe" PATH="PFDir\\Common Files\\PSD Tools"></FILE> <FILE NAME="blpref.exe" PATH="PFDir\\buddylinks.net"></FILE> <FILE NAME="uninst.exe" PATH="PFDir\\buddylinks.net"></FILE> <FILE NAME="av.exe" PATH="WinDir"></FILE> <FILE NAME="b.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="buddylinks.net"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="buddylinks.net"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="PSD Tools"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{FDDCE9FE-1FC6-413C-80B1-37B101FDA1D4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BLMessagingIntegration"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="antivirus"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>BuddyLinks is an aol profile hijacker</DESCRIPTION> </SW> <SW NAME="CashToolbar/ App/Bpinst-A"> <DIRECTORIES> <DIR NAME="CashToolbar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CashToolbarIE.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="CashToolbar.exe" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="CashToolbarConfig.ini" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CashToolbar"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>CashToolbar delivers advertisements to the PC without permission, and adds a toolbar to your browser. It also silent updates itself with a running process in the background of the infected PC</DESCRIPTION> </SW> <SW NAME="ClickTheButton"> <DIRECTORIES> <DIR NAME="CTB3_Shared" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ctbclick.exe" PATH=""></FILE> <FILE NAME="CTB.exe" PATH=""></FILE> <FILE NAME="CTBHooks.dll" PATH="WinDir"></FILE> <FILE NAME="CTBHooks.dll" PATH="SysDir"></FILE> <FILE NAME="CTBHooks.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CTB_BrandedClient"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CtbClient"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CtbSession"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CtbShopper"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CtbXML"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ClickTheButton"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>ClickTheButton will detect if you visit a known shopping site, and instead provide links to other sites connected to Clickthebutton</DESCRIPTION> </SW> <SW NAME="CnsMin"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Bdhelper.dll" PATH="SysDir"></FILE> <FILE NAME="Bdhelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="CnsMin.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="CnsDel.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="Assist.dll" PATH="PFDir\\3721\\assist"></FILE> </FILES> <COOKIES> <COOKIE NAME="3721"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="3721"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{B83FC273-3522-4CC6-92EC-75CC86678DA4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="CnsHelper.CH"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="CnsHelper.CH.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="CnsMinHK.CnsHook"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="CnsMinHK.CnsHook.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="3721"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="InterChina"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\AdvancedOptions" VALUE="!CNS"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Extensions" VALUE="{5D73EE86-05F1-49ed-B850-E423120EC338}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Extensions" VALUE="{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Extensions" VALUE="{FD00D911-7529-4084-9946-A29F1BDF4FE5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="CnsMin"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{B83FC273-3522-4CC6-92EC-75CC86678DA4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="CnsHelper.CH"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="CnsHelper.CH.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="CnsMinHK.CnsHook"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="CnsMinHK.CnsHook.1"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="CnsMin"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CnsMin"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{1b0e7716-898e-48cc-9690-4e338e8de1d3}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>CnsMin is aimed at stealing sponsored keyword listings, but is also focused on Chinese speakers using Chinese characters, which makes it that much more annoying to non Chinese speaking users</DESCRIPTION> </SW> <SW NAME="CometCursor"> <DIRECTORIES> <DIR NAME="Comet" PATH="PFDir"></DIR> <DIR NAME="Comet Systems" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CometCursor.dll" PATH=""></FILE> <FILE NAME="CommetCursor.exe" PATH=""></FILE> <FILE NAME="Commet.dll" PATH="SysDir"></FILE> <FILE NAME="Brbho.dll" PATH="PFDir\\comet\\install\\temp"></FILE> <FILE NAME="Csbho.dll" PATH="SysDir\\comet\\bin"></FILE> <FILE NAME="comet.dll" PATH="SysDir"></FILE> <FILE NAME="comet.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="cometcursor"></COOKIE> <COOKIE NAME="cometsystems"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{1678F7E1-C422-11D0-AD7D-00400515CAAA}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{96DA5BEE-4ACC-476C-B3EC-54C6730C4293}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{D14D6793-9B65-11D3-80B6-00500487BDBA}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{FE6BC4EF-5676-484B-88AE-883323913256}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{1678F7E1-C422-11D0-AD7D-00400515CAAA}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{96DA5BEE-4ACC-476C-B3EC-54C6730C4293}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{D14D6793-9B65-11D3-80B6-00500487BDBA}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CommetCursor"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DM_server"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CC2KUI"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{FE6BC4EF-5676-484B-88AE-883323913256}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{FE6BC4EF-5676-484B-88AE-883323913256}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CometCursor"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Comet Cursor"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>CometCursor changes mouse pointers to different ones depending on the website. It is known to track viewing habits as well</DESCRIPTION> </SW> <SW NAME="CommonName"> <DIRECTORIES> <DIR NAME="CommonName" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="HTMLedit.dll" PATH="SysDir"></FILE> <FILE NAME="HTMLedit.dll" PATH="Sys32Dir"></FILE> <FILE NAME="CnbarIE.dll" PATH="SysDir"></FILE> <FILE NAME="CnbarIE.dll" PATH="Sys32Dir"></FILE> <FILE NAME="CnbarIE.dll" PATH="PFDir\\commonname\\toolbar"></FILE> <FILE NAME="winnet.exe" PATH="PFDir\\commonname\\addressbar"></FILE> <FILE NAME="winnet.exe" PATH="PFDir\\commonname\\toolbar"></FILE> <FILE NAME="comwiz.exe" PATH="PFDir\\commonname\\addressbar"></FILE> <FILE NAME="CNBabe.dll" PATH="PFDir\\CommonName\\Toolbar"></FILE> <FILE NAME="CNMib.dll" PATH="PFDir\\CommonName\\Mib"></FILE> </FILES> <COOKIES> <COOKIE NAME="commonname"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1e1b2879-88ff-11d2-8d96-d7acac95951f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{00000000-0000-0000-0000-000000000000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="CommonName"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\MenuExt" VALUE="Add A Page Note"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\MenuExt" VALUE="Bookmark This Page"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\MenuExt" VALUE="Email This Link"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\MenuExt" VALUE="Search using CommonName"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.Helper"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.Helper.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.AgentIE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.AgentIE.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.Handler"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="BabeIE.Handler.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{00000000-0000-0000-0000-000000000000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{6656b666-992f-4d74-8588-8ca69e97d90c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{D879D743-E2CC-4161-8034-2234203681C9}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Protocols\\Handler" VALUE="cn"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="winnet"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Zenet"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>CommonName displays sponsored results when the infected user attempts to search the web</DESCRIPTION> </SW> <SW NAME="Cydoor"> <DIRECTORIES> <DIR NAME="Adcache" PATH="SysDir"></DIR> <DIR NAME="Roodyc" PATH="SysDir"></DIR> <DIR NAME="adcache" PATH="Sys32Dir"></DIR> <DIR NAME="roodyc" PATH="Sys32Dir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="cd_clint.dll" PATH="ProfilePath\\local settings\\temp"></FILE> <FILE NAME="cd_clint.dll" PATH="SysDir"></FILE> <FILE NAME="cd_clint.dll" PATH="Sys32Dir\\adcache\\temp"></FILE> <FILE NAME="cd_gif.dll" PATH="SysDir"></FILE> <FILE NAME="cd_swf.dll" PATH="SysDir"></FILE> <FILE NAME="cd_swf.dll" PATH="Sys32Dir"></FILE> <FILE NAME="cd_install_202.exe" PATH="PFDir\\imesh\\client"></FILE> <FILE NAME="cd_clint.dll" PATH="Sys32Dir"></FILE> <FILE NAME="cd_htm.dll" PATH="SysDir"></FILE> <FILE NAME="cd_htm.dll" PATH="Sys32Dir"></FILE> <FILE NAME="cd_load.exe" PATH="SysDir"></FILE> <FILE NAME="cd_load.exe" PATH="Sys32Dir"></FILE> <FILE NAME="cd_html.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="cydoor"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="Cydoor"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Cydoor"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="Cydoor Services"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Run" VALUE="Cydoor"></REGVALUE> <REGVALUE MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Shareddlls" VALUE="Cydoor"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\runonce" VALUE="cydoorupdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Cydoor hijacks search settings as well as keyword searches, They are also known to deliver popup advertising</DESCRIPTION> </SW> <SW NAME="Cytron/ Troj/Ortyc "> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="potd.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="sec.dll" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="surprisecards"></COOKIE> <COOKIE NAME="cardwish"></COOKIE> <COOKIE NAME="cytron"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="POTD"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Cytron displays popup advertisements when particular keywords are searched for</DESCRIPTION> </SW> <SW NAME="Download Accelerator Plus"> <DIRECTORIES> <DIR NAME="download accelerator" PATH="PFDir"></DIR> <DIR NAME="dap" PATH="PFDir"></DIR> <DIR NAME="download accelerator" PATH="PFDir\\Common Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="dap.exe" PATH="PFDir\\dap"></FILE> <FILE NAME="dapupd.exe" PATH="PFDir\\dap"></FILE> <FILE NAME="ezupdate.exe" PATH="PFDir\\dap"></FILE> <FILE NAME="unwise.exe" PATH="PFDir\\dap"></FILE> <FILE NAME="cabex.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="dapbho.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="dapie.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="dapiebar.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="mfc42.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="msvcrt.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="redregistration.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="zlib.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="dap.gif" PATH="PFDir\\dap"></FILE> <FILE NAME="dapextie.htm" PATH="PFDir\\dap"></FILE> <FILE NAME="dapextie2.htm" PATH="PFDir\\dap"></FILE> <FILE NAME="dapns.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="dapop.dll" PATH="PFDir\\dap"></FILE> <FILE NAME="website.url" PATH="PFDir\\dap"></FILE> <FILE NAME="dap.uis" PATH="PFDir\\dap"></FILE> <FILE NAME="dap update.lnk" PATH=""></FILE> <FILE NAME="uninstall dap.lnk" PATH=""></FILE> <FILE NAME="download accelerator.lnk" PATH=""></FILE> <FILE NAME="download accelerator plus.lnk" PATH=""></FILE> <FILE NAME="wbocx.ocx" PATH="WinDir\\system32"></FILE> </FILES> <COOKIES> <COOKIE NAME="dap"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="search.yahoo.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{f852086b-10e6-4743-9a3f-d8257a0a59e3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="windowsupdate.microsoft.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="winupdate.www.conxion.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{03d365cb-878a-4495-9350-7c67743335d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="www.buydirect.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{5252ac41-94bb-11d1-b2e7-444553540000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="www.download.windowsupdate.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{5b985d95-d4ee-44e5-ae57-b88659b9dee4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\always" VALUE="lycos.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{5bfa1dae-5edc-11d2-959e-00c00c02da5e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\software\\speedbit\\download accelerator\\notrigger\\always" VALUE="www.shop.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{7892ba33-7984-43a5-a8f5-27ed0afe6143}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{82351440-9094-11d1-a24b-00a0c932c7df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes" VALUE="{0000cc75-acf3-4cac-a0a9-dd3868e06852}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\interface" VALUE="{68145e9-7785-4bb4-a20a-16e8a425972c}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0096cc0a-623c-4829-ad9c-19af0dc9d8fe}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\protocols\\name-space handler\\ftp\\zda" VALUE="pattern1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\protocols\\name-space handler\\http\\zda" VALUE="pattern1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\protocols\\name-space handler\\https\\zda" VALUE="pattern1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\typelib" VALUE="{095006d5-6da6-4cdc-864e-7498015816bc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{62999427-33fc-4baf-9c9c-bce6bd127f08}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dapiebar.cbareventer"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dapiebar.cbareventer.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dapiebar.dapiebarband"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dapiebar.dapiebarband.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{095006d5-6da6-4cdc-864e-7498015816bc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{72920511-e300-44c1-8565-2fd66d7a7246}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{79516451-3e3e-453a-8968-37942f7979f3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\typelib" VALUE="{5bfa1da1-5edc-11d2-959e-00c00c02da5e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\typelib" VALUE="{5fe38345-35a8-11d3-bd27-000021c9a4d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\typelib" VALUE="{79516451-3e3e-453a-8968-37942f7979f3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\typelib" VALUE="{82351433-9094-11d1-a24b-00a0c932c7df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\anigifctrl.anigif" VALUE="insertable"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{0000cc75-acf3-4cac-a0a9-dd3868e06852}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{235d7a27-de65-49f0-bfcf-d5c3bc3b2e67}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{5bfa1daf-5edc-11d2-959e-00c00c02da5e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{61ab12e1-a5ff-11d1-b2e9-444553540000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{62999427-33fc-4baf-9c9c-bce6bd127f08}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{6dc82d15-92f2-11d1-a255-00a0c932c7df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{8110aea1-ad5b-4b90-883f-04a9a33b106e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{82351441-9094-11d1-a24b-00a0c932c7df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\clsid" VALUE="{9738b9e6-8afa-11d2-959e-444553540002}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\microsoft\\internet explorer\\extensions" VALUE="{669695bc-a811-4a9d-8cdf-ba8c795f261c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0000cc75-acf3-4cac-a0a9-dd3868e06852}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="speedbit"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit" VALUE="speedbit"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\always" VALUE="127.0.0.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\always" VALUE="data.alexa.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\leech\\custom" VALUE="extention list"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\download accelerator\\notrigger\\always" VALUE="download.macromedia.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\download accelerator\\notrigger\\always" VALUE="downloadfinder2.intel.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\download accelerator\\notrigger\\always" VALUE="guide.walla.co.il"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\download accelerator\\notrigger\\always" VALUE="rd.yahoo.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\download accelerator\\notrigger\\always" VALUE="search.lycos.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="allowupdate"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="barintegrated"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="browserintegration"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="details"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="download directory"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="dragurlwindow"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="dragurlwindowx"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="dragurlwindowy"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="exelocation"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="extensions"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="ftpsearchautofind"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="ftpsearchautoselect"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="helperintegrated"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installage"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installcompany"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installemail"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installgender"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installinterests"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installprof"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="installuser"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="lastnotifyversion"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="lastskin"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="lll"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="newversionchecking"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="lrv"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="noinfowindow"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="regularacceleratewindow"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="removefromlistwhenok"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="sessiontime"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="tempdirectory"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator" VALUE="version"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\ads" VALUE="defaultcategory"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\ads" VALUE="nomaiod"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\ads\\default" VALUE="categoryid"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\ads\\default" VALUE="media"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger" VALUE="lasturl"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="151.99.197.24"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="32bit.bhs.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="3dfiles.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="chkpt.zdnet.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="download.lycos.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="ftpsearch.lycos.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="home.cnet.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="hotfiles.zdnet.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="music.lycos.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="public.wsj.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="volftp.tin.it"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.3dfiles.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.chip.de"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.download.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.fileplanet.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.google.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.rocketdownload.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.winzip.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whenfound" VALUE="www.wsj.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whennotfound" VALUE="volftp.tiscalinet.it"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\speedbit\\download accelerator\\notrigger\\whennotfound" VALUE="www.juston.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\.dal" VALUE="content type"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\.daf" VALUE="content type"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\daffile" VALUE="editflags"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\dalfile" VALUE="editflags"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\classes\\protocols\\name-space handler\\ftp\\zda" VALUE="clsid"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\protocols\\name-space handler\\http\\zda" VALUE="clsid"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\microsoft\\windows\\currentversion\\uninstall\\download accelerator plus beta" VALUE="displayname"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\microsoft\\windows\\currentversion\\uninstall\\download accelerator plus beta" VALUE="uninstallstring"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DownloadAccelerator"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="systimer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Download Accelerator Plus is believed to track your downloads and report information collected to a central server</DESCRIPTION> </SW> <SW NAME="DownloadReceiver"> <DIRECTORIES> <DIR NAME="eAcceleration" PATH="PFDir\\Common Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="systimer.exe" PATH="PFDir\\Common Files"></FILE> <FILE NAME="eac_drec.dll" PATH="PFDir\\Common Files"></FILE> <FILE NAME="download.exe" PATH="PFDir\\Common Files"></FILE> <FILE NAME="eac_drec.dll" PATH="PFDir\\Common Files\\eAcceleration"></FILE> </FILES> <COOKIES> <COOKIE NAME="buttonware"></COOKIE> <COOKIE NAME="eacceleration"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8869786c-8e72-45dc-911d-ab3416ac1df1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Acceleration Software International Corporation"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="Acceleration Software International Corporation"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="systimer.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>DownloadReceiver will install components without user permission. It also adds an advertising process at startup, which runs in the background of the PC</DESCRIPTION> </SW> <SW NAME="DownloadWare"> <DIRECTORIES> <DIR NAME="PAgent" PATH="PFDir"></DIR> <DIR NAME="KFH" PATH="PFDir"></DIR> <DIR NAME="MediaLoads" PATH="PFDir"></DIR> <DIR NAME="MedCh" PATH="PFDir"></DIR> <DIR NAME="MovieNetworks" PATH="PFDir"></DIR> <DIR NAME="Popcorn.net" PATH="PFDir"></DIR> <DIR NAME="Real-Tens" PATH="PFDir"></DIR> <DIR NAME="DownloadWare" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="PAgent.exe" PATH=""></FILE> <FILE NAME="bearshare.exe" PATH=""></FILE> <FILE NAME="grokster.exe" PATH=""></FILE> <FILE NAME="limewire.exe" PATH=""></FILE> <FILE NAME="morpheus.exe" PATH=""></FILE> <FILE NAME="MediaLoads.exe" PATH=""></FILE> <FILE NAME="ClipGenie.exe" PATH=""></FILE> <FILE NAME="ins.tmp" PATH=""></FILE> <FILE NAME="dw.exe" PATH="PFDir\\downloadware"></FILE> </FILES> <COOKIES> <COOKIE NAME="downloadware"></COOKIE> <COOKIE NAME="grokster"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="PAgent"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="DownloadWare"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="MediaLoads"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="mlh"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="MicroGaming"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="KFH"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{0494d0da-f8e0-41ad-92a3-14154ece70ac}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{0494d0dc-f8e0-41ad-92a3-14154ece70ac}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="MediaLoads"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="PAgent"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PAgent"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ins.tmp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="dw"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MediaLoads Installer"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DownloadWare"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>DownloadWare will cause general system instability, and install software that allows Downloadware to excecute arbitrary code on the PC</DESCRIPTION> </SW> <SW NAME="FavoriteMan/Emesx.dll/SpyAssault"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="favboot.dll" PATH="Sys32Dir"></FILE> <FILE NAME="favman.dll" PATH="Sys32Dir"></FILE> <FILE NAME="favorite.dll" PATH="Sys32Dir"></FILE> <FILE NAME="fone.dll" PATH="Sys32Dir"></FILE> <FILE NAME="im64.dll" PATH="Sys32Dir"></FILE> <FILE NAME="lwz.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Aess.dll" PATH="SysDir"></FILE> <FILE NAME="Aess.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ZZ.dll" PATH="SysDir"></FILE> <FILE NAME="ZZ.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mpz300.dll" PATH="SysDir"></FILE> <FILE NAME="mpz300.dll" PATH="Sys32Dir"></FILE> <FILE NAME="trk.dll" PATH="SysDir"></FILE> <FILE NAME="trk.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ofrg.dll" PATH="SysDir"></FILE> <FILE NAME="ofrg.dll" PATH="Sys32Dir"></FILE> <FILE NAME="favboot.dll" PATH="SysDir"></FILE> <FILE NAME="favorite.dll" PATH="SysDir"></FILE> <FILE NAME="FavMan.dll" PATH="SysDir"></FILE> <FILE NAME="lwz.dll" PATH="SysDir"></FILE> <FILE NAME="f1.dll" PATH="SysDir"></FILE> <FILE NAME="FOne.dll" PATH="SysDir"></FILE> <FILE NAME="gr02.dll" PATH="Sys32Dir"></FILE> <FILE NAME="emesx.dll" PATH="SysDir"></FILE> <FILE NAME="emesx.dll" PATH="Sys32Dir"></FILE> <FILE NAME="sysldr.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mbr32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="F1.dll" PATH="Sys32Dir"></FILE> <FILE NAME="im64.dll" PATH="SysDir"></FILE> <FILE NAME="dlh0st.dll" PATH="SysDir"></FILE> <FILE NAME="DDM3DIA.DLL" PATH="SysDir"></FILE> <FILE NAME="DDM3DIA.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="td1.dll" PATH="SysDir"></FILE> <FILE NAME="td1.dll" PATH="Sys32Dir"></FILE> <FILE NAME="w3th3rb.dll" PATH=""></FILE> <FILE NAME="Ss32.dll" PATH="SysDir"></FILE> <FILE NAME="Ss32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="gig.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows" VALUE="Counter"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows" VALUE="Server"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows" VALUE="Object"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000000da-0786-4633-87c6-1aa7a4429ef1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000000f1-34e3-4633-87c6-1aa7a44296da}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00000ef1-34e3-4633-87c6-1aa7a44296da}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{139d88e5-c372-469d-b4c5-1fe00852ab9b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ebbd88e5-c372-469d-b4c5-1fe00352ab9b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00000ef1-0786-4633-87c6-1aa7a44296da}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="msbb.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>FavoriteMan will install programs without user permission, as well as add entries to browser favorites menu and add desktop icons</DESCRIPTION> </SW> <SW NAME="FlashTrack"> <DIRECTORIES> <DIR NAME="ftapp" PATH="PFDir"></DIR> <DIR NAME="flt" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ftapp.dll" PATH="PFDir\\ftapp"></FILE> <FILE NAME="flt.dll" PATH="PFDir\\flt"></FILE> <FILE NAME="flt.mon" PATH="PFDir\\flt"></FILE> <FILE NAME="ftapp.dll" PATH="SysDir"></FILE> <FILE NAME="ftapp.dll" PATH="Sys32Dir"></FILE> <FILE NAME="flt.dll" PATH="SysDir"></FILE> <FILE NAME="flt.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="FTApp"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{665ACD90-4541-4836-9FE4-062386BB8F05}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="flt"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>FlashTrack will monitor browsing activity as well as record kewyords that are searched for</DESCRIPTION> </SW> <SW NAME="Gator/Claria/IEGator/PDPPlugin"> <DIRECTORIES> <DIR NAME="gator" PATH="PFDir"></DIR> <DIR NAME="date manager" PATH="PFDir"></DIR> <DIR NAME="fsg_tmp" PATH="ProfilePath\\local settings\\temp"></DIR> <DIR NAME="fsg_tmp" PATH="WinDir\\temp"></DIR> <DIR NAME="GMT" PATH="PFDir\\common files"></DIR> <DIR NAME="GMT" PATH="PFDir"></DIR> <DIR NAME="CMEII" PATH="PFDir\\common files"></DIR> <DIR NAME="gator.com" PATH="PFDir"></DIR> <DIR NAME="gui" PATH="PFDir"></DIR> <DIR NAME="store" PATH="PFDir"></DIR> <DIR NAME="WebPT" PATH="PFDir"></DIR> <DIR NAME="WebDM" PATH="PFDir"></DIR> <DIR NAME="PrecisionTime" PATH="PFDir"></DIR> <DIR NAME="GAIN" PATH="PFDir"></DIR> <DIR NAME="gator ewallet" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="Fsg.exe" PATH="SysDir"></FILE> <FILE NAME="Fsg.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Fsg_3202.exe" PATH="SysDir"></FILE> <FILE NAME="Fsg_3202.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Trickler.exe" PATH="SysDir"></FILE> <FILE NAME="Trickler.exe" PATH="Sys32Dir"></FILE> <FILE NAME="PdpPlg Class" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="PdpPi Class" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="DFRun Class" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="gmt.exe" PATH="PFDir\\common files\\GMT"></FILE> <FILE NAME="gator.exe" PATH="PFDir\\gator.com\\gator"></FILE> <FILE NAME="PrecisionTime.exe" PATH="PFDir\\PrecisionTime"></FILE> <FILE NAME="gmtproxy.dll" PATH="PFDir\\common files\\cmeii"></FILE> <FILE NAME="gatorstubsetup.exe" PATH="PFDir\\common files\\GMT"></FILE> <FILE NAME="cmeiiapi.dll" PATH=""></FILE> <FILE NAME="cmesys.exe" PATH=""></FILE> <FILE NAME="gappmgr.dll" PATH=""></FILE> <FILE NAME="gatorsupportinfo.txt" PATH=""></FILE> <FILE NAME="gcontroller.dll" PATH=""></FILE> <FILE NAME="gdwldeng.dll" PATH=""></FILE> <FILE NAME="giocl.dll" PATH=""></FILE> <FILE NAME="gioclclient.dll" PATH=""></FILE> <FILE NAME="gmtproxy.dll" PATH=""></FILE> <FILE NAME="gobjs.dll" PATH=""></FILE> <FILE NAME="gstore.dll" PATH=""></FILE> <FILE NAME="gstoreserver.dll" PATH=""></FILE> <FILE NAME="gtools.dll" PATH=""></FILE> <FILE NAME="PrecisionTime.exe" PATH=""></FILE> <FILE NAME="unwise.exe" PATH="PFDir\\PrecisionTime"></FILE> <FILE NAME="GStartup.lnk" PATH=""></FILE> <FILE NAME="PrecisionTime.lnk" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{21FFB6C0-0DA1-11D5-A9D5-00500413153C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Gator.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Gator"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="GatorTest"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="GMT"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Trickler"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Gator is adware which will deliver popup ads to the PC and has been reported to slow down system performance</DESCRIPTION> </SW> <SW NAME="SecondThought"> <DIRECTORIES> <DIR NAME="stc" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="stcloader.exe" PATH="SysDir"></FILE> <FILE NAME="2ndsrch.dll" PATH="SysDir"></FILE> <FILE NAME="2ndsrch.dll" PATH="Sys32Dir"></FILE> <FILE NAME="stc.exe" PATH="PFDir\\stc"></FILE> <FILE NAME="stcloader.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{13197ace-6851-45c3-a7ff-c281324d5489}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="stcloader"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="IEfeatures"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="internetfeatures.exe" PATH="Sys32Dir"></FILE> <FILE NAME="iefeatures.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="msversion"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="iefeatures"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Used to install other pieces of adware/spyware on your PC</DESCRIPTION> </SW> <SW NAME="Gratisware"> <DIRECTORIES> <DIR NAME="Gratisware" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CRS32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="CRS.EXE" PATH="Sys32Dir"></FILE> <FILE NAME="CRS32.REG" PATH="Sys32Dir"></FILE> <FILE NAME="CRS.OLD" PATH="Sys32Dir"></FILE> <FILE NAME="next.dl_" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="targit"></COOKIE> <COOKIE NAME="gratisware"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Gratisware"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5843A29E-1246-11D4-BA8C-0050DA707ACD}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{5843A29E-1246-11D4-BA8C-0050DA707ACD}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Gratisware will deliver popup advertisements to the PC, as well as track certain browsing habits and report them back to a central server</DESCRIPTION> </SW> <SW NAME="HotBar"> <DIRECTORIES> <DIR NAME="HotBar" PATH="PFDir"></DIR> <DIR NAME="bin" PATH="PFDir\\Hotbar"></DIR> <DIR NAME="4.1.8.0" PATH="PFDir\\Hotbar\\bin"></DIR> <DIR NAME="4.2.8.0" PATH="PFDir\\Hotbar\\bin"></DIR> <DIR NAME="4.3.1.0" PATH="PFDir\\Hotbar\\bin"></DIR> <DIR NAME="4.3.5.0" PATH="PFDir\\HotBar\\bin"></DIR> <DIR NAME="4.3.6.0" PATH="PFDir\\Hotbar\\bin"></DIR> <DIR NAME="4.3.8.0" PATH="PFDir\\Hotbar\\bin"></DIR> <DIR NAME="hotbar" PATH="WinDir\\application data"></DIR> <DIR NAME="hotbar" PATH="Sys32Dir\\config\\systemprofile\\application data"></DIR> </DIRECTORIES> <FILES> <FILE NAME="hotbar.exe" PATH=""></FILE> <FILE NAME="ctor.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctor.dll" PATH="SysDir"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\hotbar\\bin"></FILE> <FILE NAME="hotbar.log" PATH="PFDir\\hotbar"></FILE> <FILE NAME="hbhostie.dll" PATH="SysDir"></FILE> <FILE NAME="hbinst.exe-033aa324.pf" PATH=""></FILE> <FILE NAME="hbinst.exe-0edab9c6.pf" PATH=""></FILE> <FILE NAME="hbinst.exe-1b8894d1.pf" PATH=""></FILE> <FILE NAME="hbsrv.exe-23ebbcc9.pf" PATH=""></FILE> <FILE NAME="hotbarplugin.class" PATH=""></FILE> <FILE NAME="hotbar_1066151651.log" PATH=""></FILE> <FILE NAME="hbhostie.dll" PATH="Sys32Dir"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="Install.scr" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.1.8.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="install.scr" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.2.8.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="install.scr" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.1.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="install.scr" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.5.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="install.scr" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.6.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbtoolbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbinst.exe" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="dbenderc.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbcoresrv.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbhostie.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbhostoe.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="install.scr" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbhostol.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbsrv.exe" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar\\bin\\4.3.8.0"></FILE> <FILE NAME="hbinstie.dll" PATH="PFDir\\HotBar\\bin"></FILE> <FILE NAME="hotbar.dll" PATH="PFDir\\HotBar"></FILE> <FILE NAME="hbinst.exe" PATH="SysDir"></FILE> <FILE NAME="HotBar.inf" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="HotBar.log" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="hbinst.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Hotbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{204f937e-519e-4597-96fa-8f1f59f3cb6d}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE" VALUE="Hotbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\User Agent\\Post Platform" VALUE="Hotbar 3.0"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{da603411-0593-11d5-a46b-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{1038dd23-8ae8-451b-a134-4db8a49aa519}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{17719b53-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{17719b54-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{1e24f8a0-5965-4902-90d4-08534e9adf3b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{3103e312-e1bb-49ab-80eb-0a92fca78746}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{46417afd-7a15-4ed1-b764-cb72cd4d904f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{4bf4fafa-186e-4e36-8f74-525290438d7b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{4dbcfaf7-62e1-4811-8acc-6511e7192cb4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{60b25924-c865-11d2-b0c1-000000000000}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{60f63095-41ec-11d5-b558-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{60f630a2-41ec-11d5-b558-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{69fd62b1-0216-4c31-8d55-840ed86b7c8f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6a6ebae8-8c66-4675-b423-95b3ba530940}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6f885f52-b45f-45bc-8642-fe3d56155a3a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6fe00b71-7251-4e00-9186-ed89bbb946b8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{75d2080b-4857-4b96-9b7d-732634fbd01f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{8f59f897-6923-4b3b-8156-4e55d19de99a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{918e4b7a-4d80-43a4-83a7-39adcc11841f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{94beb7a2-36b7-46dc-8ad1-81a8332409c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{9ee87a26-b2c8-4130-83f6-e8511d939976}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a80347d3-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a80347df-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a80347e0-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b00609a6-82af-4c55-bbb8-adc8593ceb86}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b195b3a5-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b195b3b2-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b701a704-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{b701a705-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{becafc17-baf9-11d4-b492-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{da603411-0593-11d5-a46b-10101b1b1111}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{f4132b7b-1576-41b6-abd8-39c6c53047f7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{1038dd23-8ae8-451b-a134-4db8a49aa519}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{1e24f8a0-5965-4902-90d4-08534e9adf3b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{4dbcfaf7-62e1-4811-8acc-6511e7192cb4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{60f630a2-41ec-11d5-b558-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{69fd62b1-0216-4c31-8d55-840ed86b7c8f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{6fe00b71-7251-4e00-9186-ed89bbb946b8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{75d2080b-4857-4b96-9b7d-732634fbd01f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{a80347e0-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{becafc17-baf9-11d4-b492-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbhostie.hbbho.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbmain.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{60f63095-41ec-11d5-b558-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="appid" VALUE="hbsrv.exe"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="appid" VALUE="{b701a705-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbcoresrv.hbcoreservices"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbcoresrv.hbcoreservices.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbhostol.hbmailanim"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbhostol.hbmailanim.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbinstie.hbinstobj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbinstie.hbinstobj.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbsrv.hbcoreservices"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbsrv.hbcoreservices.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbtoolbar.hbtoolbarctl"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hbtoolbar.hbtoolbarctl.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbbho"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbcommband"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbcommband.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbcommmband.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="hotbar.hbmain"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{17719b53-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{17719b54-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{3103e312-e1bb-49ab-80eb-0a92fca78746}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{46417afd-7a15-4ed1-b764-cb72cd4d904f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{4bf4fafa-186e-4e36-8f74-525290438d7b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{6a6ebae8-8c66-4675-b423-95b3ba530940}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{6f885f52-b45f-45bc-8642-fe3d56155a3a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{8f59f897-6923-4b3b-8156-4e55d19de99a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{918e4b7a-4d80-43a4-83a7-39adcc11841f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{9ee87a26-b2c8-4130-83f6-e8511d939976}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{a80347df-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{b00609a6-82af-4c55-bbb8-adc8593ceb86}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{b195b3b2-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{da603411-0593-11d5-a46b-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{da603411-0593-11d5-a46b-10101b1b1111}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{f4132b7b-1576-41b6-abd8-39c6c53047f7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software\\Microsoft\\windows\\CurrentVersion\\explorer\\browser helper objects" VALUE="{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{94beb7a2-36b7-46dc-8ad1-81a8332409c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{a80347d3-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{b195b3a5-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{b701a704-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="{69fd62b1-0216-4c31-8d55-840ed86b7c8f}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\internet explorer\\explorer bars" VALUE="{becafc17-baf9-11d4-b492-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\windows\\CurrentVersion\\internet settings\\user agent" VALUE="hotbar 3.0"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\appid" VALUE="{b701a705-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{17719b53-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{17719b54-fad1-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{3103e312-e1bb-49ab-80eb-0a92fca78746}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{31321312-e1bb-49ab-80eb-13212ca78746}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{46417afd-7a15-4ed1-b764-cb72cd4d904f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{4bf4fafa-186e-4e36-8f74-525290438d7b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{6a6ebae8-8c66-4675-b423-95b3ba530940}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{6f885f52-b45f-45bc-8642-fe3d56155a3a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{8f59f897-6923-4b3b-8156-4e55d19de99a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{918e4b7a-4d80-43a4-83a7-39adcc11841f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{9ee87a26-b2c8-4130-83f6-e8511d939976}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{a80347df-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{b00609a6-82af-4c55-bbb8-adc8593ceb86}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{b195b3b2-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{c8539bfe-8fd7-405c-8eef-d9af48dc6ba4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{da603411-0593-11d5-a46b-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{da603411-0593-11d5-a46b-10101b1b1111}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{da603411-0593-11d5-a46b-10101ddd1111}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{f4132b7b-1576-41b6-abd8-39c6c53047f7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\Interface" VALUE="{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{60f63095-41ec-11d5-b558-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{94beb7a2-36b7-46dc-8ad1-81a8332409c0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{a80347d3-f757-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{b195b3a5-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{b701a704-f828-11d4-a466-00508b5ba2df}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Code Store Database\\Distribution Units" VALUE="{69fd62b1-0216-4c31-8d55-840ed86b7c8f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\office\\outlook\\addins" VALUE="hbhostol.hbmailanim"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\browser helper objects" VALUE="{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\internet settings\\user agent\\post platform" VALUE="hotbar 4.2.13.0"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion" VALUE="runhotbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\uninstall" VALUE="hotbar uninstall"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\currentcontrolset\\enum\\sw" VALUE="{03884cb6-e89a-4deb-b69e-8dc621686e6a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\currentcontrolset\\enum\\sw" VALUE="{8e60217d-a2ee-47f8-b0c5-0f44c55f66dc}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\currentcontrolset\\enum\\sw" VALUE="{96e080c7-143c-11d1-b40f-00a0c9223196}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\currentcontrolset\\enum\\sw" VALUE="{b7eafdc0-a680-11d0-96d8-00aa0051e51d}"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB=".defaultSoftware" VALUE="hotbar"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-329068152-1677128483-854245398-500\\software\\Microsoft\\internet explorer\\explorer bars" VALUE="{becafc17-baf9-11d4-b492-00d0b77f0a6d}"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-725345543-1078145449-1343024091-500\\software\\Microsoft\\internet explorer\\explorer bars" VALUE="{becafc17-baf9-11d4-b492-00d0b77f0a6d}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="B195B3B3-8A05-11D3-97A4-0004ACA6948E"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\internet explorer\\toolbar" VALUE="webbrowser{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\internet explorer\\toolbar" VALUE="{b195b3b3-8a05-11d3-97a4-0004aca6948e}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="HotBar"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>HotBar is a toolbar that attaches to the browser. Once installed, it delivers popup ads, and is known to significantly decrease both system and browser speed</DESCRIPTION> </SW> <SW NAME="HuntBar"> <DIRECTORIES> <DIR NAME="MSIETS" PATH="PFDir\\Common Files"></DIR> <DIR NAME="Search Toolbar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="wintools.exe" PATH="PFDir\\common files\\wintools"></FILE> <FILE NAME="{26e8361f-bce7-4f75-a347-98c88b418322}" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="{59450DB0-341D-4436-B380-B8377D8B6796}" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="{D6E66235-7AA6-44ED-A06C-6F2033B1D993}" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="msiets.dll" PATH="PFDir\\Common Files\\MSIETS"></FILE> <FILE NAME="toolbar.dll" PATH="PFDir\\Toolbar"></FILE> <FILE NAME="msielink.dll" PATH="PFDir\\Common Files\\MSIETS"></FILE> <FILE NAME="{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}" PATH=""></FILE> <FILE NAME="{59450DB0-341D-4436-B380-B8377D8B6796}" PATH=""></FILE> <FILE NAME="btlink.dll" PATH="PFDir\\Common Files\\BTLINK"></FILE> <FILE NAME="msiein.dll" PATH="SysDir"></FILE> <FILE NAME="msiein.dll" PATH="Sys32Dir"></FILE> <FILE NAME="btiein.dll" PATH="SysDir"></FILE> <FILE NAME="btiein.dll" PATH="Sys32Dir"></FILE> <FILE NAME="stoolbar.dll" PATH="PFDir\\search toolbar"></FILE> <FILE NAME="btiein.dll" PATH="PFDir\\common files\\wintools"></FILE> </FILES> <COOKIES> <COOKIE NAME="trafficsyndicate"></COOKIE> <COOKIE NAME="bullseyesgames"></COOKIE> <COOKIE NAME="side-search"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{8952A998-1E7E-4716-B23D-3DBE03910972}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{8952A998-1E7E-4716-B23D-3DBE03910972}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0a5cf411-f0bf-4af8-a2a4-8233f3109bed}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{d6dff6d8-b94b-4720-b730-1c38c7065c3b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0a68c5a2-64ae-4415-88a2-6542304a4745}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8a05273a-2ea5-42de-aa75-59ea7d9d50d7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{a6250fb8-2206-499e-a7aa-e1ec437e71c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d6dff6d8-b94b-4720-b730-1c38c7065c3b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d6e66235-7aa6-44ed-a06c-6f2033b1d993}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0a68c5a2-64ae-4415-88a2-6542304a4745}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a6250fb8-2206-499e-a7aa-e1ec437e71c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{d6e66235-7aa6-44ed-a06c-6f2033b1d993}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{d6dff6d8-b94b-4720-b730-1c38c7065c3b}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="MSIETS"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="MSIETSLink"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="" VALUE="MSIETS"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="" VALUE="MSIEIN"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="" VALUE="BTIEIN"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="" VALUE="BTLINK"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="" VALUE="Search Toolbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{63b78bc1-a711-4d46-ad2f-c581ac420d41}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{63b78bc1-a711-4d46-ad2f-c581ac420d41}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{339bb23f-a864-48c0-a59f-29ea915965ec}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>HuntBar is known to attach a toolbar to the browser, as well as snoop on browsing activity, and silently update without user interaction</DESCRIPTION> </SW> <SW NAME="HungryHands"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="hhu.dll" PATH="WinDir"></FILE> <FILE NAME="hh.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{bcf96fb4-5f1b-497b-aecc-910304a55011}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{bcf96fb4-5f1b-497b-aecc-910304a55011}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijackers that changes internet settings to porn related sites</DESCRIPTION> </SW> <SW NAME="Bridge"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="bridge.dll" PATH="SysDir"></FILE> <FILE NAME="bridge.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{9c691a33-7dda-4c2f-be4c-c176083f35cf}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{9c691a33-7dda-4c2f-be4c-c176083f35cf}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Flingstone Bridge spawns popup advertisement windows</DESCRIPTION> </SW> <SW NAME="Purityscan/Purityscan.c"> <DIRECTORIES> <DIR NAME="purityscan" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="winservn.exe" PATH="Sys32Dir"></FILE> <FILE NAME="purityscan.exe" PATH="PFDir\\purityscan"></FILE> <FILE NAME="wintsu.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="contentservice"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WCPS"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Purityscan will serve advertisements to your PC</DESCRIPTION> </SW> <SW NAME="IEPlugin"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winobject.dll" PATH="WinDir"></FILE> <FILE NAME="systb.dll" PATH="WinDir"></FILE> <FILE NAME="winserv.exe" PATH="WinDir"></FILE> <FILE NAME="wupdt.exe" PATH="WinDir"></FILE> <FILE NAME="kw.dat" PATH="WinDir"></FILE> <FILE NAME="toServer.pst" PATH="WinDir"></FILE> <FILE NAME="lu.dat" PATH="WinDir"></FILE> <FILE NAME="extract.exe" PATH="WinDir"></FILE> <FILE NAME="button0.ico" PATH="WinDir"></FILE> <FILE NAME="button1.ico" PATH="WinDir"></FILE> <FILE NAME="button2.ico" PATH="WinDir"></FILE> <FILE NAME="logo.ico" PATH="WinDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="ieplugin"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{914AFB33-550B-4BD0-B4EF-8DA185504836}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{914AFB33-550B-4BD0-B4EF-8DA185504836}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{914AFB33-550B-4BD0-B4EF-8DA185504836}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{914AFB33-550B-4BD0-B4EF-8DA185504836}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Win Server"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Win Server Updt"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>IEPlugin will silently update, hijack keyword searches as well as content entered into forms while surfing</DESCRIPTION> </SW> <SW NAME="IGetNet"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="rsp001.dll" PATH="SysDir"></FILE> <FILE NAME="rsp001.dll" PATH="Sys32Dir"></FILE> <FILE NAME="BHO.DLL" PATH="SysDir"></FILE> <FILE NAME="rsp.dll" PATH="SysDir"></FILE> <FILE NAME="WinStart.exe" PATH="SysDir"></FILE> <FILE NAME="install_all.dll" PATH="SysDir"></FILE> <FILE NAME="update_com.dll" PATH="SysDir"></FILE> <FILE NAME="update_removeold.dll" PATH="SysDir"></FILE> <FILE NAME="winstart001.exe" PATH="Sys32Dir"></FILE> <FILE NAME="BHO001.dll" PATH="SysDir"></FILE> <FILE NAME="BHO001.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="ignkeywords"></COOKIE> <COOKIE NAME="rspsearch"></COOKIE> <COOKIE NAME="igetnet"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\VB and VBA Program Settings" VALUE="Ie Rsp"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\Run " VALUE="WinStart001.exe"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{60e78cac-e9a7-4302-b9ee-8582ede22fbf}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{60e78cac-e9a7-4302-b9ee-8582ede22fbf}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\Run" VALUE="WinStart"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>IGetNet will hijack keyword searches as well as start a process at windows startup, which allows it to self update</DESCRIPTION> </SW> <SW NAME="SearchV/W32.Dumaru@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="vxdmgr32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="load32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="dllreg.exe" PATH="WinDir"></FILE> <FILE NAME="MSupdater.exe-04f9ec8b.pf" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that trys to spread itself and allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="MPGCom"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iempg.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ffffffff-ffff-ffff-ffff-5f8507c5f4e9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{ffffffff-ffff-ffff-ffff-5f8507c5f4e9}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser helper object used to deliver ads to your PC</DESCRIPTION> </SW> <SW NAME="InetSpeak/INetSpeak.Iexplorr"> <DIRECTORIES> <DIR NAME="mm050102" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="iexplorr29.dll" PATH="WinDir"></FILE> <FILE NAME="iexplorr26.dll" PATH="WinDir"></FILE> <FILE NAME="iexplorr27.dll" PATH="WinDir"></FILE> <FILE NAME="iexplorr11.dll" PATH="WinDir"></FILE> <FILE NAME="winietoolbar.ini" PATH="WinDir"></FILE> <FILE NAME="WindowsIE.dll" PATH="WinDir"></FILE> <FILE NAME="boombar.dll" PATH="PFDir\\Internet Explorer"></FILE> <FILE NAME="BHO42602.dll" PATH="PFDir\\mm050102"></FILE> <FILE NAME="WindowsIE.dll" PATH="PFDir\\mm052202"></FILE> <FILE NAME="WindowsIE.dll" PATH="SysDir"></FILE> <FILE NAME="WindowsIE.dll" PATH="Sys32Dir"></FILE> <FILE NAME="iexplorr11.dll" PATH="PFDir\\internet explorer"></FILE> <FILE NAME="iexplorr11.dll" PATH="SysDir"></FILE> <FILE NAME="iexplorr11.dll" PATH="Sys32Dir"></FILE> <FILE NAME="iexplorr22.dll" PATH="PFDir\\internet explorer"></FILE> <FILE NAME="iexplorr22.dll" PATH="SysDir"></FILE> <FILE NAME="iexplorr22.dll" PATH="Sys32Dir"></FILE> <FILE NAME="iexplorr23.dll" PATH="PFDir\\internet explorer"></FILE> <FILE NAME="iexplorr23.dll" PATH="SysDir"></FILE> <FILE NAME="iexplorr23.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="musicmagnet"></COOKIE> <COOKIE NAME="eboom"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{2E12B523-3D4C-4FAC-9B04-0376A8F5E879}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{54ED9B49-81D1-4866-95A6-30F01DE0047E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{94326E3F-F51F-4863-A832-4ACD0D7D4BC3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{BC0D2038-2DE5-4A6F-92BC-B18A3E0DE32A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2E12B523-3D4C-4FAC-9B04-0376A8F5E879}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{a76066c9-941b-4209-9d96-0ac80501100d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{a76066c9-941b-4209-9d96-0ac80501100d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{bc0d2038-2de5-4a6f-92bc-b18a3e0de32a}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>InetSpeak will add a non-removable strip of advertising links below the standard browser buttons</DESCRIPTION> </SW> <SW NAME="MarketScore"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NSCheck.exe" PATH="Sys32Dir"></FILE> <FILE NAME="NSCheck.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="marketscore"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MarketScore"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>MarketScore runs at startup, ensuring all of your connections go through their servers, where the traffic can be analyzed</DESCRIPTION> </SW> <SW NAME="Mirar Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NN_Bar.dll" PATH="SysDir"></FILE> <FILE NAME="NN_Bar21.dll" PATH="SysDir"></FILE> <FILE NAME="NN_Bar22.dll" PATH="SysDir"></FILE> <FILE NAME="NN_Bar23.dll" PATH="SysDir"></FILE> <FILE NAME="NN_Bar31.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB40.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB40.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WinNB41.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WinNB41.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB42.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WinNB42.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB43.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WinNB43.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB51.dll" PATH="SysDir"></FILE> <FILE NAME="WinNB51.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NN_Bar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NN_Bar21.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NN_Bar22.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NN_Bar31.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="mirar"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\Current Version\\Explorer\\Browser Helper Objects" VALUE="{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mirar Toolbar is a toolbar addon for internet explorer. It has the ability to hide, and then re-emerge, making removal difficult and very annoying</DESCRIPTION> </SW> <SW NAME="Surebar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="surebar.dll" PATH="SysDir"></FILE> <FILE NAME="surebar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{D3F01312-8A3D-4D41-A4FA-FB61D295CB6B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\Current Version\\Explorer\\Browser Helper Objects" VALUE="{D3F01312-8A3D-4D41-A4FA-FB61D295CB6B}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>SureBar is a toolbar hijacker that will reset homepage settings, take over searches, and add a toolbar to internet explorer</DESCRIPTION> </SW> <SW NAME="NetPal"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="n3tpa1.dll" PATH="SysDir"></FILE> <FILE NAME="n3tpa1.dll" PATH="Sys32Dir"></FILE> <FILE NAME="netpal.dll" PATH="Sys32Dir"></FILE> <FILE NAME="kernellos.dll" PATH="Sys32Dir"></FILE> <FILE NAME="n3tpa1i.dll" PATH="Sys32Dir"></FILE> <FILE NAME="n3tpa1i.dll" PATH="SysDir"></FILE> <FILE NAME="n3tpa1p.dll" PATH="SysDir"></FILE> <FILE NAME="n3tpa1p.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="netpal"></COOKIE> <COOKIE NAME="mindset"></COOKIE> <COOKIE NAME="aadcom"></COOKIE> <COOKIE NAME="onadsolut"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Destiny"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="NetPalIExplore.NetPal"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="NetPalIExplore.NetPal.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6085FB5B-C281-4b9c-8E5D-D2792EA30D2F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{6085FB5B-C281-4B9C-8E5D-D2792EA30D2F}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{000e7270-cc7a-0786-8e7a-da09b51938a6}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c7ade150-743d-11d4-8141-00e029626f6a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000e7270-cc7a-0786-8e7a-da09b51938a6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{6085FB5B-C281-4b9c-8E5D-D2792EA30D2F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{c7ade150-743d-11d4-8141-00e029626f6a}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>NetPal is adware which delivers ads to the pc, as well as adding additional shortcuts and desktop icons</DESCRIPTION> </SW> <SW NAME="Network Essentials/SmartPops"> <DIRECTORIES> <DIR NAME="Network Essentials" PATH="PFDir"></DIR> <DIR NAME="medialoads enhanced" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="Digital Signature.html" PATH="WinDir"></FILE> <FILE NAME="ne.dll" PATH="PFDir\\Network Essentials\\v8"></FILE> <FILE NAME="ne.dll" PATH="PFDir\\Network Essentials\\v9"></FILE> <FILE NAME="ne.dll" PATH="PFDir\\Network Essentials\\v10"></FILE> <FILE NAME="ne.dll" PATH="PFDir\\Network Essentials\\v11"></FILE> <FILE NAME="ne.exe" PATH="PFDir\\Network Essentials\\v11"></FILE> <FILE NAME="rh.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0421701D-CF13-4E70-ADF0-45A953E7CB8B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{D5C778F1-CF13-4E70-ADF0-45A953E7CB8B}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Network Essentials hijacks keyword searches to display their sponsored results</DESCRIPTION> </SW> <SW NAME="W32.Mimail.E"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sysload32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SystemLoad32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Mimail.D"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cnfrm.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Cnfrm32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Mimail.C"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="NetWatch32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Mimail.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="videodrv.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="VideoDriver"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Mimail.G@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cnfrm33.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Cn323"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Sobig.A@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Winmgm32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsMGM"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Sobig.E"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winssk32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SSK Service"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SSK Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Sobig.B@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msccn32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Tray"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Tray"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Sobig.C@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mscvb32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System MScvb"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System MScvb"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Sobig.D@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cftrb32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SFtrb Service"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SFtrb Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Logitall.A@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MyV.exe" PATH=""></FILE> <FILE NAME="SysInfoMyV.txt" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Hopalong@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Hop_along.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="AccessMembre/Dialer.Montil"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="accesmembre.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{d1b80ebf-1a26-4fec-b0b9-dcb934c6507e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{a41c6220-6f42-4646-b119-fbe6f4d38e3c}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Extremely dangerous dialer program that dials a very expensive number to access pornography</DESCRIPTION> </SW> <SW NAME="Win32.Holar.G"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="explore.exe" PATH="Sys32Dir"></FILE> <FILE NAME="smtp.ocx" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{3df2ae35-26a8-11d4-bdd2-00104bfec09f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="smtpcontrol.smtp"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{3df2ae33-26a8-11d4-bdd2-00104bfec09f}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="explore"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a mass-mailing worm that sends itself to the email addresses</DESCRIPTION> </SW> <SW NAME="W32/Holar-C"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="CmdServ.exe" PATH="SysDir"></FILE> <FILE NAME="Mplayer.exe" PATH="SysDir"></FILE> <FILE NAME="Mplayer.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="iLLeGal"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="MyLife"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="ZaCker"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses</DESCRIPTION> </SW> <SW NAME="W32.Gramos"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Msgran.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Messenger start-up"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="VirtuMonde/WindowsUpd"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WindowsUpd1.exe" PATH="WinDir"></FILE> <FILE NAME="WindowsUpd2.exe" PATH="WinDir"></FILE> <FILE NAME="WindowsUpd4.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsUpd"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware that will spawn pop up advertisements</DESCRIPTION> </SW> <SW NAME="Veevo"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="VEEVO.DLL" PATH="SysDir"></FILE> <FILE NAME="VEEVO.DLL" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser helper object used to control internet settings</DESCRIPTION> </SW> <SW NAME="Trojan.Myss.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mssys.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan that allows unauthorized parties access to your PC</DESCRIPTION> </SW> <SW NAME="Tatss"> <DIRECTORIES> <DIR NAME="pgtools" PATH="Sys32Dir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="tatss.exe" PATH="Sys32Dir\\pgtools"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="tat"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to spawn pop up advertisements</DESCRIPTION> </SW> <SW NAME="Syscpy Spam Proxy/Atztecmarketing.syscpy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="syscpy.exe" PATH="SysDir"></FILE> <FILE NAME="syscpy.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{e0e899ab-f487-11d5-8d29-0050ba6940e3}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Syscpy"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Set up to allow your computer to be used as a relay for spammers</DESCRIPTION> </SW> <SW NAME="Syscm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Syscm.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="syscm"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Attempts to download new files as well as change your internet settings</DESCRIPTION> </SW> <SW NAME="Spoolsvv"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="spoolsvv.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Spoolsvv"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Runs at startup with no legitimate purpose</DESCRIPTION> </SW> <SW NAME="RapidBlaster"> <DIRECTORIES> <DIR NAME="RapidBlaster" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="rb32.exe" PATH="PFDir\\rapidblaster"></FILE> </FILES> <COOKIES> <COOKIE NAME="rapidblaster"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="RapidBlaster"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="rb32 lptt01"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>RapidBlaster runs at windows startup, and records all information entered into forms when browsing</DESCRIPTION> </SW> <SW NAME="Search-Explorer"> <DIRECTORIES> <DIR NAME="Search-Explorer" PATH="WinDir\\Downloaded Program Files"></DIR> <DIR NAME="search-explorer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="explbar.dll" PATH="PFDir\\search-explorer"></FILE> <FILE NAME="explbar.dll" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> <COOKIE NAME="adpowerzone"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{23DDAE8C-6A79-4d62-80AA-E95D89CB9811}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{23DDAE8C-6A79-4d62-80AA-E95D89CB9811}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet explorer toolbar that slows down PC/Browsing</DESCRIPTION> </SW> <SW NAME="TinyBar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="tinybar.html" PATH="SysDir"></FILE> <FILE NAME="hb.html" PATH="SysDir"></FILE> <FILE NAME="br.reg" PATH="SysDir"></FILE> <FILE NAME="br.dll" PATH="SysDir"></FILE> <FILE NAME="hb.reg" PATH="SysDir"></FILE> <FILE NAME="sp.dll" PATH="SysDir"></FILE> <FILE NAME="atk.vbs" PATH="SysDir"></FILE> <FILE NAME="tinybar.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="internet-eraser"></COOKIE> <COOKIE NAME="zeropopup"></COOKIE> <COOKIE NAME="tinybar"></COOKIE> <COOKIE NAME="allcybersearch"></COOKIE> <COOKIE NAME="gocybersearch"></COOKIE> <COOKIE NAME="topsearcher"></COOKIE> <COOKIE NAME="znext"></COOKIE> <COOKIE NAME="traffic4sure"></COOKIE> <COOKIE NAME="errorpage404"></COOKIE> <COOKIE NAME="searchaccurate"></COOKIE> <COOKIE NAME="ourlinklist"></COOKIE> <COOKIE NAME="topclicks"></COOKIE> <COOKIE NAME="iseekresults"></COOKIE> <COOKIE NAME="ysearchus"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Explorer Bars" VALUE="{69550BE2-9A78-11d2-BA91-00600827878D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Explorer Bars" VALUE="{69555BE2-9A78-11d2-BA91-00600827878D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{69550BE2-9A78-11d2-BA91-00600827878D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\CLSID" VALUE="{69555BE2-9A78-11d2-BA91-00600827878D}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8fb0f3e2-5193-11d7-9f88-0050fc5441cb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Explorer Bars" VALUE="{8FB0F3E2-5193-11D7-9F88-0050FC5441CB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Explorer Bars" VALUE="{82599E0A-8C81-11D7-9F97-0050FC5441CB}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{82599E0A-8C81-11D7-9F97-0050FC5441CB}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{69550BE2-9A78-11d2-BA91-00600827878D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{69555BE2-9A78-11d2-BA91-00600827878D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{8FB0F3E2-5193-11D7-9F88-0050FC5441CB}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{82599E0A-8C81-11D7-9F97-0050FC5441CB}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Messenger"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>TinyBar hijacks search options to default to their sites</DESCRIPTION> </SW> <SW NAME="Transponder"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IEHelper.DLL" PATH="WinDir"></FILE> <FILE NAME="VX2.dll" PATH="WinDir"></FILE> <FILE NAME="TPS108.dll" PATH="WinDir"></FILE> <FILE NAME="MSView.dll" PATH="WinDir"></FILE> <FILE NAME="MSView.dll" PATH="ProfilePath\\local settings"></FILE> <FILE NAME="msview.dll" PATH="SysDir"></FILE> <FILE NAME="host.dll" PATH="WinDir"></FILE> <FILE NAME="sitehlpr.dll" PATH="WinDir"></FILE> <FILE NAME="MSView.ini" PATH="WinDir"></FILE> <FILE NAME="tps108.html" PATH=""></FILE> <FILE NAME="bc777.html" PATH=""></FILE> <FILE NAME="hostprep.exe" PATH="Sysdir"></FILE> <FILE NAME="hostprep.exe" PATH="Sys32dir"></FILE> <FILE NAME="ehelper.dll" PATH="SysDir"></FILE> <FILE NAME="msvprep.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="mindset"></COOKIE> <COOKIE NAME="aadcom"></COOKIE> <COOKIE NAME="onadsolut"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Transponder"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="RespondMiter"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="TPS108"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="HostDll"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="SiteHlpr"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="MSView"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{30000273-8230-4dd4-be4f-6889d1e74167}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Transponder is adware which delivers ads to the pc, as well as adding additional shortcuts and desktop icons</DESCRIPTION> </SW> <SW NAME="UCMore"> <DIRECTORIES> <DIR NAME="UCMore" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="UCMIE.dll" PATH="SysDir"></FILE> <FILE NAME="UCMIE.dll" PATH="Sys32Dir"></FILE> <FILE NAME="UCMIE.dll" PATH="PFDir\\UCMore"></FILE> <FILE NAME="iucmore.dll" PATH="PFDir\\UCMore"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="53CBEE82-D747-11D3-9ED0-005004189684"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="" VALUE="UCmore"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>UCMore is a browser addon that also records all visited urls and reports them to a central server</DESCRIPTION> </SW> <SW NAME="Spytech SpyAgent"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="spyagent.exe" PATH="PFDir\\spytech software\\spyagent professional"></FILE> <FILE NAME="spyrename.exe" PATH="PFDir\\spytech software\\spyagent professional"></FILE> <FILE NAME="systemsa32.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Spytech Spyagent will record all activities on your PC</DESCRIPTION> </SW> <SW NAME="Wazam"> <DIRECTORIES> <DIR NAME="Wazam.com" PATH="PFDir"></DIR> <DIR NAME="Wazam.com Toolbar" PATH="PFDir\\CursorArts\\IconForge"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SBar.dll" PATH="PFDir\\CursorArts\\IconForge\\Wazam.com Toolbar"></FILE> </FILES> <COOKIES> <COOKIE NAME="favicon"></COOKIE> <COOKIE NAME="wazam"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="SBB"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Wazam is a browser addon that provides certain search features, but stays resident in the background and hides itself from the user</DESCRIPTION> </SW> <SW NAME="WurldMedia"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="moz030715s.dll" PATH="SysDir"></FILE> <FILE NAME="moz030715s.dll" PATH="Sys32Dir"></FILE> <FILE NAME="moconfig.exe" PATH="SysDir"></FILE> <FILE NAME="moconfig.exe" PATH="Sys32Dir"></FILE> <FILE NAME="bpboh.dll" PATH="WinDir"></FILE> <FILE NAME="bpbho.dll" PATH="WinDir"></FILE> <FILE NAME="mbho.dll" PATH="SysDir"></FILE> <FILE NAME="mbho.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mobho.dll" PATH=""></FILE> <FILE NAME="mostat.exe" PATH=""></FILE> <FILE NAME="MSCStat.exe" PATH="SysDir"></FILE> <FILE NAME="MSCStat2.exe" PATH="SysDir"></FILE> <FILE NAME="mdefshop.dll" PATH="SysDir"></FILE> <FILE NAME="mdefshop.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bpboh.dll" PATH="Sys32Dir"></FILE> <FILE NAME="m030106shop.dll" PATH="Sys32Dir"></FILE> <FILE NAME="m030106shop.dll" PATH="SysDir"></FILE> <FILE NAME="m030206pohs.dll" PATH="SysDir"></FILE> <FILE NAME="m030206pohs.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mo030414s.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mo030414s.dll" PATH="SysDir"></FILE> <FILE NAME="moaa030425s.dll" PATH="SysDir"></FILE> <FILE NAME="moaa030425s.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="morp"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{3a279869-c6b6-4410-a041-0435de6ad916}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="rdxr"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="tchk.tchkbho"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="tchk.tchkbho.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{2737a6c0-7e24-11d7-b299-00e0297e0844}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2737a6c0-7e24-11d7-b299-00e0297e0844}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{525bbd23-1863-46c6-86d6-5f9a3715d44e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{5A3A5040-4210-11D7-BD2E-00080E34122F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{98D7B53E-B1D2-4755-B0A4-703E18FF91E8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{CDBCFEAE-10BA-482C-9F6E-FC67207082D8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{D14641FA-445B-448E-9994-209f7AF15641}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{F325E940-45EE-11D7-A420-444553540000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{2737a6c0-7e24-11d7-b299-00e0297e0844}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{3a279869-c6b6-4410-a041-0435de6ad916}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{40AC4D2D-491D-11D4-AAF2-0008C75DCD2B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{525BBD23-1863-46C6-86D6-5F9A3715D44E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{5A3A5040-4210-11D7-BD2E-00080E34122F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{8E9C4F32-BD3F-4C49-9AF5-3F4C5D32EBD7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{98D7B53E-B1D2-4755-B0A4-703E18FF91E8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{CDBCFEAE-10BA-482C-9F6E-FC67207082D8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{D14641FA-445B-448E-9994-209f7AF15641}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{F325E940-45EE-11D7-A420-444553540000}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Shopping Community" VALUE="DisplayName"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>WurldMedia steals affiliate commissions by redirecting visitors through their servers</DESCRIPTION> </SW> <SW NAME="SaveNow"> <DIRECTORIES> <DIR NAME="WhenUDownload" PATH="WinDir\\Downloaded Program Files"></DIR> <DIR NAME="Db" PATH="WinDir\\Downloaded Program Files"></DIR> <DIR NAME="SavNow" PATH="PFDir"></DIR> <DIR NAME="SaveNow" PATH="PFDir"></DIR> <DIR NAME="Save" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="savenow.db" PATH="PFDir\\SaveNow"></FILE> <FILE NAME="save.exe" PATH="PFDir\\Save"></FILE> </FILES> <COOKIES> <COOKIE NAME="whenu"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{e2f2b9d0-96b9-4b25-b90c-636ecb207d18}"></REGKEY> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SaveNow"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WhenUSave"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>SaveNow downloads and displays advertisements to the PC</DESCRIPTION> </SW> <SW NAME="lop"> <DIRECTORIES> <DIR NAME="Window Active" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="winactive.exe" PATH="PFDir\\Window Active"></FILE> <FILE NAME="chksbdrlya.dll" PATH=""></FILE> <FILE NAME="dmvcrthl.exe" PATH=""></FILE> <FILE NAME="eaeeishllblc.dll" PATH=""></FILE> <FILE NAME="eelykofrllfrj.dll" PATH=""></FILE> <FILE NAME="ealymfrprwch.dll" PATH=""></FILE> <FILE NAME="epllkeeoopr.dll" PATH=""></FILE> <FILE NAME="freabrlaouw.dll" PATH=""></FILE> <FILE NAME="gldqumssfrie.dll" PATH=""></FILE> <FILE NAME="hglllyxrxw.dll" PATH=""></FILE> <FILE NAME="icdrhwno.dll" PATH=""></FILE> <FILE NAME="heeachmstll.dll" PATH=""></FILE> <FILE NAME="meepajlr.dll" PATH=""></FILE> <FILE NAME="ousszidrta.dll" PATH=""></FILE> <FILE NAME="prnouestssstx.dll" PATH=""></FILE> <FILE NAME="quglwachfs.dll" PATH=""></FILE> <FILE NAME="sstroallhqch.dll" PATH=""></FILE> <FILE NAME="tblchepruprgr.dll" PATH=""></FILE> <FILE NAME="trdzhtxf.exe" PATH=""></FILE> <FILE NAME="trstshcrscksr.dll" PATH=""></FILE> <FILE NAME="ukfroigl.dll" PATH=""></FILE> <FILE NAME="upckeetoutw.dll" PATH=""></FILE> <FILE NAME="veaeyglckr.dll" PATH=""></FILE> <FILE NAME="woafrquzn.dll" PATH=""></FILE> <FILE NAME="eelykofrllfrpr.dll" PATH=""></FILE> <FILE NAME="yeecrsoustoull.dll" PATH=""></FILE> <FILE NAME="ziebaeeoaeepr.dll" PATH=""></FILE> <FILE NAME="prxzoustustgr.dll" PATH=""></FILE> <FILE NAME="plg_ie0.dll" PATH=""></FILE> <FILE NAME="plg_ie1.dll" PATH=""></FILE> <FILE NAME="plg_ie2.dll" PATH=""></FILE> <FILE NAME="plg_ie3.dll" PATH=""></FILE> <FILE NAME="plg_ie4.dll" PATH=""></FILE> <FILE NAME="plg_ie5.dll" PATH=""></FILE> <FILE NAME="plg_ie6.dll" PATH=""></FILE> <FILE NAME="plg_ie7.dll" PATH=""></FILE> <FILE NAME="plg_ie8.dll" PATH=""></FILE> <FILE NAME="plg_ie9.dll" PATH=""></FILE> <FILE NAME="quizbt0.dll" PATH=""></FILE> <FILE NAME="quizbt1.dll" PATH=""></FILE> <FILE NAME="quizbt2.dll" PATH=""></FILE> <FILE NAME="quizbt3.dll" PATH=""></FILE> <FILE NAME="quizbt4.dll" PATH=""></FILE> <FILE NAME="quizbt5.dll" PATH=""></FILE> <FILE NAME="quizbt6.dll" PATH=""></FILE> <FILE NAME="quizbt7.dll" PATH=""></FILE> <FILE NAME="quizbt8.dll" PATH=""></FILE> <FILE NAME="quizbt9.dll" PATH=""></FILE> <FILE NAME="blztstulla.dll" PATH=""></FILE> <FILE NAME="blztstullc.dll" PATH=""></FILE> <FILE NAME="blztstullj.dll" PATH=""></FILE> <FILE NAME="blztstullp.dll" PATH=""></FILE> <FILE NAME="blztstulls.dll" PATH=""></FILE> <FILE NAME="blztstullt.dll" PATH=""></FILE> <FILE NAME="blztstully.dll" PATH=""></FILE> <FILE NAME="blztstullpr.dll" PATH=""></FILE> <FILE NAME="blztstulltr.dll" PATH=""></FILE> <FILE NAME="blztstulloo.dll" PATH=""></FILE> <FILE NAME="meemnckyqbr.exe" PATH=""></FILE> <FILE NAME="ulyuiexeechp.exe" PATH=""></FILE> <FILE NAME="byb_save.exe" PATH=""></FILE> <FILE NAME="peebqusz.exe" PATH=""></FILE> <FILE NAME="tchejea.lib" PATH=""></FILE> <FILE NAME="iCndE.lib" PATH=""></FILE> <FILE NAME="desktop.htm" PATH="WinDir"></FILE> <FILE NAME="dnserror.htm" PATH="WinDir"></FILE> <FILE NAME="jexpoofro.htm" PATH="WinDir"></FILE> <FILE NAME="i_dnserr.gif" PATH="WinDir"></FILE> <FILE NAME="s_dnserr.gif" PATH="WinDir"></FILE> <FILE NAME="r_dnserr.gif" PATH="WinDir"></FILE> <FILE NAME="b_dnserr.gif" PATH="WinDir"></FILE> <FILE NAME="tiejexpoo.gif" PATH="WinDir"></FILE> <FILE NAME="xiejexpoo.gif" PATH="WinDir"></FILE> <FILE NAME="oiejexpoo.gif" PATH="WinDir"></FILE> <FILE NAME="uiejexpoo.gif" PATH="WinDir"></FILE> <FILE NAME="mp3.exe" PATH=""></FILE> <FILE NAME="mp3serch.exe" PATH=""></FILE> <FILE NAME="FreeMP3.exe" PATH=""></FILE> <FILE NAME="freemp3z.exe" PATH=""></FILE> <FILE NAME="FreeMP3Music.exe" PATH=""></FILE> <FILE NAME="free_sex_viewer.exe" PATH=""></FILE> <FILE NAME="free_deals.exe" PATH=""></FILE> <FILE NAME="Software_Plugin.exe" PATH=""></FILE> <FILE NAME="download_file.exe" PATH=""></FILE> <FILE NAME="The_Ultimate_Browser_Enhancer.exe" PATH=""></FILE> <FILE NAME="free_plugin.exe" PATH=""></FILE> <FILE NAME="download_plugin.exe" PATH=""></FILE> <FILE NAME="lopsearch.exe" PATH=""></FILE> <FILE NAME="asshuktr.exe" PATH=""></FILE> <FILE NAME="bilyooas.exe" PATH=""></FILE> <FILE NAME="crgbeaoa.exe" PATH=""></FILE> <FILE NAME="eaymulyl.exe" PATH=""></FILE> <FILE NAME="eeublidc.exe" PATH=""></FILE> <FILE NAME="glxshmcr.exe" PATH=""></FILE> <FILE NAME="ijlysseb.exe" PATH=""></FILE> <FILE NAME="jqumysto.exe" PATH=""></FILE> <FILE NAME="kfriegbs.exe" PATH=""></FILE> <FILE NAME="llfggrdr.exe" PATH=""></FILE> <FILE NAME="lltckiey.exe" PATH=""></FILE> <FILE NAME="lopsearc.exe" PATH=""></FILE> <FILE NAME="meepajlr.exe" PATH=""></FILE> <FILE NAME="mprcouie.exe" PATH=""></FILE> <FILE NAME="oofrkxpe.exe" PATH=""></FILE> <FILE NAME="quveioot.exe" PATH=""></FILE> <FILE NAME="shoucrck.exe" PATH=""></FILE> <FILE NAME="ssmeeibl.exe" PATH=""></FILE> <FILE NAME="tchpeatr.exe" PATH=""></FILE> <FILE NAME="tglblrll.exe" PATH=""></FILE> <FILE NAME="trstdris.exe" PATH=""></FILE> <FILE NAME="vestufck.exe" PATH=""></FILE> <FILE NAME="vfthrcbr.exe" PATH=""></FILE> <FILE NAME="xogyfhp.exe" PATH=""></FILE> <FILE NAME="ykphmbre.exe" PATH=""></FILE> <FILE NAME="ylynfste.exe" PATH=""></FILE> <FILE NAME="winactive.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="lop"></COOKIE> <COOKIE NAME="aavc"></COOKIE> <COOKIE NAME="acjp"></COOKIE> <COOKIE NAME="ebav"></COOKIE> <COOKIE NAME="ebaw"></COOKIE> <COOKIE NAME="ebch"></COOKIE> <COOKIE NAME="ebch"></COOKIE> <COOKIE NAME="ebdv"></COOKIE> <COOKIE NAME="ebdw"></COOKIE> <COOKIE NAME="ebgo"></COOKIE> <COOKIE NAME="ebjp"></COOKIE> <COOKIE NAME="ebkb"></COOKIE> <COOKIE NAME="ebkn"></COOKIE> <COOKIE NAME="ebky"></COOKIE> <COOKIE NAME="eblv"></COOKIE> <COOKIE NAME="wbkb"></COOKIE> <COOKIE NAME="ebmu"></COOKIE> <COOKIE NAME="ebvr"></COOKIE> <COOKIE NAME="ecmh"></COOKIE> <COOKIE NAME="ecmp"></COOKIE> <COOKIE NAME="ecpm"></COOKIE> <COOKIE NAME="ecwz"></COOKIE> <COOKIE NAME="ecyb"></COOKIE> <COOKIE NAME="edhq"></COOKIE> <COOKIE NAME="edty"></COOKIE> <COOKIE NAME="eduy"></COOKIE> <COOKIE NAME="eeev"></COOKIE> <COOKIE NAME="farse"></COOKIE> <COOKIE NAME="ibmx"></COOKIE> <COOKIE NAME="icwb"></COOKIE> <COOKIE NAME="icwo"></COOKIE> <COOKIE NAME="icwp"></COOKIE> <COOKIE NAME="iddh"></COOKIE> <COOKIE NAME="idhh"></COOKIE> <COOKIE NAME="ifiz"></COOKIE> <COOKIE NAME="iguu"></COOKIE> <COOKIE NAME="samz"></COOKIE> <COOKIE NAME="saoe"></COOKIE> <COOKIE NAME="sbee"></COOKIE> <COOKIE NAME="sbjr"></COOKIE> <COOKIE NAME="sbnl"></COOKIE> <COOKIE NAME="sbnt"></COOKIE> <COOKIE NAME="sbvr"></COOKIE> <COOKIE NAME="scbm"></COOKIE> <COOKIE NAME="sckr"></COOKIE> <COOKIE NAME="scrk"></COOKIE> <COOKIE NAME="sdry"></COOKIE> <COOKIE NAME="seld"></COOKIE> <COOKIE NAME="sfux"></COOKIE> <COOKIE NAME="sheat"></COOKIE> <COOKIE NAME="sipo"></COOKIE> <COOKIE NAME="smds"></COOKIE> <COOKIE NAME="srib"></COOKIE> <COOKIE NAME="srox"></COOKIE> <COOKIE NAME="srsf"></COOKIE> <COOKIE NAME="ssaw"></COOKIE> <COOKIE NAME="ssby"></COOKIE> <COOKIE NAME="surj"></COOKIE> <COOKIE NAME="tbvg"></COOKIE> <COOKIE NAME="tdak"></COOKIE> <COOKIE NAME="tdmy"></COOKIE> <COOKIE NAME="tefs"></COOKIE> <COOKIE NAME="tfil"></COOKIE> <COOKIE NAME="tjar"></COOKIE> <COOKIE NAME="tjaw"></COOKIE> <COOKIE NAME="tjgo"></COOKIE> <COOKIE NAME="tjem"></COOKIE> <COOKIE NAME="torc"></COOKIE> <COOKIE NAME="wabu"></COOKIE> <COOKIE NAME="wabq"></COOKIE> <COOKIE NAME="wfix"></COOKIE> <COOKIE NAME="wflu"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="ckotetlllyllshz"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="kseateasteestoe"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="ssaxstxoaieoagrh"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="TrinityAYB"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="rhvlveasteafpr"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="eeullz"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="abtu"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="zvoah"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="lssxsh"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="pprwly"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="brchfgl"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="brfrgroo"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="chytrw"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="eedrtss"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="lldrlyk"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="stoafv"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="oooami"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="oooik"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="oucno"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="phqtr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="qncu"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="stjlee"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="uaouea"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="trglckea"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="xckja"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ymste"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winactive"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Lop adds its own toolbar and search button to the browser, and is responsible for popup advertisements as well</DESCRIPTION> </SW> <SW NAME="Timesink/Conducent TimeSink"> <DIRECTORIES> <DIR NAME="TimeSink" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="vcpdll.dll" PATH="SysDir"></FILE> <FILE NAME="tsadbot.exe" PATH="PFDir\\TimeSink\\AdGateway"></FILE> <FILE NAME="tsad.dll" PATH="WinDir"></FILE> <FILE NAME="vcpdll.dll" PATH="WinDir"></FILE> <FILE NAME="FlexActv.dll" PATH="WinDir"></FILE> <FILE NAME="Addon2VB.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="TimeSink"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="TimeSink.inc"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="TimeSink"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="TimeSink.inc"></REGKEY> <REGKEY MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Run" VALUE="Timesink"></REGKEY> <REGKEY MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Shareddlls" VALUE="Timesink"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Run" VALUE="Timesink"></REGVALUE> <REGVALUE MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Shareddlls" VALUE="Timesink"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Timesink will display pop up ads, including full screen flashing pop up ads. It might also record your web browser history, and other personal information</DESCRIPTION> </SW> <SW NAME="eZula"> <DIRECTORIES> <DIR NAME="ezula" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="eZmmod.exe" PATH=""></FILE> <FILE NAME="eZuluMain.exe" PATH=""></FILE> <FILE NAME="basis.dst" PATH="PFDir\\ezula"></FILE> <FILE NAME="basis.kwd" PATH="PFDir\\ezula"></FILE> <FILE NAME="basis.pu" PATH="PFDir\\ezula"></FILE> <FILE NAME="basis.rst" PATH="PFDir\\ezula"></FILE> <FILE NAME="CHCON.dll" PATH="PFDir\\ezula"></FILE> <FILE NAME="eabh.dll" PATH="PFDir\\ezula"></FILE> <FILE NAME="genun.ez" PATH="PFDir\\ezula"></FILE> <FILE NAME="legend.lgn" PATH="PFDir\\ezula"></FILE> <FILE NAME="param.ez" PATH="PFDir\\ezula"></FILE> <FILE NAME="rwds.rst" PATH="PFDir\\ezula"></FILE> <FILE NAME="search.src" PATH="PFDir\\ezula"></FILE> <FILE NAME="seng.dll" PATH="PFDir\\ezula"></FILE> <FILE NAME="UNWISE.EXE" PATH="PFDir\\ezula"></FILE> <FILE NAME="upgrade.vrn" PATH="PFDir\\ezula"></FILE> <FILE NAME="version.vrn" PATH="PFDir\\ezula"></FILE> <FILE NAME="wndbannn.src" PATH="PFDir\\ezula"></FILE> <FILE NAME="arrow1.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="arrow2.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="button_small.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="icon.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Layer_Bottom.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Layer_Center.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Layer_Top.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="new.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Follow_divider.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Follow_Left.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Follow_Off.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Follow_On.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Follow_Right.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Top.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="PopUp_Top_Bottom.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Side_B.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Side_L.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Side_R.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="Side_Top.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="spacer.gif" PATH="PFDir\\ezula\\images"></FILE> <FILE NAME="ezulaboot.dll" PATH=""></FILE> <FILE NAME="ezulaboot.inf" PATH=""></FILE> <FILE NAME="InstallCtrl.class" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="eZulains.exe" PATH="WinDir"></FILE> <FILE NAME="ezulains.lgc" PATH="WinDir\\APPLOG"></FILE> <FILE NAME="mmod.exe" PATH="PFDir\\ezula"></FILE> <FILE NAME="ezstub.exe" PATH="SysDir"></FILE> <FILE NAME="stub.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TYPELIB" VALUE="{07f0a536-47ba-11d4-8a6d-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TYPELIB" VALUE="{58359011-bf36-11d3-99a2-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{07f0a543-47ba-11d4-8a6d-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{07f0a545-47ba-11d4-8a6d-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{19dfb2cb-9b27-11d4-b192-0050dab79376}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{2079884b-6ef3-11d4-8a74-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{2306abe4-4d42-11d4-8a6d-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{3d7247e8-5db8-11d4-8a72-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{58359010-bf36-11d3-99a2-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\AppID" VALUE="eZulaMain.EXE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\AppID" VALUE="{8A044397-5DA2-11D4-B185-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{19DFB2CB-9B27-11D4-B192-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{2BABD334-5C3F-11D4-B184-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{58359010-BF36-11d3-99A2-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{B1DD8A69-1B96-11D4-B175-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{C03351A4-6755-11D4-8A73-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaAgent.eZulaCtrlHost"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaAgent.eZulaCtrlHost.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="eZulaAgent.IEObject"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="eZulaAgent.IEObject.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaAgent.PlugProt"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaAgent.PlugProt.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaCode"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaCode.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaHash"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaHash.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaSearch"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.eZulaSearch.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.PopupDisplay"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.PopupDisplay.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.ResultHelper"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.ResultHelper.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.SearchHelper"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaFSearchEng.SearchHelper.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaMain.eZulaSearchPipe"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaMain.eZulaSearchPipe.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaMain.TrayIConM"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes" VALUE="EZulaMain.TrayIConM.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{1823BC4B-A253-4767-9CFC-9ACA62A6B136}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{19DFB2CA-9B27-11D4-B192-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{4FD8645F-9B3E-46C1-9727-9837842A84AB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{58359012-BF36-11D3-99A2-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{7EDC96E1-5DD3-11D4-B185-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{8A0443A2-5DA2-11D4-B185-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{C03351A3-6755-11D4-8A73-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{EF0372DC-F552-11D3-8528-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\Interface" VALUE="{EF0372DE-F552-11D3-8528-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\TypeLib" VALUE="{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\TypeLib" VALUE="{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\TypeLib" VALUE="{58359011-BF36-11D3-99A2-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\TypeLib" VALUE="{8A044396-5DA2-11D4-B185-0050DAB79376}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="EZulaBoot.InstallCtrl"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="EZulaBoot.InstallCtrl.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="EZulaBootExe.InstallCtrl"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="EZulaBootExe.InstallCtrl.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\AppID" VALUE="{C0335198-6755-11D4-8A73-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\AppID" VALUE="eZulaBootExe.EXE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES\\TypeLib" VALUE="{C0335197-6755-11D4-8A73-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Code Store Database\\Distribution Units" VALUE="{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\ModuleUsage" VALUE="C:/WINDOWS/Downloaded Program Files/eZulaBoot.dll"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ezmmod"></REGVALUE> <REGVALUE MAIN="" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Doc Find Spec MRU" VALUE="EZulaboot"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>eZula modifies web sites displayed in your browser and adds their own sponsored links</DESCRIPTION> </SW> <SW NAME="GoHip"> <DIRECTORIES> <DIR NAME="browserenh" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ie.dll" PATH="Sys32Dir"></FILE> <FILE NAME="winstartup.exe" PATH="WinDir"></FILE> <FILE NAME="winstartup.exe" PATH="PFDir\\browserenh"></FILE> <FILE NAME="winstartup.exe" PATH="Sys32Dir"></FILE> <FILE NAME="winstartup.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ba3d9f56-5ec1-497d-881a-93a28f58d9ad}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{f17edbc0-3eb2-11d3-ab74-00a0c9a522f2}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="browserenh"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="gohip"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{f17edbc0-3eb2-11d3-ab74-00a0c9a522f2}"></REGKEY> <REGKEY MAIN="Hkey_local_machine" SUB="Software\\Microsoft\\Windows\\Current Version\\Run" VALUE="GoHip"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WINSTA~1.EXE"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>GoHip will attach itself to your browser, as well as hijack your personalized browser settings and search options</DESCRIPTION> </SW> <SW NAME="Browser Toolbar"> <DIRECTORIES> <DIR NAME="IO Class" PATH="WinDir\\Downloaded Program Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ausvc.exe" PATH="WinDir"></FILE> <FILE NAME="mnsvc.exe" PATH="WinDir"></FILE> <FILE NAME="bvt.exe" PATH="WinDir"></FILE> <FILE NAME="absr.exe" PATH="WinDir"></FILE> <FILE NAME="auupg.exe" PATH=""></FILE> <FILE NAME="coolstuff.ocx" PATH=""></FILE> <FILE NAME="coolstuff.cab" PATH=""></FILE> <FILE NAME="coolstuff.inf" PATH=""></FILE> <FILE NAME="ea.bin" PATH=""></FILE> <FILE NAME="mbtcd.bak" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="browseevt"></COOKIE> <COOKIE NAME="browsertoolbar"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{6541B981-2E27-46B1-A2CC-8264A75B74FE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{868B015F-3515-44DB-B0AD-182CD058985E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{9A05FE9B-5B52-4D13-A77D-FA7C38557A8E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{9E2099A5-9483-43fe-92D1-68DBFBE968A2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{BAE85C97-2CD4-45C3-A1ED-E4CEF7C6AA52}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{C76BE992-2BC3-41A4-8B87-A8C01FE419A7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{F53C844A-D9C8-4E92-B923-C05B46C4A7E3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{FBE091E5-DF43-4FFB-AECC-7E3A3BC7B0D9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\AppID" VALUE="{8B034058-08B0-4CB3-B2E8-60238B4967F2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="ABsr.ABsr"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="ABsr.ABsr.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="ABsr.ADrv"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="ABsr.ADrv.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\AppID" VALUE="{9A05FE9B-5B52-4D13-A77D-FA7C38557A8E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\AppID" VALUE="ABsr.EXE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\AppID" VALUE="bvt.EXE"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="BLSIM"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="BrowserEvt.BrowserEvent"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="BrowserEvt.BrowserEvent.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Interface" VALUE="{5147EB69-9081-4F42-B02F-EA7CBAC9FCDE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Interface" VALUE="{52FCFBDA-2C85-4933-A1A7-99D7AE569499}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Interface" VALUE="{5BD387E8-95DE-4FFF-9518-121299C4555F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Typelib" VALUE="{6D8B1B74-4AB8-473B-B479-253FA1936802}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\Typelib" VALUE="{C423B212-02B3-41CF-BE3A-532CE28180CD}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SysScan"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ausvc"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ABsr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="mnsvc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Toolbar hijacks browser search options as well as personalized settings</DESCRIPTION> </SW> <SW NAME="Trojan - Benjamin Kazaa"> <DIRECTORIES> <DIR NAME="Sys32" PATH="WinDir\\Temp"></DIR> </DIRECTORIES> <FILES> <FILE NAME="EXPLORER.SCR" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft" VALUE="syscod"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Benjamin Kazaa is a worm spread through the kazaa sharing service. Once infected, the worm does several very harmful things to the PC, including replicating itself up to 2000 times</DESCRIPTION> </SW> <SW NAME="Kazaa"> <DIRECTORIES> <DIR NAME="kazaa media desktop" PATH=""></DIR> <DIR NAME="kazaa" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="kazaa media desktop.lnk" PATH=""></FILE> <FILE NAME="kazaa.exe" PATH="PFDir\\kazaa"></FILE> <FILE NAME="smdat32m.sys" PATH="WinDir"></FILE> <FILE NAME="smdat32a.sys" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="kazaa"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="kazaa"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="kazaa"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{66fc8717-efa7-4546-8c4a-e224f3a80c76}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System-Service"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="kazaa"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="kazaa"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Kazaa is popular peer to peer file sharing software that serves ads to your PC as well as installs other parasites</DESCRIPTION> </SW> <SW NAME="Trojan - Klez"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="krn132.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="xww"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Krn132"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>The Klez Trojan is a trojan spread by mostly email, that in some cases, has actually removed all files on the infected computer</DESCRIPTION> </SW> <SW NAME="Trojan - NetBUIE"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NBConfig.exe" PATH="SysDir"></FILE> <FILE NAME="NetBUIE.exe" PATH="SysDir"></FILE> <FILE NAME="DConfig.exe" PATH="SysDir"></FILE> <FILE NAME="StealthXP.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="NetBUIE"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="StealthXP"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>The NetBUIE trojan is a virus that carries out periodic clicks on links for the creator of the virus</DESCRIPTION> </SW> <SW NAME="Trojan - WbeCheck"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="pbsysie.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>The WbeCheck trojan is a spying trojan that records all computer activity and reports it to a central server</DESCRIPTION> </SW> <SW NAME="NowBox"> <DIRECTORIES> <DIR NAME="NowBox" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="nowbox.lnk" PATH="PFDir\\nowbox"></FILE> <FILE NAME="nowbox.lnk" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="nowbox"></COOKIE> <COOKIE NAME="vflash"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>NowBox is a browser setting hijacker. It also has a background process used for serving advertisements</DESCRIPTION> </SW> <SW NAME="webHancer2"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="webHancer.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>causes internet connection to be broken.</DESCRIPTION> </SW> <SW NAME="Onflow"> <DIRECTORIES> <DIR NAME="Onflow" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="onflow.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Onflow"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE " SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Onflow"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>OnFlow is a rich media player with a silent update aspect</DESCRIPTION> </SW> <SW NAME="VLoading"> <DIRECTORIES> <DIR NAME="Download class" PATH="WinDir\\Downloaded Program Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="VLoading.dll" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>VLoading allows unwanted software downloads, installation, and execution without any interaction from the user</DESCRIPTION> </SW> <SW NAME="Keylogger - Actions Monitor"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="am.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Actions Monitor allows full recoding of any keystroke on the PC</DESCRIPTION> </SW> <SW NAME="Avenue A"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="avenuea"></COOKIE> <COOKIE NAME="iballs"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Avenue A uses cookies to collect information about browsing habits, etc</DESCRIPTION> </SW> <SW NAME="BDE"> <DIRECTORIES> <DIR NAME="BDE" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="bdeclean.exe" PATH="WinDir\\bde"></FILE> <FILE NAME="bdesecureinstall.cab" PATH="Sys32Dir"></FILE> <FILE NAME="bdesecureinstall.exe" PATH="Sys32Dir"></FILE> <FILE NAME="bdeverify.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdedownloader.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdedata2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdefdi.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdeinsta2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdeinstall.exe" PATH="Sys32Dir"></FILE> <FILE NAME="bdeverify.exe" PATH="SysDir"></FILE> <FILE NAME="bdeengine2.dll" PATH="WinDir\\bde"></FILE> <FILE NAME="bde3d_ref2.dll" PATH="SysDir"></FILE> <FILE NAME="bde3d_ref2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdeimage.dll" PATH="WinDir\\bde"></FILE> <FILE NAME="bdeload.dll" PATH="SysDir"></FILE> <FILE NAME="bdeload.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdeplayer2.dll" PATH="WinDir\\bde"></FILE> <FILE NAME="bderastdx6_30002.dll" PATH="SysDir"></FILE> <FILE NAME="bderastdx6_30002.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bderastmmx_30001.dll" PATH="SysDir"></FILE> <FILE NAME="bderastmmx_30001.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdesac10.dll" PATH="SysDir"></FILE> <FILE NAME="bdesac10.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bdeviewer.exe" PATH="WinDir\\bde"></FILE> <FILE NAME="npbdplay2.dll" PATH="WinDir\\bde"></FILE> </FILES> <COOKIES> <COOKIE NAME="BrilliantDigital"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="ZUpdate"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="b3d"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="b3ds"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="s3d_auto_file"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="b3dini_auto_file"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="BDEPLAYER.BDEPlayerCtrl[.1]"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE="BDESmartInstaller.BDESmartInstallerCtrl[.1]"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES" VALUE=".b3dini"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{67925165-C4B6-11D2-B9C6-0000E84F59A6}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{82FC7881-AACC-11D2-B9C6-0000E842E40A}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="b3dUpdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>BDE can be remotely turned on, and allow access to any files on the PC</DESCRIPTION> </SW> <SW NAME="Comload/Coulomb Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="comload.dll" PATH="WinDir"></FILE> <FILE NAME="comload.dll" PATH="SysDir"></FILE> <FILE NAME="comload.dll" PATH="Sys32Dir"></FILE> <FILE NAME="dia1C.exe" PATH=""></FILE> <FILE NAME="dload.exe" PATH=""></FILE> <FILE NAME="Porn Turbo.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="coulomb"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{9E1089BC-1AE8-4685-8D77-6721E5C318A8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{19E91D82-7AD7-419F-866A-58C122DB1459}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{266F948A-3DEE-4270-8F55-E79ACCD569FA}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{9E1089BC-1AE8-4685-8D77-6721E5C318A8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{9e1089bc-1ae8-4685-8d77-6721e5c318a8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{ad7fafb0-16d6-40c3-af27-585d6e6453fd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="comload.loader"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="comload.loader.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="comload.loader2"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="comload.loader2.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dctl"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="coulomb"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB=".default\\software" VALUE="coulomb"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>High cost dialer that uses your PC to dial pornographic related numbers</DESCRIPTION> </SW> <SW NAME="CrackedEarth"> <DIRECTORIES> <DIR NAME="CrackedEarth" PATH="SysDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="searchhook.dll" PATH="SysDir\\CrackedEarth"></FILE> </FILES> <COOKIES> <COOKIE NAME="crackedearth"></COOKIE> <COOKIE NAME="genieknows"></COOKIE> <COOKIE NAME="cyberzine"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="SearchHook"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SearchHook"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>CrackedEarth is a browser hijacker responsible for changing preferences as well as search options</DESCRIPTION> </SW> <SW NAME="DailyWinner"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="veg32.dll" PATH="SysDir"></FILE> <FILE NAME="veg32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="print32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="print32.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="DailyWinner"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>DailyWinner opens up pop up advertisements when visiting certain sites</DESCRIPTION> </SW> <SW NAME="DialerOffline"> <DIRECTORIES> <DIR NAME="blankdialer" PATH=""></DIR> </DIRECTORIES> <FILES> <FILE NAME="DialerOffline.dll" PATH="Sys32Dir"></FILE> <FILE NAME="DialerOffline.dll" PATH="SysDir"></FILE> <FILE NAME="LiveGirls.ico" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="stripplayer"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{CEB29DA4-7AFA-4F24-B3CD-17351D590DF0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{1773B696-B019-4FC1-9EED-B1C7F925F56A}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{20270406-63AD-4C7E-AE8D-BB632E508ACE}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{A8882720-E26C-4073-8B8A-981D32882AF7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="Live Girls"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>DialerOffline is a dialer responsible for extremely high cost dialing from infected PCs</DESCRIPTION> </SW> <SW NAME="eXactSearch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="eXactToolbar.dll" PATH="SysDir"></FILE> <FILE NAME="eXactToolbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="exactupdate.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="exactsearchbar"></COOKIE> <COOKIE NAME="exactadvertising"></COOKIE> <COOKIE NAME="mail.com"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{f9765480-72d1-11d4-a75a-004f49045a87}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{224530A0-C9CB-4AEE-9C0F-54AC1B533211}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>eXactSearch is a browser add on with certain additional search features</DESCRIPTION> </SW> <SW NAME="Mshp.dll hijacker"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="image.dll"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that changes your web settings</DESCRIPTION> </SW> <SW NAME="ezCyberSearch"> <DIRECTORIES> <DIR NAME="ezSearchBar" PATH=""></DIR> </DIRECTORIES> <FILES> <FILE NAME="ezsearch.dll" PATH="SysDir"></FILE> <FILE NAME="ctadl1.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ezsearch.dll" PATH="WinDir\\temp"></FILE> <FILE NAME="Inst Class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="ezsearch.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="ezCyberSearch"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{760a9dde-1433-4a7c-8189-d6735bb5d3dd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{aefcdec8-eb7d-429f-bc73-4f30d07bfe41}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="ezSearchBar"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>ezCyberSearch includes a browser add on, as well as hijacking of settings associated with searching</DESCRIPTION> </SW> <SW NAME="W32.Opaserv.G.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="marco!.scr" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="cronos"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm spread using networks</DESCRIPTION> </SW> <SW NAME="FreeScratchAndWin/XZoomy"> <DIRECTORIES> <DIR NAME="FSW" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="FSW.EXE" PATH=""></FILE> <FILE NAME="support.exe" PATH="SysDir"></FILE> <FILE NAME="support.exe" PATH="Sys32Dir"></FILE> <FILE NAME="IdleUI.dll" PATH="SysDir"></FILE> <FILE NAME="IdleUI.dll" PATH="Sys32Dir"></FILE> <FILE NAME="FSW.EXE" PATH="PFDir\\FSW"></FILE> <FILE NAME="fswinst.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="IdleUI.dll" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="xzoomy"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{47CC4DCD-BBC9-47A3-A677-44DB2559E0D8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{5DD7B3BE-FDEC-4563-B038-FF80F2345B89}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{20A03A4C-9FAF-45D5-A5C2-B6C49774E03C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{99B0B113-6F25-49C9-8ECF-2FDDD3EDFF6A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="Fswinst.Application"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="FSW_beta1.Application"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="FSWINST.FswinstCtrl.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="FSW.Application"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\CurrentControlSet\\Control\\Shutdown" VALUE="SetupProgramRan"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{20A03A4C-9FAF-45D5-A5C2-B6C49774E03C}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{99B0B113-6F25-49C9-8ECF-2FDDD3EDFF6A}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="FSW_beta1.Application"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="Fswinst.Application"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="FSW_beta1.Application"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="Fswinst.Application"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="FSW"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>FreeScratchAndWin is responsible for online scratchcard games, and includes a browser helper object as well</DESCRIPTION> </SW> <SW NAME="IEAccess"> <DIRECTORIES> <DIR NAME="eGroup" PATH="PFDir"></DIR> <DIR NAME="eGroup" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="IEAccess2.dll" PATH="SysDir"></FILE> <FILE NAME="IEAccess2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="IEDial class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="eGroup"></COOKIE> <COOKIE NAME="nocreditcard"></COOKIE> <COOKIE NAME="sex-explorer"></COOKIE> <COOKIE NAME="electronic-group"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="egroup"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="egroup"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\Trust Database\\0" VALUE="ELECTRONIC GROUP"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>IEAccess is used primarily by porn sites to install high cost dialers that connect the PC to expensive 900 numbers</DESCRIPTION> </SW> <SW NAME="ILookup/ILookup.windec32"> <DIRECTORIES> <DIR NAME="i-lookup" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="I-Lookup.com Toolbar.ocx" PATH=""></FILE> <FILE NAME="GlobalWebSearch.com.ocx" PATH=""></FILE> <FILE NAME="Ineb.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Chgrgs.dll" PATH="Sys32Dir"></FILE> <FILE NAME="GWS.dll" PATH="Sys32Dir"></FILE> <FILE NAME="abeb.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bmeb.dll" PATH="SysDir"></FILE> <FILE NAME="ttil.exe" PATH="WinDir\\ilookup"></FILE> <FILE NAME="drbr.dll" PATH="Sys32Dir"></FILE> <FILE NAME="sbus.dll" PATH="Sys32Dir"></FILE> <FILE NAME="sbus.dll" PATH="SysDir"></FILE> <FILE NAME="drbr.dll" PATH="SysDir"></FILE> <FILE NAME="Ineb.dll" PATH="SysDir"></FILE> <FILE NAME="GWS.dll" PATH="SysDir"></FILE> <FILE NAME="Chgrgs.dll" PATH="SysDir"></FILE> <FILE NAME="abeb.dll" PATH="SysDir"></FILE> <FILE NAME="bmeb.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WINDEC32.DLL" PATH="SysDir"></FILE> <FILE NAME="windec32.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="i-lookup"></COOKIE> <COOKIE NAME="globalwebsearch"></COOKIE> <COOKIE NAME="iclicks"></COOKIE> <COOKIE NAME="eaffiliate"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{18B79968-1A76-4953-9EBB-B651407F8998}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="ineb"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0aaf602e-72a1-45fe-bab1-06971e07eaa2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{4c759ec6-96bd-4551-a320-e61a1d68437f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{54a85a38-a699-4aec-8f88-ab542210c93b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c82b55f0-60e0-478c-bc55-e4e22f11301d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d35a69a7-7a34-4c67-814a-3f508c0bf371}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{fbaa0b9e-a059-43e4-9699-76eb0aeb975b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{753aa023-02d1-447d-8b55-53a91a5abf18}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{2038a287-4221-4f76-a7c0-addd77afabb3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{0aaf602e-72a1-45fe-bab1-06971e07eaa2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{2038a287-4221-4f76-a7c0-addd77afabb3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0c9cbfe1-91cd-40c2-bb64-1ec84c4c46af}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{61d029ac-972b-49fe-a155-962dfa0a37bb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{fbaa0b9e-a059-43e4-9699-76eb0aeb975b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2038a287-4221-4f76-a7c0-addd77afabb3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{61d029ac-972b-49fe-a155-962dfa0a37bb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{35cc7369-c6eb-4a64-ab05-44cf0b5087a0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{61d029ac-972b-49fe-a155-962dfa0a37bb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{d35a69a7-7a34-4c67-814a-3f508c0bf371}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{7e893886-5641-4867-a323-2d8abb7b4d6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{b0632ec9-bd27-48c4-b16c-294f8823bff0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{e6ed4741-a9df-4bb1-a203-c7461fc00355}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{edd73c85-28b8-4145-ab9c-673c74c667e6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\software\\microsoft\\internet explorer\\toolbar" VALUE="{8e4c16f3-45c8-4b24-99e6-f55082b7c4f1}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{fe1a240f-b247-4e06-a600-30e28f5af3a0}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{6ef3ae25-5a7d-40c2-9b44-9ed0068621c0}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>I-Lookup provides a search box as well as custom buttons added to the browser. It also adds bookmarks and hijacks browser settings</DESCRIPTION> </SW> <SW NAME="IPInsight"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IPInsigt.dll" PATH="WinDir\\LastGood"></FILE> <FILE NAME="IPInsigt.pnf" PATH="WinDir\\LastGood\\INF"></FILE> <FILE NAME="IPInsigt.inf" PATH="WinDir\\LastGood\\INF"></FILE> <FILE NAME="Sentry.exe" PATH="WinDir"></FILE> <FILE NAME="Sentry.ini" PATH="WinDir"></FILE> <FILE NAME="IPInsigt.dll" PATH="WinDir"></FILE> <FILE NAME="alchem.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="IPInsight"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\app management\\arpcache" VALUE="IPInsight"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Sentry"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run'" VALUE="ALCHEM"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>IPInsight is a process that monitors data entered into forms and reports information to a central server</DESCRIPTION> </SW> <SW NAME="MasterDialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="AXDownload.dll" PATH=""></FILE> <FILE NAME="Main class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="WebInstall.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="WebUpdate.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="firstway"></COOKIE> <COOKIE NAME="comfix"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MasterDialer is used as a high cost dialer that connects users by modem and is usually associated with porn sites</DESCRIPTION> </SW> <SW NAME="Meridian"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="myaccess.dll" PATH="SysDir"></FILE> <FILE NAME="gdiplus64.dll" PATH="SysDir"></FILE> <FILE NAME="ie64.dll" PATH="SysDir"></FILE> <FILE NAME="myaccess.dll" PATH="Sys32Dir"></FILE> <FILE NAME="gdiplus64.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ie64.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ver64.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bho.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ver64.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="tbi"></COOKIE> <COOKIE NAME="thumbsnatcher"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{FA79FA22-8DB3-43D1-997B-6DBFD8845569}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{FA79FA22-8DB3-43D1-997B-6DBFD8845569}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Meridian is a browser helper object that opens up various pop up advertising based on sites visited</DESCRIPTION> </SW> <SW NAME="MoneyTree"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iopti130.dll" PATH="WinDir"></FILE> <FILE NAME="nem207.dll" PATH="WinDir"></FILE> <FILE NAME="wsem210.dll" PATH="WinDir"></FILE> <FILE NAME="nem212.dll" PATH="WinDir"></FILE> <FILE NAME="NSUpdateLiteCtrl Class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="MoneyTree Dialer.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="nsupdate.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="NSupd9x.inf" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="UniDist.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="UniDst.inf" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="multidist" PATH="WinDir\\Downloaded Program files"></FILE> <FILE NAME="NSUpdateLiteCtrl Class" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="NSLiteUpdateCtrl Class" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="MoneyTree Dialer" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="MultiDist" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="Software Update Manager" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="ioptiXXX.dll" PATH=""></FILE> <FILE NAME="nemXXX.dll" PATH=""></FILE> <FILE NAME="wsemXXX.dll" PATH=""></FILE> <FILE NAME="iopti130.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a0f0d762-d1de-43af-b70e-d87864743eb3}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MoneyTree is an ActiveX control that is used to install high cost dialers, primarily for porn sites</DESCRIPTION> </SW> <SW NAME="PerMedia"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="permedia.exe" PATH=""></FILE> <FILE NAME="winsrv.exe" PATH=""></FILE> <FILE NAME="winsrv_reg.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="friendgreetings"></COOKIE> <COOKIE NAME="friend-greeting"></COOKIE> <COOKIE NAME="laugh-mail"></COOKIE> <COOKIE NAME="us-downloads"></COOKIE> <COOKIE NAME="pv1"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PerMedia"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winsrv"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winsrv reg"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>PerMedia is started at windows startup, has an auto-update feature, and a browser helper object that tampers with browser settings</DESCRIPTION> </SW> <SW NAME="X-Diver/BillByCall"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cax.dll" PATH=""></FILE> <FILE NAME="cuwin32.exe" PATH=""></FILE> <FILE NAME="x-diver.dun" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="EOPS"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>X-Diver is a premium rate dialer, based out of Germany. It allows the PC to be connected to a high rate phone number without user interaction</DESCRIPTION> </SW> <SW NAME="Xupiter"> <DIRECTORIES> <DIR NAME="Xupiter" PATH="PFDir"></DIR> <DIR NAME="Browser" PATH="PFDir"></DIR> <DIR NAME="Sqwire" PATH="PFDir"></DIR> <DIR NAME="oe" PATH="PFDir"></DIR> <DIR NAME="orbit" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="XupiterStartup.exe" PATH=""></FILE> <FILE NAME="XupiterToolbarLoader.exe" PATH=""></FILE> <FILE NAME="xupiterstartup2003.exe" PATH=""></FILE> <FILE NAME="BWCfgLoader.exe" PATH=""></FILE> <FILE NAME="XTCfgLoader.exe" PATH=""></FILE> <FILE NAME="oeloader.exe" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="uc.exe" PATH="PFDir\\sqwire"></FILE> <FILE NAME="cc.exe" PATH="PFDir\\sqwire"></FILE> <FILE NAME="XupiterToolbar.dll" PATH="PFDir\\Xupiter\\Updates"></FILE> <FILE NAME="XTUpdate.dll" PATH="PFDir\\Xupiter\\Updates"></FILE> <FILE NAME="XTSearch.dll" PATH="PFDir\\Xupiter\\Updates"></FILE> <FILE NAME="XupiterToolbar.dll" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="XTUpdate.dll" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="XTSearch.dll" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="BrowserToolbar.dll" PATH="PFDir\\Browser\\Updates"></FILE> <FILE NAME="BWUpdate.dll" PATH="PFDir\\Browser\\Updates"></FILE> <FILE NAME="BWSearch.dll" PATH="PFDir\\Browser\\Updates"></FILE> <FILE NAME="t.dll" PATH="PFDir\\Sqwire"></FILE> <FILE NAME="u.dll" PATH="PFDir\\Sqwire"></FILE> <FILE NAME="s.dll" PATH="PFDir\\Sqwire"></FILE> <FILE NAME="SQLoader.exe" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="SQLoader.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="SQLoader.inf" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="SQInstaller.exe" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="toolbar.dll" PATH="PFDir\\Common Files\\OE"></FILE> <FILE NAME="redirector.dll" PATH="PFDir\\Common Files\\OE"></FILE> <FILE NAME="search.dll" PATH="PFDir\\Common Files\\OE"></FILE> <FILE NAME="XupiterStartup.exe" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="BWCfgLoader.exe" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="XTCfgLoader.exe" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="XupiterToolbarLoader.exe" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="xupiterstartup2003.exe" PATH="PFDir\\Xupiter"></FILE> <FILE NAME="RunDownload.exe" PATH=""></FILE> <FILE NAME="XupiterToolbar.exe" PATH=""></FILE> <FILE NAME="view.exe" PATH="PFDir\\orbit"></FILE> </FILES> <COOKIES> <COOKIE NAME="Sqwire"></COOKIE> <COOKIE NAME="BrowserWise"></COOKIE> <COOKIE NAME="freewebupgrades"></COOKIE> <COOKIE NAME="FortuneCity"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{0FDA4D2B-7975-405d-8D7C-F5E2247EAE80}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="Xupiter"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="SQ"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="SQ"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="Xupiter"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units" VALUE="{A27CFCAE-9351-4D74-BFFC-21EB19693D8C}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{2662bdd7-05d6-408f-b241-ff98face6054}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{26fd5192-a97c-4b48-a5d7-2420cfdcfdf2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{3c5ba506-6c30-4738-9ced-797acadea8dc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{57e69d5a-6539-4d7d-9637-775de8a385b4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{6e6dd93e-1fc3-4f43-8afb-1b7b90c9d3eb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{702ad576-fddb-4d0f-9811-a43252064684}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a27cfcae-9351-4d74-bffc-21eb19693d8c}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{d48f2e28-68e2-4920-9848-d6e6c7ab3eb7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{d7b3e460-9968-4191-bd6f-beed1bc18482}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{1a8b567b-bd3f-44a1-8b94-f50d37a1914e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{3a021d2f-5f75-47f5-9bab-a137e1fb015f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{d686db39-659a-491a-a35c-60b99495c16e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{2662bdd7-05d6-408f-b241-ff98face6054}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{43732063-1bda-45a0-bbee-13e014cb4041}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{909e0059-f545-42de-9d2c-cc4a3e336ec3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{c6c2871f-7467-4a35-90fa-9e9894bc1916}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xtsearch.xtsearchhook"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xtsearch.xtsearchhook.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xtupdate."></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xtupdate.xt"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xtupdate.xt.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xupitertoolbar"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xupitertoolbar.band"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="xupitertoolbar.band.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Code Store Database\\Distribution Units" VALUE="{280168bc-76bf-4cd0-b835-3d686efa8ddc}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="XupiterStartup"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="XupiterCfgLoader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SQUpdatesChecker"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SQConfigChecker"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="OrbitUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="OrbitView"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Xupiter Startup"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="xupiterstartup2003"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="XupiterToolbarLoader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{702AD576-FDDB-4d0f-9811-A43252064684}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{57E69D5A-6539-4d7d-9637-775DE8A385B4}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>Xupiter modifies your browser settings to contain their buttons, as well as automatically updating itself, it hijacks browser settings</DESCRIPTION> </SW> <SW NAME="OnlineDialer"> <DIRECTORIES> <DIR NAME="OnlineDialer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="MaConnect.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="eConnect.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="IEDialer.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="SunInfoConnect.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="BelCallConnect.dll" PATH=""></FILE> <FILE NAME="Loader class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="eConn class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="IELoaderCtl class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="Download class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="snConnect class.ocx" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="online-dialer"></COOKIE> <COOKIE NAME="libereco"></COOKIE> <COOKIE NAME="0190"></COOKIE> <COOKIE NAME="4netmedia"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{02c20140-76f8-4763-83d5-b660107b7a90}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>OnlineDialer is an ActiveX control that is used to install high cost dialers, primarily for porn sites</DESCRIPTION> </SW> <SW NAME="Searchex"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="hmepge.dll" PATH="Sys32Dir"></FILE> <FILE NAME="hmepge.dll" PATH="SysDir"></FILE> <FILE NAME="IEBrw.dll" PATH="SysDir"></FILE> <FILE NAME="HomePage.dll" PATH="SysDir"></FILE> <FILE NAME="IEBrw.dll" PATH="Sys32Dir"></FILE> <FILE NAME="HomePage.dll" PATH="Sys32Dir"></FILE> <FILE NAME="hotlink.dll" PATH="SysDir"></FILE> <FILE NAME="hotlink.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="cantfind"></COOKIE> <COOKIE NAME="winstream"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{b405ee45-1aa2-410d-a6cf-1a74371dcd62}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a116a5c1-ad77-446c-992a-f56200b112db}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1a98bca2-0bd1-47de-9710-c7665f7f1fcb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1a98bca2-0bd1-47de-9710-c7665f7f1fcb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a116a5c1-ad77-446c-992a-f56200b112db}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{b405ee45-1aa2-410d-a6cf-1a74371dcd62}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Searchex is a homepage and search setting hijacker</DESCRIPTION> </SW> <SW NAME="XDialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="DialX.ocx" PATH="SysDir"></FILE> <FILE NAME="AButton.ocx" PATH="SysDir"></FILE> <FILE NAME="AButton.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="DialX.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="XDial.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="XDial.ocx" PATH="SysDir"></FILE> </FILES> <COOKIES> <COOKIE NAME="pctlca"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>XDialer is a Japanese high cost dialer, primarily used for porn sites</DESCRIPTION> </SW> <SW NAME="Searchit/SearchitBar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="srchitbar.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="Searchit Toolbar.inf" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> <COOKIE NAME="inet-traffic"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Searchit is a basic toolbar offering various search features</DESCRIPTION> </SW> <SW NAME="SearchSquire"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="SearchSquire.dll" PATH="SysDir"></FILE> <FILE NAME="SearchSquire2.dll" PATH="SysDir"></FILE> <FILE NAME="engines.txt" PATH="SysDir"></FILE> <FILE NAME="partner.txt" PATH="SysDir"></FILE> <FILE NAME="SearchSquire.exe" PATH="SysDir"></FILE> <FILE NAME="SquireUninst.exe" PATH="SysDir"></FILE> <FILE NAME="SearchSquire2.inf" PATH="SysDir"></FILE> <FILE NAME="SearchUpdate.exe" PATH="SysDir"></FILE> <FILE NAME="unsearch.exe" PATH="SysDir"></FILE> <FILE NAME="SearchSquire.inf" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{907CA0E5-CE84-11D6-9508-02608CDD2846}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SearchSquire"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>SearchSquire is a browser sidebar add on that contains paid links to offers from SearchSquire sponsors</DESCRIPTION> </SW> <SW NAME="Mainpean Stardialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="stardialer.exe" PATH=""></FILE> <FILE NAME="opr0009i.exe" PATH=""></FILE> <FILE NAME="StarInstall control.inf" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="StarInstall.ocx" PATH=""></FILE> <FILE NAME="P2P p2p-10110.lnk" PATH=""></FILE> <FILE NAME="p2p-10110.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="MainPean"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="CLSID" VALUE="{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="MainPean Highspeed"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Dialer used to dial high cost numbers from your PC without your knowledge</DESCRIPTION> </SW> <SW NAME="ISearch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="toolbar.dll" PATH="SysDir"></FILE> <FILE NAME="toolbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{1C78AB3F-A857-482e-80C03A1E5238A565}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1c78ab3f-a857-482e-80c0-3a1e5238a565}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{1C78AB3F-A857-482e-80C0-3A1E5238A565}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{1C78AB3F-A857-482E-80C0-3A1E5238A565}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{1C78AB3F-A857-482e-80C0-3A1E5238A565}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>ISearch is a toolbar also known to change your searches to use ISearch sponsored results</DESCRIPTION> </SW> <SW NAME="StripPlayer"> <DIRECTORIES> <DIR NAME="strip-player" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ActiveStripSetup.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="ActiveStripSetup.EGStripDownload"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes" VALUE="ActiveStripSetup.EGStripDownload.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\CLSID" VALUE="{E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\TypeLib" VALUE="{357AA41A-B7A8-4632-A27D-5B980B25CF43}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{BC23F736-C5BE-47FB-B459-1757933E5DF3}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\SystemCertificates\\TrustedPublisher\\Certificates" VALUE="Electronic Group"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{D037F883-92C3-4F89-A302-C01127CF3C72}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{E0B795B4-FD95-4ABD-A375-27962EFCE8CF}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>StripPlayer is a high cost dialer providing access to strip-player.com</DESCRIPTION> </SW> <SW NAME="SubSearch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BHO2.dll" PATH="SysDir"></FILE> <FILE NAME="MSNIE.dll" PATH="SysDir"></FILE> <FILE NAME="sbsrch_v2.dll" PATH="SysDir"></FILE> <FILE NAME="SbSrch_V21.dll" PATH="SysDir"></FILE> <FILE NAME="winfgnet_1.dat" PATH=""></FILE> <FILE NAME="rmvold.exe" PATH=""></FILE> <FILE NAME="BHO2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="MSNIE.dll" PATH="Sys32Dir"></FILE> <FILE NAME="sbsrch_v2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="SbSrch_V21.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msvcn.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msvcn.dll" PATH="SysDir"></FILE> <FILE NAME="SbSrch_V22.dll" PATH="SysDir"></FILE> <FILE NAME="SbSrch_V22.dll" PATH="Sys32Dir"></FILE> <FILE NAME="01A00.DLL" PATH="SysDir"></FILE> <FILE NAME="01A00.DLL" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="adscholar"></COOKIE> <COOKIE NAME="hightrafficads"></COOKIE> <COOKIE NAME="popunder"></COOKIE> <COOKIE NAME="cpcads"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\VB and VBA Program Settings" VALUE="IeMsnSbSrch_1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{1D870C86-AA3C-4451-81E4-71D480A1A652}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{31995C64-CB4D-483E-82C2-CCFFE2F66CAB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{4C4871FD-30F6-4430-8834-BC75D58F1529}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{90DA654C-083C-11D6-8A9D-0050BA8452C0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{D9A5A49C-60EB-4C07-8570-8FB8FE825E7C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{1D870C86-AA3C-4451-81E4-71D480A1A652}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{31995C64-CB4D-483E-82C2-CCFFE2F66CAB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{4C4871FD-30F6-4430-8834-BC75D58F1529}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{90DA654C-083C-11D6-8A9D-0050BA8452C0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{D9A5A49C-60EB-4C07-8570-8FB8FE825E7C}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{00f16dc8-1b2a-42f4-b18b-e21da9d2d7fd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00f16dc8-1b2a-42f4-b18b-e21da9d2d7fd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{00f16dc8-1b2a-42f4-b18b-e21da9d2d7fd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{00f16dc8-1b2a-42f4-b18b-e21da9d2d7fd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00f16dc8-1b2a-42f4-b18b-e21da9d2d7fd}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>SubSearch is a browser helper, which opens its own sponsored listings when certain terms are searched for</DESCRIPTION> </SW> <SW NAME="Keylogger - Hack 99"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="HKeyLog.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="HKeyLog"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Hack 99 is a keylogger which can record all keystrokes from the PC</DESCRIPTION> </SW> <SW NAME="AdMonitor"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="L90"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>AdMonitor is an ad network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="Advertising.com"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="teknosurf"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Advertising.com is an ad network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="Bfast"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="befree"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Bfast is an ad network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="BonziBuddy"> <DIRECTORIES> <DIR NAME="bonzibuddy" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="bbsmartstubfal.exe" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="bonzitapfilters.dll" PATH="SysDir"></FILE> <FILE NAME="bonzitapfilters.dll" PATH="Sys32Dir"></FILE> <FILE NAME="BonziBDY.EXE" PATH=""></FILE> <FILE NAME="bonzibuddy.lnk" PATH=""></FILE> <FILE NAME="bbshortcut.ico" PATH="PFDir\\audiogalaxy satellite"></FILE> <FILE NAME="wcinst.exe" PATH="PFDir\\bonzi.com web compass"></FILE> <FILE NAME="wclogic.dll" PATH="PFDir\\bonzi.com web compass"></FILE> <FILE NAME="webcompass.dll" PATH="PFDir\\bonzi.com web compass"></FILE> <FILE NAME="bbsmartsetup.exe" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="bbuddymini.exe" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="bonzibuddyuninstall.exe" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="bonzictb.dll" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="savenowinst.exe" PATH="PFDir\\bonzibuddy"></FILE> <FILE NAME="bonzibuddy.lnk" PATH="WinDir\\desktop"></FILE> <FILE NAME="free bonzibuddy.lnk" PATH="WinDir\\desktop"></FILE> <FILE NAME="bonzi.acs" PATH="WinDir\\msagent\\chars"></FILE> <FILE NAME="bonzibuddy.lnk" PATH="WinDir\\start menu\\programs"></FILE> <FILE NAME="webcompass.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bonzi.url" PATH=""></FILE> <FILE NAME="webcompassbar.dll" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="bonzi"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE" VALUE="bonzi"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="bonzi"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bonzi"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Bonzi Buddy"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>BonziBuddy is responsible for delivering advertisements in various forms to the PC</DESCRIPTION> </SW> <SW NAME="Centrport"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Centrport is a marketing network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="DSS Agent"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="DSSAGENT.EXE" PATH="WinDir\\BBStore\\DSS"></FILE> </FILES> <COOKIES> <COOKIE NAME="broderbund"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs\\C:\\WINDOWS\\BBStore\\DSS" VALUE="DSSAGENT.EXE"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="dss"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>DSS Agent is designed to facilitate product updates, and allow vendors to push out updates at any time.</DESCRIPTION> </SW> <SW NAME="Focalink"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="engage"></COOKIE> <COOKIE NAME="adknowledge"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Focalink is a marketing network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="LinkSynergy"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="linkshare"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>LinkSynergy is a marketing network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="Mediaplex"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="mediaplex"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Mediaplex is a marketing network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="web3000"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="instnetmgr.dll" PATH="WinDir"></FILE> <FILE NAME="w3knet.dll" PATH="WinDir"></FILE> <FILE NAME="W3KNet.w3k" PATH="WinDir"></FILE> <FILE NAME="W3KNET_W3l.DLL" PATH="WinDir"></FILE> <FILE NAME="W3kSelfInst.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_USERS" SUB=".default\\software" VALUE="web3000.com"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="web3000.com"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="web3000.com"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="w3knetwork"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Web3000 is an ad network that uses cookies to store and track user information, as well as deliver pop ups</DESCRIPTION> </SW> <SW NAME="sextracker"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="sextracker"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Sextracker are cookies used to track user information primarily used by adult sites</DESCRIPTION> </SW> <SW NAME="Targetnet"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="zaq"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Targetnet is a marketing network that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="VX2.BetterInternet/VX2.ABetterInternet"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="belt.exe" PATH=""></FILE> <FILE NAME="Belt.exe" PATH="WinDir"></FILE> <FILE NAME="Belt.ini" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{000006B1-19B5-414A-849F-2A3C64AE6939}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{000006B1-19B5-414A-849F-2A3C64AE6939}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{000006B1-19B5-414A-849F-2A3C64AE6939}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\run" VALUE="belt"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Tracks your browsing behavior as well as notoriously adds additional spyware/adware to your PC</DESCRIPTION> </SW> <SW NAME="VX2/LinkReplacer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IEHelper.DLL" PATH="SysDir"></FILE> <FILE NAME="iehelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="VX2.dll" PATH="SysDir"></FILE> <FILE NAME="vx2.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> <COOKIE NAME="mindset"></COOKIE> <COOKIE NAME="aadcom"></COOKIE> <COOKIE NAME="itc"></COOKIE> <COOKIE NAME="internettechcorp"></COOKIE> <COOKIE NAME="disk11"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{DDFFA75A-E81D-4454-89FC-B9FD0631E726}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000006B1-19B5-414A-849F-2A3C64AE6939}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\shell extensions\\approved" VALUE="{ddffa75a-e81d-4454-89fc-b9fd0631e726}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>VX2 is a variant of the netpal/transponder spyware that is responsible for browser hijacking and pop up ads</DESCRIPTION> </SW> <SW NAME="WebTrends"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> <COOKIE NAME="NetIQ"></COOKIE> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>WebTrends is a web analysis company that uses cookies to store and track user information</DESCRIPTION> </SW> <SW NAME="BookmarkExpress"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BMLauncher.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>BookmarkExpress is discontinued, but used to manage bookmarks for users - bundled with some older applications</DESCRIPTION> </SW> <SW NAME="AutoUpdater/Envolo"> <DIRECTORIES> <DIR NAME="autoupdate" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="auto_update_uninstall.exe" PATH="Sys32Dir"></FILE> <FILE NAME="AutoUpdate.exe" PATH="PFDir\\AutoUpdate"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Envolo"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="autoupdater"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Allows automatic download and execution of additional adware related components</DESCRIPTION> </SW> <SW NAME="Trojan - Element"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="element.txt" PATH="WinDir"></FILE> <FILE NAME="element.ico" PATH="WinDir"></FILE> <FILE NAME="Element3.Lnk" PATH=""></FILE> <FILE NAME="Element.Lnk" PATH=""></FILE> <FILE NAME="Boot.Lnk" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>The Element Trojan wreaks havoc on the machine, and replaces several key files necessary to run Windows</DESCRIPTION> </SW> <SW NAME="Trojan - DocTor"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="doctor.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DocTor"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>The doctor trojan wreaks havoc on the machine</DESCRIPTION> </SW> <SW NAME="WebAssist"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="webassist.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>WebAssist is responsible for delivering pop up advertisements</DESCRIPTION> </SW> <SW NAME="PrizeSurfer"> <DIRECTORIES> <DIR NAME="rcprograms" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="RCSync.exe" PATH="PFDir\\rcprograms"></FILE> <FILE NAME="prizesurfer.exe" PATH="PFDir\\rcprograms\\v2"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\run" VALUE="RCSync"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\run" VALUE="PrizeSurfer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>PrizeSurfer is responsible for delivering pop up advertisements</DESCRIPTION> </SW> <SW NAME="GAIN"> <DIRECTORIES> <DIR NAME="adware" PATH="WinDir\\Temp"></DIR> </DIRECTORIES> <FILES> <FILE NAME="trickler_bic_gatordm_4010.exe" PATH=""></FILE> <FILE NAME="gatorpdpsetup.log" PATH="WinDir"></FILE> <FILE NAME="dashbar15.dll" PATH="Sys32Dir"></FILE> <FILE NAME="dashbar15.dll" PATH="SysDir"></FILE> <FILE NAME="cmesys.exe" PATH="PFDir\\common files\\cmeii"></FILE> <FILE NAME="iegator.dll" PATH="WinDir\\downloaded program files\\conflict.1"></FILE> <FILE NAME="fsg_4104.exe" PATH="WinDir\\temp\\adware"></FILE> <FILE NAME="fsg.exe" PATH="PFDir\\gator.com\\fsg"></FILE> <FILE NAME="gain_trickler_3202.exe" PATH="PFDir\\divx\\divx pro codec"></FILE> <FILE NAME="gain_trickler_3102.exe" PATH="PFDir\\divx\\divx pro codec"></FILE> <FILE NAME="fsg-ag.exe" PATH=""></FILE> <FILE NAME="Weatherscope.exe" PATH="PFDir\\Weatherscope"></FILE> <FILE NAME="GatorUninstaller_cme.log" PATH="WinDir"></FILE> <FILE NAME="GatorUninstaller_cme_u.log" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}"> </REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8}"> </REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{cc90cda0-74a0-45b4-80ef-d89ca8c249b8}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CMESys"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>The Gator Advertising and Information Network, this is the company behind gator and the ads associated with GAIN related applications, known to produce popups</DESCRIPTION> </SW> <SW NAME="Hi-Wire"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{08e05eee-5ee9-11d4-9caf-00d0b76063fd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{28f00b0f-dc4e-11d3-abec-005004a44eeb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{5ca9d47f-4bbc-45e0-815f-670ae736a678}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{80f1b906-d066-11d3-ad70-009027b8adbc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{bcddab74-c3a8-11d3-ad69-009027b8adbc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c357398a-8e21-4505-8bd7-784a4e9ac659}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c357398b-8e21-4505-8bd7-784a4e9ac659}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{08e05ee1-5ee9-11d4-9caf-00d0b76063fd}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{f5ee52d3-2ecc-409e-a92f-a73f2b8dd407}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="hiwire"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hi-Wire is adware that delivers popup ads to your PC</DESCRIPTION> </SW> <SW NAME="Xrenoder/xxxToolbar/SearchBarCash"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="toolbar_nieuw13.dll " PATH="WinDir\\downloaded program files\\conflict.1"></FILE> <FILE NAME="aupdate_uninstall.exe" PATH="SysDir"></FILE> <FILE NAME="aupdate.exe" PATH="SysDir"></FILE> <FILE NAME="aupdate.conf" PATH="SysDir"></FILE> <FILE NAME="aupdate.trk" PATH="SysDir"></FILE> <FILE NAME="aupdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="aupdate.conf" PATH="Sys32Dir"></FILE> <FILE NAME="aupdate.trk" PATH="Sys32Dir"></FILE> <FILE NAME="aupdate_uninstall.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c357398c-8e21-4505-8bd7-784a4e9ac659}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="AutoUpdater"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Xrenoder hijacks your search settings, as well as displays porn advertisements</DESCRIPTION> </SW> <SW NAME="NCase"> <DIRECTORIES> <DIR NAME="ncase" PATH="PFDir"></DIR> <DIR NAME="n-case" PATH="PFDir"></DIR> <DIR NAME="fleok" PATH="WinDir"></DIR> <DIR NAME="audio tools" PATH="PFDir\\rosoft"></DIR> </DIRECTORIES> <FILES> <FILE NAME="msbb.exe" PATH="PFDir\\n-case\\fleok"></FILE> <FILE NAME="msbb.exe" PATH="PFDir\\180Solutions"></FILE> <FILE NAME="msbb.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msbb.exe" PATH="SysDir"></FILE> <FILE NAME="msbb.exe" PATH="PFDir\\n-case"></FILE> <FILE NAME="ncmyb.dll" PATH="WinDir"></FILE> <FILE NAME="msbb.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msbb.dll" PATH="SysDir"></FILE> <FILE NAME="ncmyb.dll" PATH="SysDir"></FILE> <FILE NAME="ncmyb.dll" PATH="Sys32Dir"></FILE> <FILE NAME="WINPROC32.EXE" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6eb5b540-1e74-4d91-a7f0-5b758d333702}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{6eb5b540-1e74-4d91-a7f0-5b758d333702}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{6eb5b540-1e74-4d91-a7f0-5b758d333702}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="typelib" VALUE="{6eb5b540-1e74-4d91-a7f0-5b758d333702}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="ncase"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="msbb"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="180solutions"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows Internet Protocol"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="msbb"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>NCase is adware which displays advertisements on your PC</DESCRIPTION> </SW> <SW NAME="ClearSearch/ClearSearch.csie"> <DIRECTORIES> <DIR NAME="ClearSearch" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CSIE.DLL" PATH="PFDir\\lycos\\ieagent"></FILE> <FILE NAME="IE_ClrSch.DLL" PATH="PFDir\\clearsearch"></FILE> <FILE NAME="IE_ClrSch.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="IE_ClrSch.DLL" PATH="SysDir"></FILE> <FILE NAME="loader.exe" PATH="PFDir\\clearsearch"></FILE> <FILE NAME="CSIE.DLL" PATH="PFDir\\ClearSearch"></FILE> <FILE NAME="CSIE16.DLL" PATH="PFDir\\ClearSearch"></FILE> <FILE NAME="CSIE32.DLL" PATH="PFDir\\ClearSearch"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="clrsch"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00000000-0000-0000-0000-000000000221}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{00000000-0000-0000-0000-000000000240}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{00000000-0000-0000-0000-000000000221}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00000000-0000-0000-0000-000000000240}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="clrschloader"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Redirects to certain sites based on where you browse</DESCRIPTION> </SW> <SW NAME="LizardBar/Free Community"> <DIRECTORIES> <DIR NAME="submit" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="submithook.dll" PATH="PFDir\\submit"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Free Community is an Internet Explorer browser helper object that is pornography related</DESCRIPTION> </SW> <SW NAME="ChineseHack"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="explores.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that attempts to spread itself and allows access to unauthorized people</DESCRIPTION> </SW> <SW NAME="HelpExpress/HXDL"> <DIRECTORIES> <DIR NAME="alset" PATH="PFDir"></DIR> <DIR NAME="alset network" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="HXDL.EXE" PATH=""></FILE> <FILE NAME="HXIUL.EXE" PATH=""></FILE> <FILE NAME="HelpExp.exe" PATH=""></FILE> <FILE NAME="emsw.exe" PATH=""></FILE> <FILE NAME="HXDLDMDM.EXE" PATH=""></FILE> <FILE NAME="wsme.ini" PATH=""></FILE> <FILE NAME="HXDLAZWM.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="hxiul.exe"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="helpexp.exe"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="hxdl.exe"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="emsw.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="hxiul.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="helpexp.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="hxdl.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="emsw.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>Adware which delivers ads to your PC as well as takes up your system space</DESCRIPTION> </SW> <SW NAME="ISTbar/Powerscan"> <DIRECTORIES> <DIR NAME="istbar" PATH="PFDir"></DIR> <DIR NAME="istbarsvc" PATH="PFDir"></DIR> <DIR NAME="ISTsvc" PATH="PFDir"></DIR> <DIR NAME="power scan" PATH="PFDir"></DIR> <DIR NAME="TOTEM SHARED" PATH="PFDir\\Common Files"></DIR> <DIR NAME="Update" PATH="PFDir\\Common Files\\TOTEM SHARED"></DIR> <DIR NAME="totem shared" PATH="PFDir\\common files"></DIR> <DIR NAME="free amature movie" PATH="PFDir"></DIR> <DIR NAME="search bar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="aupdate.conf" PATH="Sys32Dir"></FILE> <FILE NAME="aupdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="aupdate_uninstall.exe" PATH="Sys32Dir"></FILE> <FILE NAME="acsproxy.dll" PATH="Sys32Dir"></FILE> <FILE NAME="acsproxy.lib" PATH="Sys32Dir"></FILE> <FILE NAME="bw6mds51.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="fwntoolbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="intrigue.dll" PATH="Sys32Dir"></FILE> <FILE NAME="istbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="kmisxk.exe" PATH="Sys32Dir"></FILE> <FILE NAME="longtimer.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="mciwndx.ocx" PATH="Sys32Dir"></FILE> <FILE NAME="srchbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="unregister.exe" PATH="Sys32Dir"></FILE> <FILE NAME="tinybar.exe" PATH="WinDir"></FILE> <FILE NAME="unstsa3.exe" PATH="WinDir"></FILE> <FILE NAME="alchem.ini" PATH="WinDir"></FILE> <FILE NAME="espam.exe" PATH="WinDir"></FILE> <FILE NAME="fon14100.exe" PATH="WinDir"></FILE> <FILE NAME="fyd.exe" PATH="WinDir"></FILE> <FILE NAME="msbb.exe" PATH="WinDir"></FILE> <FILE NAME="nem218.dll" PATH="WinDir"></FILE> <FILE NAME="ist.exe" PATH=""></FILE> <FILE NAME="ist.inf" PATH=""></FILE> <FILE NAME="istactivex.inf" PATH=""></FILE> <FILE NAME="istbar.txt" PATH=""></FILE> <FILE NAME="istsvc.exe" PATH=""></FILE> <FILE NAME="kyf.dat" PATH=""></FILE> <FILE NAME="paysites.dat" PATH=""></FILE> <FILE NAME="msbb.exe" PATH="PFDir\\180solutions\\fleok"></FILE> <FILE NAME="msbb.exe" PATH="PFDir\\180solutions"></FILE> <FILE NAME="ncmyb.dll" PATH="PFDir\\180solutions"></FILE> <FILE NAME="ads.html" PATH="PFDir\\free amature movie"></FILE> <FILE NAME="config.ini" PATH="PFDir\\free amature movie"></FILE> <FILE NAME="naughty_setup.exe" PATH="PFDir\\free amature movie"></FILE> <FILE NAME="naughtyplayer.exe" PATH="PFDir\\free amature movie"></FILE> <FILE NAME="srchbar.dll.manifest" PATH=""></FILE> <FILE NAME="istbar.dll" PATH="WinDir\\Temp"></FILE> <FILE NAME="trojandownloader.win32.istbar.aj.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.aj[2].exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.ap.dll" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.bm.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.bo.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.bp.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.bu.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.bx.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.cl.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.dh_(40).dll" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.i.exe" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.p.dll" PATH=""></FILE> <FILE NAME="trojandownloader.win32.istbar.u.exe" PATH=""></FILE> <FILE NAME="xml_istbar.php" PATH=""></FILE> <FILE NAME="aupdate_uninstall.exeist.exe" PATH="Sys32Dir"></FILE> <FILE NAME="powerscan.exe" PATH="PFDir\\power scan"></FILE> <FILE NAME="mscache.exe" PATH="WinDir"></FILE> <FILE NAME="Iesearchbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mscache2.exe" PATH="Sys32Dir"></FILE> <FILE NAME="mscache2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="istsvc.exe" PATH="PFDir\\istsvc"></FILE> <FILE NAME="mscache.dll" PATH="WinDir"></FILE> <FILE NAME="Istbar.dll" PATH="PFDir\\ISTBar"></FILE> <FILE NAME="penoghih.exe" PATH="WinDir"></FILE> <FILE NAME="istbar.dll" PATH="SysDir"></FILE> <FILE NAME="csearch.dll" PATH="SysDir"></FILE> <FILE NAME="istactivex.inf" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="isttoolbar.mdb" PATH=""></FILE> <FILE NAME="istactivex.dll" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{69555be2-9a78-11d2-ba91-00600827878d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="istactivex.installer"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="istactivex.installer.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="istactivex.installer.2"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="pugi.pugiobj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="pugi.pugiobj.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{67907b3c-a6ef-4a01-99ad-3fcd5f526429}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{6d3f5de4-e980-4407-a10f-9ac771abaae6}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{8d038f3d-7a31-42fa-8233-edf3ddd9fc25}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{d0288a41-9855-4a9b-8316-babe243648da}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="1stbar"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="iesearchbar"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="ms aupdate"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{072a348a-ae68-465d-8321-ac2d171ba06f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{12398dd6-40aa-4c40-a4ec-a42cfc0de797}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{496bef85-a112-496f-a2aa-3cfd083d4a75}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{5e45df59-09bb-4b5d-82e9-d5069119dd6d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{66098dd4-e5cd-47c7-822d-a5b78248c4a9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{6a6be3b6-5b37-4340-b387-dd45af7710e5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{6cc173c0-e352-4a9c-90ba-cfabc622d6e7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{708fea00-ebb5-494f-b9c1-aee8f84260f6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{7ccbcd26-7f35-423b-84b5-3bd88ca0cc7d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{93bd7246-5ac1-48f0-8de9-6a0edd6a7e0e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{98a8315e-667a-11d5-87a3-bb213c32b44b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{a9faf495-fef6-4608-b17a-7afe51d7016a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{ca4e7333-c145-48b5-b763-e758351a4ba9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{f2e9e3c6-0375-45a3-8ae6-7f7a1a1e703a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{fdad9eed-da3d-4c66-9435-065878f3d5b0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.bhobj"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.bhobj.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.bhobj\\clsid"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.bhobj\\curver"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.sinkobj"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.sinkobj.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.sinkobj\\clsid"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="dyfuca_bh.sinkobj\\curver"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="imgconv.clsimgconv"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{029e5f3b-7729-498d-989e-e275d9c2f60b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{1005d7ba-23ba-4839-8e9c-6e68eefea6e0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{18d33e45-f3cc-4d3b-99eb-177c9ba0f9a8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{29effdcf-0e6e-4e1b-9baa-d78faf7662b8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{3642f2e2-e08d-4bc0-88c4-a78cc4f885bb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{386e0945-26c9-4334-b298-099d81c0c023}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{401f6d33-83cd-4b19-82ab-cc834c8e6cb2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{4f21c163-444e-4c9f-af91-321cad8dc3e6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{51459dd8-95a7-4a42-a3b4-23e28214ee2b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{6189e5f8-0e23-42ef-828f-47d69c5ecc32}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{68749d06-e0a1-42ed-9e52-d0cc88460ef8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{73efc9b8-9e6a-4bee-80af-88a5c8d4c73b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{75e6c3b8-5a41-4f89-b329-94580fa2ca3c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{772f76fa-3d5d-49e0-8196-ee3a0b6ffca5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{837043ae-4276-4e3d-be32-fc334dc95fb7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{96b8ff30-f94d-43e7-b6d2-1a47c32b9083}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{98a8315d-667a-11d5-87a3-bb213c32b44b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{98a8315f-667a-11d5-87a3-bb213c32b44b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{a4711882-dcb2-46ba-aeb1-d74e49aa331f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{a7445c82-cfe3-4782-a5a0-df333ee4f7b0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{bc99a7d5-6251-4378-b6af-dc08bdf85b63}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{c5c9cda8-fb37-45b1-9ad2-733bb5dae64b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{cdb15f4b-de0f-4434-b8b3-45bf005249f1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{cf447b3e-4ebc-4fac-8957-176a8d634670}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{d5c5bc09-9631-4c4e-860c-f6d497173a15}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{d8ad96b6-39a6-4eda-9104-cfe49fb29f26}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{dea5a099-e534-425f-8eb2-80fe8da7e86d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{f00219a4-9748-4e8c-aa16-4e7c549d5482}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{f39011ef-5b60-4088-84ba-b66ffa7d5655}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clscheckforupdates"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clscommon"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsencryption"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsftpv2"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clshttpv2"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsini"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsinternet"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsprocess"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsregistery"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsregistration"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clstimer"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsupdate"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="intriguefunctions.clsversion"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="istactivex.installer"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="istactivex.installer.2"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{11269241-f241-11cf-bd9a-00aa00575603}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{308a04d3-084d-43aa-a3e6-0d12bcca3ce6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{7c9e9a74-1922-409e-ab46-e48784336c3a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{c6afa5ad-c7de-44e3-aeda-41e2dd7a4e1a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{12398dd6-40aa-4c40-a4ec-a42cfc0de797}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion" VALUE="mediaswitch"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/windows/downloaded program files/istactivex.dll"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/winnt/downloaded program files/istactivex.dll\\.owner"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/winnt/downloaded program files/istactivex.dll\\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/winnt/downloaded program files/pcpowerscan.exe\\.owner"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/winnt/downloaded program files/pcpowerscan.exe\\{dc187740-46a9-11d5-a815-00b0d0428c0c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="iesearchbariesearchbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="typelib" VALUE="{69550be2-9a78-11d2-ba91-00600827878d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{c82b55f0-60e0-478c-bc55-e4e22f11301d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="apuc.urlcatcher"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="apuc.urlcatcher.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{014da6c4-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{014da6c5-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{49c3014f-03ed-4634-9fb2-2881f2c7a057}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{4f9d4163-23f0-42e1-afda-4c1a6f8607e7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{60f8fb2a-9915-4202-967d-1fa694a8bcf5}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{676058db-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{676058e3-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{676058e4-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6e1c7285-263b-431d-8b83-c3cbce301704}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{72f81209-6c73-4de7-a3dc-408a8bd472fb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{974cc25e-d62c-4278-84e6-a806726e37bc}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{9dbafccf-592f-ffff-ffff-00608cec297b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{b8afa251-4efb-4703-87d4-da7d2435ba5e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{be35582c-9796-4cf1-aed9-556ada120b38}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c6906a23-4717-4e1f-b6fd-f06ebed14177}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{cf1e49b3-24a6-4b17-94be-c25102e3bf04}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{df7d760c-b7e2-4735-bb77-f5a1a9745e16}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{f94c0089-9394-4e44-b4ea-58dba1f7b84e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{c6906a23-4717-4e1f-b6fd-f06ebed14177}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="bargains"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{000004cc-e4ff-4f2c-bc30-dbef0b983bc9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{00000ef1-34e3-4633-87c6-1aa7a44296da}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c1-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c2-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c3-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c5-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c7-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6c9-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{014da6cb-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{136a9d1d-1f4b-43d4-8359-6f2382449255}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{49c3014f-03ed-4634-9fb2-2881f2c7a057}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{4f9d4163-23f0-42e1-afda-4c1a6f8607e7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{676058e4-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{6e1c7285-263b-431d-8b83-c3cbce301704}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{730f2451-a3fe-4a72-938c-fc8a74f15978}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{cf1e49b3-24a6-4b17-94be-c25102e3bf04}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{d7f2fd62-6c1b-4b52-85b1-f65a414bf050}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{e5dfb380-3988-4c07-8afb-8a47769d9db5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{014da6c4-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{014da6c6-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{014da6ca-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{014da6cc-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{297afc77-2039-4d3c-bef9-598819eb2c8a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{676058e3-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{9388907f-82f5-434d-a941-bb802c6dd7c1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{b8afa251-4efb-4703-87d4-da7d2435ba5e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{c6906a23-4717-4e1f-b6fd-f06ebed14177}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{df7d760c-b7e2-4735-bb77-f5a1a9745e16}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\interface" VALUE="{f94c0089-9394-4e44-b4ea-58dba1f7b84e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{014da6c0-189f-421a-88cd-07cfe51cff10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{60f8fb2a-9915-4202-967d-1fa694a8bcf5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{676058db-89bd-11d6-8a8c-0050ba8452c0}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{974cc25e-d62c-4278-84e6-a806726e37bc}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{be35582c-9796-4cf1-aed9-556ada120b38}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{ef100607-f409-426a-9e7c-cb211f2a9030}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c/winnt/downloaded program files/istactivex.dll{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8fb0f3e2-5193-11d7-9f88-0050fc5441cb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\explorer bars" VALUE="{69550be2-9a78-11d2-ba91-00600827878d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\explorer bars" VALUE="{69555be2-9a78-11d2-ba91-00600827878d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\explorer bars" VALUE="{8fb0f3e2-5193-11d7-9f88-0050fc5441cb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{69550be2-9a78-11d2-ba91-00600827878d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="autoupdate"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{5f1abcdb-a875-46c1-8345-b72a4567e486}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{69550BE2-9A78-11D2-BA91-00600827878D}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{ef86873f-04c2-4a95-a373-5703c08efc7b}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="Pugi.PugiObj (and .1)"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="ISTbar"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="ist"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="POWERSCAN"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="istsvc"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{ef86873f-04c2-4a95-a373-5703c08efc7b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="totem"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5F1ABCDB-A875-46c1-8345-B72A4567E486}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\ISTsvc" VALUE="DisplayName"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="ISTsvc"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\ISTbarISTbar" VALUE="DisplayName"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="ISTbarISTbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\TypeLib" VALUE="{1bcd446e-7095-11d0-9c4e-00aa00bdd685}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Interface" VALUE="{1bcd446b-7095-11d0-9c4e-00aa00bdd685}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\clsid" VALUE="{1bcd446c-7095-11d0-9c4e-00aa00bdd685}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\POWERSCAN" VALUE="account_id"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\POWERSCAN" VALUE="LoadNum"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{5F1ABCDB-A875-46c1-8345-B72A4567E486}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="ms updates"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="IST Service"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="power scan"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="CLS"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="InstallTime"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="PendingRemoval"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="RID"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="TAC"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Avenue Media\\Internet Optimizer" VALUE="Version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{5F1ABCDB-A875-46c1-8345-B72A4567E486}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="bargains"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="autoupdater"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="dkry"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="403"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="404"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="410"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="500"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="active alert conf"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="active alert timestamp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\active alert" VALUE="target"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\active alert" VALUE="version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\browser helper" VALUE="modulefilename"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\browser helper" VALUE="options"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\browser helper" VALUE="version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="id"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="servervisited"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="uninstallurl"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="updateinterval"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="wse conf"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer" VALUE="wse timestamp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\wse" VALUE="modulefilename"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\wse" VALUE="options"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\avenue media\\internet optimizer\\wse" VALUE="version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer active alert" VALUE="displayicon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer active alert" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer active alert" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer" VALUE="displayicon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\internet optimizer" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{014da6c9-189f-421a-88cd-07cfe51cff10}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{6e1c7285-263b-431d-8b83-c3cbce301704}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{69550be2-9a78-11d2-ba91-00600827878d}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\internet explorer\\toolbar\\webbrowser" VALUE="{5d60ff48-95be-4956-b4c6-6bb168a70310}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="account_id"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="app_date"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="app_name"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="config_count"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="config_interval"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="config_last"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="config_url"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="popup_count"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="popup_initial_delay"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="popup_interval"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="popup_last"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="popup_url"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="update_count"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="update_interval"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="update_last"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="update_url"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="update_version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\istsvc" VALUE="version"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\lycos\\sidesearch" VALUE="locale"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\lycos\\sidesearch" VALUE="partner"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\lycos\\sidesearch" VALUE="silentwelcome"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\mysearch\\bar" VALUE="partnerexe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\mysearch\\bar" VALUE="partnername"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\mysearch\\bar" VALUE="partnerurl"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\istsvc" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\istsvc" VALUE="nomodify"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\istsvc" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="displayicon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="helplink"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="nomodify"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="norepair"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\lycos sidesearch" VALUE="urlinfoabout"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\msbb" VALUE="displayicon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\msbb" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\msbb" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\pc powerscan" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\pc powerscan" VALUE="publisher"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\pc powerscan" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\pc powerscan" VALUE="urlinfoabout"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\search bar" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\search bar" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\wsem update" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\wsem update" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="component categories\\{00021493-0000-0000-c000-000000000046}" VALUE="enum"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="component categories\\{00021494-0000-0000-c000-000000000046}" VALUE="enum"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="hardware\\resourcemap\\pnp manager\\pnpmanager" VALUE="device\\resource008659.raw"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="hardware\\resourcemap\\pnp manager\\pnpmanager" VALUE="device\\resource008659.translated"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\istactivex.installer" VALUE="clsid"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\istactivex.installer" VALUE="curver"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer" VALUE="shstyle"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\shareddlls" VALUE="c\\windows\\downloaded program files\\istactivex.dll"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\shell extensions\\approved" VALUE="{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="bandclsid"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="buttontext"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="clsid"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="default visible"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="hoticon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\extensions\\{000007c6-17df-4438-92a4-de5537471ba3}" VALUE="icon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units\\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}" VALUE="installer"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units\\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}" VALUE="systemcomponent"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Hijacks your system search settings and browser settings</DESCRIPTION> </SW> <SW NAME="Spector Keylogger"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="netknl.dll" PATH="Sys32Dir"></FILE> <FILE NAME="netknlhm.dll" PATH="Sys32Dir"></FILE> <FILE NAME="winnetcl.exe" PATH="Sys32Dir"></FILE> <FILE NAME="sp40setup.exe" PATH=""></FILE> <FILE NAME="spadmin.exe" PATH=""></FILE> <FILE NAME="spector_eval.exe" PATH=""></FILE> <FILE NAME="spsetup.exe" PATH=""></FILE> <FILE NAME="webebot.exe" PATH=""></FILE> <FILE NAME="wswinntfp.exe" PATH="SysDir"></FILE> <FILE NAME="wswinntfp.exe" PATH="Sys32Dir"></FILE> <FILE NAME="abfrnex.dll" PATH="SysDir"></FILE> <FILE NAME="abfrnex.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Spector is a keylogger that records all computer activity</DESCRIPTION> </SW> <SW NAME="SYSsfitb/TestTimer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="syssfitb.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="syssfitb"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="syssfitb"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Displays pornographic popups</DESCRIPTION> </SW> <SW NAME="SmartSearch.iexplorer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iexplorer.exe" PATH="WinDir"></FILE> <FILE NAME="iexplorer.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="UserSystem"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="UserSystem"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>SmartSearch hijacker that hijacks your internet settings, including homepage, searchpages, etc</DESCRIPTION> </SW> <SW NAME="STARR Keylogger"> <DIRECTORIES> <DIR NAME="starr" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="wsys.exe" PATH="PFDir\\starr"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Records all keystrokes and related computer activity</DESCRIPTION> </SW> <SW NAME="SpyAnytime PC Spy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sysmgr32.exe" PATH="PFDir\\WareSight"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Records all keystrokes and related computer activity</DESCRIPTION> </SW> <SW NAME="ShowBehind"> <DIRECTORIES> <DIR NAME="sbnet" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="showbehind.exe" PATH="WinDir\\sbnet"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="showbehind"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Spawns popup windows while you browse the internet</DESCRIPTION> </SW> <SW NAME="SpotOn"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Spotonbh.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Used to hijack internet settings</DESCRIPTION> </SW> <SW NAME="Statblaster"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Statblaster.exe" PATH="PFDir\\media\\media"></FILE> <FILE NAME="updatestats.exe" PATH="PFDir\\media\\media"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{3F3DA1C1-024E-41E6-BE83-B22C5181A869}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{A1A53286-D448-44EE-9660-F60A620A24B1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Statblaster"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{2FE53E31-8FCD-4C4E-8567-B6449295F9F3}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="UpdateStats"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Statblaster is used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="Madise"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="madise.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{f760cb9e-c60f-4a89-890e-fae8b849493e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{f760cb9e-c60f-4a89-890e-fae8b849493e}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Opens pop up windows while browsing the web</DESCRIPTION> </SW> <SW NAME="IE SearchBar"> <DIRECTORIES> <DIR NAME="IESEARCHBAR" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="IESEARCHBAR.DLL" PATH="PFDir\\IESEARCHBAR"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that also hijacks your internet settings, home page settings, etc</DESCRIPTION> </SW> <SW NAME="HTASploit - winmain"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winmain.exe" PATH="SysDir"></FILE> <FILE NAME="winmain.exe" PATH="Sys32Dir"></FILE> <FILE NAME="winmain.exe" PATH="ProfilePath\\local settings\\temp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winmain"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Leaves an open door to allow any malicious webpage access to your personal files</DESCRIPTION> </SW> <SW NAME="ClientMan"> <DIRECTORIES> <DIR NAME="ClientMan" PATH="PFDir"></DIR> <DIR NAME="run" PATH="PFDir\\clientman"></DIR> </DIRECTORIES> <FILES> <FILE NAME="mscman.exe" PATH="PFDir\\clientman"></FILE> <FILE NAME="msckin.exe" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="msmc.exe" PATH="Sys32Dir"></FILE> <FILE NAME="mskceo.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ause3.exe" PATH="PFDir\\clientman\\run"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{94927a13-4aaa-476a-989d-392456427688}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{cc916b4b-be44-4026-a19d-8c74bbd23361}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{00a0a40c-f432-4c59-ba11-b25d142c7ab7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00a0a40c-f432-4c59-ba11-b25d142c7ab7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0982868C-47F0-4EFB-A664-C7B0B1015808}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0BA1C6EB-D062-4E37-9DB5-B07743276324}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{25F7FA20-3FC3-11D7-B487-00D05990014C}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0982868C-47F0-4EFB-A664-C7B0B1015808}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0BA1C6EB-D062-4E37-9DB5-B07743276324}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="clientman"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="clientman1"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Starts up everytime the computer is run and comes bundled with many software applications</DESCRIPTION> </SW> <SW NAME="SearchSprint Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{aee46806-2c5a-4a4e-a5dd-b4531f64a187}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{aee46806-2c5a-4a4e-a5dd-b4531f64a187}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that attaches to internet explorer</DESCRIPTION> </SW> <SW NAME="Chota"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="chota.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Chota is a Keylogger that runs silently in the background, recording all keystrokes.</DESCRIPTION> </SW> <SW NAME="SearchAndClick"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2cf0b992-5eeb-4143-99c0-5297ef71f443}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that adds itself to your browser</DESCRIPTION> </SW> <SW NAME="Winshow/WinLink"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winshow.dll" PATH="ProfilePath\\application data\\winshow"></FILE> <FILE NAME="winlink.dll" PATH="ProfilePath\\application data\\winlink"></FILE> <FILE NAME="winshow.dll" PATH="Sys32Dir"></FILE> <FILE NAME="winshow.dll" PATH="SysDir"></FILE> <FILE NAME="winlink.dll" PATH="WinDir"></FILE> <FILE NAME="winshow.cfg" PATH="WinDir"></FILE> <FILE NAME="dict.dat" PATH="WinDir"></FILE> <FILE NAME="winshow.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{6CC1C91A-AE8B-4373-A5B4-28BA1851E39A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{6CC1C91A-AE8B-4373-A5B4-28BA1851E39A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Winshow is adware that will display ads to your PC</DESCRIPTION> </SW> <SW NAME="Oodlz"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="oodlz.exe" PATH="PFDir\\acceleration software\\oodlz"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Many serve both ads to your PC as well as install without your permission</DESCRIPTION> </SW> <SW NAME="Zipclix"> <DIRECTORIES> <DIR NAME="zipclix" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="zipclix.dll" PATH="PFDir\\zipclix"></FILE> <FILE NAME="zipclix.ini" PATH="PFDir\\zipclix"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="zipclix"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{319a68db-06d0-46da-9f93-a810d5a70836}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{319a68db-06d0-46da-9f93-a810d5a70836}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that attaches itself to your browser</DESCRIPTION> </SW> <SW NAME="SeekSeek"> <DIRECTORIES> <DIR NAME="slmss" PATH="PFDir\\Common Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="slmss.exe" PATH="PFDir\\common files\\slmss"></FILE> <FILE NAME="mwsvm.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="mwsvm"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="slmss"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>SeekSeek is a browser hijacker that takes control of your web settings</DESCRIPTION> </SW> <SW NAME="ShopNav"> <DIRECTORIES> <DIR NAME="Srng" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SNHelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="SNHelper.dll" PATH="SysDir"></FILE> <FILE NAME="SNHelper.dll" PATH="PFDir"></FILE> <FILE NAME="searchhook.dll" PATH="PFDir\\srng"></FILE> <FILE NAME="Srng.exe" PATH="PFDir\\srng"></FILE> <FILE NAME="SrngHelper.exe" PATH="PFDir\\srng"></FILE> <FILE NAME="SrngUtil.exe" PATH="PFDir\\srng"></FILE> <FILE NAME="IEHelper.dll" PATH="PFDir\\srng"></FILE> <FILE NAME="SNHelper.dll" PATH="PFDir\\srng"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{14B3D246-6274-40B5-8D50-6C2ADE2AB29B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{CE7C3CF0-4B15-11D1-ABED-709549C10000}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="srng"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>4</DANGER_LEVEL> <DESCRIPTION>Shopnav hijacks your internet browser settings</DESCRIPTION> </SW> <SW NAME="Httper"> <DIRECTORIES> <DIR NAME="httper" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="httper.dll" PATH="SysDir"></FILE> <FILE NAME="httper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="httper.dll" PATH="PFDir\\httper"></FILE> <FILE NAME="httper.ini" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="CLSID" VALUE="{a5483501-070c-41dd-af44-9bd8864b3015}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a5483501-070c-41dd-af44-9bd8864b3015}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{a5483501-070c-41dd-af44-9bd8864b3015}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a5483501-070c-41dd-af44-9bd8864b3015}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Httper is a searchbar that attaches itself to your browser</DESCRIPTION> </SW> <SW NAME="TOPicks"> <DIRECTORIES> <DIR NAME="ToPicks" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="hthost.exe" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="idmun.exe" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="idhost.exe" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="idmup.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="htcheck2.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="tpreg.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="htps.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="idmcom.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="datamgr.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="tpbar.dll" PATH="PFDir\\topicks\\bin"></FILE> <FILE NAME="topicks.reg" PATH="PFDir\\topicks\\bin"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{0352960f-47be-11d5-ab93-00d0b760b4eb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0352960f-47be-11d5-ab93-00d0b760b4eb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="Topicks"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="topicks starter"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\appid\\adm.exe" VALUE="appid"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\appid\\altnet signing module.exe" VALUE="appid"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that displays sponsored results and links</DESCRIPTION> </SW> <SW NAME="KeenVALUE/KeenVALUE.updmgr/Keenware/EUniverse"> <DIRECTORIES> <DIR NAME="keenvalue" PATH="PFDir\\common files"></DIR> <DIR NAME="keenware" PATH="PFDir\\common files"></DIR> <DIR NAME="incredifind" PATH="PFDir"></DIR> <DIR NAME="updater" PATH="PFDir"></DIR> <DIR NAME="pwrs0rbi" PATH="PFDir\\dynamic toolbar"></DIR> <DIR NAME="updmgr" PATH="PFDir\\common files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="updmgr.exe" PATH="PFDir\\Common Files\\updmgr"></FILE> <FILE NAME="BHO.dll" PATH="PFDir\\incredifind\\bho"></FILE> <FILE NAME="pwrs0rbi.dll" PATH="PFDir\\powersearch\\toolbar"></FILE> <FILE NAME="infobar.dll" PATH="SysDir"></FILE> <FILE NAME="infobar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Searchbr.dll" PATH="SysDir"></FILE> <FILE NAME="Searchbr.dll" PATH="Sys32Dir"></FILE> <FILE NAME="wupdater.exe" PATH="PFDir\\Common files\\Keenware"></FILE> <FILE NAME="rvupdmgr.exe" PATH="PFDir\\Common Files\\updmgr"></FILE> <FILE NAME="simgr.exe" PATH="PFDir\\Common Files\\updmgr"></FILE> <FILE NAME="sui.exe" PATH="PFDir\\common files\\updater"></FILE> <FILE NAME="delupdat.exe" PATH="PFDir\\common files\\updater"></FILE> <FILE NAME="keenvalue.exe" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="wupdater.exe" PATH="PFDir\\common files\\updater"></FILE> <FILE NAME="KeenVALUEInstall_with_track_120.exe" PATH="PFDir\\Common Files\\KeenVALUE"></FILE> <FILE NAME="Setup_incredifind_ultimatesaver_with_track.exe" PATH="PFDir\\Common Files\\KeenVALUE"></FILE> <FILE NAME="Setup_powersearch_ultimateSaver_with_track.exe" PATH="PFDir\\Common Files\\KeenVALUE"></FILE> <FILE NAME="iesliderwin32.dll" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="kv001.dat" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="kv002.dat" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="kv099.dat" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="uninstall.exe" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="tipb.exe" PATH="PFDir\\perfectnav\\bho"></FILE> <FILE NAME="perfectnav.dll" PATH="PFDir\\perfectnav\\bho"></FILE> <FILE NAME="bho.dll" PATH="PFDir\\indredifind\\bho"></FILE> <FILE NAME="pwrs0rbi.dll" PATH="PFDir\\indredifind\\bho"></FILE> <FILE NAME="kvlhookwin.dll" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="killkeenvalue.exe" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="kwm.exe" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="senduninstallinfo.exe" PATH="PFDir\\common files\\keenvalue"></FILE> <FILE NAME="incredifind.dll" PATH="PFDir\\incredifind\\bho"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="euniverse"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="perfectnav"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a045dc85-fc44-45be-8a50-e4f9c62c9a84}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software" VALUE="keenvalue"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="keenvalue"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{269b6797-664e-48aa-b283-b012bdf6e525}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{269b6797-664e-48aa-b283-b012bdf6e525}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="powersearch"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="keenvalue"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\Visicom Media" VALUE="PWRS0RBI"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="updater"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="updmgr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\PerfectNav" VALUE="UID"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Generates advertisements as well as tracks user activity</DESCRIPTION> </SW> <SW NAME="TopText"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="stub.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>TopText will alter all pages displayed in the browser, underlining keywords to generate responses for sponsored results</DESCRIPTION> </SW> <SW NAME="Winhost32"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Winhost32.exe" PATH="SysDir"></FILE> <FILE NAME="Winhost32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>File that is pre-packaged with certain pieces of software that always actively runs on your PC</DESCRIPTION> </SW> <SW NAME="TwainTech"> <FILES> <FILE NAME="biprep.exe" PATH="WinDir"></FILE> <FILE NAME="b_371_0_1_585800.htm" PATH="WinDir\\cache371"></FILE> <FILE NAME="ft1_01_0_279_gepfah.exe" PATH="WinDir"></FILE> <FILE NAME="smdat32a.sys" PATH="WinDir"></FILE> <FILE NAME="smdat32m.sys" PATH="WinDir"></FILE> <FILE NAME="mxtarget.dll" PATH="SysDir"></FILE> <FILE NAME="mxtarget.dll" PATH="Sys32Dir"></FILE> <FILE NAME="uduftm.exe" PATH="Sys32Dir"></FILE> <FILE NAME="preinstt.exe" PATH="WinDir\\Temp\\thi43e2.tmp"></FILE> <FILE NAME="twaintec.inf" PATH="WinDir\\Temp\\thi43e2.tmp"></FILE> <FILE NAME="preinstt.exe" PATH="WinDir\\Temp\\thi4487.tmp"></FILE> <FILE NAME="\\twaintec.inf" PATH="WinDir\\Temp\\thi4487.tmp"></FILE> <FILE NAME="preinstt.exe" PATH="WinDir\\Temp\\thi5a9c.tmp"></FILE> <FILE NAME="twaintec.inf" PATH="WinDir\\Temp\\thi5a9c.tmp"></FILE> <FILE NAME="twaintec.dll" PATH="WinDir\\Temp\\thi6026.tmp"></FILE> <FILE NAME="preinstt.exe" PATH="WinDir\\Temp\\thi72ea.tmp"></FILE> <FILE NAME="twaintec.dll" PATH="WinDir\\Temp\\thi72ea.tmp"></FILE> <FILE NAME="twaintec.inf" PATH="WinDir\\Temp\\thi72ea.tmp"></FILE> <FILE NAME="twaintec.ini" PATH="WinDir"></FILE> <FILE NAME="urls.bin" PATH="WinDir"></FILE> <FILE NAME="vurls.bin" PATH="WinDir"></FILE> <FILE NAME="wast2.exe" PATH="WinDir"></FILE> <FILE NAME="wsem218.dll" PATH="WinDir"></FILE> <FILE NAME="xgn.exe" PATH="WinDir"></FILE> <FILE NAME="mxTarget.dll" PATH="WinDir"></FILE> <FILE NAME="twaintec.dll" PATH="WinDir"></FILE> <FILE NAME="twaintec.dll" PATH="Sys32Dir"></FILE> <FILE NAME="twaintec.dll" PATH="SysDir"></FILE> </FILES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0000607d-d204-42c7-8e46-216055bf9918}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{386a771c-e96a-421f-8ba7-32f1b706892f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0000607d-d204-42c7-8e46-216055bf9918}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="twaintecdll.twaintecdllobj.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{0000607d-d204-42c7-8e46-216055bf9918}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{0000607d-d204-42c7-8e46-216055bf9918}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{386a771c-e96a-421f-8ba7-32f1b706892f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="twaintecdll.twaintecdllobj.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{690bccb4-6b83-4203-ae77-038c116594ec}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\activex compatibility" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0000607D-D204-42C7-8E46-216055BF9918}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\browser helper objects" VALUE="{000020dd-c72e-4113-af77-dd56626c6c42}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="xgn"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\twaintec" VALUE="displayname"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall\\twaintec" VALUE="uninstallstring"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tt4c5ntrstransac"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tt4n5a6tionscode"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc1o4d5eofsfinalad"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc4n5tfyl"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc4n5trmsgsdisp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc4n5trsevnt"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc4s5insur"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttc4u5rrentsmode"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttd4s5tschost"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttd4s5tscpath"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttd4s5tssend"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4d5ofsdist"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4d5ofsinst"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4g5nores"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4n5progscab"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4n5progsex"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tti4n5progslstest"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttl3a4stmotssday"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttl3a4stsschckin"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttm4o5dessync"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tts4t5atusofsinst"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tts4t5i6cky1s"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="tts4t5icky2s"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4h5rshsbath"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4h5rshschecksin"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4h5rshsmots"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4h5rshsyssinf"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4i5m6eofsfinalad"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\twaintec" VALUE="ttt4o5plistspos"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\activex compatibility\\{000020dd-c72e-4113-af77-dd56626c6c42}" VALUE="compatibility flags"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Twaintech delivers targeted advertisements</DESCRIPTION> </SW> <SW NAME="Jraun"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="keyhost.exe" PATH="SysDir"></FILE> <FILE NAME="keyhost.exe" PATH="Sys32Dir"></FILE> <FILE NAME="VERSION.exe" PATH="SysDir"></FILE> <FILE NAME="VERSION.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WinEssential"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="version"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Hijacker that takes over your browser settings</DESCRIPTION> </SW> <SW NAME="MaConnect"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="maconnect.inf" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MaConnect is a dialer used to dial high cost pornographic services</DESCRIPTION> </SW> <SW NAME="ToolbarStarter.dll"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c77e900a-ff55-400e-9baa-e042c8212898}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{c77e900a-ff55-400e-9baa-e042c8212898}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Changes the settings of your browser</DESCRIPTION> </SW> <SW NAME="NetSpy KeyLogger"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="_ISREG32.DLL" PATH="SysDir"></FILE> <FILE NAME="_ISREG32.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="nsys.exe" PATH="Sys32Dir"></FILE> <FILE NAME="nsutil.exe" PATH="Sys32Dir"></FILE> <FILE NAME="nconfig.exe" PATH="Sys32Dir"></FILE> <FILE NAME="kbhook.dll" PATH="Sys32Dir"></FILE> <FILE NAME="file_keys.txtQ" PATH="Sys32Dir"></FILE> <FILE NAME="nsys.exe" PATH="SysDir"></FILE> <FILE NAME="nsutil.exe" PATH="SysDir"></FILE> <FILE NAME="nconfig.exe" PATH="SysDir"></FILE> <FILE NAME="kbhook.dll" PATH="SysDir"></FILE> <FILE NAME="file_keys.txtQ" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\app paths" VALUE="nsys"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="nsys"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Keylogger that will record all keystrokes types at your PC</DESCRIPTION> </SW> <SW NAME="Flyswat"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="flylib.dll" PATH="PFDir\\netcaptor"></FILE> <FILE NAME="flydesk.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Creates links to sponsored sites as you browse, as well as transmits information about your browsing activity</DESCRIPTION> </SW> <SW NAME="MasterBar"> <DIRECTORIES> <DIR NAME="MasterBar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="masterbar.dll" PATH="PFDir\\MasterBar"></FILE> <FILE NAME="qi32.dll" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser toolbar that slows down browsing/PC performance</DESCRIPTION> </SW> <SW NAME="PRW Hijacker"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="PWRSC037.DLL" PATH="SysDir"></FILE> <FILE NAME="PWRSC037.DLL" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{4e7bd74f-2b8d-469e-a58d-8f6fa787ad2d}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that will change your internet settings</DESCRIPTION> </SW> <SW NAME="Checkin.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="owmngr.exe" PATH="SysDir"></FILE> <FILE NAME="ttps.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="Iexplore"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="OWMngr"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Download trojan that facilitates the installation of other adware/spyware components</DESCRIPTION> </SW> <SW NAME="Whazit"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="bho.dll" PATH="WinDir"></FILE> <FILE NAME="whattt.dll" PATH="WinDir"></FILE> <FILE NAME="whattn.dll" PATH="WinDir"></FILE> <FILE NAME="newones.dll" PATH="WinDir"></FILE> <FILE NAME="WANOBSI.exe" PATH="WinDir"></FILE> <FILE NAME="whattt.dll" PATH="Sys32Dir"></FILE> <FILE NAME="whattt.dll" PATH="SysDir"></FILE> <FILE NAME="outones.dll" PATH="Sys32Dir"></FILE> <FILE NAME="outones.dll" PATH="SysDir"></FILE> <FILE NAME="newones.dll" PATH="SysDir"></FILE> <FILE NAME="newones.dll" PATH="Sys32Dir"></FILE> <FILE NAME="whattn.dll" PATH="Sys32Dir"></FILE> <FILE NAME="whattn.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software" VALUE="wms"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Whazit is a browser hijacker and adder of toolbars as well</DESCRIPTION> </SW> <SW NAME="E2Give"> <DIRECTORIES> <DIR NAME="E2Give" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="iebhos.dll" PATH="PFDir\\e2g"></FILE> <FILE NAME="e2gbho.dll" PATH="PFDir\\E2Give"></FILE> <FILE NAME="iebhos.dll" PATH="SysDir"></FILE> <FILE NAME="iebhos.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Software" VALUE="E2Give"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{3643abc2-21bf-46b9-b230-f247db0c6fd6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{3643abc2-21bf-46b9-b230-f247db0c6fd6}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Redirects searches to webmerchants in order to steal affiliate commissions</DESCRIPTION> </SW> <SW NAME="BrowserAid/X"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="stlbdist.dll" PATH="Sys32Dir"></FILE> <FILE NAME="stlbdist.dll" PATH="SysDir"></FILE> <FILE NAME="stlbupdt.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msiefr40.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msiefr40.dll" PATH="SysDir"></FILE> <FILE NAME="LetsSearch.exe" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="BrowserAid.exe" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="bpsinstall.exe" PATH="WinDir"></FILE> <FILE NAME="uptodate.exe" PATH="WinDir"></FILE> <FILE NAME="ctb_s.exe" PATH="WinDir"></FILE> <FILE NAME="BrowserAidBarWnd.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="LetsSearchIE.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="BABarWnd.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="QuickLaunchIE.dll" PATH="WinDir"></FILE> <FILE NAME="QuickLaunchIE.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="BrowserAidToolbar.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="HighlightHelper.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="blckbho.dll" PATH=""></FILE> <FILE NAME="bptlb.dll" PATH=""></FILE> <FILE NAME="Rundll16.dll" PATH="WinDir"></FILE> <FILE NAME="stlbad123.dll" PATH="SysDir"></FILE> <FILE NAME="stlbad123.dll" PATH="Sys32Dir"></FILE> <FILE NAME="inetp60.dll" PATH="SysDir"></FILE> <FILE NAME="inetp60.dll" PATH="Sys32Dir"></FILE> <FILE NAME="e2gbho.dll" PATH=""></FILE> <FILE NAME="QuickLaunch.exe" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="stlbad123.xml" PATH="SysDir"></FILE> <FILE NAME="lstoolbarconfig.inf" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CashToolbar" VALUE="ido"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CSHTLBAR" VALUE="braid_did"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{087173ef-9829-4f49-8340-a524177d3f60}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0ddbb570-0396-44c9-986a-8f6f61a51c2f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CashToolbar"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="CSHTLBAR"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C0-5297EF71F44A}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{0DDBB570-0396-44C9-986A-8F6F61A51C2F}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C0-5297EF71F443}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C0-5297EF71F44B}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C2-5297EF71F44A}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C2-5297EF71F44B}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{337D0C1D-4053-4FAB-AF2B-45C2F7B0FAA6}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{337D0C1D-4053-4FAB-AF2B-45C2F7B0FAA7}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{5F5564AC-DE7A-4DCD-9296-32E71A35DCB6}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{72CEAE02-DF9C-49F3-9689-10D1B82DC343}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{80672997-D58C-4190-9843-C6C61AF8FE97}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{D34F641F-5210-4EB0-8ED5-9179F47E15B7}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{D7258ABE-571F-4DC2-ABD1-8393B13B1269}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Rundll16"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{2cf0b992-5eeb-4143-99c0-5297ef71f444}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="RunWindowsUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Rundll32_7"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="{2CF0B992-5EEB-4143-99C0-5297EF71F444}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Manufactures many internet toolbars, all of which deliver ads and slow down the PC</DESCRIPTION> </SW> <SW NAME="DelFin Media Viewer"> <DIRECTORIES> <DIR NAME="delfin" PATH="PFDir"></DIR> <DIR NAME="Dpi" PATH="PFDir\\Common Files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="pcsvc.exe" PATH="Sys32Dir\\pcs"></FILE> <FILE NAME="pgmonitr.exe" PATH="PFDir\\delfin\\promulgate"></FILE> <FILE NAME="dpi.exe" PATH="PFDir\\common files\\dpi"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="dpi"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="pcsv"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="promulgate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware based media player used to deliver ads to your PC</DESCRIPTION> </SW> <SW NAME="Lycos SideSearch"> <DIRECTORIES> <DIR NAME="lycos" PATH="PFDir"></DIR> <DIR NAME="sidesearch" PATH="PFDir\\lycos"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SIDESEARCH1307.DLL" PATH="PFDir\\lycos\\sidesearch"></FILE> <FILE NAME="lycos sidesearch.lnk" PATH="ProfilePath\\desktop"></FILE> <FILE NAME="sidesearch.dll" PATH="PFDir\\Lycos\\Sidesearch"></FILE> <FILE NAME="sidesearch1211.dll" PATH="PFDir\\Lycos\\Sidesearch"></FILE> <FILE NAME="sidesearch1311.dll" PATH="PFDir\\Lycos\\Sidesearch"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{000007AB-7059-463E-BD44-101A1750D732}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{000007AB-7059-463E-BD44-101A1750D732}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Classes\\Clsid" VALUE="{00000762-3965-4A1A-98CE-3D4BF457D4C8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{00000762-3965-4A1A-98CE-3D4BF457D4C8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\explorer bars" VALUE="{000007ab-7059-463e-bd44-101a1750d732}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>0</DANGER_LEVEL> <DESCRIPTION>Produced by Lycos, sidesearch displays sponsored results when using other search engines</DESCRIPTION> </SW> <SW NAME="SuperBar"> <DIRECTORIES> <DIR NAME="superbar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="sbhc.exe" PATH="PFDIR\\SuperBar"></FILE> <FILE NAME="SuperBar.Dll" PATH="PFDir\\superbar"></FILE> <FILE NAME="SuperBar.Dll" PATH="Sys32Dir"></FILE> <FILE NAME="SuperBar.Dll" PATH="SysDir"></FILE> <FILE NAME="SuperBarExts.Dll" PATH="PFDir\\superbar"></FILE> </FILES> <COOKIES> <COOKIE NAME="gigatech"></COOKIE> <COOKIE NAME="greasycow"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{1548c55c-b1e7-483f-973d-11c58ad44d4a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{3C525947-F2B1-4237-A02B-2AC0FFDAB8FB}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{136A9D1D-1F4B-43D4-8359-6F2382449255}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{00ec76b0-1952-4f0e-a5e0-f14ffaf01f61}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{136A9D1D-1F4B-43D4-8359-6F2382449255}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{136a9d1d-1f4b-43d4-8359-6f2382449255}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{136a9d1d-1f4b-43d4-8359-6f2382449255}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{136A9D1D-1F4B-43D4-8359-6F2382449255}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{1548c55c-b1e7-483f-973d-11c58ad44d4a}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{3c525947-f2b1-4237-a02b-2ac0ffdab8fb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{a693a29b-931c-4367-9c60-ca3c303e35fb3}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c5a80b44-892e-4f46-be6e-db45479787e7}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d33aaf20-50c1-4a4c-9b83-b3b1946aa821}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{e513445c-e14a-4b63-8092-49fe687ae023}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{C5A80B44-892E-4F46-BE6E-DB45479787E7}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="sbhc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Superbar is a search toolbar that slows down browsing/PC performance</DESCRIPTION> </SW> <SW NAME="WORM_OPASERV.E"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BRASIL.PIF" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Brasil"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that spreads itself across networks</DESCRIPTION> </SW> <SW NAME="W32.Instit.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="instit.bat" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="instit"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that attempts to spread itself across networks</DESCRIPTION> </SW> <SW NAME="WinFavorites/LoudMarketing.Casino"> <DIRECTORIES> <DIR NAME="winfavorites" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="WinFavorites.exe" PATH="PFDir\\winfavorites"></FILE> <FILE NAME="WinFavorites.exe1" PATH="PFDir\\winfavorites"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WinFavorites"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware related component that delivers advertisements</DESCRIPTION> </SW> <SW NAME="WinPup32/Winpup"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Winpup.exe" PATH="WinDir"></FILE> <FILE NAME="Winpup32.exe" PATH="WinDir"></FILE> <FILE NAME="winpup32.exe" PATH="SysDir"></FILE> <FILE NAME="winpup32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause popup advertisements.</DESCRIPTION> </SW> <SW NAME="NewtonKnows/Newton Knows.Bar"> <DIRECTORIES> <DIR NAME="newton knows" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="NewtKnow.exe" PATH="PFDir\\Newton Knows"></FILE> <FILE NAME="NewtnTra.exe" PATH=""></FILE> <FILE NAME="bar.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>NewtonKnows is an IE search hijacker as well as browser settings hijacker</DESCRIPTION> </SW> <SW NAME="VirtualBouncer"> <DIRECTORIES> <DIR NAME="vbouncer" PATH="PFDir"></DIR> <DIR NAME="virtual bouncer" PATH="ProfilePath\\start menu\\programs"></DIR> </DIRECTORIES> <FILES> <FILE NAME="VirtualBouncer.exe" PATH="PFDir\\vbouncer"></FILE> <FILE NAME="vbouncerouter1402030731.exe" PATH="WinDir\\downloaded program files\\conflict.1"></FILE> <FILE NAME="vbouncerouter1402030731.exe" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="virtual bouncer.lnk" PATH="ProfilePath\\start menu\\programs\\startup"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\cryptography\\services" VALUE="durl"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="virtual bouncer"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Virtual Bouncer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Known to reside in the memory of your PC, therefore slowing it down, as well as deliver occasional popup ads</DESCRIPTION> </SW> <SW NAME="NavExcel"> <DIRECTORIES> <DIR NAME="NavExcel" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="NavHelper" PATH="WinDir/DownloadProgramfile"></FILE> <FILE NAME="NHelper.dll" PATH="PFDir\\navexcel\\navhelper\\v2.0.4"></FILE> <FILE NAME="NHelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NHelper.dll" PATH="SysDir"></FILE> <FILE NAME="NHUninstaller.exe" PATH="PFDir\\navexcel\\navhelper\\v2.0.4"></FILE> <FILE NAME="NHUpdater.exe" PATH="PFDir\\navexcel\\navhelper\\v2.0.4"></FILE> <FILE NAME="NHelper.htm" PATH="PFDir\\navexcel\\navhelper\\v2.0.4"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>NavExcel is a search hijacker</DESCRIPTION> </SW> <SW NAME="Look2Me"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msg116.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg116.dll" PATH="SysDir"></FILE> <FILE NAME="msg117.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg117.dll" PATH="SysDir"></FILE> <FILE NAME="upd116.exe" PATH=""></FILE> <FILE NAME="upd117.exe" PATH=""></FILE> <FILE NAME="msg{1e253d5d-6add-4fe9-829c-f51038158be5}0110.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{1e253d5d-6add-4fe9-829c-f51038158be5}0111.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{46b08877-2be4-4f35-8e77-034c2142321c}0115.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0111.dllno.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0110.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{e01b47a7-a499-4fee-83c2-b0684ca28e6b}0115.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{d331b768-d6da-41e8-a7b6-78ed724126c0}0115.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0111.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0110.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{aac5700f-954a-47b7-9746-871ae8e634e4}0115.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0111.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{93396c3f-aea3-4ac0-bb55-81f0f0414a24}0113.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0111.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0110.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0111.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0110.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0110.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{DDFFA75A-E81D-4454-89FC-B9FD0631E726}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellExtensions\\Approved" VALUE="{DDFFA75A-E81D-4454-89FC-B9FD0631E726}"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-1409082233-1390067357-1801674531-500\\software" VALUE="look2me"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-1801674531-854245398-839522115-1120\\software" VALUE="look2me"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-1960408961-1993962763-1343024091-1003\\software" VALUE="look2me"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="Look2Me"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-343818398-73586283-839522115-500\\software" VALUE="look2me"></REGKEY> <REGKEY MAIN="HKEY_USERS" SUB="s-1-5-21-3581291086-1789104883-3112336242-1005\\software" VALUE="look2me"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Monitors websites you visit and sends the information to a central server</DESCRIPTION> </SW> <SW NAME="BroadcastPC"> <DIRECTORIES> <DIR NAME="RVP" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="bpc.exe" PATH="PFDir\\rvp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="rvp"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Downloads movie clips to your computer and plays them at pre-designated times without your consent</DESCRIPTION> </SW> <SW NAME="Stop-Popup-Ads-Now/Adware.Binet/StopPop"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="payload.inf" PATH="WinDir\\inf"></FILE> <FILE NAME="Bi.dll" PATH="WinDir"></FILE> <FILE NAME="Biprep.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="dhost"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{10000273-8230-4dd4-be4f-6889d1e74167}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{10000273-8230-4dd4-be4f-6889d1e74167}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE="bidll.bidllobj.1"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Browser Helper Object that displays advertisements and downloads and installs files.</DESCRIPTION> </SW> <SW NAME="DailyToolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dailytoolbar.dll" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{8333c319-0669-4893-a418-f56d9249fca6}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that attaches to Internet Explorer</DESCRIPTION> </SW> <SW NAME="EasyWWW"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="easywww.exe" PATH="WinDir"></FILE> <FILE NAME="redirect5.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="easywww"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="redirect"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacks your Internet Explorer settings</DESCRIPTION> </SW> <SW NAME="W32.Badtrans.B@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="kern32.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce" VALUE="Kernel32"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce" VALUE="Kernel32.exe"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that can log all keystroaks types at your PC</DESCRIPTION> </SW> <SW NAME="Frsk"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="frsk.exe" PATH="WinDir"></FILE> <FILE NAME="dp-b23011805.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="frsk"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PGStub.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Changes your Internet Explorer settings</DESCRIPTION> </SW> <SW NAME="Worm.MsBlast.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MSBLAST.EXE" PATH="SysDir"></FILE> <FILE NAME="MSBLAST.EXE" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="CleverIEHooker.Jeired/Jeired"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="jeired.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\typelib" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{707e6f76-9ffb-4920-a976-ea101271bc25}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Hijacker that changes your Internet Explorer settings</DESCRIPTION> </SW> <SW NAME="NetRatings Premeter"> <DIRECTORIES> <DIR NAME="netratings" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="nmtracer.dll" PATH="Sys32Dir"></FILE> <FILE NAME="NetMeter.exe" PATH="PFDir\\netratings\\netmeter"></FILE> <FILE NAME="prmt.exe" PATH=""></FILE> <FILE NAME="nrpr.exe" PATH="PFDir\\netratings\\premeter"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="premeter"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="netmeter"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="premeter"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Tracks internet usage and other statistics and sends them to a central server</DESCRIPTION> </SW> <SW NAME="AdRoar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cpruninst.exe" PATH="WinDir"></FILE> <FILE NAME="Cpr.dll" PATH="SysDir"></FILE> <FILE NAME="ADROAR.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="ADROAR.DLL" PATH="SysDir"></FILE> <FILE NAME="Cpr.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ARUpdate.exe" PATH="WinDir"></FILE> <FILE NAME="ADROAR.DLL" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{FAC6E0E1-5D45-4907-BC00-302D702DCC73}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{FAC6E0E1-5D45-4907-BC00-302D702DCC73}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\InternetExplorer\\Toolbar" VALUE="{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\InternetExplorer\\Toolbar\\WebBrowser" VALUE="{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\InternetExplorer\\Toolbar" VALUE="{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="AdRoarUpdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Helper Object used to display advertisements on your PC</DESCRIPTION> </SW> <SW NAME="WebSearch Toolbar.bho1/WebSearch Toolbar.bho2"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{07B18EA1-A523-4961-B6BB-170DE4475CCA}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00A6FAF1-072E-44cf-8957-5838F569A31D}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Variant of Websearch, used to alter your internet explorer settings.</DESCRIPTION> </SW> <SW NAME="SearchWWW"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ietoolbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ietoolbar.htm" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>SearchWWW is an internet explorer toolbar and homepage hijacker</DESCRIPTION> </SW> <SW NAME="SearchScout Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="SearchScoutToolbar.dll" PATH="SysDir"></FILE> <FILE NAME="SearchScoutToolbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{fd7d6851-616e-48de-af55-ee2e34f389b0}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar that bundles other adware as well</DESCRIPTION> </SW> <SW NAME="Searchspace Hijacker"> <FILES> <FILE NAME="NavExt.dll" PATH="WinDir"></FILE> </FILES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\browser helper objects" VALUE="{00110011-4b0b-44d5-9718-90c88817369b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{00110011-4b0b-44d5-9718-90c88817369b}"></REGKEY> </KEYS> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacks your internet settings and points them to search-space.com</DESCRIPTION> </SW> <SW NAME="CoolWebSearch/IEfeats"> <DIRECTORIES> <DIR NAME="msinfo" PATH="PFDir\\common files"></DIR> <DIR NAME="iefeatsl" PATH="ProfilePath\\application data"></DIR> </DIRECTORIES> <FILES> <FILE NAME="AddClass.exe" PATH="WinDir"></FILE> <FILE NAME="dnsrelay.dll" PATH="SysDir"></FILE> <FILE NAME="ld.exe" PATH="WinDir"></FILE> <FILE NAME="msinfo.exe" PATH="PFDir\\common files\\microsoft shared\\msinfo"></FILE> <FILE NAME="bootconf.exe" PATH="SysDir"></FILE> <FILE NAME="svchost32.exe" PATH="SysDir"></FILE> <FILE NAME="oemsysinf.pnp" PATH="WinDir\\inf"></FILE> <FILE NAME="msspi.dll" PATH="SysDir"></FILE> <FILE NAME="mupdate.exe" PATH="SysDir"></FILE> <FILE NAME="tapicfg.exe" PATH="Sys32Dir"></FILE> <FILE NAME="AddClass.exe" PATH="WinDir\\temp"></FILE> <FILE NAME="ctfmon32.exe" PATH="SysDir"></FILE> <FILE NAME="svcinit.exe" PATH="Sys32Dir"></FILE> <FILE NAME="svcinit.exe" PATH="SysDir"></FILE> <FILE NAME="dreplace.dll" PATH="SysDir"></FILE> <FILE NAME="dreplace.dll" PATH="Sys32Dir"></FILE> <FILE NAME="dnsrelay.dll" PATH="Sys32Dir"></FILE> <FILE NAME="mupdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="bootconf.exe" PATH="Sys32Dir"></FILE> <FILE NAME="svchost32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="iefeatsl.dll" PATH="ProfilePath\\application data\\iefeatsl"></FILE> <FILE NAME="msspi.dll" PATH="Sys32Dir"></FILE> <FILE NAME="iefeatsl.dll" PATH="SysDir"></FILE> <FILE NAME="msiesh.dll" PATH="SysDir"></FILE> <FILE NAME="msiesh.dll" PATH="ProfilePath\\application data\\iefeatsl"></FILE> <FILE NAME="msiesh.dll" PATH="ProfilePath\\application data\\systh"></FILE> <FILE NAME="msiesh.dll" PATH="ProfilePath\\application data\\sysxd"></FILE> <FILE NAME="msiesh.dll" PATH="ProfilePath\\application data\\winzf"></FILE> <FILE NAME="msiesh.dll" PATH="ProfilePath\\application data\\sysgy"></FILE> <FILE NAME="iefeatsl.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msiesh.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctfmon32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="iedll.exe" PATH="WinDir"></FILE> <FILE NAME="loader.exe" PATH="WinDir"></FILE> <FILE NAME="oslogo.bmp" PATH="WinDir\\Web"></FILE> <FILE NAME="default.css" PATH="WinDir"></FILE> <FILE NAME="fntldr.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{587DBF2D-9145-4c9e-92C2-1F953DA73773}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{FD9BC004-8331-4457-B830-4759FF704C22}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="msupdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bootconf.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="svchost.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SysPnP"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="AddClass"></REGVALUE> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{086AE192-23A6-48D6-96EC-715F53797E85}"></REGKEY> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="QuickTime Task"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="iedll"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="loader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ctfmon32.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Wide range of different browser hijackers</DESCRIPTION> </SW> <SW NAME="NJStar Asian Explorer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="etop100.dll" PATH="SysDir"></FILE> <FILE NAME="etop100.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{1E1B2879-30C7-11D4-8DDF-525400E483E3}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>NJStar Asian Explorer is a Browser Helper Object. It is known to slow down your PC.</DESCRIPTION> </SW> <SW NAME="CoolWebSearch.soundmx"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="soundmx.exe" PATH="SysDir"></FILE> <FILE NAME="soundmx.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Soundmx"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Hijacker related to CoolWebsearch</DESCRIPTION> </SW> <SW NAME="Migmaf Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wingate.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Login Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows use of your machine for devious purposes, including sending spam email</DESCRIPTION> </SW> <SW NAME="W32/Netsky.c@MM/WinLogonEXE"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winlogon.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winlogon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ICQ NET"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Netsky worm that is spread through email and attempts to spread itself using your PC</DESCRIPTION> </SW> <SW NAME="AutoSearch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="safesearch.dll" PATH="SysDir"></FILE> <FILE NAME="safesearch.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msinfosys.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msinfosys.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00000000-0000-0000-0000-000000000001}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{00000000-0000-0000-0000-000000000001}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacks address bar searches to partnered websites</DESCRIPTION> </SW> <SW NAME="Aornum"> <DIRECTORIES> <DIR NAME="Ornum" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="IWONBAR.DLL" PATH="PFDir\\iwon\\iwonbar\\1.bin"></FILE> <FILE NAME="I1SRCHAS.DLL" PATH="SysDir"></FILE> <FILE NAME="I1SRCHAS.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="IWONBAR.DLL" PATH="SysDir"></FILE> <FILE NAME="IWONBAR.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="aornum.exe" PATH="PFDir\\ornum"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{08E1C8E1-E565-44fc-A766-C9539BB3ABB7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{C298FB42-E3E2-11D3-ADCD-0050DAC24E8F}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Aornum"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Delivers ads to your PC in the form of popup ads</DESCRIPTION> </SW> <SW NAME="AIM updater/Outwar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mxbovtg.dll" PATH="SysDir"></FILE> <FILE NAME="bi.dll" PATH="SysDir"></FILE> <FILE NAME="url.txt" PATH="SysDir"></FILE> <FILE NAME="0.log" PATH="SysDir"></FILE> <FILE NAME="biprep.exe" PATH="SysDir"></FILE> <FILE NAME="av.exe" PATH="SysDir"></FILE> <FILE NAME="bbb.exe" PATH="SysDir"></FILE> <FILE NAME="bi.exe" PATH="SysDir"></FILE> <FILE NAME="cdt_bbi8016.exe" PATH="SysDir"></FILE> <FILE NAME="cnbabeie.exe" PATH="SysDir"></FILE> <FILE NAME="ejfymsqx.exe" PATH="SysDir"></FILE> <FILE NAME="av.exe" PATH="c:\\"></FILE> <FILE NAME="syslaunch.exe" PATH="PFDir"></FILE> <FILE NAME="msgcenter_lminv1.exe" PATH="SysDir"></FILE> <FILE NAME="winfavorites.exe" PATH="SysDir"></FILE> <FILE NAME="randomiser.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="QISUNBZ"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="cyytqgax"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="iehelper"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Outwar"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacker of AOL profiles, provides no uninstall</DESCRIPTION> </SW> <SW NAME="NETObserve"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="netobserve.exe" PATH="PFDir\\exploreanywhere\\netobserve"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Allows someone to monitor all actions performed on your PC</DESCRIPTION> </SW> <SW NAME="ISpyNow"> <DIRECTORIES> <DIR NAME="iSpyNOW" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ispynow.exe" PATH="PFDir\\iSpyNOW"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="iSpyNOW"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Allows someone to monitor all actions performed on your PC</DESCRIPTION> </SW> <SW NAME="Backdoor.AcidBattery"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="acid.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Backdoor program used by hackers to control your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.IRC.Tastyred"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="metalrock.exe" PATH="SysDir"></FILE> <FILE NAME="metalrock.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows MeTaLRoCk service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Malpayo backdoor"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sys.exe" PATH="SysDir"></FILE> <FILE NAME="sys.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.Jeem"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msrexe.exe" PATH="SysDir"></FILE> <FILE NAME="msrexe.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.Lithium.103"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Shell32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.Sdbot.F"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="RunDll16.exe" PATH="WinDir"></FILE> <FILE NAME="RunDll16.exe" PATH="SysDir"></FILE> <FILE NAME="RunDll16.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="RDLL"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="RDLL"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{85C2C2A1-3F20-4EAD-ADC3-BD3217391543}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Backdoor Trojan that allows maliicious people direct access to your PC</DESCRIPTION> </SW> <SW NAME="Backdoor.Cabro"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ASDAPI.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LoadPowerProfile windir%\\ASDAPI.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="LoadPowerProfile windir%\\ASDAPI.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Backdoor that allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="Backdoor.Sdbot.S"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ntspcv.exe" PATH="SysDir"></FILE> <FILE NAME="ntspcv.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="Backdoor.Netsnake"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="internat.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Internat.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Copies your password information and emails it to the intruder</DESCRIPTION> </SW> <SW NAME="Backdoor.Lixy.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ssocks5.dll" PATH="SysDir"></FILE> <FILE NAME="ssocks5.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{1e1b2879-88ff-11d2-8d96-000000000004}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{1e1b2879-88ff-11d2-8d96-000000000004}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="HTMLEdit.SSocks32"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="HTMLEdit.SSocks32.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="HTMLEdit.SSocks32"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\CLASSES" VALUE="HTMLEdit.SSocks32.1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\Browser Helper Objects" VALUE="{1E1B2879-88FF-11D2-8D96-000000000004}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{1E1B2879-88FF-11D2-8D96-000000000003}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\Browser Helper Objects" VALUE="{1E1B2879-88FF-11D2-8D96-000000000003}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Backdoor trojan horse that allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="PowerStrip"> <DIRECTORIES> <DIR NAME="Presentia" PATH="PFDir\\Common Files"></DIR> <DIR NAME="PowerStrip" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="PowrStrp.dll" PATH="PFDir\\PowerStrip"></FILE> <FILE NAME="LTDMgr.exe" PATH="PFDir\\Common Files\\Presentia"></FILE> <FILE NAME="LSvr.exe" PATH="PFDir\\Common Files\\Presentia"></FILE> <FILE NAME="PSSetup.exe" PATH="PFDir\\Common Files\\Presentia"></FILE> <FILE NAME="PSOCX.DLL" PATH="PFDir\\Common Files\\Presentia"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LSvr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LTDMgr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PSSetup"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PowerStrip"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE " SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LTDMgr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE " SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="PSSetup"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE " SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LSvr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{669695BC-A811-4A9D-8CDF-BA8C795F261C}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet toolbar with a search box and some sponsored links</DESCRIPTION> </SW> <SW NAME="SearchSeekFind"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Sysreg.exe" PATH="SysDir"></FILE> <FILE NAME="Sysreg.exe" PATH="Sys32Dir"></FILE> <FILE NAME="OWMngr.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Sysreg"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="OWMngr"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Updates itself to keep your PC infected with adware/spyware</DESCRIPTION> </SW> <SW NAME="WebMail Spy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="webmailspy.exe" PATH="PFDir\\exploreanywhere\\webmail spy"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Claims to be "award winning" software that will record all web based email</DESCRIPTION> </SW> <SW NAME="WinLocator/WinLocatorHelper.dll"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winlocator.dll" PATH="SysDir"></FILE> <FILE NAME="winlocator.dll" PATH="Sys32Dir"></FILE> <FILE NAME="winlocatorhelper.dll" PATH="SysDir"></FILE> <FILE NAME="winlocatorhelper.dll" PATH="Sys32Dir"></FILE> <FILE NAME="updatewinlocator.exe" PATH="SysDir"></FILE> <FILE NAME="updatewinlocator.exe" PATH="Sys32Dir"></FILE> <FILE NAME="updatewinlocator.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{89aeab46-8e8a-4045-9003-5614bfbfe90b}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{89AEAB46-8E8A-4045-9003-5614BFBFE90B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{89AEAB46-8E8A-4045-9003-5614BFBFE90B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved" VALUE="{89AEAB46-8E8A-4045-9003-5614BFBFE90B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{8F0D6EED-BC11-4E7F-8276-9748947E4A50}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved" VALUE="{8F0D6EED-BC11-4E7F-8276-9748947E4A50}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{8F0D6EED-BC11-4E7F-8276-9748947E4A50}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Search toolbar with pornographic content</DESCRIPTION> </SW> <SW NAME="ClientMan.MSMC"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msccof.exe" PATH="Sys32Dir"></FILE> <FILE NAME="mscpbo.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msgdmf.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msccof.exe" PATH="SysDir"></FILE> <FILE NAME="mscpbo.exe" PATH="SysDir"></FILE> <FILE NAME="msgdmf.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="msmc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Clientman is a widespread advertising parasite used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="e-Group"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="egdial.dll" PATH="SysDir"></FILE> <FILE NAME="egdial.dll" PATH="Sys32Dir"></FILE> <FILE NAME="eghtmldialer.dll" PATH="Sys32Dir"></FILE> <FILE NAME="eghtmldialer.dll" PATH="SysDir"></FILE> <FILE NAME="egdhtml_1019.dll" PATH="Sys32`Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{94742e3f-d9a1-4780-9a87-2ffa43655da2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{486E48B5-ABF2-42BB-A327-2679DF3FB822}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{486E48B5-ABF2-42BB-A327-2679DF3FB822}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Delivers popup ads to your PC</DESCRIPTION> </SW> <SW NAME="ClipGenie"> <DIRECTORIES> <DIR NAME="ClipGenie" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="cg.exe" PATH="PFDir\\ClipGenie\\v1"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="ClipGenie"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE " SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="ClipGenie"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Displays banner ads and usually is installed with secondary applications</DESCRIPTION> </SW> <SW NAME="ClientMan.2in1"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="urlcli25e74486.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="urlclia30956de.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="trackurl5f9d991e.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="trackurl7f663945.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="searchrep8181a0e2.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="searchrep6706569a.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="msvrfy804449fd.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="gstylebhob76a4c84.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="dnsrepa9c22ca5.dll" PATH="PFDir\\clientman\\run"></FILE> <FILE NAME="2in1fd04f73f.dll" PATH="PFDir\\clientman\\run"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="CliMan"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="iPend"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ClientMan1"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="clientman"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Clientman is a widespread advertising parasite used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="MediaLoads Enhanced"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ss1.dll" PATH="PFDir\\Support Software"></FILE> <FILE NAME="ss2.dll" PATH="PFDir\\Support Software"></FILE> <FILE NAME="ME1.DLL" PATH="PFDir\\Medialoads Enhanced"></FILE> <FILE NAME="ME2.DLL" PATH="PFDir\\Medialoads Enhanced"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Monitors websites that you visit</DESCRIPTION> </SW> <SW NAME="ToolbarCC/Rnd"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="xxxx.dll" PATH="SysDir\\temp"></FILE> <FILE NAME="MSS.EXE" PATH="SysDir\\temp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffaf}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MatrixScreenSaver"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>3</DANGER_LEVEL> <DESCRIPTION>Steals searches and directs them to their sponsored results</DESCRIPTION> </SW> <SW NAME="WNAD"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wnad.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="wnad"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan that will multiply, as well as email people on your contact lists to infect them</DESCRIPTION> </SW> <SW NAME="Surfairy"> <DIRECTORIES> <DIR NAME="Surfairy" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SurfairyHelp.dll" PATH="PFDir\\Surfairy"></FILE> <FILE NAME="SurfairyPP.dll" PATH="PFDir\\Surfairy"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE" VALUE="surfairy"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Surfairy is an error page hijacker that redirects all error traffic to their pages</DESCRIPTION> </SW> <SW NAME="Aconti"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="aconti.exe" PATH="WinDir"></FILE> <FILE NAME="aconti.ini" PATH="WinDir"></FILE> <FILE NAME="aconti.log" PATH="WinDir"></FILE> <FILE NAME="aconti.sdb" PATH="WinDir"></FILE> <FILE NAME="acontidialer.txt" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge</DESCRIPTION> </SW> <SW NAME="ShopForGood/TGDC"> <DIRECTORIES> <DIR NAME="tgdc" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="Winy.dll" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="tgdc.exe" PATH="PFDir\\tgdc"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{05bbb56a-2a69-4a5c-bfda-43295dd67434}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{05BBB56A-2A69-4A5C-BFDA-43295DD67434}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{05BBB56A-2A69-4A5C-BFDA-43295DD67434}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{05BBB56A-2A69-4A5C-BFDA-43295DD67434}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{05BBB56A-2A69-4A5C-BFDA-43295DD67434}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Redirects proper affiliate traffic to steal commissions</DESCRIPTION> </SW> <SW NAME="ZeroPopupBar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="zp.dll" PATH="SysDir"></FILE> <FILE NAME="zeropopupbar.dll" PATH="SysDir"></FILE> <FILE NAME="zeropopupbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Hijacks homepage and search settings with a provided popup blocker toolbar</DESCRIPTION> </SW> <SW NAME="AdvSearch"> <DIRECTORIES> <DIR NAME="BrowseProxy" PATH="WinDir"></DIR> <DIR NAME="AdvSearch" PATH="PFDir"></DIR> <DIR NAME="cache" PATH="PFDir\\AdvSearch"></DIR> </DIRECTORIES> <FILES> <FILE NAME="spredirect.dll" PATH="SysDir"></FILE> <FILE NAME="spredirect.dll" PATH="Sys32Dir"></FILE> <FILE NAME="cliner.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="FindDll.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="MailBook.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="mailbookproxy.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="MyDll.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="Nn7Dll.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="NnDll.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="pluginst.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="spredirect.dll" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="findservice.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="regsvr32.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="update.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="updater.exe" PATH="PFDir\\AdvSearch"></FILE> <FILE NAME="updaterproxy.dll" PATH="PFDir\\AdvSearch"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{92C7D65C-52F3-4545-8A35-213D730DB1ED}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{92C7D65C-52F3-4545-8A35-213D730DB1ED}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BrowseProxy"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Address bar hijacker for internet explorer</DESCRIPTION> </SW> <SW NAME="W32.Sobig.F@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winppr32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="trayx"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="trayx"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that sounds out massive amounts of email from your PC, slowing your internet and PC performance</DESCRIPTION> </SW> <SW NAME="MadFinder"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="svc.exe" PATH="Sys32Dir"></FILE> <FILE NAME="svc.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="svc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacker that will change your internet browser settings and redirect your search traffic</DESCRIPTION> </SW> <SW NAME="MediaUpdate - SafeSurfing/MediaUpdate"> <DIRECTORIES> <DIR NAME="MediaUpdate" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ssurf022.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ssurf022.dll" PATH="SysDir"></FILE> <FILE NAME="ssurf022.dll" PATH="WinDir"></FILE> <FILE NAME="medup012.dll" PATH="Sys32Dir"></FILE> <FILE NAME="medup012.dll" PATH="SysDir"></FILE> <FILE NAME="medup012.dll" PATH="WinDir"></FILE> <FILE NAME="SSUpdate.exe" PATH="SysDir"></FILE> <FILE NAME="SSUpdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="SSUpdate.exe" PATH="WinDir"></FILE> <FILE NAME="medup020.dll" PATH="SysDir"></FILE> <FILE NAME="medup020.dll" PATH="Sys32Dir"></FILE> <FILE NAME="medup020.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Invictus"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="SafeSurfing"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID " VALUE="{D8E25C53-9508-4f5c-9249-D98D438891D5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{D8E25C53-9508-4f5c-9249-D98D438891D5}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SafeSurfingUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="UpdateMedia"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Opens popup windows as well as monitors the webpages you visit</DESCRIPTION> </SW> <SW NAME="Whenu-ClockSync"> <DIRECTORIES> <DIR NAME="ClockSync" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="uninst.exe" PATH="PFDir\\ClockSync"></FILE> <FILE NAME="sync.exe" PATH="PFDir\\ClockSync"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="ClockSync"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ClockSync"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Delivers pop up advertisements to your PC</DESCRIPTION> </SW> <SW NAME="SpyBlast"> <DIRECTORIES> <DIR NAME="spyblast" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SpyBlast.exe" PATH="PFDir\\SpyBlast"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SpyBlast"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Pretends to be a spyware blocker, but instead injects spyware into the PC</DESCRIPTION> </SW> <SW NAME="BookedSpace/Remanent/BS2"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="rem00001.dll" PATH="WinDir"></FILE> <FILE NAME="bs2.dll" PATH="WinDir"></FILE> <FILE NAME="bs3.dll" PATH="Windir"></FILE> <FILE NAME="oo4.dll" PATH="Windir"></FILE> <FILE NAME="bsx5.dll" PATH="Windir"></FILE> <FILE NAME="bxxs5.dll" PATH="Windir"></FILE> <FILE NAME="bs2.dll" PATH="SysDir"></FILE> <FILE NAME="bs2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="bs3.dll" PATH="SysDir"></FILE> <FILE NAME="bs3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="rem00001.dll" PATH="SysDir"></FILE> <FILE NAME="rem00001.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="bookedspace"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{0019c3e2-dd48-4a6d-ab2d-8d32436313d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{0019c3e2-dd48-4a6d-abcd-8d32436323d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{2b3452c5-1b9a-440f-a203-f6ed0f64c895}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{392be62b-e7de-430a-8859-0afe677de6e1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0019c3e2-dd48-4a6d-ab2d-8d32436313d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0019c3e2-dd48-4a6d-abcd-8d32436323d9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2b3452c5-1b9a-440f-a203-f6ed0f64c895}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{392be62b-e7de-430a-8859-0afe677de6e1}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Remanent"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bxsx5"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bxxsx5"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bookedspace"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bsx3"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="bxxs5"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser helper object that is silently installed and used to show advertisements.</DESCRIPTION> </SW> <SW NAME="DefaultSearch.SeekSeek"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ieasst.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5074851C-F67A-488E-A9C9-C244573F4068}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{5074851C-F67A-488E-A9C9-C244573F4068}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that changes your browser settings</DESCRIPTION> </SW> <SW NAME="IncrediFind/flowgobar"> <DIRECTORIES> <DIR NAME="flowgobar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="incfindbho.dll" PATH="PFDir\\IncrediFind\\BHO"></FILE> <FILE NAME="flgobar.dll" PATH="PFDir\\flowgobar\\toolbar"></FILE> <FILE NAME="flgobar.dll" PATH="SysDir"></FILE> <FILE NAME="flgobar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="incfindbho.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5D60FF48-95BE-4956-B4C6-6BB168A70310}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{5D60FF48-95BE-4956-B4C6-6BB168A70310}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\internet explorer\\toolbar\\webbrowser" VALUE="{4e7bd74f-2b8d-469e-c0ff-fd63b399bc7d}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4e7bd74f-2b8d-469e-c0ff-fd63b399bc7d}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacks your error page settings as well as browser settings</DESCRIPTION> </SW> <SW NAME="GSim"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="gsim.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacker that changes your browser settings</DESCRIPTION> </SW> <SW NAME="DialXS"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Classid" VALUE="{9b4aa442-9ebf-11d5-8c11-0050da4957f5}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Used by high cost dialers to install their software on your PC to dial out without your permission</DESCRIPTION> </SW> <SW NAME="ExpExt"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="expext.dll" PATH="SysDir"></FILE> <FILE NAME="expext.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\BrowserHelperObjects" VALUE="{23BC1CCF-4BE7-497F-B154-6ADA68425FBB}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{23bc1ccf-4be7-497f-b154-6ada68425fbb}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{23bc1ccf-4be7-497f-b154-6ada68425fbb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{23bc1ccf-4be7-497f-b154-6ada68425fbb}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{23bc1ccf-4be7-497f-b154-6ada68425fbb}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Malicious .dll whose purpose is unknown</DESCRIPTION> </SW> <SW NAME="WStart.dll"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WStart.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>A browser helper object reported to slow down internet explorer</DESCRIPTION> </SW> <SW NAME="SearchCounter"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="tips.ini" PATH="WinDir\\Web"></FILE> <FILE NAME="hh.htt" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Main\\Use Search Assistant" VALUE="yes"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Styles\\User Stylesheet" VALUE="C:\\WINDOWS\\hh.htt"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Styles\\User Stylesheet" VALUE="c:\\Winnt\\hh.htt"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Styles\\User Stylesheet\\Use My Stylesheet" VALUE="dword:00000001"></REGVALUE> <REGVALUE MAIN="HKEY_USERS" SUB=".DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ReconfLast" VALUE="dword:07D30C01"></REGVALUE> <REGVALUE MAIN="HKEY_USERS" SUB=".DEFAULT\\Software\\Microsoft\\Internet Explorer\\Main\\Use SearchAssistant" VALUE="yes"></REGVALUE> <REGVALUE MAIN="HKEY_USERS" SUB=".DEFAULT\\Software\\Microsoft\\Internet Explorer\\Styles\\User Stylesheet" VALUE="C:\\WINDOWS\\Web\\tips.ini"></REGVALUE> <REGVALUE MAIN="HKEY_USERS" SUB=".DEFAULT\\Software\\Microsoft\\Internet Explorer\\Styles\\User Stylesheet" VALUE="C:\\Winnt\\Web\\tips.ini"></REGVALUE> <REGVALUE MAIN="HKEY_USERS" SUB=".DEFAULT\\Software\\Microsoft\\Internet Explorer\\Styles\\Use My Stylesheet" VALUE="dword:00000001"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Stylesheet hijacks used by the Coolwebsearch hijacker</DESCRIPTION> </SW> <SW NAME="W32.Kwbot.P.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mscommand.exe" PATH="SysDir"></FILE> <FILE NAME="mscommand.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Efficiency Monitor"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="System Efficiency Monitor"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that attempts to spread itself and allows unauthorized persons to control your PC</DESCRIPTION> </SW> <SW NAME="W32.P2P.Tanked/W32.Kwbot.C.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="system32.exe" PATH="SysDir"></FILE> <FILE NAME="system32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="cmd32.exe" PATH="SysDir"></FILE> <FILE NAME="cmd32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SystemSAS"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="SystemSAS"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce" VALUE="SystemSAS"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CMD"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="CMD"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce" VALUE="CMD"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="2020Search"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="2020Search.dll" PATH="SysDir"></FILE> <FILE NAME="2020Search.dll" PATH="Sys32Dir"></FILE> <FILE NAME="2020Search.dll" PATH="WinDir"></FILE> <FILE NAME="2020search2.dll" PATH=""></FILE> <FILE NAME="2020install.exe" PATH=""></FILE> <FILE NAME="mssvr.exe" PATH=""></FILE> <FILE NAME="irsetup.exe" PATH="WinDir\\temp"></FILE> <FILE NAME="bjam.dll" PATH=""></FILE> <FILE NAME="mspphe.dll" PATH=""></FILE> <FILE NAME="2020install.exe" PATH="WinDir"></FILE> <FILE NAME="2020search2.dll" PATH="WinDir"></FILE> <FILE NAME="2020search.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="2020search.inf" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="mssvr.exe" PATH="WinDir"></FILE> <FILE NAME="2020search2.dll" PATH="SysDir"></FILE> <FILE NAME="2020search2.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{4e1075f4-eec4-4a86-add7-cd5f52858c31}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{fc2493d6-a673-49fe-a2ee-efe03e95c27c}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="gorsdn.contextitem"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="gorsdn.contextitem.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{eaf2ccee-21a1-4203-9f36-4929fd104d43}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{48da6120-a779-4c12-8584-47b625efb469}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{4e1075f4-eec4-4a86-add7-cd5f52858c31}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\InternetExplorer\\Toolbar\\WebBrowser" VALUE="{4E1075F4-EEC4-4A86-ADD7-CD5F52858C31}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\InternetExplorer\\Toolbar" VALUE="{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4e1075f4-eec4-4a86-add7-cd5f52858c31}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\internet explorer\\toolbar\\webbrowser" VALUE="{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet explorer toolbar with a silent update feature</DESCRIPTION> </SW> <SW NAME="W32.Randex.S"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="CSysTime.exe" PATH="SysDir"></FILE> <FILE NAME="CSysTime.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System time updator"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="System time updator"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that is spread through file sharing networks.slow down your PC</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Anig"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NTOSA32.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="System\\CurrentControlSet\\Services" VALUE="dfcsvc"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Osa32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="W32.Beagle.C@mm/W32.Bagle.c@MM"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="README.EXE" PATH="SysDir"></FILE> <FILE NAME="README.EXE" PATH="Sys32Dir"></FILE> <FILE NAME="DOC.EXE" PATH="SysDir"></FILE> <FILE NAME="DOC.EXE" PATH="Sys32Dir"></FILE> <FILE NAME="ONDE.EXE" PATH="SysDir"></FILE> <FILE NAME="ONDE.EXE" PATH="Sys32Dir"></FILE> <FILE NAME="README.EXEOPEN" PATH="SysDir"></FILE> <FILE NAME="README.EXEOPEN" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="gouday.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Deadhat"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sms.exe" PATH="SysDir"></FILE> <FILE NAME="sms.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="KernelFaultChk"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="Instant Access Dialer.C"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="EGDHTML_1024.dll" PATH="SysDir"></FILE> <FILE NAME="EGDHTML_1024.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Instant Access.lnk" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Instant Access"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge</DESCRIPTION> </SW> <SW NAME="W32.Netsky@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="services.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives.</DESCRIPTION> </SW> <SW NAME="W32.Gaobot.WO"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="netlink32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="NetLink"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="NetLink"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>W32.Gaobot.WO is a variant of W32.Gaobot.gen.This Worm spread through file sharing networks.Will slow down your PC</DESCRIPTION> </SW> <SW NAME="W32.Beagle.K@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winsys.exe" PATH="Sys32Dir"></FILE> <FILE NAME="winsys.exeopen" PATH="SysDir"></FILE> <FILE NAME="winsys.exeopen" PATH="Sys32Dir"></FILE> <FILE NAME="winsys.exeopenopen" PATH="SysDir"></FILE> <FILE NAME="winsys.exeopenopen" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Gaobot.AAY"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winlink32.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Winlink"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Winlink"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="CoolWebSearch.xpsystem"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="y.exe" PATH="Sys32Dir\\services"></FILE> <FILE NAME="1.00.07.dll" PATH="SysDir\\services"></FILE> <FILE NAME="SERVICES.EXE" PATH="SysDir32\\services"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{5321E378-FFAD-4999-8C62-03CA8155F0B3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5321E378-FFAD-4999-8C62-03CA8155F0B3}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="xpsystem"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="xpsystem"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Wide range of different browser hijackers - related to CoolWebSearch.</DESCRIPTION> </SW> <SW NAME="W32.Gibe@mm/Slammer worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BcTool.exe" PATH="WinDir"></FILE> <FILE NAME="GFXACC.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="3dfx Acc"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="LoadDBackup"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Daboom"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="systray32.exe" PATH="SysDir"></FILE> <FILE NAME="systray32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ActiveDesktop"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Backzat.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BatzBack.scr" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BatzBack"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that will attempt to spread itself and remove security software on your computer.</DESCRIPTION> </SW> <SW NAME="IAGold"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0a1a2a3a-4a5a-6a7a-8a9a-aabacadaeafa}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware that will display advertisements on your PC.</DESCRIPTION> </SW> <SW NAME="HTMLEdit"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="lie1d6ff.dll" PATH="SysDir"></FILE> <FILE NAME="lie1d6ff.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{81270159-e8f9-4713-9646-03531e0eef58}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that will change your internet settings.</DESCRIPTION> </SW> <SW NAME="Activity Monitor/Probot activity monitor"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="pbcommon.dll" PATH="SysDir"></FILE> <FILE NAME="pbcommon.dll" PATH="Sys32Dir"></FILE> <FILE NAME="actmon.chm" PATH=""></FILE> <FILE NAME="amagent35.exe" PATH=""></FILE> <FILE NAME="amaware.dll" PATH=""></FILE> <FILE NAME="amhelp.chm" PATH=""></FILE> <FILE NAME="amonitor35f.exe" PATH=""></FILE> <FILE NAME="awmsg.dat" PATH=""></FILE> <FILE NAME="bcgcbpro671.dll" PATH=""></FILE> <FILE NAME="dconsole.dll" PATH=""></FILE> <FILE NAME="dpexec.exe" PATH=""></FILE> <FILE NAME="iphelper.dll" PATH=""></FILE> <FILE NAME="logexp.dll" PATH=""></FILE> <FILE NAME="slgr.dll" PATH=""></FILE> <FILE NAME="swatcher.exe" PATH=""></FILE> <FILE NAME="swkbhk.dll" PATH=""></FILE> <FILE NAME="swmain.dll" PATH=""></FILE> <FILE NAME="swsys.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="swclient"></REGVALUE> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{312fa154-e1b7-4336-9833-ee6b38d58b56}"></REGKEY> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Key Logger that runs in the background, recording all the keystrokes.</DESCRIPTION> </SW> <SW NAME="WishBone/WishBone Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="wbm.dll" PATH="Sys32Dir"></FILE> <FILE NAME="wbm.dll" PATH="SysDir"></FILE> <FILE NAME="minst.dll" PATH="SysDir"></FILE> <FILE NAME="minst.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{3aa90bc2-58c0-4f4d-a87c-2c6f3d3cd5fe}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that will change your internet settings.</DESCRIPTION> </SW> <SW NAME="TheLocalSearch/TheLocalSearch Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="qi32.dll" PATH="WinDir"></FILE> <FILE NAME="Tlsbar.dll" PATH="SysDir"></FILE> <FILE NAME="Tlsbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Tlsbar.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4B8E6575-1013-45e9-BF77-9852ECEF07A9}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Search toolbar known to install stealthily and also displays advertisements.</DESCRIPTION> </SW> <SW NAME="W32.Vote.D/W32.Vote.E/W32.Vote.K"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WTC32.scr" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="VBS.Notup.A@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ChkMgr32.vbs" PATH="SysDir"></FILE> <FILE NAME="ChkMgr32.vbs" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Titog.C.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="nabv32.exe" PATH="SysDir"></FILE> <FILE NAME="nabv32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="anbv32"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="anbv32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Swen.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Germs0.dbv" PATH="WinDir"></FILE> <FILE NAME="Swen1.dat" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Smibag.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="raw32x.dll" PATH="WinDir"></FILE> <FILE NAME="sm.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="svchost"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Attempts to spread itself through MSN messenger.</DESCRIPTION> </SW> <SW NAME="W32.Repad.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="st01b.exe" PATH="SysDir"></FILE> <FILE NAME="st01b.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Tray32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that is spread through file sharing networks. Will slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Ronoper.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Systools.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System Toolkit"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that is spread through file sharing networks. Will slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Randex.Q"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="musirc4.71.exe" PATH="SysDir"></FILE> <FILE NAME="musirc4.71.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MusIRC (irc.musirc.com) client"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.Randex.P"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Cnqmax.exe" PATH="SysDir"></FILE> <FILE NAME="Cnqmax.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Mspatch89"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.Randex.J"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="spoler.exe" PATH="SysDir"></FILE> <FILE NAME="spoler.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="helpmanager"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.Randex.C"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="gesfm32.exe" PATH="SysDir"></FILE> <FILE NAME="gesfm32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Microsoft Netview"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Microsoft Netview"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.Quaters.A@mm/W32.Blare@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ACCOUNT_DETAILS.DOC.exe" PATH="PFDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows Task Manager"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that is spread through file sharing networks. Will slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Patoo@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Msngrblock.exe" PATH="WinDir"></FILE> <FILE NAME="MSN Ad Blocker.exe" PATH="PFDir\\Kazaa\\My Shared Folder"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Pandem.C.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="videomgr.exe" PATH="SysDir"></FILE> <FILE NAME="videomgr.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Video Manager"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Neroma@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Nerosys.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="Trojan.Win32.DSS"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\WindowsNT\\CurrentVersion\\Winlogon" VALUE="openme.exe"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Win32Info/TROJ_DLUCA.F"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Win32info.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="win32info"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Downloading trojan used to download various applications to your PC.</DESCRIPTION> </SW> <SW NAME="ClickToSearch/BestPhrases"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BPV2S.DLL" PATH="SysDir"></FILE> <FILE NAME="BPV2S.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="BPV2T.DLL" PATH="SysDir"></FILE> <FILE NAME="BPV2T.DLL" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{F4A645D0-D4D5-439E-9DBC-B31BBD9CB890}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{F4A645D0-D4D5-439E-9DBC-B31BBD9CB890}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser hijacker that will change your internet settings.</DESCRIPTION> </SW> <SW NAME="PeopleOnPage/PeopleOnPage.AproposMedia"> <DIRECTORIES> <DIR NAME="pop" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="sysmonn.exe" PATH=""></FILE> <FILE NAME="sysmono.exe" PATH=""></FILE> <FILE NAME="popsrv184.exe" PATH=""></FILE> <FILE NAME="popsrv205.exe" PATH="PFDir\\pop"></FILE> <FILE NAME="pop205.dll" PATH=""></FILE> <FILE NAME="monpop.exe" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="aproposplugin.dll" PATH="PFDir\\aproposclient"></FILE> <FILE NAME="aproposplugin.dll" PATH="PFDir\\sysai"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\explorer\\browser helper objects" VALUE="{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE" VALUE="Apropos"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{65c8c1f5-230e-4dc9-9a0d-f3159a5e7778}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="pop"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar consisting of an advertising component.</DESCRIPTION> </SW> <SW NAME="WeatherCast"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Weather.exe" PATH="PFDir\\WeatherCast"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="weathercast"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Weather program distributed by WhenU, an adware company, used to deliver advertisements to your PC.</DESCRIPTION> </SW> <SW NAME="WebDialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="od-dflt0001.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="C:\\Program Files\\Webdialer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge.</DESCRIPTION> </SW> <SW NAME="MemoryMeter"> <DIRECTORIES> <DIR NAME="memorymeter" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="memorymeter.exe" PATH="PFDir\\memorymeter"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="memorymeter"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware that monitors your system memory, comes with advertising.</DESCRIPTION> </SW> <SW NAME="IETray"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iemsg.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ers_def.htm" PATH="WinDir\\web"></FILE> <FILE NAME="ers_src.htm" PATH="WinDir\\web"></FILE> <FILE NAME="iemsg.dll" PATH="SysDir"></FILE> <FILE NAME="csrss.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{BD51AEC6-7991-4A60-94D6-D5FEBB655D10}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{BD51AEC6-7991-4A60-94D6-D5FEBB655D10}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CSRSS"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Search Sidebar hijacker known to display advertisements.</DESCRIPTION> </SW> <SW NAME="Apophis Spy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="zxrwvh.dll" PATH="SysDir"></FILE> <FILE NAME="zxrwvh.exe" PATH="SysDir"></FILE> <FILE NAME="aspy_srv.exe" PATH=""></FILE> <FILE NAME="editkeylogger.exe" PATH=""></FILE> <FILE NAME="keylogger.exe" PATH=""></FILE> <FILE NAME="lisez moi.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\runservices" VALUE="regkeyname"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Key Logger that runs in the background, recording all the keystrokes. </DESCRIPTION> </SW> <SW NAME="Adtomi"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="pRmvr.exe" PATH=""></FILE> <FILE NAME="YSTCKAO32.EXE" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="YahooStock"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="pRmvr.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adtomi hi-jacks your home page and open pop-up windows.</DESCRIPTION> </SW> <SW NAME="Adgoblin/Adsincontext"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ftpcutrs2.dll" PATH="SysDir"></FILE> <FILE NAME="iudq.dll" PATH="Sys32Dir"></FILE> <FILE NAME="icbmp.dll" PATH="Sys32Dir"></FILE> <FILE NAME="DRMV2ICLT.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="Daxtime.dll" PATH="Sys32Dir"></FILE> <FILE NAME="thid.dll" PATH="Sys32Dir"></FILE> <FILE NAME="eventlowg.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ftpcutrs2.dll" PATH=""></FILE> <FILE NAME="iudq.dll" PATH=""></FILE> <FILE NAME="icbmp.dll" PATH=""></FILE> <FILE NAME="DRMV2ICLT.DLL" PATH=""></FILE> <FILE NAME="Daxtime.dll" PATH=""></FILE> <FILE NAME="thid.dll" PATH=""></FILE> <FILE NAME="eventlowg.dll" PATH=""></FILE> <FILE NAME="dandgerous creatures.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Hijacker that hijacks your internet settings</DESCRIPTION> </SW> <SW NAME="AdGoblin.plathping"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="plathping.exe" PATH=""></FILE> <FILE NAME="plathping.exe" PATH="SysDir"></FILE> <FILE NAME="plathping.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="plathping.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It changes browser settings and shows commercial adverts. It stays resident in background. </DESCRIPTION> </SW> <SW NAME="AdGoblin.foontext"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="foontext.dll" PATH="SysDir"></FILE> <FILE NAME="foontext.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{3182C8AB-5A3E-4644-80DA-647417799B11}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{3182C8AB-5A3E-4644-80DA-647417799B11}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a browser helper object that open pop-up windows. </DESCRIPTION> </SW> <SW NAME="Adtest"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msfiles.exe" PATH="WinDir"></FILE> <FILE NAME="intnets.exe" PATH="Sys32Dir"></FILE> <FILE NAME="scridows.exe" PATH="Sys32Dir"></FILE> <FILE NAME="sysinfer.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a browser hijacker that resets your browser's settings to point to other sites. </DESCRIPTION> </SW> <SW NAME="TopSearch"> <DIRECTORIES> <DIR NAME="altnet" PATH="PFDir"></DIR> <DIR NAME="altnet" PATH="WinDir\\Temp"></DIR> <DIR NAME="points manager" PATH="PFDir\\altnet"></DIR> <DIR NAME="My Altnet Shares" PATH="PFDir\\altnet"></DIR> <DIR NAME="Bullguard Protection" PATH="PFDir\\altnet\\My Altnet Shares"></DIR> <DIR NAME="localpages" PATH="PFDir\\altnet\\points manager"></DIR> </DIRECTORIES> <FILES> <FILE NAME="topsearch.dll" PATH="PFDir\\kazaa lite"></FILE> <FILE NAME="altnet.css" PATH="PFDir\\altnet\\points manager\\localpages"></FILE> <FILE NAME="asmps.dll" PATH=""></FILE> <FILE NAME="points manager.exe" PATH=""></FILE> <FILE NAME="pminstall.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="pmfiles.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="pmexe.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="mysearch.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="dminstall3.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="dmfiles.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="setup.cab" PATH="WinDir\\Temp\\altnet"></FILE> <FILE NAME="dminfo3.cab" PATH="WinDir\\Temp\\altnet"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Browser Helper Object. A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules.</DESCRIPTION> </SW> <SW NAME="RelatedLinks"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="lbbho.dll" PATH="SysDir"></FILE> <FILE NAME="lbbho.dll" PATH="Sys32Dir"></FILE> <FILE NAME="lbbho.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{efd84954-6b46-42f4-81f3-94ce9a77052d}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="Infotel srl"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{ffff0003-0001-101a-a3c9-08002b2f49fb}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="ABetterInternet.susp"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="susp.exe" PATH="WinDir"></FILE> <FILE NAME="Susp.ini" PATH="WinDir"></FILE> <FILE NAME="Susp.inf" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SUSP"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>ABetterInternet.susp is runs at start up. It has been reported to display targeted pop-up ads.</DESCRIPTION> </SW> <SW NAME="VBS.FREELINK"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="links.vbs" PATH="WinDir"></FILE> <FILE NAME="rundll.vbs" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="rundll"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an encrypted worm virus written in VBScript language that is capable of infecting Windows 95/98/2000. This destructive virus is capable of sending a copy of itself through MSOutlook, MIRC, PIRCH and mapped network directories.</DESCRIPTION> </SW> <SW NAME="CoolSavings"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cpnmgr.dll" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{549F957E-2F89-11D6-8CFE-00C04F52B225}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{549F957E-2F89-11D6-8CFE-00C04F52B225}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="ChatBlocker"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="chatblocker.exe" PATH="PFDir\\exploreanywhere\\chatblocker"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="1Win32Cfg"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a KeyLogger that runs in the background, recording all the keystrokes.</DESCRIPTION> </SW> <SW NAME="AtHoc Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="athoctbr.dll" PATH="SysDir"></FILE> <FILE NAME="athoctbr.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{001f2470-5df5-11d3-b991-00a0c9bb0874}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{001f2470-5df5-11d3-b991-00a0c9bb0874}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{001f2470-5df5-11d3-b991-00a0c9bb0874}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{001f2470-5df5-11d3-b991-00a0c9bb0874}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{001f2470-5df5-11d3-b991-00a0c9bb0874}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="AdLogix"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="phelper.dll" PATH="SysDir"></FILE> <FILE NAME="phelper.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{024de5eb-3649-445e-8d57-c09a9a33d479}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{024de5eb-3649-445e-8d57-c09a9a33d479}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{024de5eb-3649-445e-8d57-c09a9a33d479}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{024de5eb-3649-445e-8d57-c09a9a33d479}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{024de5eb-3649-445e-8d57-c09a9a33d479}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a browser helper object and brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="WebSearch"> <DIRECTORIES> <DIR NAME="websearch" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="websearch1.exe" PATH="PFDir\\websearch"></FILE> <FILE NAME="spotonbh.dll" PATH="SysDir"></FILE> <FILE NAME="spotonbh.dll" PATH="Sys32Dir"></FILE> <FILE NAME="xzxsv.wzg" PATH=""></FILE> <FILE NAME="Stoolbar.dll" PATH="SysDir"></FILE> <FILE NAME="Stoolbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{001DAE60-95C0-11d3-924E-009027950886}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{001DAE60-95C0-11d3-924E-009027950886}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{001DAE60-95C0-11d3-924E-009027950886}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{001DAE60-95C0-11d3-924E-009027950886}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{001DAE60-95C0-11d3-924E-009027950886}"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{6A85D97D-665D-4825-8341-9501AD9F56A3}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{4e7bd74f-2b8d-469e-a3fa-f363b384b77d}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Hijacker that resets your browser's settings to point to other sites.</DESCRIPTION> </SW> <SW NAME="W32.Netsky.H@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="maja.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning hard drives and mapped drives. </DESCRIPTION> </SW> <SW NAME="AutoStartup"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ac.aut" PATH="WinDir"></FILE> <FILE NAME="ib.exe" PATH="WinDir"></FILE> <FILE NAME="unast.exe" PATH="WinDir"></FILE> <FILE NAME="AST.EXE" PATH="WinDir"></FILE> <FILE NAME="AST.EXE" PATH="SysDir"></FILE> <FILE NAME="AST.EXE" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ast"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="astart"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It employs a user's Internet connection in the background without their knowledge or explicit permission, and gathers/transmits info on the user, their machine, or their behavior.</DESCRIPTION> </SW> <SW NAME="I Love You"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iloveyou.txt" PATH=""></FILE> <FILE NAME="iloveyou.vbs" PATH=""></FILE> <FILE NAME="lovele~1.vbs" PATH=""></FILE> <FILE NAME="vbs-mail.vbs" PATH=""></FILE> <FILE NAME="_ilove~1.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.It may replace files, but do not insert themselves into files (as viruses do).</DESCRIPTION> </SW> <SW NAME="MSBlast.b"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msblast.exe" PATH=""></FILE> <FILE NAME="msblast_unpacked.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="windows auto update"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.It may replace files, but do not insert themselves into files (as viruses do).</DESCRIPTION> </SW> <SW NAME="W32.Spybot Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.It may replace files, but do not insert themselves into files (as viruses do).</DESCRIPTION> </SW> <SW NAME="I-Worm.Mimail.i"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mimail-l_unpacked.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="svchost32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.It may replace files, but do not insert themselves into files (as viruses do).</DESCRIPTION> </SW> <SW NAME="W32.Netsky.I@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="fooding.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Tiny AV"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses.</DESCRIPTION> </SW> <SW NAME="Global Killer 1.0"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ieloader.dll" PATH="WinDir\\downloaded program files"></FILE> <FILE NAME="cliente.exe" PATH=""></FILE> <FILE NAME="instrucciones de uso.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="SiteHistory"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="changeurl_30.dll" PATH="SysDir"></FILE> <FILE NAME="changeurl_30.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{0345b059-8731-42bc-b7b7-5121014b02c6}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0345b059-8731-42bc-b7b7-5121014b02c6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{0345b059-8731-42bc-b7b7-5121014b02c6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{0345b059-8731-42bc-b7b7-5121014b02c6}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0345b059-8731-42bc-b7b7-5121014b02c6}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Hijacker that resets your browser's settings to point to other sites.</DESCRIPTION> </SW> <SW NAME="Excite Search bar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="x8bar.dll" PATH="SysDir"></FILE> <FILE NAME="x8bar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="x8bar.dll" PATH="PFDir\\excite\\x8bar\\1.bin"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{04719991-296F-4958-AA0F-FA25FFA5008B}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Likely to slow performance of Internet Explorer.</DESCRIPTION> </SW> <SW NAME="B-S Spy/PWSteal.BStroj"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="YUpdater.exe" PATH="SysDir"></FILE> <FILE NAME="YPager.exe" PATH="SysDir"></FILE> <FILE NAME="msmsngs.exe" PATH="SysDir"></FILE> <FILE NAME="YUpdater.exe" PATH="Sys32Dir"></FILE> <FILE NAME="YPager.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msmsngs.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Sys"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Sys"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="System"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Sysmsn"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="IBIS Toolbar"> <DIRECTORIES> <DIR NAME="btlink" PATH="PFDir\\common files"></DIR> <DIR NAME="toolbar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{26e8361f-bce7-4f75-a347-98c88b418322}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{26e8361f-bce7-4f75-a347-98c88b418322}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Browser Helper Object. A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules.</DESCRIPTION> </SW> <SW NAME="W32.Sasser.B.Worm/W32.Sasser.C.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="avserve2.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="avserve2.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of affected systems.</DESCRIPTION> </SW> <SW NAME="W32.Sasser.A.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="avserve.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="avserve.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of affected systems.</DESCRIPTION> </SW> <SW NAME="W32.Sasser.D.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="skynetave.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="skynetave.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of affected systems.</DESCRIPTION> </SW> <SW NAME="W32.Sasser.E.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="lsasss.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="lsasss.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of affected systems.</DESCRIPTION> </SW> <SW NAME="Beast"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msaria.com" PATH="WinDir\\command"></FILE> <FILE NAME="msdgqt.com" PATH="WinDir\\command"></FILE> <FILE NAME="msdvnp.com" PATH="WinDir\\command"></FILE> <FILE NAME="mshiye.com" PATH="WinDir\\command"></FILE> <FILE NAME="msisai.com" PATH="WinDir\\command"></FILE> <FILE NAME="msndxp.com" PATH="WinDir\\command"></FILE> <FILE NAME="msocge.com" PATH="WinDir\\command"></FILE> <FILE NAME="msqlxh.com" PATH="WinDir\\command"></FILE> <FILE NAME="mswnqu.com" PATH="WinDir\\command"></FILE> <FILE NAME="dxdgns.dll" PATH="WinDir"></FILE> <FILE NAME="msag.com" PATH="WinDir\\msagent"></FILE> <FILE NAME="comsv.com" PATH="SysDir\\com"></FILE> <FILE NAME="mscom32.com" PATH="SysDir\\com"></FILE> <FILE NAME="hlir.blf" PATH="SysDir"></FILE> <FILE NAME="hservms.exe" PATH="SysDir"></FILE> <FILE NAME="kb.tlg" PATH="SysDir"></FILE> <FILE NAME="kd.txs" PATH="SysDir"></FILE> <FILE NAME="kl.dli" PATH="SysDir"></FILE> <FILE NAME="kl.tti" PATH="SysDir"></FILE> <FILE NAME="msbeku.com" PATH="SysDir"></FILE> <FILE NAME="msbwdr.com" PATH="SysDir"></FILE> <FILE NAME="msbxbs.com" PATH="SysDir"></FILE> <FILE NAME="mshlir.com" PATH="SysDir"></FILE> <FILE NAME="mshost.exe" PATH="SysDir"></FILE> <FILE NAME="msoksw.com" PATH="SysDir"></FILE> <FILE NAME="mspfgf.com" PATH="SysDir"></FILE> <FILE NAME="msqmqr.com" PATH="SysDir"></FILE> <FILE NAME="msujop.com" PATH="SysDir"></FILE> <FILE NAME="msyrmu.com" PATH="SysDir"></FILE> <FILE NAME="oksw.blf" PATH="SysDir"></FILE> <FILE NAME="shell32.com" PATH="SysDir"></FILE> <FILE NAME="ujop.blf" PATH="SysDir"></FILE> <FILE NAME="wb.com" PATH="SysDir\\wbem"></FILE> <FILE NAME="wsv.com" PATH="SysDir\\wbem"></FILE> <FILE NAME="beast191.exe" PATH=""></FILE> <FILE NAME="beast192.exe" PATH=""></FILE> <FILE NAME="beast2.00.exe" PATH=""></FILE> <FILE NAME="beast2.01.exe" PATH=""></FILE> <FILE NAME="beast2.01_french_tuto.chm" PATH=""></FILE> <FILE NAME="beast2.06.exe" PATH=""></FILE> <FILE NAME="frenchtuto.doc" PATH=""></FILE> <FILE NAME="server_compressed.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE=".bad"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="beastfile"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="beastfile1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\active setup\\installed components\\{as096941-b967-10d8-9cbd-0000f87a369e}" VALUE="stubpath"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="com service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Trojan that, provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="CasinoOnNet"> <DIRECTORIES> <DIR NAME="aceclub casino online download deluxe suite" PATH="ProfilePath\\start menu\\programs"></DIR> <DIR NAME="bingofun" PATH="ProfilePath\\start menu\\programs"></DIR> <DIR NAME="casino on net" PATH="ProfilePath\\start menu\\programs"></DIR> <DIR NAME="riviera gold" PATH="ProfilePath\\start menu\\programs"></DIR> <DIR NAME="aceclub casino" PATH="PFDir"></DIR> <DIR NAME="bingofun games" PATH="PFDir"></DIR> <DIR NAME="casinoonnet" PATH="PFDir"></DIR> <DIR NAME="ca shared" PATH="PFDir\\common files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="aceclub casino online.lnk" PATH="desktopdir"></FILE> <FILE NAME="bingofun.lnk" PATH="desktopdir"></FILE> <FILE NAME="casino on net.lnk" PATH="desktopdir"></FILE> <FILE NAME="five roses casino.url" PATH="desktopdir"></FILE> <FILE NAME="mayan sportsbook.url" PATH="desktopdir"></FILE> <FILE NAME="onluck casion.url" PATH="desktopdir"></FILE> <FILE NAME="riviera gold.lnk" PATH="desktopdir"></FILE> <FILE NAME="riviera gold.ulr" PATH="desktopdir"></FILE> <FILE NAME="aceclub casino online.lnk" PATH="ProfilePath\\start menu"></FILE> <FILE NAME="dlhelperexe.exe" PATH="ProfilePath\\start menu\\programs\\startup"></FILE> <FILE NAME="bszip.dll" PATH="PFDir\\casinoonnet"></FILE> <FILE NAME="casino.exe" PATH="PFDir\\casinoonnet"></FILE> <FILE NAME="downloadinstaller.exe" PATH="PFDir\\casinoonnet"></FILE> <FILE NAME="biuninst.exe" PATH="PFDir\\common files\\ca shared"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="W32.Blaster.B.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="PENIS32.EXE" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="W32.Blaster.D.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mspatch.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Nonton Antivirus"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="W32.Blaster.F.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="enbiei.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="www.hidro.4t.com"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="W32.Mimail.J@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="svchost32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a mass mailing worms that attempts to steal credit card information.</DESCRIPTION> </SW> <SW NAME="I-Worm.Netsky"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME=".xx.pif" PATH=""></FILE> <FILE NAME="i-worm.netsky.m.exe" PATH=""></FILE> <FILE NAME="injection.htm.exe" PATH=""></FILE> <FILE NAME="message.pif" PATH=""></FILE> <FILE NAME="netsky[1].d.exe_" PATH=""></FILE> <FILE NAME="netsky[1].e.exe_" PATH=""></FILE> <FILE NAME="new_document1.pif" PATH=""></FILE> <FILE NAME="your_archive.pif" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.It may replace files, but do not insert themselves into files (as viruses do).</DESCRIPTION> </SW> <SW NAME="GlobalNetcom"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="culakkma.dll" PATH=""></FILE> <FILE NAME="itstgblg.dll" PATH=""></FILE> <FILE NAME="ntmccdds.dll" PATH=""></FILE> <FILE NAME="qhgimxyy.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{00000000-cddc-0704-0b53-2c8830e9faec}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c:/windows/downloaded program files/ieloader.dll"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>An ActiveX installer for premium-rate phone diallers.Any web page can direct it to install arbitrary code downloaded from its home server.</DESCRIPTION> </SW> <SW NAME="Parasite"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows Shell"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Scandick"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Windows Shell"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Windows Shell"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="NetSlayer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="nspatch.exe" PATH=""></FILE> <FILE NAME="unpacked server.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="nspatch"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="Zinx-A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="fghy.exe" PATH="WinDir"></FILE> <FILE NAME="msreg.exe" PATH="WinDir"></FILE> <FILE NAME="msto32.dll" PATH="WinDir"></FILE> <FILE NAME="surte.exe" PATH="WinDir"></FILE> <FILE NAME="svchostc.exe" PATH="SysDir"></FILE> <FILE NAME="svchostc.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="apimon"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="systems"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="Artic"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="arctic.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="Microspy 1.0"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="win32.exemicrospy 1.0.exe" PATH="WinDir"></FILE> <FILE NAME="microspy server.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="Radlight"> <DIRECTORIES> <DIR NAME="cnet" PATH="ProfilePath\\my documents\\my deliveries"></DIR> <DIR NAME="radlight" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="radlight35se.exe" PATH="ProfilePath\\my documents\\my deliveries\\cnet"></FILE> <FILE NAME="radlight.lnk" PATH="desktopdir"></FILE> <FILE NAME="radlight.chm" PATH="PFDir\\radlight\\help"></FILE> <FILE NAME="subtitle1.dll" PATH="PFDir\\radlight\\modules"></FILE> <FILE NAME="subtitle2.dll" PATH="PFDir\\radlight\\modules"></FILE> <FILE NAME="radlight.exe" PATH="PFDir\\radlight"></FILE> <FILE NAME="rpk.exe" PATH="PFDir\\radlight\\rpki"></FILE> <FILE NAME="settings.ini" PATH="PFDir\\radlight"></FILE> <FILE NAME="rluninstall.exe" PATH="WinDir"></FILE> <FILE NAME="default.rls" PATH=""></FILE> <FILE NAME="default2.rls" PATH=""></FILE> <FILE NAME="playlist.pbm" PATH=""></FILE> <FILE NAME="radlight.htm" PATH=""></FILE> <FILE NAME="radlight.txt" PATH=""></FILE> <FILE NAME="radlight_336.exe" PATH=""></FILE> <FILE NAME="radlight_eula.txt" PATH=""></FILE> <FILE NAME="radlight_removal.htm" PATH=""></FILE> <FILE NAME="radlight_removal.txt" PATH=""></FILE> <FILE NAME="save_removal.htm" PATH=""></FILE> <FILE NAME="save_removal.txt" PATH=""></FILE> <FILE NAME="weathercast_removal.htm" PATH=""></FILE> <FILE NAME="weathercast_removal.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE=".rpk"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="rpkfile"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes" VALUE=".rpk"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="radlight"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="radlight_is1"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="radlight team"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Trojan with a hidden, unwanted intent.</DESCRIPTION> </SW> <SW NAME="Glacier"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="lfp.exe" PATH="SysDir"></FILE> <FILE NAME="rnudll32.exe" PATH="SysDir"></FILE> <FILE NAME="shellscrap.exe" PATH="SysDir"></FILE> <FILE NAME="sysdll32.exe" PATH="SysDir"></FILE> <FILE NAME="sysexecr.exe" PATH="SysDir"></FILE> <FILE NAME="sysexplr.exe" PATH="SysDir"></FILE> <FILE NAME="sysrun32.exe" PATH="SysDir"></FILE> <FILE NAME="tel.dll" PATH="SysDir"></FILE> <FILE NAME="winabc.exe" PATH="SysDir"></FILE> <FILE NAME="psw.tmp" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is Trojan that provides an attacker with the capability of remotely controlling a machine.</DESCRIPTION> </SW> <SW NAME="WebRebates/TopRebates"> <DIRECTORIES> <DIR NAME="webrebates" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="webrebates1.exe" PATH="PFDir\\webrebates"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="webrebates"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="CustomToolbar"> <DIRECTORIES> <DIR NAME="ctb" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CustomToolbar.dll" PATH="WinDir\\ctb"></FILE> <FILE NAME="Actbar2.ocx" PATH="SysDir "></FILE> <FILE NAME="Actbar2.ocx" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{21301D69-B8F1-46AA-B0B5-09EE2285914C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{21301D69-B8F1-46AA-B0B5-09EE2285914C}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{21301D69-B8F1-46AA-B0B5-09EE2285914C}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{21301D69-B8F1-46AA-B0B5-09EE2285914C}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a browser helper object that open pop-up windows.</DESCRIPTION> </SW> <SW NAME="Seek99"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="seek99.dll" PATH="SysDir"></FILE> <FILE NAME="seek99.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{22998d24-b789-4ca2-a7fc-cd7ce7deb14c}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is likely to slow performance of Internet Explorer.</DESCRIPTION> </SW> <SW NAME="MyPageFinder"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ml_32.dll" PATH="SysDir"></FILE> <FILE NAME="ml_32.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ml1_32.dll" PATH="SysDir"></FILE> <FILE NAME="ml1_32.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{27a5ff76-9919-492c-98e3-eda3502fc829}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an IE Browser Helper object that hijacks Internet Explorer homepage and searches. It resets your home page.</DESCRIPTION> </SW> <SW NAME="Commander Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ietb.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is likely to slow performance of Internet Explorer.</DESCRIPTION> </SW> <SW NAME="Dynamic Desktop Media/Sysu"> <DIRECTORIES> <DIR NAME="ddm" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="sysu.exe" PATH="PFDir\\ddm"></FILE> <FILE NAME="ddm_d.exe" PATH="PFDir\\ddm"></FILE> <FILE NAME="ddmp.dll" PATH="SysDir"></FILE> <FILE NAME="ddmp.dll" PATH="Sys32Dir"></FILE> <FILE NAME="redirect.dll" PATH="SysDir"></FILE> <FILE NAME="redirect.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{2bc43670-c0bd-4794-bb11-f60f3e001dc5}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2bc43670-c0bd-4794-bb11-f60f3e001dc5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{2bc43670-c0bd-4794-bb11-f60f3e001dc5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{2bc43670-c0bd-4794-bb11-f60f3e001dc5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2bc43670-c0bd-4794-bb11-f60f3e001dc5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="ddm"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="sysu"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause popup advertisements.</DESCRIPTION> </SW> <SW NAME="iSpy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ispy.exe" PATH="PFDir\\ISpy"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>hacker tool used to descrypt encrypted password files.</DESCRIPTION> </SW> <SW NAME="AdShooter"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="syssfitb.dll" PATH="SysDir"></FILE> <FILE NAME="syssfitb.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c109664b-ceb1-420b-b353-d55a561536dd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{c109664b-ceb1-420b-b353-d55a561536dd}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{c109664b-ceb1-420b-b353-d55a561536dd}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{c109664b-ceb1-420b-b353-d55a561536dd}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an adware component that downloads and displays advertisements.</DESCRIPTION> </SW> <SW NAME="ClickTillUWin"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dlder.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="dilder"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a way of misusing or breaking into a system by taking advantage of a weakness in it.</DESCRIPTION> </SW> <SW NAME="AdBlaster"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ngpw34.dll" PATH="SysDir"></FILE> <FILE NAME="ngpw34.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ngsw31.dll" PATH="SysDir"></FILE> <FILE NAME="ngsw31.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2D7CB618-CC1C-4126-A7E3-F5B12D3BCF71}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{e9147a0a-a866-4214-b47c-da821891240f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{e9147a0a-a866-4214-b47c-da821891240f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{e9147a0a-a866-4214-b47c-da821891240f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{e9147a0a-a866-4214-b47c-da821891240f}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{e9147a0a-a866-4214-b47c-da821891240f}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{0b60cef5-2431-4f92-82cf-03fee5bdc762}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{7fb04de1-4340-4002-9d9e-3b6913ae6953}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="EZSearching"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ctav3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctavp3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctavp5.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctsr2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="testadit.dll" PATH="Sys32Dir"></FILE> <FILE NAME="testadit3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ctav3.dll" PATH="SysDir"></FILE> <FILE NAME="ctavp3.dll" PATH="SysDir"></FILE> <FILE NAME="ctavp5.dll" PATH="SysDir"></FILE> <FILE NAME="ctsr2.dll" PATH="SysDir"></FILE> <FILE NAME="testadit.dll" PATH="SysDir"></FILE> <FILE NAME="testadit3.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{34d516ea-40e3-4e3b-8ba8-505112738ed5}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\exploer\\browser helper objects" VALUE="{858126b0-3708-4051-ae8e-b48521401ca2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{2F24B54D-3A27-11D8-8169-00C02623048A}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2F24B54D-3A27-11D8-8169-00C02623048A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{2F24B54D-3A27-11D8-8169-00C02623048A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{2F24B54D-3A27-11D8-8169-00C02623048A}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2F24B54D-3A27-11D8-8169-00C02623048A}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Browser Helper Object. A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. </DESCRIPTION> </SW> <SW NAME="YellowPages"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Autosearch.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is an Adware that brings ads to your computer.</DESCRIPTION> </SW> <SW NAME="StartNow.HyperBar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Hyperbar.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4b2f5308-2cb0-40e2-8030-59936ed5d22c}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4b2f5308-2cb0-40e2-8030-59936ed5d22c}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Likely to slow performance of Internet Explorer.</DESCRIPTION> </SW> <SW NAME="Fastseeker"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="fastseekertoolbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="fastseekertoolbar.dll" PATH="SysDir"></FILE> <FILE NAME="fastseekersetup.ocx" PATH=""></FILE> <FILE NAME="fastseekersetupv2.ocx" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{4cc0faf8-6048-421c-9fe2-261a9ece5f80}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4cc0faf8-6048-421c-9fe2-261a9ece5f80}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Toolbar that attaches itself to internet explorer.</DESCRIPTION> </SW> <SW NAME="PowerSearch"> <DIRECTORIES> <DIR NAME="PowerSearch" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="pwrsc032.dll" PATH="SysDir"></FILE> <FILE NAME="pwrsc032.dll" PATH="Sys32Dir"></FILE> <FILE NAME="pwrs0108.dll" PATH="SysDir"></FILE> <FILE NAME="pwrs0108.dll" PATH="Sys32Dir"></FILE> <FILE NAME="pwrs0102.dll" PATH="Sys32Dir"></FILE> <FILE NAME="pwrs0102.dll" PATH="SysDir"></FILE> <FILE NAME="pwrswmda.dll" PATH="PFDir\\powersearch\\toolbar"></FILE> <FILE NAME="pwrswmda.dll" PATH="PFDir\\powersoft\\toolbar"></FILE> <FILE NAME="pwrswmda.dll" PATH="Sys32Dir"></FILE> <FILE NAME="pwrswmda.dll" PATH="SysDir"></FILE> <FILE NAME="pwrsbikd.dll" PATH="PFDir\\powersearch\\toolbar"></FILE> <FILE NAME="pwrs0rbi.dll" PATH="SysDir"></FILE> <FILE NAME="pwrs0rbi.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4E7BD74F-2B8D-469E-A08E-8E1CA787AD2D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{4E7BD74F-2B8D-469E-D3FA-F27BA787AD2D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4E7BD74F-2B8D-469E-A08D-8F6FA787AD2D}"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4E7BD74F-2B8D-469E-AA8E-8E1CA787AD2D}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Hijacker that resets your browser's settings to point to other sites. </DESCRIPTION> </SW> <SW NAME="Americlicks"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="acbarv2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="acbarv2.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{4E7BD74F-2B8D-469E-A0E8-ED6DB696BB7D}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It is a Hijacker that resets your browser's settings to point to other sites. </DESCRIPTION> </SW> <SW NAME="Push toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="searchv2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="searchv2.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{4e7bd74f-2b8d-469e-a0e8-f76fa694bf2e}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Likely to slow performance of Internet Explorer.</DESCRIPTION> </SW> <SW NAME="DownloadPlus"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="downloadplus.exe" PATH="ProfilePath\\application data"></FILE> <FILE NAME="downloadplus.exe" PATH="WinDir\\application data"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="0x7a69"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause popup advertisements.</DESCRIPTION> </SW> <SW NAME="123Messenger"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="123messenger.per" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Spanish dialer associated with high cost numbers.</DESCRIPTION> </SW> <SW NAME="Msudpb"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Msudpb.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Browser helper object related to pornography.</DESCRIPTION> </SW> <SW NAME="TROJ_VANTA.A"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MsSystem"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="MSIEBHO"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msiebho.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause popup advertisements.</DESCRIPTION> </SW> <SW NAME="Mshta Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SystemBoot"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge.</DESCRIPTION> </SW> <SW NAME="Mostrar Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msapasrc.dll" PATH="SysDir"></FILE> <FILE NAME="msapasrc.dll" PATH="Sys32Dir"></FILE> <FILE NAME="MSA64CHK.DLL" PATH="SysDir"></FILE> <FILE NAME="MSA64CHK.DLL" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge.</DESCRIPTION> </SW> <SW NAME="CoolBar/LookThru Cool Search Bar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="coolbar.dll" PATH="SysDir"></FILE> <FILE NAME="coolbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{2af8ced6-5bd8-4310-a90c-9664efb16b10}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{a49aa76f-7215-4f80-97d6-9a7e16a5fee1}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Will change your internet settings and display popup advertisements.</DESCRIPTION> </SW> <SW NAME="GlobalDialer"> <DIRECTORIES> <DIR NAME="GlobalDialer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="svchost.exe" PATH="PFDir\\GlobalDialer\\tonex00201"></FILE> <FILE NAME="gd-dial.exe" PATH="PFDir\\GlobalDialer\\domer00084"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="sws.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number , many times without user's knowledge.</DESCRIPTION> </SW> <SW NAME="W32/Bagle.n@MM/W32.Beagle.M@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winupd.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winupd.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="KeyloggerPro"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="KeyloggerPro.exe" PATH="PFDir\\ExploreAnywhere\\KeyloggerPro"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="CWS.XPlugin"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="XPlugin.dll" PATH="SysDir"></FILE> <FILE NAME="XPlugin.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Coolwebsearch variant, known to hijackthis your internet settings.</DESCRIPTION> </SW> <SW NAME="CWS.QTTasks"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="qttasks.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Coolwebsearch variant, known to hijackthis your internet settings.</DESCRIPTION> </SW> <SW NAME="CWS.Excel10"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Excel10.dll" PATH="ProfilePath\\application data\\microsoft\\office"></FILE> <FILE NAME="Excel10.dll" PATH="SysDir"></FILE> <FILE NAME="Excel10.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Coolwebsearch variant, known to hijackthis your internet settings.</DESCRIPTION> </SW> <SW NAME="EBlaster"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="eblaster.exe" PATH=""></FILE> <FILE NAME="msrac32.exe" PATH=""></FILE> <FILE NAME="ebsetup.exe" PATH=""></FILE> <FILE NAME="MSWEBHLP.DLL" PATH="SysDir"></FILE> <FILE NAME="mstv9swin.dll" PATH="SysDir"></FILE> <FILE NAME="mstv9swin.ocx" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6314e760-e667-11d2-ba98-0080c8e9491a}\\ole\\shell\\commands"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{deca39c1-f713-11d2-ba99-0080c8e9491a}\\inprocserver32"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Fearless Key Spy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="fks2.0_server.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Ghost KeyLogger"> <DIRECTORIES> <DIR NAME="sync manager" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="syncagent.exe" PATH="PFDir\\sync manager\\agent"></FILE> <FILE NAME="syncconfig.exe" PATH="PFDir\\sync manager"></FILE> <FILE NAME="synconfig.exe" PATH="PFDir\\sync manager"></FILE> <FILE NAME="logfile.cip" PATH="PFDir\\sync manager"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="keyhook"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="keyhook.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Dll file associated with keylogger programs used to record actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Home Keylogger"> <DIRECTORIES> <DIR NAME="homekeylogger" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="Keylogger.dll" PATH="PFDir\\homekeylogger"></FILE> <FILE NAME="Keylogger.exe" PATH="PFDir\\homekeylogger"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Invisible Keylogger 97"> <DIRECTORIES> <DIR NAME="ik" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ik.exe" PATH="PFDir\\ik"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="W32/Lirva.a@MM"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Avril Lavigne - Muse"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="CoolWebSearch.image"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="image.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Image"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Coolwebsearch variant, known to hijackthis your internet settings.</DESCRIPTION> </SW> <SW NAME="IeMonit"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="iemonit.dll" PATH="SysDir"></FILE> <FILE NAME="iemonit.dll" PATH="Sys32Dir"></FILE> <FILE NAME="ieupdates.exe" PATH="SysDir"></FILE> <FILE NAME="updaterie01.exe" PATH="SysDir"></FILE> <FILE NAME="fixieupdate.exe" PATH="SysDir"></FILE> <FILE NAME="ieupdates.exe" PATH="Sys32Dir"></FILE> <FILE NAME="updaterie01.exe" PATH="Sys32Dir"></FILE> <FILE NAME="fixieupdate.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{ce7c3cf0-4b15-11d1-abed-709549c10001}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Internet Explorer Library"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Search result hijacker used to display sponsored results to your browser.</DESCRIPTION> </SW> <SW NAME="CWS.GonnaSearch"> <DIRECTORIES> <DIR NAME="toolbar" PATH="PFDir\\internet explorer"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SEARCH~1.DLL" PATH="PFDir\\internet explorer\\toolbar"></FILE> <FILE NAME="AUTOSE~1.DLL" PATH="PFDir\\internet explorer\\toolbar"></FILE> <FILE NAME="webinfo.dll" PATH="PFDir\\internet explorer\\toolbar"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{799A370D-5993-4887-9DF7-0A4756A77D00}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{A55581DC-2CDB-4089-8878-71A080B22342}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{799A370D-5993-4887-9DF7-0A4756A77D00}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{A55581DC-2CDB-4089-8878-71A080B22342}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Coolwebsearch variant, known to hijackthis your internet settings.</DESCRIPTION> </SW> <SW NAME="Trojan.Gema"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cpusave32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="pwr32ctr.exe" PATH="SysDir"></FILE> <FILE NAME="pwr32ctr.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Cpusave32"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Cpusave32"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Pwr32ctr"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Pwr32ctr"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that attempts to perform unauthorized functions on your PC.</DESCRIPTION> </SW> <SW NAME="Family Keylogger"> <DIRECTORIES> <DIR NAME="FamilyKeylogger" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="acl.exe" PATH="PFDir\\FamilyKeylogger"></FILE> <FILE NAME="cisvc.dll" PATH="PFDir\\FamilyKeylogger"></FILE> <FILE NAME="cisvc.exe" PATH="PFDir\\FamilyKeylogger"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="ExPup"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="expup.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="Explkw"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Purposes not clearly known, but known to be packaged with malicious software.</DESCRIPTION> </SW> <SW NAME="Eros Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="eros.exe" PATH="SysDir"></FILE> <FILE NAME="eros.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="eros.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\RunServices" VALUE="eros.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program that dials a very expensive number to access pornography, many times without user's knowledge.</DESCRIPTION> </SW> <SW NAME="Downloader.Dluca.C/Downloader.Dluca.D"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dluca.exe" PATH=""></FILE> <FILE NAME="Dluxjp.exe" PATH="PFDir\\Dialers\\Dluxjp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DLuxjp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="dluca"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Respan/W32.HLLW.Astef"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="windows_critical_update.exe" PATH="SysDir"></FILE> <FILE NAME="windows_critical_update.exe" PATH="Sys32Dir"></FILE> <FILE NAME="windowsupdate.exe" PATH="SysDir"></FILE> <FILE NAME="windowsupdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="windll32.exe" PATH="WinDir"></FILE> <FILE NAME="ocx32.exe" PATH="WinDir"></FILE> <FILE NAME="svchost.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsCriticalUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="windll"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ocx32"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="microsoft"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsCriticalUpdate"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WindowsUpdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm that attempts to spread itself through file sharing networks.</DESCRIPTION> </SW> <SW NAME="WebSavings"> <DIRECTORIES> <DIR NAME="WebSavingsfromEbates" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WebSavingsfromEbates"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Shopping tool that will present pop up advertisements.</DESCRIPTION> </SW> <SW NAME="Downloader.Dluca"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Winde.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winde"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that will send information about your computer back to a central server.</DESCRIPTION> </SW> <SW NAME="DlDer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Explorer.exe" PATH="WinDir\\explorer"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="dlder"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Explorer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Spyware that sends information about your PC to a central server.</DESCRIPTION> </SW> <SW NAME="Deltabar Deltaclick"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="deltaclick.dll" PATH="SysDir"></FILE> <FILE NAME="deltaclick.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{0fc817c2-3b45-11d4-8340-0050da825906}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser helper object that has been reported to cause errors in internet explorer.</DESCRIPTION> </SW> <SW NAME="ClientMan.bho1"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MSEFFM.DLL" PATH="SysDir"></FILE> <FILE NAME="MSEFFM.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="MSCDKA.DLL" PATH="SysDir"></FILE> <FILE NAME="MSCDKA.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="MSOBFL.DLL" PATH="SysDir"></FILE> <FILE NAME="MSOBFL.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="MSECLK.DLL" PATH="Sys32Dir"></FILE> <FILE NAME="msncjk.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{94927A13-4AAA-476A-989D-392456427688}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{94927A13-4AAA-476A-989D-392456427688}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{96BE1D9A-9E54-4344-A27A-37C088D64FB4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{96BE1D9A-9E54-4344-A27A-37C088D64FB4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{CC916B4B-BE44-4026-A19D-8C74BBD23361}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{CC916B4B-BE44-4026-A19D-8C74BBD23361}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Clientman is a widespread advertising parasite used to deliver advertisements to your PC.</DESCRIPTION> </SW> <SW NAME="ClientMan.bho2"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{00A0A40C-F432-4C59-BA11-B25D142C7AB7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{00A0A40C-F432-4C59-BA11-B25D142C7AB7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{166348F1-2C41-4C9F-86BB-EB2B8ADE030C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{166348F1-2C41-4C9F-86BB-EB2B8ADE030C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{25F7FA20-3FC3-11D7-B487-00D05990014C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{25F7FA20-3FC3-11D7-B487-00D05990014C}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{5ED50735-B0D9-47C6-9774-02DD8E6FE053}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5ED50735-B0D9-47C6-9774-02DD8E6FE053}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{A097840A-61F8-4B89-8693-F68F641CC838}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{A097840A-61F8-4B89-8693-F68F641CC838}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{A096A159-4E58-45A9-8EE6-B11466851181}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{A096A159-4E58-45A9-8EE6-B11466851181}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Clientman is a widespread advertising parasite used to deliver advertisements to your PC.</DESCRIPTION> </SW> <SW NAME="BlowSearch"> <DIRECTORIES> <DIR NAME="blowsearchtoolbar" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ultrabar.dll" PATH="SysDir"></FILE> <FILE NAME="ultrabar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{6F8ADBE2-8C92-4362-B0E6-7321AA49EE46}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar that displays search results.</DESCRIPTION> </SW> <SW NAME="BKDR_SDBOT.OJ"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MSConfig45.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MSConfig45"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="MSConfig45"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="ABCKeylogger"> <DIRECTORIES> <DIR NAME="jthabckeylogger" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="abckey.dll" PATH="PFDir\\jthabckeylogger"></FILE> <FILE NAME="forgotpass.exe" PATH="PFDir\\jthabckeylogger"></FILE> <FILE NAME="keylogger.exe" PATH="PFDir\\jthabckeylogger"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Web P2P Installer"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{1d6711c8-7154-40bb-8380-3dea45b69cbf}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\code store database\\distribution units" VALUE="{1d6711c8-7154-40bb-8380-3dea45b69cbf}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Installer used to download and install other applications.</DESCRIPTION> </SW> <SW NAME="SafeSearch"> <DIRECTORIES> <DIR NAME="Safesearch" PATH="PFDir\\Primesoft"></DIR> </DIRECTORIES> <FILES> <FILE NAME="safesearch.exe" PATH="PFDir\\Primesoft\\Safesearch"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{28e6cce2-3f2c-4b3d-9cb4-2fc8715a3ece}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{cb5006ee-f57d-4116-b7b6-48eb564fe0f0}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="safesearch"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Hijacker that will redirect some website visits to a secondary site.</DESCRIPTION> </SW> <SW NAME="Seach Assistant"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="SrchAsst.exe" PATH="PFDir\\iWon\\Search Assistant"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>SeekSeek variant that will hijack your browser.</DESCRIPTION> </SW> <SW NAME="SecondPower Multimedia Speedbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="2ndpower.dll" PATH="SysDir"></FILE> <FILE NAME="2ndpower.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Shows ads for gambling and other related industries.</DESCRIPTION> </SW> <SW NAME="SpyAnywhere"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="spyanywhere.exe" PATH="PFDir\\spytech software\\spyanywhere"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="SpyBuddy"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="spybuddy.exe" PATH=""></FILE> <FILE NAME="spybuddy.exe" PATH="PFDir\\ExploreAnywhere\\SpyBuddy"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="SpyCapture"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msscdll.exe" PATH=""></FILE> <FILE NAME="234001.tps" PATH=""></FILE> <FILE NAME="234301.tps" PATH=""></FILE> <FILE NAME="spycapture.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="Iopus Starr Pro Key Logger"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="see32.dll" PATH="SysDir"></FILE> <FILE NAME="see32u.dll" PATH="SysDir"></FILE> <FILE NAME="see32z.dll" PATH="SysDir"></FILE> <FILE NAME="slog.sys" PATH="SysDir"></FILE> <FILE NAME="slog.sysz" PATH="SysDir"></FILE> <FILE NAME="starrcmd.exe" PATH="SysDir"></FILE> <FILE NAME="wsys.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC</DESCRIPTION> </SW> <SW NAME="Advanced Stealth Email Redirector"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="vmaser.exe" PATH="SysDir"></FILE> <FILE NAME="vmaser.vxd" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="system\\currentcontrolset\\services\\vxd" VALUE="vmaser"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Program used to intercept all email communications sent and reports them to another email address.</DESCRIPTION> </SW> <SW NAME="Assasin Backdoor"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Ms Spool32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Ms Spool32"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Ms Spool32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Component that allows a remote user to control your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.Pestdoor.31"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msHtml.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ms html"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.Winet"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Wininetd.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="wininetd"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Backdoor.FTP_Bmail"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="createsw.exe" PATH="SysDir"></FILE> <FILE NAME="createsw.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="setFTPBack"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Sub Seven"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NODLL.EXE" PATH="WinDir"></FILE> <FILE NAME="SERVER.EXE" PATH="WinDir"></FILE> <FILE NAME="KERNEL16.DL" PATH="WinDir"></FILE> <FILE NAME="WINDOW.EXE" PATH="WinDir"></FILE> <FILE NAME="WATCHING.DLL" PATH="SysDir"></FILE> <FILE NAME="LMDRK_33.DLL" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Kernel16"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Program that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="SurferBar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="win32.dll" PATH="PFDir"></FILE> <FILE NAME="winsrv32.exe" PATH="PFDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar that hijacks your settings and displays pop up advertisements.</DESCRIPTION> </SW> <SW NAME="SysMon"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sysmon.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.Netsky.P@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="FVProtect.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Norton Antivirus AV"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="TSCash"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sysupd.exe" PATH="SysDir"></FILE> <FILE NAME="sysupd.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="sysupd"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>German dialer program used to dial expensive phone numbers.</DESCRIPTION> </SW> <SW NAME="MSConnect Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8b22270a-71d9-4ab9-b11a-2ea1e5292f42}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program used to dial expensive phone numbers.</DESCRIPTION> </SW> <SW NAME="Online Trojan/W32.Hostidel.Trojan.B"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Online Service"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Overwrites your HOSTS file and resets your internet settings</DESCRIPTION> </SW> <SW NAME="W32.Dumaru.Y@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="l32x.exe" PATH="SysDir"></FILE> <FILE NAME="l32x.exe" PATH="Sys32Dir"></FILE> <FILE NAME="vxd32v.exe" PATH="SysDir"></FILE> <FILE NAME="vxd32v.exe" PATH="Sys32Dir"></FILE> <FILE NAME="dllxw.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="load32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that trys to spread itself and allows unauthorized access to your PC</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Bodiru"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="App.EXEName"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that will spread itself using networks and launch denial of service attacks against two particular websites.</DESCRIPTION> </SW> <SW NAME="W32.Beagle.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="au.exe" PATH="SysDir"></FILE> <FILE NAME="au.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="au.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Netsky.M@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="9xHtProtect"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>It is a Worm that propagates by attacking other machines and copying itself to them.</DESCRIPTION> </SW> <SW NAME="W32.Beagle.A@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="bbeagle.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="d3dupdate.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.Gluber@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Bglr32.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Caspid"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Capside.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm spread through networks that will infect HTML files.</DESCRIPTION> </SW> <SW NAME="Find4u.net/Find4u/CoolWebSearch.olehelp"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="olehelp.exe" PATH="WinDir"></FILE> <FILE NAME="olehelp.exe" PATH="Sys32Dir"></FILE> <FILE NAME="winlogon.exe" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="olehelp"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="olehelp"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacker that will reset your browser settings.</DESCRIPTION> </SW> <SW NAME="Wotch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="stub.exe" PATH="PFDir\\ebkrdr"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="media_stub"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause pop up advertisements.</DESCRIPTION> </SW> <SW NAME="OnWebMedia/OnSrvr"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="OnSrvr.exe" PATH="SysDir"></FILE> <FILE NAME="OnSrvr.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="onsrvr"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware process that launches at startup and causes pop up advertisements</DESCRIPTION> </SW> <SW NAME="Tdak Searchbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="brdrsstl.exe" PATH=""></FILE> <FILE NAME="sex_show.reg" PATH=""></FILE> <FILE NAME="tchstlmmdrm.htm" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Toolbar known to display pornographic ads, as well as monitor urls visited</DESCRIPTION> </SW> <SW NAME="Trojan.JS.Snake"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="trojan.js.snake.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="Tiny Keylogger"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="tikl.exe" PATH="SysDir"></FILE> <FILE NAME="tikl.log" PATH="SysDir"></FILE> <FILE NAME="tikl32.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Keylogger program that will record all actions done on your PC. Known to resist removal.</DESCRIPTION> </SW> <SW NAME="TradeExit"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winupie.exe" PATH="WinDir"></FILE> <FILE NAME="AxConfig.dll" PATH="SysDir"></FILE> <FILE NAME="AxConfig.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="winpopup"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Reported to create pornography related pop up advertisements.</DESCRIPTION> </SW> <SW NAME="TV Media Display"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="TVTMD.EXE" PATH="WinDir"></FILE> <FILE NAME="TVMD.EXE" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="TVTMD"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="TVMD"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="TVTMD"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="TVMD"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause pop up advertisements and install stealthily.</DESCRIPTION> </SW> <SW NAME="WinSpy 5.6.1"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Out.exe" PATH="WinDir"></FILE> <FILE NAME="ccctr.exe" PATH="WinDir"></FILE> <FILE NAME="ij12.exe" PATH="WinDir"></FILE> <FILE NAME="ijl11.dll" PATH="WinDir"></FILE> <FILE NAME="ijl15.dll" PATH="WinDir"></FILE> <FILE NAME="rf.exe" PATH="WinDir"></FILE> <FILE NAME="sm.exe" PATH="WinDir"></FILE> <FILE NAME="syst.exe" PATH="WinDir"></FILE> <FILE NAME="ezVidC60.ocx" PATH="WinDir"></FILE> <FILE NAME="unin.exe" PATH="WinDir"></FILE> <FILE NAME="uninse.exe" PATH="WinDir"></FILE> <FILE NAME="winsyst.exe" PATH="WinDir"></FILE> <FILE NAME="zapro.exe" PATH="WinDir"></FILE> <FILE NAME="smt.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="WinWhatWhere"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MSdfCng.exe" PATH=""></FILE> <FILE NAME="msegcng.exe" PATH=""></FILE> <FILE NAME="windoc.sys" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="ipsysdrv32.dll"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ipsysdrv32.dll" PATH="SysDir"></FILE> <FILE NAME="ipsysdrv32.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{13f90341-ad79-4a9f-9b57-0234675670d6}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{13f90341-ad79-4a9f-9b57-0234675670d6}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Related to malware.</DESCRIPTION> </SW> <SW NAME="Desire"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="desire.exe" PATH="PFDir\\dialers\\desire"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software" VALUE="SiteIcons"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\SiteIcons" VALUE="Dialers"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="Software\\SiteIcons\\Dialers" VALUE="Desire"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="Desire"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer that will use your computer to dial out, usually associated with high cost pornographic related phone numbers.</DESCRIPTION> </SW> <SW NAME="InternetDelivery"> <DIRECTORIES> <DIR NAME="inet delivery" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="intdel.exe" PATH="PFDir\\inet delivery"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="inet delivery"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Adware that will deliver advertisements to your PC.</DESCRIPTION> </SW> <SW NAME="GnucDNA"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="gnucdna.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Component used to interact with peer to peer filesharing networks.</DESCRIPTION> </SW> <SW NAME="ClientMan.DNSRep"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dnsrep.dll" PATH="PFDir\\ClientMan\\run"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Clientman is a widespread advertising parasite used to deliver advertisements to your PC</DESCRIPTION> </SW> <SW NAME="I-Worm.BadTrans.b"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="kernel32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="kdll.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="Dsi"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dp-k13w13.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Dsi"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Related to malware.</DESCRIPTION> </SW> <SW NAME="ViewPornKey"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="rundll32.vbe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="windows security assistant"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="windows security assistant"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\runservices" VALUE="windows security assistant"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to reset your browser's settings.</DESCRIPTION> </SW> <SW NAME="WORM_BAGLE.W/Trojan.Mitglieder.F/W32.Beagle.J@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="irun4.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ssgrate.exe"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ssate.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW>> <SW NAME="IpDill"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IP.DLL" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{8D91ECD1-2A29-41B8-9988-FD892F07F859}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Related to malware.</DESCRIPTION> </SW> <SW NAME="MSN SmartTags"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msnbho.dll" PATH="Sys32Dir"></FILE> <FILE NAME="msnbho.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{9dd4258a-7138-49c4-8d34-587879a5c7a4}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{9dd4258a-7138-49c4-8d34-587879a5c7a4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{9dd4258a-7138-49c4-8d34-587879a5c7a4}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Used to highlight certain terms and redirect you to affiliated websites when you click</DESCRIPTION> </SW> <SW NAME="IRC-Hack"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="irchack.exe" PATH="WinDir"></FILE> <FILE NAME="rundlls.exe" PATH="WinDir"></FILE> <FILE NAME="ajout.ini" PATH="WinDir"></FILE> <FILE NAME="closew.bat" PATH="WinDir"></FILE> <FILE NAME="instll.bat" PATH="WinDir"></FILE> <FILE NAME="serv-u.ini" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Used to allow PC access to unauthorized people.</DESCRIPTION> </SW> <SW NAME="Dua ti choi"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="twain1.dll" PATH="WinDir"></FILE> <FILE NAME="twain1.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="ICQ Hacker"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="icqhacker.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Pest used against AOL users and used for malicious purposes.</DESCRIPTION> </SW> <SW NAME="Wonderland"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WonderPlus.Wonder_Plus" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="WonderWeb.Wonder_Web" PATH="WinDir\\Downloaded Program Files"></FILE> <FILE NAME="Cab33107.Cab_33107" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Dialer program used to dial expensive phone numbers.</DESCRIPTION> </SW> <SW NAME="XLoader"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="xloader.dll" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{8c6c6922-6258-44ac-9912-53964ac55272}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>A German dialer that dials high rate phone numbers, usually related to pornography.</DESCRIPTION> </SW> <SW NAME="XPCSpy"> <DIRECTORIES> <DIR NAME="XPCSpy" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="XPCSpy.exe" PATH="PFDir\\XPCSpy"></FILE> <FILE NAME="AppSpy.dll" PATH="PFDir\\XPCSpy"></FILE> <FILE NAME="Protector.dll" PATH="PFDir\\XPCSpy"></FILE> <FILE NAME="KeySpy.dll" PATH="PFDir\\XPCSpy"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="eBates MoneyMaker"> <DIRECTORIES> <DIR NAME="ebatesmoemoneymaker" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="ebatesmoemoneymaker.exe" PATH="PFDir\\ebatesmoemoneymaker"></FILE> <FILE NAME="popup.exe" PATH="PFDir\\care2gtu"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE " SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall" VALUE="ebatesver2.xml"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="EbatesMoeMoneyMaker"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Software with privacy policy concerns. Related to pop up advertisements</DESCRIPTION> </SW> <SW NAME="WhenUSearch"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Search.exe" PATH="PFDir\\WhenUSearch"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Distributed by WhenU, a leading adware company. Related to pop up advertising.</DESCRIPTION> </SW> <SW NAME="MyDoom.B Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="CTFMON.DLL" PATH="SysDir"></FILE> <FILE NAME="explorer.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="MyDoom.A Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="shimgapi.dll" PATH="SysDir"></FILE> <FILE NAME="taskmon.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Taskmon"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="DotCom Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="redirect2.exe" PATH="WinDir"></FILE> <FILE NAME="redirect4.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Spyware software that can monitor and report all websites visited.</DESCRIPTION> </SW> <SW NAME="Hugesearch.net"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="fonts.hta" PATH="WinDir\\fonts"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Truefonts"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to hijack internet settings and not allow them to be reset.</DESCRIPTION> </SW> <SW NAME="Trojan.Noupdate.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="reg32.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="reg32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that prevents you from obtaining updates for your operating system</DESCRIPTION> </SW> <SW NAME="Trojan.Linst"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="cihost.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="cihost.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Attaches itself to Internet Explorer and reports to another server about your activity</DESCRIPTION> </SW> <SW NAME="Win32.Dluca.F"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sncntr.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="sncntr"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that will send information about your computer back to a central server</DESCRIPTION> </SW> <SW NAME="W32.SirCam.Worm@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Scam32.exe" PATH="SysDir"></FILE> <FILE NAME="Scam32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Driver32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="CouponsandOffers/TopMoxie"> <DIRECTORIES> <DIR NAME="couponsandoffers" PATH="PFDir"></DIR> <DIR NAME="topmoxie" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="Couponsandoffers.exe" PATH="PFDir\\couponsandoffers"></FILE> <FILE NAME="JavaRun.exe" PATH=""></FILE> </FILES> <COOKIES> <COOKIE NAME="etraffic"></COOKIE> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="etraffic"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="couponsandoffers"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>TopMoxie is responsible for pop up ads and coupons when visiting certain sites.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Lacon@mm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Bndt32.exe" PATH="SysDir"></FILE> <FILE NAME="Bndt32.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Bndt32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="VBS.Waterworks.Worm/VBS.Evion.IWorm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Bootloader.exe.vbs " PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BootLoader"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Virus that will attempt to spread itself and overwrite vbs and html files.</DESCRIPTION> </SW> <SW NAME="Troj/Crypter-C"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mswavedll.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="mswavedll"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan that runs in the background and attempts to download malicious components to your PC.</DESCRIPTION> </SW> <SW NAME="Trojan.Simcss.B"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="MSLAGENT.EXE" PATH="WinDir\\mslagent"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="mslagent"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Runs without user intervention and can download and execute malicious programs</DESCRIPTION> </SW> <SW NAME="OpenSite"> <DIRECTORIES> <DIR NAME="Open Site" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="opnste.exe" PATH="PFDir\\Open Site"></FILE> <FILE NAME="opnste.exe" PATH="SysDir"></FILE> <FILE NAME="opnste.exe" PATH="Sys32Dir"></FILE> <FILE NAME="dateclen.dll" PATH="PFDir\\Open Site"></FILE> <FILE NAME="rbsman.dll" PATH="PFDir\\Open Site"></FILE> <FILE NAME="uninstall.exe" PATH="PFDir\\Open Site"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{30a56549-9d5b-4d34-afa7-440a7f0538a9}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{30a56549-9d5b-4d34-afa7-440a7f0538a9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{30a56549-9d5b-4d34-afa7-440a7f0538a9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{30a56549-9d5b-4d34-afa7-440a7f0538a9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{30a56549-9d5b-4d34-afa7-440a7f0538a9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="open site"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Open Site"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacks your internet settings and spawns pop up advertisements.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Gaobot.RS"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="hallowelt.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="yeahdude.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="yeahdude.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Attempts to spread through networks and allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="TROJ_MOSCENT.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mscnt.exe" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Mscnt"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Runs without user intervention and can download and execute malicious programs.</DESCRIPTION> </SW> <SW NAME="MGS_32"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mgs_32.dll" PATH="PFDir\\internet explorer\\toolbar"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Malware component related to hijackings and pop up advertisements.</DESCRIPTION> </SW> <SW NAME="Zyncos"> <DIRECTORIES> <DIR NAME="zyncosspace" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="cmctl.dll" PATH="SysDir"></FILE> <FILE NAME="cmctl.dll" PATH="Sys32Dir"></FILE> <FILE NAME="cmctl.dll" PATH="PFDir\\zyncosspace"></FILE> <FILE NAME="qwysh.exe" PATH=""></FILE> <FILE NAME="ACCESS.AccessCtrl.1" PATH="WinDir\\Downloaded Program Files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ZyncosMark"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Pornography related homepage hijacker and browser helper object.</DESCRIPTION> </SW> <SW NAME="GoInDirect/All-In-One Telcom"> <DIRECTORIES> <DIR NAME="dialer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="dialer_activex.ocx" PATH="SysDir"></FILE> <FILE NAME="dialer_activex.ocx" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Used to download and help execute high cost dialer programs.</DESCRIPTION> </SW> <SW NAME="eStart"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="GoUpdate.exe" PATH="WinDir"></FILE> <FILE NAME="EStartTemp.ini" PATH="SysDir"></FILE> <FILE NAME="EStartTemp.ini" PATH="Sys32Dir"></FILE> <FILE NAME="BandObjs1,0,0,3.dll" PATH="SysDir"></FILE> <FILE NAME="BandObjs1,0,0,3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Links.dll" PATH="SysDir"></FILE> <FILE NAME="Links.dll" PATH="Sys32Dir"></FILE> <FILE NAME="Install.ini" PATH="SysDir"></FILE> <FILE NAME="Install.ini" PATH="Sys32Dir"></FILE> <FILE NAME="Register.vbs" PATH="SysDir"></FILE> <FILE NAME="Register.vbs" PATH="Sys32Dir"></FILE> <FILE NAME="Uninst.exe" PATH="SysDir"></FILE> <FILE NAME="Uninst.exe" PATH="Sys32Dir"></FILE> <FILE NAME="GoUpdate.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar that will replace normal bookmarks and links.</DESCRIPTION> </SW> <SW NAME="MagicControl"> <DIRECTORIES> <DIR NAME="iexplore" PATH="PFDir"></DIR> <DIR NAME="winmgts" PATH="WinDir"></DIR> <DIR NAME="wincomp" PATH="WinDir"></DIR> <DIR NAME="wintrim" PATH="WinDir"></DIR> <DIR NAME="mc" PATH="WinDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="msegcompid.dll" PATH="SysDir"></FILE> <FILE NAME="msegcompid.dll" PATH="Sys32Dir"></FILE> <FILE NAME="wincomp.exe" PATH="WinDir\\wincomp"></FILE> <FILE NAME="wintrim.exe" PATH="WinDir\\wintrim"></FILE> <FILE NAME="winmgts.exe" PATH="WinDir\\winmgts"></FILE> <FILE NAME="MagicControl.dll" PATH=""></FILE> <FILE NAME="EGPing.dll" PATH=""></FILE> <FILE NAME="2_wincomp.dll" PATH=""></FILE> <FILE NAME="3_1,0,0,5_wincomp.dll" PATH=""></FILE> <FILE NAME="2_1,0,2,9_winmgts.dll" PATH=""></FILE> <FILE NAME="3_1,0,0,6_winmgts.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="cpntmgc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>trojan that is associated with dialer manufacturer eGroup.</DESCRIPTION> </SW> <SW NAME="BrowserPal"> <DIRECTORIES> <DIR NAME="BrowserPal" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="blckbho.dll" PATH="PFDir\\BrowserPal"></FILE> <FILE NAME="bptlb.dll" PATH="PFDir\\BrowserPal"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Browser Pal"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar.</DESCRIPTION> </SW> <SW NAME="LolaWeb.winhost"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WINTT.EXE" PATH="WinDir"></FILE> <FILE NAME="WINH.EXE" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Winhost"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan that copies itself to ensure it is run continuously.</DESCRIPTION> </SW> <SW NAME="PraizeToolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="praizetoolbar.dll" PATH="SysDir"></FILE> <FILE NAME="praizetoolbar.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{c6335b00-e8d9-423e-a691-48d17cbb6c5a}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Internet Explorer toolbar.</DESCRIPTION> </SW> <SW NAME="PCWeasel"> <DIRECTORIES> <DIR NAME="PC Weasel" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="CleanReg.exe" PATH="PFDir\\pc weasel"></FILE> <FILE NAME="PCWeasel.exe" PATH="PFDir\\pc weasel"></FILE> <FILE NAME="Keying.txt" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC</DESCRIPTION> </SW> <SW NAME="Optix Pro"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msiexec16.exe" PATH="SysDir"></FILE> <FILE NAME="msiexec16.exe" PATH="Sys32Dir"></FILE> <FILE NAME="isass.exe" PATH="SysDir"></FILE> <FILE NAME="isass.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="GLSetIT32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="NSUpdate Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="NsUpdate.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="NsUpdate"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Pornography related dialer that dials high cost numbers usually without user intervention.</DESCRIPTION> </SW> <SW NAME="SVAPlayer"> <DIRECTORIES> <DIR NAME="SVA Player" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="SVAPLAYER.EXE" PATH="PFDir\\SVA Player"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SVAPlayer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>System tray icon and browser helper object that displays pop up advertising.</DESCRIPTION> </SW> <SW NAME="SmartBrowser"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BHO.0.1.0.135.dll" PATH="WinDir\\Temp"></FILE> <FILE NAME="ybd.dll" PATH="WinDir\\Temp"></FILE> <FILE NAME="regme.exe" PATH="WinDir\\Temp"></FILE> <FILE NAME="logo.ico" PATH="WinDir\\Temp"></FILE> <FILE NAME="IYBD.5.exe" PATH="WinDir\\Temp"></FILE> <FILE NAME="thingies.lish.enctext" PATH="WinDir\\Temp"></FILE> <FILE NAME="YBDversion.5" PATH="WinDir\\Temp"></FILE> <FILE NAME="system.htm" PATH="WinDir\\Temp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{00000185-B716-11D3-92F3-00D0B709A7D8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="Interface" VALUE="{00000183-B716-11D3-92F3-00D0B709A7D8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="CLSID" VALUE="{00000186-B716-11D3-92F3-00D0B709A7D8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="TypeLib" VALUE="{00000182-B716-11D3-92F3-00D0B709A7D8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{00000185-B716-11D3-92F3-00D0B709A7D8}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Hijacker that will change Internet settings as well as display pop up advertising, sends spam as well.</DESCRIPTION> </SW> <SW NAME="WinMuschi Dialer"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WinMuschi.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CFDStart"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Pornography related dialer that dials high cost numbers usually without user intervention.</DESCRIPTION> </SW> <SW NAME="W32.Wintoo.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Win2Drv"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="NetVizor"> <DIRECTORIES> <DIR NAME="NVClient" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="sysdiag.exe" PATH="PFDir\\nvclient"></FILE> <FILE NAME="NetVizorViewer.exe" PATH="PFDir\\nvclient"></FILE> <FILE NAME="NetVizorViewer.exe" PATH="WinDir"></FILE> <FILE NAME="nvopts.dat" PATH="WinDir"></FILE> <FILE NAME="nvfa.dat" PATH="WinDir"></FILE> <FILE NAME="nvfw.dat" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Commercial keylogger program that will record all actions done on your PC.</DESCRIPTION> </SW> <SW NAME="host.vbs"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="hosts.vbs" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="host"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to modify the HOSTS file. Malware.</DESCRIPTION> </SW> <SW NAME="ClearStream Accelerator"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{d319662b-d5bf-4538-adf3-8d3e36362608}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>known to display pop up advertisements.</DESCRIPTION> </SW> <SW NAME="TROJ_TOMADI.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="BrowserHelper.DLL" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{B549456D-F5D0-4641-BCED-8648A0C13D83}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Performs malicious tasks in the background, known to cause pop up advertisements.</DESCRIPTION> </SW> <SW NAME="W32Sup"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="w32sup.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="w32sup"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Known to cause pop up advertisements.</DESCRIPTION> </SW> <SW NAME="W32.Blaster.C.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="teekids.exe" PATH="SysDir"></FILE> <FILE NAME="teekids.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Microsoft Inet Xp.."></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="W32.Blaster.E.Worm"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="mslaugh.exe" PATH="SysDir"></FILE> <FILE NAME="mslaugh.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows Automation"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="WhistleSoftware"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="whistlehelper.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{27557cf1-a237-496d-8c8f-08f3844c6a8b}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Software known to cause pop up advertising.</DESCRIPTION> </SW> <SW NAME="Winpage Blocker"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="winpage.dll" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{12DF6E3E-6272-4AE8-880B-2158D60791C0}"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Hijacker that will change your Internet Settings.</DESCRIPTION> </SW> <SW NAME="BlazeFind"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="2_0_1browserhelper2.dll" PATH="WinDir"></FILE> <FILE NAME="2_0_1browserhelper2.dll" PATH="SysDir"></FILE> <FILE NAME="2_0_1browserhelper2.dll" PATH="Sys32Dir"></FILE> <FILE NAME="3_0_1browserhelper3.dll" PATH="SysDir"></FILE> <FILE NAME="3_0_1browserhelper3.dll" PATH="Sys32Dir"></FILE> <FILE NAME="5_0_1browserhelper5.dll" PATH="SysDir"></FILE> <FILE NAME="5_0_1browserhelper5.dll" PATH="Sys32Dir"></FILE> <FILE NAME="iesearchbar.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{83de62e0-5805-11d8-9b25-00e04c60faf2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{c5941ee5-6dfa-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{fbed6a02-71fb-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{83de62e0-5805-11d8-9b25-00e04c60faf2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{c5941ee5-6dfa-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{fbed6a02-71fb-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{83de62e0-5805-11d8-9b25-00e04c60faf2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{c5941ee5-6dfa-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="clsid" VALUE="{fbed6a02-71fb-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{83de62e0-5805-11d8-9b25-00e04c60faf2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{c5941ee5-6dfa-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{fbed6a02-71fb-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{83de62e0-5805-11d8-9b25-00e04c60faf2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{c5941ee5-6dfa-11d8-86b0-0002441a9695}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{fbed6a02-71fb-11d8-86b0-0002441a9695}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{71ed4fba-4024-4bbe-91dc-9704c93f453e}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Helper Object that will redirect searches you make.</DESCRIPTION> </SW> <SW NAME="ToonComics"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="dnserr.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Related to pop up advertising.</DESCRIPTION> </SW> <SW NAME="P2P Networking"> <DIRECTORIES> <DIR NAME="p2p networking" PATH="Sys32Dir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="p2p networking.exe" PATH="Sys32Dir\\p2p networking"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="p2p networking"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Enables peer to peer functionality for certain applications.</DESCRIPTION> </SW> <SW NAME="DyFuCA"> <DIRECTORIES> <DIR NAME="dialers" PATH="PFDir"></DIR> <DIR NAME="internet optimizer" PATH="PFDir"></DIR> </DIRECTORIES> <FILES> <FILE NAME="wsem216.dll" PATH="WinDir"></FILE> <FILE NAME="wsem217.dll" PATH="WinDir"></FILE> <FILE NAME="wsem210.dll" PATH="SysDir"></FILE> <FILE NAME="wsem210.dll" PATH="Sys32Dir"></FILE> <FILE NAME="stmtdlr.exe" PATH=""></FILE> <FILE NAME="nem218.dll" PATH=""></FILE> <FILE NAME="preinstt.exe" PATH=""></FILE> <FILE NAME="install.exe" PATH="PFDir\\internet optimizer"></FILE> <FILE NAME="optimize.exe" PATH="PFDir\\internet optimizer"></FILE> <FILE NAME="actalert.exe" PATH="PFDir\\internet optimizer\\update"></FILE> <FILE NAME="actalert.exe" PATH="PFDir\\internet optimizer"></FILE> <FILE NAME="install.exe" PATH="PFDir\\internet optimizer\\update"></FILE> <FILE NAME="optimize.exe" PATH="PFDir\\internet optimizer\\update"></FILE> <FILE NAME="nem214.dll" PATH="WinDir"></FILE> <FILE NAME="wsem218.dll" PATH=""></FILE> <FILE NAME="ssupdate.exe" PATH="Sys32Dir"></FILE> <FILE NAME="ssupdate.exe" PATH="SysDir"></FILE> <FILE NAME="preinstt.exe" PATH="WinDir\\Temp\\thi6026.tmp"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.bhobj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.bhobj.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.sinkobj"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.sinkobj.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="safesurfinghelper.iebho"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="safesurfinghelper.iebho.1"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{cea206e8-8057-4a04-ace9-ff0d69a92297}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{f7f808f0-6f7d-442c-93e3-4a4827c2e4c8}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{d8e25c53-9508-4f5c-9249-d98d438891d5}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="typelib" VALUE="{00211813-6223-4c6a-be8d-4d2676cd1361}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{F7F808F0-6F7D-442C-93E3-4A4827C2E4C8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\explorer\\browser helper objects" VALUE="{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\classes\\clsid" VALUE="{f7f808f0-6f7d-442c-93e3-4a4827c2e4c8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="dyfuca"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="internet optimizer"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="internet optimizer active alert"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\uninstall" VALUE="internet optimizer software installer"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\safesurfing" VALUE="update"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="avenue media"></REGKEY> <REGKEY MAIN="HKEY_CURRENT_USER" SUB="software" VALUE="avenue media"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software" VALUE="fci"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\safesurfing" VALUE="update"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="safesurfingupdate"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DyFuCA"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="DyFuCA Active Alerts"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.bhobj"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.bhobj.1"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.sinkobj"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="dyfuca_bh.sinkobj.1"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="safesurfinghelper.iebho"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="safesurfinghelper.iebho.1"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\run" VALUE="internet optimizer"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Porn dialer known to dial high cost numbers without user consent and Hijacks your internet explorer settings.</DESCRIPTION> </SW> <SW NAME="Search Toolbar"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="searchtoolbar.dll" PATH="Sys32Dir"></FILE> <FILE NAME="searchtoolbar.dll" PATH="SysDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\internet explorer\\toolbar" VALUE="{6a85d97d-665d-4825-8341-9501ad9f56a3}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Browser Helper Object known to cause pop up advertisements.</DESCRIPTION> </SW> <SW NAME="Backdoor.Zinx"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msrege.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="msreg.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="CoolWebSearch.sys"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="sys.reg" PATH="WinDir"></FILE> <FILE NAME="mupdate.exe" PATH="WinDir"></FILE> </FILES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Wide range of different browser hijackers</DESCRIPTION> </SW> <SW NAME="Downloader.Psyme"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="m.exe" PATH="WinDir"></FILE> <FILE NAME="mp.exe" PATH="WinDir"></FILE> <FILE NAME="dp.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that is known to download and execute a file.</DESCRIPTION> </SW> <SW NAME="Dubolom.com"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="svchost.exe"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="olehelp.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>This HiJack's the Home page to Dubolom.com or My-Find.com.</DESCRIPTION> </SW> <SW NAME="Gigex SpeedDelivery"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="gigexagent.dl" PATH="WinDir\\downloaded program files"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{6d5fcfcb-fa6c-4cfb-9918-5f0a9f7365f2}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="clsid" VALUE="{a7798d6c-c6b5-4f26-9363-f7cdbbffa607}"></REGKEY> <REGKEY MAIN="HKEY_CLASSES_ROOT" SUB="interface" VALUE="{c3b2b2af-e11c-4ec5-a9ac-6189992758d8}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\moduleusage" VALUE="c:/windows/downloaded program files/gigexagent.dll"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="software\\microsoft\\windows\\currentversion\\shareddlls" VALUE="c:\\windows\\downloaded program files\\gigexagent.dll"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="gigexagent.gigexctrl"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="gigexagent.gigexctrl.1"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="vxpspeeddelivery.download.1"></REGVALUE> <REGVALUE MAIN="HKEY_CLASSES_ROOT" SUB="" VALUE="vxpspeeddelivery.download"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Download manager known to report activity to a central server</DESCRIPTION> </SW> <SW NAME="IEFEATS.A"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IEFEATSL.DLL" PATH="WinDir"></FILE> <FILE NAME="MSIESH.DLL" PATH="WinDir"></FILE> <FILE NAME="SUBMITHOOK.DLL" PATH="WinDir"></FILE> <FILE NAME="UNINSTALL.EXE" PATH="WinDir"></FILE> <FILE NAME="UNINSTALL.INI" PATH="WinDir"></FILE> <FILE NAME="MSHP.DLL" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="Software\\Microsoft\\Windows\\Current Version\\Runonce" VALUE="iefeats1Update"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>It's a Hijacker that will reset your internet explorer settings</DESCRIPTION> </SW> <SW NAME="MSBLAST.D"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Dllhost.exe" PATH="Sys32Dir\\Wins"></FILE> <FILE NAME="svchost.exe" PATH="Sys32Dir\\Wins"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="RpcPatch"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="RpcTftpd"></REGKEY> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>MSblaster worm widely spread through networks on the internet</DESCRIPTION> </SW> <SW NAME="Trojan.Adclicker/W32.Adclicker.E.Trojan/TrojanClicker.Win32.Qupdate"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="QUpdate.exe" PATH="SysDir"></FILE> <FILE NAME="QUpdate.exe" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Load"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that uses your system resources to send traffic to a predetermined web address</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Gaobot.AA"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Svchosl.exe" PATH="SysDir"></FILE> <FILE NAME="Svchosl.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Winhl32.exe" PATH="SysDir"></FILE> <FILE NAME="Winhl32.exe" PATH="Sys32Dir"></FILE> </FILES> <REGISTRY> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Config Loader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Config Loader"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Attempts to spread through networks and allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="W32.HLLW.Gaobot.gen"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Csrrs.exe" PATH="SysDir"></FILE> <FILE NAME="Csrrs.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Scvhost.exe" PATH="SysDir"></FILE> <FILE NAME="Scvhost.exe" PATH="Sys32Dir"></FILE> <FILE NAME="System.exe" PATH="SysDir"></FILE> <FILE NAME="System.exe" PATH="Sys32Dir"></FILE> <FILE NAME="explored.exe" PATH="SysDir"></FILE> <FILE NAME="explored.exe" PATH="Sys32Dir"></FILE> <FILE NAME="lms.exe" PATH="SysDir"></FILE> <FILE NAME="lms.exe" PATH="Sys32Dir"></FILE> </FILES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="x4"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="a3"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="MpR"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\ControlSet001\\Enum\\Root" VALUE="LEGACY_SOUNDMAN"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\ControlSet001\\Services" VALUE="SoundMan"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Enum\\Root" VALUE="LEGACY_SOUNDMAN"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services" VALUE="SoundMan"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Configuration Loader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Windows Login"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Configuration Loader"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Windows Login"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="^`d}qZxu"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="^`d}qZxu"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Attempts to spread through networks and allows hackers unauthorized access to your PC.</DESCRIPTION> </SW> <SW NAME="w32.Randex.gen"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="msnv32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="msnv32.exe" PATH="SysDir"></FILE> <FILE NAME="IRBMe.exe" PATH="SysDir"></FILE> <FILE NAME="IRBMe.exe" PATH="Sys32Dir"></FILE> <FILE NAME="remove.bat" PATH="WinDir\\temp"></FILE> </FILES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="IRBMe Sucks!!"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="IRBMe Sucks!!"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that is spread using networks</DESCRIPTION> </SW> <SW NAME="Win32.Jeefo.A"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\PowerManager" VALUE="C:\\Windows\\SVCHOST.EXE"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\PowerManager" VALUE="C:\\Winnt\\\\SVCHOST.EXE"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices\\Power Manager" VALUE="C:\\Winnt\\\\SVCHOST.EXE"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="System\\CurrentControlSet\\Services\\PowerManager\\ImagePath" VALUE="C:\\Windows\\svchost.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="System\\CurrentControlSet\\Services\\PowerManager\\ImagePath" VALUE="C:\\Winnt\\svchost.exe"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="System\\CurrentControlSet\\Services\\Power Manager\\ImagePath" VALUE="C:\\Winnt\\svchost.exe"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Worm that is spread using networks</DESCRIPTION> </SW> <SW NAME="WORM_OPASERV.T"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="IASHLPR.EXE" PATH="WinDir"></FILE> <FILE NAME="MPREXE.EXE" PATH="WinDir"></FILE> <FILE NAME="scr.scr" PATH="SysDir"></FILE> <FILE NAME="scr.scr" PATH="Sys32Dir"></FILE> <FILE NAME="BIOS1.EXE" PATH="WinDir"></FILE> <FILE NAME="Winsrv.EXE" PATH="WinDir"></FILE> <FILE NAME="CLICONFG.EXE" PATH="WinDir"></FILE> <FILE NAME="ACTIVEDS.EXE" PATH="WinDir"></FILE> </FILES> <REGISTRY> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="IASHLPR"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="FONTVIEW"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="MPREXE"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Scr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="BIOS1"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Winsrv"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="CLICONFG"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="LoadManager"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="ACTIVEDS"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Worm spread using networks</DESCRIPTION> </SW> <SW NAME="Mirar Toolbar.winnb40"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{159471E5-F30C-434F-A0AB-73BD7D4487BF}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{159471E5-F30C-434F-A0AB-73BD7D4487BF}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{159471E5-F30C-434F-A0AB-73BD7D4487BF}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{159471E5-F30C-434F-A0AB-73BD7D4487BF}"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser" VALUE="{159471E5-F30C-434F-A0AB-73BD7D4487BF}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mirar Toolbar is a toolbar addon for internet explorer. It has the ability to hide, and then re-emerge, making removal difficult and very annoying</DESCRIPTION> </SW> <SW NAME="Mirar Toolbar.winnb41"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5FE0B6C9-F5C1-458E-91B3-0E5358B2F02F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{5FE0B6C8-F5C1-458E-91B3-0E5358B2F02F}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="5FE0B6C9-F5C1-458E-91B3-0E5358B2F02F}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{5FE0B6C8-F5C1-458E-91B3-0E5358B2F02F}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mirar Toolbar is a toolbar addon for internet explorer. It has the ability to hide, and then re-emerge, making removal difficult and very annoying</DESCRIPTION> </SW> <SW NAME="Mirar Toolbar.winnb42"> <DIRECTORIES> </DIRECTORIES> <FILES> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{97852E81-5BE4-4F90-B24F-0947E44761A2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{97852E80-5BE4-4F90-B24F-0947E44761A2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{97852E81-5BE4-4F90-B24F-0947E44761A2}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{97852E80-5BE4-4F90-B24F-0947E44761A2}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mirar Toolbar is a toolbar addon for internet explorer. It has the ability to hide, and then re-emerge, making removal difficult and very annoying</DESCRIPTION> </SW> <SW NAME="Mirar Toolbar.winnb51"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="WinDmy.dll" PATH="SysDir"></FILE> <FILE NAME="WinDmy.dll" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar" VALUE="{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mirar Toolbar is a toolbar addon for internet explorer. It has the ability to hide, and then re-emerge, making removal difficult and very annoying</DESCRIPTION> </SW> <SW NAME="Backdoor.Autoupder"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="Ausvc.exe" PATH="WinDir"></FILE> <FILE NAME="Bvt.exe" PATH="WinDir"></FILE> <FILE NAME="Mnsvc.exe" PATH="WinDir"></FILE> <FILE NAME="Absr.exe" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{6541B981-2E27-46B1-A2CC-8264A75B74FE}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{868B015F-3515-44DB-B0AD-182CD058985E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{9A05FE9B-5B52-4D13-A77D-FA7C38557A8E}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{BAE85C97-2CD4-45C3-A1ED-E4CEF7C6AA52}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{C76BE992-2BC3-41A4-8B87-A8C01FE419A7}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{FBE091E5-DF43-4FFB-AECC-7E3A3BC7B0D9}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\CLSID" VALUE="{F53C844A-D9C8-4E92-B923-C05B46C4A7E3}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\AppID" VALUE="{8B034058-08B0-4CB3-B2E8-60238B4967F2}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\CLASSES\\TypeLib" VALUE="{6D8B1B74-4AB8-473B-B479-253FA1936802}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SysScan"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ausvc"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ABsr"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="mnsvc"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Backdoor program that could be used to download additional malicious programs</DESCRIPTION> </SW> <SW NAME="W32.Backdoor.Nibu"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="swchost.exe" PATH="SysDir"></FILE> <FILE NAME="netda.exe" PATH="SysDir"></FILE> <FILE NAME="load32.exe" PATH="SysDir"></FILE> <FILE NAME="Vxdmgr32.exe" PATH="SysDir"></FILE> <FILE NAME="swchost.exe" PATH="Sys32Dir"></FILE> <FILE NAME="netda.exe" PATH="Sys32Dir"></FILE> <FILE NAME="load32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Vxdmgr32.exe" PATH="Sys32Dir"></FILE> <FILE NAME="Rundllw.exe" PATH="SysStartup"></FILE> <FILE NAME="Dllreg.exe" PATH="WinDir"></FILE> <FILE NAME="Windrive.exe" PATH="WinDir"></FILE> <FILE NAME="Guid32.dll" PATH="WinDir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="load32"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that allows unauthorized persons access to your PC</DESCRIPTION> </SW> <SW NAME="W32.Naco.C@mm/ W32/Naco.d@MM"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="ANACON32.EXE" PATH="SysDir"></FILE> <FILE NAME="ANACON32.EXE" PATH="Sys32Dir"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\CurrentControlSet\\Services\\lanmanserver\\Shares" VALUE="HACKERz"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\ControlSet001\\Services\\lanmanserver\\Shares" VALUE="HACKERz"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SYSTEM\\ControlSet002\\Services\\lanmanserver\\Shares" VALUE="HACKERz"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="ALM"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="SysAnacon32"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="Services"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="Under20"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Mirabilis\\ICQ\\Agent\\Apps\\Administrator" VALUE="Enable"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Mirabilis\\ICQ\\Agent\\Apps\\Administrator" VALUE="Parameters"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Mirabilis\\ICQ\\Agent\\Apps\\Administrator" VALUE="Path"></REGVALUE> <REGVALUE MAIN="HKEY_CURRENT_USER" SUB="SOFTWARE\\Mirabilis\\ICQ\\Agent\\Apps\\Administrator" VALUE="Startup"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Mass mailing worm that will spread itself using your email addresses and slow down your PC.</DESCRIPTION> </SW> <SW NAME="Bubba.wintools or Adware-WinTools"> <DIRECTORIES> <DIR NAME="WinTools" PATH="PFDir\\Common files"></DIR> </DIRECTORIES> <FILES> <FILE NAME="WToolsA.exe" PATH="PFDir\\Common files\\WinTools"></FILE> <FILE NAME="WSup.exe" PATH="PFDir\\Common files\\WinTools"></FILE> <FILE NAME="WToolsS.exe" PATH="PFDir\\Common files\\WinTools"></FILE> <FILE NAME="WToolsB.dll" PATH="PFDir\\Common files\\WinTools"></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Classes\\CLSID" VALUE="{87766247-311C-43B4-8499-3D5FEC94A183}"></REGKEY> <REGKEY MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects" VALUE="{87766247-311C-43B4-8499-3D5FEC94A183}"></REGKEY> </KEYS> <VALUES> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" VALUE="WinTools"></REGVALUE> <REGVALUE MAIN="HKEY_LOCAL_MACHINE" SUB="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices" VALUE="WinTools"></REGVALUE> </VALUES> </REGISTRY> <DANGER_LEVEL>1</DANGER_LEVEL> <DESCRIPTION>Believed to be associated with adware and spyware installation mechanisms.</DESCRIPTION> </SW> <SW NAME="Worm.P2P.SpyBot.gen/webtoolmaster/zymola 1"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="19f80cf346d09aecf6c6b7c3aeaf2d52.exe" PATH=""></FILE> <FILE NAME="35db5fddecf94e788b413de0c6c0d711.exe" PATH=""></FILE> <FILE NAME="4e1fd18f867070053583a46fa448d698.exe" PATH=""></FILE> <FILE NAME="892f7e4df6639c1b68efe0aef02fa5cc.exe" PATH=""></FILE> <FILE NAME="e4785b269ae24f3ccc5991c18a345672.exe" PATH=""></FILE> <FILE NAME="fa40b88c3ef5a84c54faf8871b9e419f.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen[2].exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen[3].exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen[5].exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen_(56).exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.gen_(92).exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that allows unauthorized persons access to your PC</DESCRIPTION> </SW> <SW NAME="Worm.P2P.Spybot"> <DIRECTORIES> </DIRECTORIES> <FILES> <FILE NAME="c5f33afa0c8e4f1d55584fb2c69dbe44.exe" PATH=""></FILE> <FILE NAME="e389043030e9c8ef75b5885911cb6518.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.a.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.aa.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ab.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ag.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.am.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ao.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.au.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ax.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.bm.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.bn.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ce.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.ch.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.cj.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.cy.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.d.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.dl.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.f.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.j.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.k.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.m.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.n.exe" PATH=""></FILE> <FILE NAME="worm.p2p.spybot.s.exe" PATH=""></FILE> </FILES> <COOKIES> </COOKIES> <REGISTRY> <KEYS> </KEYS> <VALUES> </VALUES> </REGISTRY> <DANGER_LEVEL>2</DANGER_LEVEL> <DESCRIPTION>Trojan horse that allows unauthorized persons access to your PC</DESCRIPTION> </SW> </NA>