Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Adtool.MyWebSearch Analysis Report
Threat Submitted On: 10 Nov 2008
Threat Analysed On: 11 Nov 2008
Threat Updated On: 11 Sept 2009
Type : Adtool
Symptoms of tofger
  • Fetches the information related to the user-activities.
  • Records keystrokes, websites visited, clipboard etc. and takes the snapshots.
  • Sends the recorded information to the attacker.
Information
Alias : [Not Available]
Md5 Hash : [3fbaf2007347aa1ff453e397a11db7ec]
File Size : [Not Available]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [RandomName].exe
Path : %workingdir%

Md5Hash :1379acd0ced4b68b1bc64df813a38f93 ( 3072 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :23042564a51dbde430c9b7bcbf5665af ( 3072 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :2512a55b3fc9f4cf8043ad8308b72567 ( 14336 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :2f16f92e92ec173f2b73e8b6b574560e ( 31232 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :38483c08a365e28e135bc067e37b8937 ( 6144 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :57c7694997c1cc14d23132a13a5725b6 ( 3072 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :8f19019a64893c8d098bc01d89df1ce3 ( 5120 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :d48b88df44ee56d64f7bf1d15d27da27 ( 8192 bytes)
File: [RandomName].exe
Path : %workingdir%

Md5Hash :eaa5ae27ebc605e1915b50fb9519a05b ( 3072 bytes)
File: exploit.mhtredir.html
Path : %workingdir%

Md5Hash :f8864456dabe3581090a793c18f76a0c ( 2932 bytes)
File: amrto32.dll
Path : %windir%

Md5Hash :860a9695a2cce9613eb8731b688c8a29 ( 3072 bytes)
File: dorta32.dll
Path : %windir%

Md5Hash :c287d190f176bc255704d7c6a50012d4 ( 7000 bytes)
File: doru32.dll
Path : %windir%

Md5Hash :37228b7041aacfa33eff78773f747d90 ( 3072 bytes)
File: durta32.dll
Path : %windir%

Md5Hash :51619239d3186bada9cf2ae18c00429a ( 3072 bytes)
File: durto32.dll
Path : %windir%

Md5Hash :a62ef0e0a7da67351c6d22a18f02d4f8 ( 3072 bytes)
File: msrt32.dll
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
391f2420097647a3ee0318252d614cdc ( 3072 bytes)
bdfcb8b08a2a2b9490420c10bf7c14b3 ( 3072 bytes)
File: msto32.dll
Path : %windir%

Md5Hash :106542e56412f98a0c71288813194c33 ( 3072 bytes)
File: openfi.ini
Path : %windir%

Md5Hash :01f5641239c88d486028c4fecab2169d ( 42 bytes)
File: sachost.exe
Path : %windir%

Md5Hash :3178bd56b1bbace063f867f3cf879f83 ( 10000 bytes)
File: slchost.exe
Path : %windir%

Md5Hash :186d411aab32a77cdd5904f84ca66027 ( 11000 bytes)
File: suchost.exe
Path : %windir%

Md5Hash :3d24f206380b7313b5b81fa6f6a899e2 ( 13000 bytes)
File: sufer32.dll
Path : %windir%

Md5Hash :1aa8d2803c05c0db9b576fbc8a386675 ( 6000 bytes)
File: svahost.exe
Path : %windir%

Md5Hash :6eb1c29b8925d972ffec342d32d3cc19 ( 9216 bytes)
File: svchost.exe
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
129c20eb71d3706841f2fd2830a1b4de ( 12000 bytes)
470983937700c7a39ee91535479f746b ( 8192 bytes)
5e91a831e39ddf431bb97d32cde08ccf ( 13824 bytes)
735b6e3481599802ee41607dbdc834a5 ( 12000 bytes)
9830c705476c0c1908aa5ab840022b9c ( 17000 bytes)
9d9af6e5f4d9973c808eaa4344ed8fd0 ( 12000 bytes)
File: sxchost.exe
Path : %windir%

Md5Hash :bee722ac1dd1ac67d3f55d8e9d1e3646 ( 8704 bytes)
File: 105890.exe
Path : %windir%\system32

Md5Hash :aba319e852bc2599bf87eac0af30001b ( 10274 bytes)
File: 107781.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 136812.exe
Path : %windir%\system32

Md5Hash :488bce67cb375cffc39fb74b4bbf59a0 ( 10274 bytes)
File: 150390.exe
Path : %windir%\system32

Md5Hash :1720b0edeeae43d271e1842c2f39f154 ( 10274 bytes)
File: 153546.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 176406.exe
Path : %windir%\system32

Md5Hash :6e46b3932d9348cb45d733f0f44b9cc2 ( 10417 bytes)
File: 177984.exe
Path : %windir%\system32

Md5Hash :158c481385ce118d3b9eea4874cbc8e6 ( 9341 bytes)
File: 183875.exe
Path : %windir%\system32

Md5Hash :2d9d5da236bb2853eae10d8234910737 ( 10274 bytes)
File: 187062.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 200265.exe
Path : %windir%\system32

Md5Hash :7bce780b4dce2ad9118780cf55354668 ( 9341 bytes)
File: 230203.exe
Path : %windir%\system32

Md5Hash :661f182beb4a449354a4427dbaae2536 ( 9664 bytes)
File: 254109.exe
Path : %windir%\system32

Md5Hash :5f7e1f338710bc3dba9fe58a0fbfe1f9 ( 9664 bytes)
File: 447875.exe
Path : %windir%\system32

Md5Hash :7fc4fedfe896848493599970e10ca6d9 ( 9663 bytes)
File: 492750.exe
Path : %windir%\system32

Md5Hash :b3d7fb68c3a1c8d3fed9957691cb1dc5 ( 9663 bytes)
File: 69890.exe
Path : %windir%\system32

Md5Hash :07452e7f0f2b7f06f3762d736f717c6a ( 10274 bytes)
File: 70546.exe
Path : %windir%\system32

Md5Hash :0350885f96d024720f73328f6ba82709 ( 8110 bytes)
File: 73062.exe
Path : %windir%\system32

Md5Hash :d3d179930c45086cc4b1cb6c789aff11 ( 10417 bytes)
File: 73843.exe
Path : %windir%\system32

Md5Hash :b351c6058a6e73e78e3731f189638f32 ( 8110 bytes)
File: 74859.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 75906.exe
Path : %windir%\system32

Md5Hash :968873a1f795cb0461856f4617679d71 ( 10417 bytes)
File: 77265.exe
Path : %windir%\system32

Md5Hash :f5e602b4639b7249c8b6aec7d5656b02 ( 10274 bytes)
File: 78015.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 78328.exe
Path : %windir%\system32

Md5Hash :b6e29ff7d50498ac2ead17e42f8fcee5 ( 10274 bytes)
File: 79000.exe
Path : %windir%\system32

Md5Hash :3ebf60220d2a44d1284303bbcaee1fc2 ( 10274 bytes)
File: 79859.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 81359.exe
Path : %windir%\system32

Md5Hash :d3a32afe2e7e2094ebc487afd39c0d97 ( 10274 bytes)
File: 82109.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 83968.exe
Path : %windir%\system32

Md5Hash :e70ef7b2704198bd9b6a964a8a035a3d ( 10274 bytes)
File: 84890.exe
Path : %windir%\system32

Md5Hash :0fa18efe155bb737118a766b867f2838 ( 9806 bytes)
File: 86218.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 87156.exe
Path : %windir%\system32

Md5Hash :1d1f0329050f7029a44d2d1fc697370a ( 9341 bytes)
File: 87875.exe
Path : %windir%\system32

Md5Hash :c6a38a7b197c4d938779e6a645d3fb81 ( 9664 bytes)
File: 88156.exe
Path : %windir%\system32

Md5Hash :182c490f64d0649015647a2e516828b0 ( 9663 bytes)
File: 89156.exe
Path : %windir%\system32

Md5Hash :80eace93f2331dcd44b8ec822ee13b32 ( 10417 bytes)
File: 92671.exe
Path : %windir%\system32

Md5Hash :b0f9cd8df2febeb2770f0f55487afcb5 ( 9664 bytes)
File: 93031.exe
Path : %windir%\system32

Md5Hash :aa53ad242586e80486febd606dda9867 ( 9341 bytes)
File: 94000.exe
Path : %windir%\system32

Md5Hash :654af2b0537a1c9fecf8ec41a9eab46e ( 10274 bytes)
File: 94734.exe
Path : %windir%\system32

Md5Hash :( bytes)
File: 98531.exe
Path : %windir%\system32

Md5Hash :2a2eb8981bd60c51820bfd388b86b695 ( 10274 bytes)
File: dsrte32.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
7c8bae99c41b2864e69b8a9ac4d3ee71 ( 7680 bytes)
8b3d5a4be06665c20583739b4a963ab5 ( 7680 bytes)
9eca78f9cae534c3b18d9d06c33fb7a6 ( 7680 bytes)
b3b50163f5489cc88f07f826647d7aef ( 9000 bytes)
c80f2689c155fecfae35df6dba049783 ( 7680 bytes)
e3e4b236f1f233cf0bfe7c4d5af7be9c ( 7680 bytes)
f2f906f208160a57891129ffca6fc2fc ( 7680 bytes)
File: getex.exe
Path : %windir%\system32

Md5Hash :8399b47dee12bb988c25400d342c6619 ( 8000 bytes)
File: 51750.xlf
Path : %windir%\system32\pikold

Md5Hash :( bytes)
File: 96671.xlf
Path : %windir%\system32\pikold

Md5Hash :( bytes)
File: porte32.dll
Path : %windir%\system32

Md5Hash :ac6c869db7508958db96eff8db051175 ( 8000 bytes)
File: spchost.exe
Path : %windir%\system32

Md5Hash :08374371758823e7da973ba0d76bc313 ( 8004 bytes)
File: stfer32.dll
Path : %windir%\system32

Md5Hash :4366182cfb98fc308218301415d6143a ( 6000 bytes)
File: surte.exe
Path : %windir%\system32

Md5Hash :8d293d32a40c3470fb2807ff70ea4437 ( 559 bytes)
File: svchosts.exe
Path : %windir%\system32

Md5Hash :7413895fb2fc73155145756eae73b070 ( 8704 bytes)
File: system.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1214804123bf90219a822075e1fcd153 ( 9220 bytes)
4b6c74f020d3ec42d7890267be95f791 ( 9216 bytes)
50b18f568db86647a7bc0f9997094574 ( 9216 bytes)
66e8512d052576af5fbf05dad217e2b6 ( 9216 bytes)
6a4908581bb74c467b444b59cfc52e94 ( 10004 bytes)
709babda91ad3e01789cd7ec7b202589 ( 9216 bytes)
8b846fdf1003393443a2ac4eb25a807c ( 9216 bytes)
ab14a2ffb5f492bb4830a95b5a45ab59 ( 9216 bytes)
b9316f2b4d69a140529f8ae379583ae2 ( 9216 bytes)
File: wdind.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
3a99707f0fb3d2edcb66d55ae3f2fc05 ( 8 bytes)
99359502014016182aff5f0f28e92e84 ( 8 bytes)
a0c0362b2440f2c5465cd1d30381063a ( 8 bytes)
c05c2516e9340a2707629af85ceb4611 ( 8 bytes)
c4cdc46e89fb1c4e93634d3bb361cf95 ( 8 bytes)
cd8aa91b44edbd6134856a5f54431353 ( 8 bytes)
df42968a55fdad5252a5cbd912b0057f ( 8 bytes)
e88b4a1511b7b905036312b1528333d1 ( 8 bytes)
File: wmini.exe
Path : %windir%\system32

Md5Hash :5a87f9065dcc310a9c70fdea98045cf5 ( 3584 bytes)
File: wmsro32.dll
Path : %windir%\system32

Md5Hash :781f12418dfda3a3a851dd2036225de7 ( 3072 bytes)
File: wzind.dll
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
14165658c2af5378794172c3d8b9b4d0 ( 8 bytes)
150ad61565eea3031212e664c4787338 ( 8 bytes)
1f30a2a9ab25a04fc91efa0799cd8369 ( 8 bytes)
51108f59b9d18af3cae2d35b4833b5c8 ( 8 bytes)
6ae12bdb89d25233e7483eb858e6a3b4 ( 8 bytes)
ad8cebc9539b60416760ade49aab8757 ( 8 bytes)
b4131dcfef86c8a42d995a41144a7c8b ( 8 bytes)
c003937980ecee4992fe740e4e7b2778 ( 8 bytes)
fea3bad17affa980b0e1b6a74ee228fc ( 8 bytes)
File: vhchost.exe
Path : %windir%

Md5Hash :4c04b928c70b0cdd595b3f704fedf70c ( 15000 bytes)
File: wmsro32.dll
Path : %windir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2bccb18f29a254c3b3306a655c87be0a ( 3072 bytes)
7ab3d0ba293e43747e37e1e77d67d50d ( 3072 bytes)
File: wmsto32.dll
Path : %windir%

Md5Hash :8c2e6ebd96b9b13e7617f7b0f36d9691 ( 3072 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
009bc5b47d3165e039c48a36f1d99ba8 ( 17408 bytes)
00df19798aabe0efb2d70e62d78871b4 ( 7682 bytes)
01a937e22ee5937bacf00dbba5db2149 ( 13000 bytes)
02d46959aa2fb99b57a3b92ccc4d6874 ( 9218 bytes)
0319228a31fc315f4d47d5f8474127a4 ( 8194 bytes)
05e22270737f894bee4518c6d3dde8fe ( 48755 bytes)
06692560ea548ea8d7897aaeb1b5cb8f ( 45395 bytes)
091a2943cb7f6c6c5773aee7bd986469 ( 11000 bytes)
09ff8c8150394ba18644db9af027ba2d ( bytes)
0a28f52fa2cc46b81e4de542f723884a ( 7002 bytes)
0c9936806eb70806043c29aad6c6d0ec ( bytes)
0cedb6820c61382115ea7be7917cff33 ( 12802 bytes)
117831659b22c4c3d8bfbf233555fc0a ( 14850 bytes)
156950b261f4f98ce2de2c9d393c8272 ( 3072 bytes)
166afdad0ff04afe03f17e8e0f2d8e97 ( 69636 bytes)
1713100ba82bf863a324658277e32892 ( 27166 bytes)
1b734321c6d1433b2dc961d4e099ee4a ( 12002 bytes)
1ca9ee0f3b2ab1d1058803ff9bb58864 ( 16386 bytes)
1e4ee4353e001b5c2f62baa0e1753fd8 ( 9218 bytes)
214ee9054a598c87b36cda6da511bf35 ( 45395 bytes)
24474e2eeafc7796e3d75fa8edc7fb96 ( 13002 bytes)
281fd3d4e8eed76b012da097ae975b52 ( 6002 bytes)
28659c1f9652f5eb44f18236c428caeb ( 8704 bytes)
2aa708bd9afaa4937597ce780b6473fd ( 12288 bytes)
2c0cd67963bdbfbd88edffe755679e85 ( 45002 bytes)
2c340a94ba5971ea746001e135ab50c8 ( 6002 bytes)
2dd58b4175cae305456ead9e111f8ca9 ( 7680 bytes)
2e2fea8a9fe09c090e5ab3084f9e88f8 ( 9216 bytes)
2e729bd9ceeccef87d886b00cbc81fbd ( 6146 bytes)
2ebf14d9be9ba949616a2aa2855aa90b ( 13005 bytes)
2ed087a0a36f619fef41e9164de3c0a0 ( bytes)
2f30cfb6a7c9a182d46120408aadf6ce ( 9002 bytes)
3124defe4e2ed7086b23c0cba44cc6d0 ( 12000 bytes)
35f75051dcd4458dc584fc49b513bc21 ( 8194 bytes)
366c1f1b4773b8d135571da0604542fe ( 9002 bytes)
37081c51ab6dc99915d082d14353a272 ( 7476 bytes)
39f05e790162c64d3f31caf0739b99a6 ( 67428 bytes)
3f20ed0cb2ecf1884b34c0c1bc2750b0 ( 4610 bytes)
3fbaf2007347aa1ff453e397a11db7ec ( bytes)
4172f22fd4c6b6d5fad34c4d94666ed1 ( 12002 bytes)
417c287c9732180bd323ceb4dc081291 ( 4394 bytes)
42a633889dd807196ab91b8347831b1f ( 69637 bytes)
42cbb249b82452d9ec7cd6f985f76d32 ( 8706 bytes)
43450cb4e0212087bae1087e5648392d ( 45058 bytes)
4366182cfb98fc308218301415d6143a ( 6000 bytes)
45062fb4af74eb04bf35d39627836cdb ( 3072 bytes)
4a7596a6141f03940da67f7140c065b4 ( 4000 bytes)
4b2594bd78ff3b35ad319acb9de4fb36 ( 9002 bytes)
4b6c74f020d3ec42d7890267be95f791 ( 9216 bytes)
4c484b04a30ee0a880ef2647763684f7 ( 178688 bytes)
4c789bddde5baf5096829de7d313b964 ( 3074 bytes)
4d08b44fa11d537c605806d3f227d5cd ( 48759 bytes)
4da80ba42a19ab390b6b0b2fa37d87ac ( 19973 bytes)
4e76e6274fe3a5733b7d76bbdc168795 ( 12006 bytes)
4ea6f21774f3d87fd5b9be7e9536657c ( 12006 bytes)
4f941a5a19a1b9f03b90dbda46b14bb9 ( 15600 bytes)
50b18f568db86647a7bc0f9997094574 ( 9216 bytes)
50e82fb7c1e324cb402b5dccaef28300 ( 178690 bytes)
51dcd8110c255e2b8877bbb04b8ea867 ( 8704 bytes)
532a963c50f9602e74be8ce0804d9d8e ( 9728 bytes)
5370b0b5364b07f2fb3416bb7a82ed53 ( 6144 bytes)
53cf7c934677b14ef1dde93b0757532c ( 39447 bytes)
587bfcb7d
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
deafult progra = "%windir%\svchost.exe"
|__ Value Added :
Default Operation = "%WINDIR%\vhchost.exe"
|__ Value Added :
Omline Service = "%WINDIR%\suchost.exe"
|__ Value Added :
online service = "%windir%\svchost.exe"
|__ Value Added :
online systems = "%windir%\svchost.exe"
|__ Value Added :
onlune sarvice = "%windir%\sachost.exe"
|__ Value Added :
Sastem Restore = "%WINDIR%\svahost.exe"
|__ Value Added :
systems restart = "%windir%\slchost.exe"
|__ Value Added :
systems restart = "%windir%\system32\spchost.exe"
|__ Value Added :
upgrade service = "%windir%\sxchost.exe"
|__ Value Added :
windows startup = "%windir%\svchost.exe"
|__ Value Added :
windows stortup = "%windir%\svchost.exe"
|__ Value Added :
windows stortup = "%windir%\svchost.exe"
|__ Value Added :
windows update software = "%windir%\system32\system.exe"
Creates the following child process(s) on execution:

%windir%\system32\system.exe

services.exe

%programfiles%\internet explorer\iexplore.exe http://www.v61.com/cgi-bin/counter/processor?losthttp://www.v61.com/cgi-bin/counter/processor?boxhttp://www.xxxsoft.com/free-tour/index4.phphttp://www.mysexweb.com/down1/file.php?ip=%s&id=%s&exe=1

%programfiles%\internet explorer\iexplore.exe http://www.v61.com/cgi-bin/counter/processor?boxhttp://www.xxxsoft.com/free-tour/index4.phphttp://www.mysexweb.com/down1/file.php?ip=%s&id=%s&exe=1

%workingdir%\a.bat %workingdir%\[random name].exe

Tries to Download Files from the following links :-

http://www.mysexweb.com/down1/file.php?ip=10.10.32.3&id=c32a6181&exe=1

http://www.mysexweb.com/down1/file.php?ip=10.10.32.3&id=c32a6181&exe=2

http://x-moovie.com/down2/file.php?ip=10.10.32.3&id=c32a6181&exe=3

Creates the Following MUTEX(s) on user's System:-
raspbfile
shell.cmrupidllist
msratingmutex
ctf.lbes.mutexdefaults-1-5-21-3940780282-119073973-2237615918-1010
ctf.compart.mutexdefaults-1-5-21-3940780282-119073973-2237615918-1010
ctf.asm.mutexdefaults-1-5-21-3940780282-119073973-2237615918-1010
ctf.layouts.mutexdefaults-1-5-21-3940780282-119073973-2237615918-1010
ctf.tmd.mutexdefaults-1-5-21-3940780282-119073973-2237615918-1010
msimgsizecachemutex
_!shmsfthistory!_
Tries To Connect to The Following Urls:-
Http_Version :http/1.1
69.64.155.111/down1/file.php?ip=10.10.32.3&id=c32a6181&exe=1
Http_Version :http/1.1
69.64.155.111/down1/file.php?ip=10.10.32.3&id=c32a6181&exe=2
Http_Version :http/1.1
208.73.210.32/down2/file.php?ip=10.10.32.3&id=c32a6181&exe=3
Http_Version :http/1.1
207.189.104.86/index_main.php
Http_Version :http/1.1
207.189.104.86/menu.html
Http_Version :http/1.1
207.189.104.86/top.php
Http_Version :http/1.1
207.189.104.86/main.php
Http_Version :http/1.1
125.23.216.208/sd?s=80255&f=1
Http_Version :http/1.1
125.23.216.208/sd?s=80255&f=1&c=1
Http_Version :http/1.1
209.85.153.164/apps/domainpark/domainpark.cgi?s=dorkodrom.com&cid=ca-dp-oversee26_snap_3ph
Http_Version :http/1.1
209.85.153.104/images/x.gif
Http_Version :http/1.1
69.64.155.119/4637acb1-6cef-4f08-8254-0175979a50cc.ippi?g=4637acb1-6cef-4f08-8254-0175979a50cc
Http_Version :http/1.1
69.64.155.119/intraff.com.js
Http_Version :http/1.1
125.23.216.202/images/shared/rellinkbkg.gif
Http_Version :http/1.1
125.23.216.202/images/themes/t101/bullets/0006.gif
Http_Version :http/1.1
125.23.216.202/images/misc/trk.gif?category=&keywords=
Http_Version :http/1.1
125.23.216.202/images/misc/blank.gif
Http_Version :http/1.1
125.23.216.202/images/themes/t101/buttons/0006.gif
Http_Version :http/1.1
206.191.161.97/gateway/gw.js?csid=f08747
Tries To Connect's to the following IP Address(s) through UDP(User DataGram Protocal) :-

127.0.0.1

NOTE:

2. %workingdir% Refers to the current directory in which user is working.
3. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.