My Virus Info

I carry these items with me on service calls and I need to keep track of what is what. IF you can use the info have at it. Please search the Web for more info and/or the latest versions of these programs before using them. Some of them should only be used IF requested by a knowledgeable Professional -or- Friend -or- Relative. And some of them may be Operating System(OS) specific. We have many forms of Windows out there. Make sure it will work on your version!!

Warning! Warning!
When you are searching the Web, DO NOT, I repeat, DO NOT allow any program to automagically install anything on your PC. IF it says you have a Virus ... you probably don't ... UNTIL ... you load their program!! Check with a knowledgeable compatriot BEFORE loading anything. Some of these look -and- sound very official... -but- they are not.
Two of them are: Windows Police Pro and Windows XP Recovery
DO NOT click the OK button.
Get out by closing the Browser IF neccessary.
Just DO NOT let it load -or- you will probably be calling me or one of my fellow fixers.

    For all virus trouble shooting the first thing to do is turn off System Restore if your system has it. We don't want to go thru all these procedures only to have them re-appear because of the restore file(s). You can turn it back on when done, if you so desire.
How-to in Windows XP: Disable Sys Restore in XP
How-to in Windows Vista and 7: Disable in Vista and 7

To use the F8 key to start Windows in Safe mode

There are times when you will be requested to start Windows in a 'Safe Mode'. Safe mode lets you turn off unnecessary computer programs so that you can find the cause of a problem. Many programs that start with Windows will not start. There is a selection that lets you start Safe Mode with Networking. Don't use this unless instructed to do so. Sometimes you will need this mode to get Anti-Virus program updates while in Safe Mode.
  1. Restart the computer.
  2. When you see the black-and-white Starting Windows screen, start tapping the F8 key.
    (If tapping doesn't work, then press and hold the F8 key.)
  3. In the Windows Advanced Options Menu, select Safe mode if it is not selected.
    If it is not selected, use the arrow keys to select it.
    (Only select the mode with Networking when directed to do so.)
  4. Press Enter.
Windows will then start in Safe mode. (This can take several minutes... a long time anyway.)
And you will see command lines scrolling up the screen. Your final screen will look
different than your normal screen. And when you go back to Normal Mode your screen
icons will probably look messed up.
Nature of the beast ....

    During my recent Net exploits I found this list of Adware culprits. It is generously provided by the folks who produce System Mechanic 7... which I will recommend to my customers.

    A place you must visit is: Freeware Software. You will find a number of tools that can be obtained for ... Free.

Note 17-Feb-10@9:58am : I have learned -but- can not totally verify at this time that three anti programs work well together and will protect your system well. I am putting this here to let others know, so they can try them if desired, and I will add more as I learn/experience more.
Programs are: avast! - ThreatFire - Comodo Internet Security
All 3 are 'Free' for Home use -or- cost for the Pro/Business versions.
From the Net: Using both Avast! and Comodo has worked well for me on both Vista 64 and 32. -But- it appears that you should only use the Comodo Firewall with avast.

A common thought:
  Get rid of the software firewalls and just get a cheap router that has at least NAT and SPI firewall protection.

Use MSconfig to setup for Normal Startup Mode
Vista Cleaning Procedure

             = Good
       = Better
= Great

- A -

aswclnr - avast! Virus Cleaner - free virus & worm removal tool

File: aswclnr.exe

List of known worms
avast! Virus Cleaner is currently (in version 1.0.203) able to identify and remove the following worm families:

Many worms - when activated - create additional working files on your hard disk. Even though these files alone are harmless, they are useless and they should not be there. When avast! Virus Cleaner detects and removes a known worm from your computer, its working/temporary files are removed as well. The same applies for worm-specific registry entries etc.

avast! 4 Home Download

File: avast4setupeng.exe

Note: This product is free for home non-commercial use after registration! at
avast! antivirus software is based on the ALWIL Software Virus, Worm and Trojan horse scanning technology since 1988. The avast! antivirus portfolio includes a number of products, providing effective protection at all levels - from PDAs to large networks.
avast! Home is now Free of charge for HOME users for NON-COMMERCIAL use.
Note: Please see ThreatFire below to use in addition to this.
Home Page:
Works on: Windows 2000, Windows XP, Windows Vista and Windows 7

Ad-Aware - Lavasoft

File: aawsepersonal.exe

Most people are familiar with freeware, shareware, cookies, media players, interactive content, and file sharing. What they may not realize is that some of the aforementioned may contain code or components that allow the developers of these applications and tools to actually collect and disseminate information about those using them.
They can track your surfing habits, abuse your Internet connection by sending this data to a third party, profile your shopping preferences, hijack your browser start page or pages, alter important system files, and can do this without your knowledge or permission. The security and privacy implications of these exploits should be quite obvious and undesirable on any system or network!
Lavasoft is the industry leader and most respected provider of anti Trackware solutions. We have developed several applications that will provide you with the means to keep your computer or network free of these compromising and intrusive threats to your privacy.
Free for non-comercial use only.

Home Page:
Supported Operating Systems:
   Windows 7 (32 and 64-bit), Windows Vista (32 and 64-bit), Windows XP (32-bit), Windows 2000 Pro

Advertisemen Removal

File: RemAdvertisemen.exe
Advertisemen is a new adware out there. described here at Vivid Reflection. Richard from Vivid Reflection sent me the files via Upload Malware and I have now created a quick removal tool for advertisemen. RemAdvertisemen is available here.

Download RemAdvertisemen to a convenient place and double click the remadvertisemen.exe.

Once it is running click the "Start Removal" button and wait for the "Done Removal! Please reboot your computer now." message. Once you see that Click ok and then reboot your computer.


Home Page:
Works on: Windows 2000, Windows XP

Admit One

File: AdmitOne-Install.exe
Admit One - Windows Password Access Manager

Admit One lets you enable and disable all Windows password prompts with just one mouse click - You won't be bothered by passwords while at home, and you'll always be prompted to prevent unauthorized use when on the go. Great for desktop PC's as well, where privacy and security are needed. Admit One - don't leave home without it!


Home Page:
Compatible with: Windows 7, Windows Vista, XP, 2000; 32-bit and 64-bit.


The following Table of info from: Security Stronghold
Threat indicator: HIGH
Name of the threat: ALCAN.B
Command or file name: winupdate.exe
Threat type: Worm
Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)
Download or and unzip it to your desktop.
# Reboot into Safe Mode - Very Important!
# Enter the AlcanFix folder and double-click AlcanFix.bat to run the tool.
# When the tool has finished, please reboot back to normal mode.
This is an extract from the forum for this site.
Appears to be Freeware.

Home Page:


Publisher: SmartLine
Risk Impact: High
File Names: Aports.exe
Systems Affected: Windows 2000, Windows NT, Windows Server 2003, Windows XP

This threat is a stand-alone application, does not drop files, and does not modify the registry. This hack tool displays a Graphical User Interface (GUI) showing the processes and applications as they are mapped to port numbers. Also, it shows the IP address of the user accessing open ports.

The publisher also offers an API for a fee. Aports.exe is freeware in its GUI form.

Home Page: and   ThreatExpert
Works on: (Windows NT/2000/XP)

apt - Freeware process termination tool for Windows NT/2K/XP

   Advanced Process Termination is a simple but powerful utility that provides
   nine (9) different process termination techniques - all at the click of a button.
   Process Guard also has powerful anti-hook capabilities to prevent other programs
   from hooking critical functions (something often done by trojans to prevent their
   processes from being seen or terminated). In addition to process termination, APT
   also allows you to Suspend and Resume processes, and also serves as a useful
   process list utility.

Home Page:
Works on: Windows NT, Windows 2000, Windows XP


File: ATF-Cleaner.exe
ATF-Cleaner.exe was once upon a time just my personal temp file cleaner. There became a need for a good temp file cleaner that could do the job safely and without removing files that are crucial to windows, so I decided I'd share it with the public.

ATF-Cleaner has recently picked up alot of interested in the various communities online.

ATF-Cleaners options are fairly straight forward and its simplicity is part of its charm.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.


Home Page:
This program is for XP and Windows 2000 only.

Autoruns for Windows v9.57

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, (mainly cause it is from Microsoft themselves) shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. Freeware.

Home Page:   Microsoft - Windows Sysinternals
- B -

Bazooka Adware and Spyware Scanner v1.13.01

File: bazookasetup.exe

Bazooka Adware and Spyware Scanner search for CoolWebSearch, Gator, GAIN, Bargain Buddy, CommonName, FlashTrack, IPInsight, n-CASE, NetRatings, SaveNow, Wurldmedia, etc. The complete list is available in the online encyclopedia. To stay up-to-date with the new spyware and adware the latest threat definition is always available from the Bazooka web site.
Bazooka is Freeware and Windows 95/98/ME/NT/2000/XP compatible.

Home Page:   Bazooka SpyWare


File: Free-Spyware-Scanner-Install.exe
BraveSentry is a rogue anti spyware program that hijacks the web browser and it is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. It can also be installed from the BraveSentry website and has been forced onto the computer without EULA and users knownledge of installation. It does not actually detect parasites, but targets harmless system and software objects as threats in attempt to trick the user into purchasing the full version of Brave Sentry. BraveSentry is related to SpySheriff and Spware-no.
Home Page:
  Brave Sentry Removal
This is a detector only. You will need to purchase the removal version.
- C -

CCleaner (Crap Cleaner) & ASC (Advanced System Care)

File: ccsetup228.exe

CCleaner (Crap Cleaner) is a (used to be freeware) system optimisation tool. That removes unused and temporary files from your system - allowing it to run faster, more efficiently and giving you more hard disk space. The best part is that it's fast! (normally taking less that a second to run) and Free. :)

Cleans the following:
Internet Explorer Cache, History, Cookies, Index.dat.
Recycle Bin, Temporary files and Log files.
Recently opened URLs and files.
Third-party application temp files and recent file lists (MRUs).
Including: Media Player, eMule, Kazaa, Google Toolbar, Netscape, Office XP, Nero, Adobe Acrobat, WinRAR, WinAce and more...
Advanced Registry scanner and cleaner to remove unused and old entries.
Including File Extensions, ActiveX Controls, ClassIDs, ProgIDs, Uninstallers, Shared DLLs, Fonts, Help Files, Application Paths, Icons, Invalid Shortcuts and more...
Backup for registry cleaner.
This software is completely Freeware and contains no Spyware.

Home Page: -or- CCleaner Download
  CCleaner Beginers Guide
  CC and ASC Works on: Windows (All Versions)


File: ComboFix.exe
ComboFix is a program written by sUBs, that removes spyware, malware, rogue antispyware apps and Vundo infections. Also it deletes a bunch of files related to the infections and is updated fairly regularly. When Combofix finished, it will produce a report for you. Power user can use the report to search and remove infections that are not automatically removed.
It is suggested you save the program under a different name. Some of these pieces of malware are checking for the names and preventing the anti-virus programs from installing/running. You should also make your first run from SafeMode.
   Use this with caution. And only on 32bit Windows XP.

Home Page:
How-to Use

  Windows Built in System File Checker... sfc /scannow

    This is here to be used in conjunction with -or- instead of the above ComboFix.
Sfc /scannow will inspect all of the important Windows files on your computer, including Windows DLL files. If System File Checker finds an issue with any of these protected files, it will replace it.
It is run from the Command Prompt which you should open with 'Run as Administrator'.
Note: System File Checker may or may not prompt you to restart but even if it doesn't, you should restart anyway.
For: Windows 2000, XP, Vista and Win7

Comodo Internet Security

File: CIS_Setup_3.14.130099.587_XP_Vista_x32.exe
Comodo Internet Security is the free, multi-layered security application that keeps hackers out and personal information in.

Built from the ground upwards with your security in mind, CIS offers 360° protection by combining powerful Antivirus protection, an enterprise class packet filtering firewall, and an advanced host intrusion prevention system called Defense+.

Unlike the stripped down versions of commercial software that other software vendors offer for free, this is the full, completely functional version of the product.

For COMODO internet security, there is a feature that was giving my customers a hard time at first until we found a fix for people that are very novices for computer. The fix is to disable the Proactive Defense, but leave the firewall enabled.
The reason is; that the Proactive Defense was giving out way too many pop ups for any action, any application, on the system took. So, when they wanted to install a new application, such as Quake 4 Arena multiplayer game, they would get dozens of DEFENSE alerts. If you are new to computers and dont have the necesary level of expertise to be able to discern what application is a legiimate application and what should be ‘blocked’, then just disabling the Proactive Defense, just that feature, is a good idea. Afterall, just with the firewall and the antivirus enabled should give you a good protection.
Note: Please see ThreatFire below and avast! above to use in addition to this.
Freeware -or- Pro version for $49/year

Home Page:   Comodo
  Comodo Free Products

Crucial Windows XP Vulnerability Fixer

File: xpdite.exe

   A Critical Security Vulnerability Exists in Windows XP. (Surprise) Actually,
   as we know, there are many, but we'll handle them one at a time. This
   particular vulnerability allows the files contained in any specified
   directory on your system to be deleted if you click on a specially formed
   URL. This URL could appear anywhere: sent in malicious eMail, in a chat
   room, in a newsgroup posting, on a malicious web page, or even executed
   when your computer merely visits a malicious web page. It is already being
   exploited on the Internet.

Home Page:   Gibson Research Corporation


File: cwshredder.exe
A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, and a dozen other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they update, you can use this to completely remove the hijack.
Home Page:   CWShredder
- D -


File: spyhunterS.exe
DyFuCA is a porn dialer that may use your modem to connect to porn servers. When DyFuCA connects to these servers, your phone line may be charged expensive rates. DyFuCA may automatically launch each time you start your computer, and DyFuCA may also download and install other adware and spyware onto your computer without your permission. DyFuCA may be distributed via the Internet as an Internet Optimizer Utility.
Free to try; $29.99 to buy

Home Page:   spyhunterS

Disabling services in Windows 2000 and XP Professional

Services are programs that run in the background and take in requests over the network from other computers. Microsoft ships Windows 2000 and XP Professional with many different services enabled that you will never have any use for. More to the point, a lot of these services were poorly written and will happily take in bad requests, such as "delete all the files on the hard drive", or, "blanket the screen with pornographic spam messages".

This section details how to turn off various unused services on your computer. In addition to making your computer run a little faster, your computer will also be somewhat safer. If you have decided to keep a firewall running, then most malicious traffic to these services will be blocked. However, adding another layer of redundancy to secure your machine is always recommended.

Disabling the Messenger Service

File: shootthemessenger.exe

Disabling the messenger service will prevent the possibility of an attack through this service. There are already documented, unpatched vulnerabilities that take advantage of a Messenger service buffer overflow. You can disable the messenger service by performing the following:

If the Messenger service is currently enabled on the system, you will be prompted as to whether you want to disable it. To do so, click the Disable Messenger button.

Disabling DCOM

File: DCOMbob.exe

Microsoft's DCOM really is useless to the average user. DCOM's insecurity is the culprit for the Blaster and Welchia worms which currently pose such a huge problem for Windows users everywhere. Thus it is common sense to disable DCOM even on a patched machine. It should be noted that another DCOM vulnerability was found just a short time after the first patch was released. Why bother repeatedly patching a useless piece of software when one can disable it in just a few seconds?

Click on the DCOMbobulate Me! tab, then click the Disable DCOM button. The changes will take effect on your next restart.

Disabling the Universal Plug and Play service

File: upnp.exe

Universal Plug and Play is not related the the Plug and Play hardware standard. It is a network service which effectively opens ports on your machine which have been proven in the past to be insecure. Although it is automatically started by default on all Windows XP machines, this service is not widely used and it is unlikely that you will need it. It is recommended to be disabled.

If the UPnP service is currently enabled on the system, you will be prompted as to whether you want to disable it. To do so, click the Disable UPnP button.

Disabling the Windows Scripting Host

File: Noscript.exe

One preventive measure that you can take to protect yourself from viruses that come as .vbs attachments is to disable or uninstall the Windows Scripting Host (WSH). Because Windows Scripting Host is an optional part of Windows, it can be safely removed from your computer. This feature can easily be re-installed if it is required in the future. Remember that there are many other viruses that do not use the Windows Scripting Host, so it is critical that you continue to use Symantec Antivirus protection with the most up-to-date virus definitions.

  • Download the Symantec Noscript.exe utility to a folder on the hard disk.
  • Double-click the Noscript.exe icon. The Norton Script Disabler/Enabler appears.

If the WSH is currently enabled on the system, you will be prompted as to whether you want to disable it. To do so, click Disable, and then click OK.

Disable WinXP and 2000 raw sockets

File: socketlock.exe

   As part of my struggle to convince Microsoft not to ship Windows XP with
   full raw sockets, I created this "SocketLock" utility. It easily enables
   and disables the system's raw socket capabilities to show that, contrary to
   Microsoft's claims, raw sockets are not, and never were, needed by any
   applications or users.

Home Page:   Gibson Research Corporation
- E -


File: EClea2_0.exe
EasyCleaner is a small program which searches the Windows registry for entries that are pointing nowhere. EasyCleaner also lets you delete all kinds of unnecessary files such as temps and backups. You can search for duplicate files and you can view some interesting info about your disk space usage! You are also able to manage startup programs, invalid shortcuts and add/remove software list.

Home Page:   Easy Cleaner
Up to and including Windows XP.

Error Nuker

File: ErrorNukerInstaller.exe

   Let Error Nuker, your amazing FREE PC Diagnostics tool, identify the precise problems in your Windows registry so you can determine exactly what your PC is suffering from. Even if your PC is perfectly fine, you should try the diagnostics tool if you want to avoid serious problems before they happen.
  Best of all you can keep the tool and find out if your PC has problems for FREE as often as you like.
Free to try; $29.95 to buy now Free

Home Page:   Error Nuker
At least up to Windows XP
- F -


File: free-serial-port-monitor.exe
Free software serial port monitor, Com Rs232 sniffer with communication packet data analyzer. This monitoring utility can spy, capture, view, analyze, test com ports activity performing com port connection and traffic analysis with data acquisition and control. You can use this system as device interface testing tool, modem data transfer viewer and so on.

Home Page:
At least up to Windows XP
- G -
- H -


   HijackThis is a tool, that lists all installed browser add-on, buttons, startup items
   and allows you to inspect, and optionally remove selected items. The program can create
   a backup of your original settings and also ignore selected items. Additional features
   include a simple list of all startup items, default start page, online updates and more.
   Intended for advanced users.

Home Page:

Supposed to work on 2000, XP, Vista and Win7
- I -
- J -
- K -


File: KillBox.exe
   KillBox will delete those annoying files that will not let themselves be deleted, no matter what you do.
   Download this file, extract it, and run the killbox.exe file.

   When it loads type the full path to the file you would like to delete in the field
   and press the Delete File button (looks like a red circle with a white X).

   It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Home Page:   Scan Complete

Kaspersky Lab

File: utility for virus fighting
  Some malicious programs prevent Antivirus package from functional mode work when installed and more often they simply block it. To fight such problems Kaspersky Lab introduces utility which you can download from: If your computer has been infected by some of the viruses that utility can fight to help the Antivirus package full functional work you should do the following
  # Download utility from: (it is recommended to save the executable utility file either in a special folder or on a separate media type)
  # Unpack in the folder where you saved the archive file
  # Start the executable file without any parameters: utility will do memory scanning and will terminate the viruses processes
  # Wait the scanning process to finalize
  # Start the executable file with /s: parameter and the utility will do the hard disc scanning and files deletion that are supposed for atomized start by system launching and contain the malicious code
  # Wait the scanning process to finalize
  Note: list of utility additional parameters you may need while working with the program is available here:

  Note: you should remember that utility is supposed to fight the active copies of theses malicious programs the list of which is given below. If the infected object is e.g, in the post data base then Kaspersky Antivirus will detect and delete the object itself.

  Note: if you local network has been infected then before you cure the computer switch it off the net, cure it with utility and only after that switch it on back.

  Utility has been worked out to fight the following malicious programs:

I-Worm.Zafi.b,,, Virus.Win32.Implinker.a, Not-a-virus.AdWare.Visiter


Home Page:   Kaspersky Lab
- L -

What is Look2Me?

File: L2mfix.exe
Before using this you should know what you are doing and/or have a knowledgeable friend available. Would also be nice to have another 'Puter avaiable to search the Web and get help.

Look2Me is an advertising and information network that uses a shell extension to attach itself to Windows and display pop up advertising for its clients. It monitors visited web sites and submits this information to a server.
You could also have the latest version of VX2. See VX2 below in the V section.

Download L2mfix from one of these two locations:
   ..and look at the manual removal at:

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

Appears to be Freeware.

Home Page:   WebUser
- M -

Magical Jelly Bean Keyfinder

The Magical Jelly Bean Keyfinder is a freeware utility that retrieves your Product Key (cd key) used to install windows from your registry. It has the options to copy the key to clipboard, save it to a text file, or print it for safekeeping. It works on Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Office 97, and Office XP. This version is a quick update to make it work with Windows Server 2003.
Home Page:   Key Finder

McAfee AVERT Stinger

File: stinger.exe
Download stinger.exe v2.5.6 [1,186,311 bytes] (8/16/2005)
   Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a
   substitute for full anti-virus protection, but rather a tool to assist administrators and
   users when dealing with an infected system. Stinger utilizes next generation scan engine
   technology, including process scanning, digitally signed DAT files, and scan performance
   optimizations. This version of Stinger includes detection for all known variants, as
   of August 16, 2005:
BackDoor-AQJ BackDoor-ALI BackDoor-CEB
BackDoor-JZ Bat/Mumu.worm Downloader-DN.a
Exploit-DcomRpc Exploit-LSASS Exploit-MS04-011
HideWindow IPCScan IRC/Flood.ap.dr
IRC/ IRC/ NTServiceLoader
ProcKill PWS-Narod PWS-Sincom.dll
W32/Anig.worm W32/Bagle@MM W32/Blaster.worm (Lovsan)
W32/Bropia.worm W32/Bugbear@MM W32/Deborm.worm.gen
W32/Doomjuice.worm W32/Dumaru W32/Elkern.cav
W32/Fizzer.gen@MM W32/FunLove W32/IRCbot.worm
W32/Klez W32/Korgo.worm W32/Lirva
W32/Lovgate W32/Mimail W32/MoFei.worm
W32/Mumu.b.worm W32/MyDoom W32/Nachi.worm
W32/Netsky W32/Nimda W32/Pate
W32/Polybot W32/Sasser.worm W32/Sdbot.worm.gen
W32/SirCam@MM W32/Sober W32/Sobig
W32/SQLSlammer.worm W32/Swen@MM W32/Yaha@MM
W32/Zafi W32/Zindos.worm W32/Zotob.worm
Stinger is Free.

Home Page:   McAfee Inc


File: mwav.exe
   MicroWorld AntiVirus Toolkit Utility (MWAV)
   Scans your computer completely and provides reports of any viruses that it finds.
It finds the viruses for free but it will cost $9.95 to get a version that will also remove them.

Home Page:   MicroWorld
- N -
- O -
- P -

Free PopUp Blocker! Completely FREE!

File: popupblocker.exe
After installation, you will find a new toolbar in your Internet Explorer (as below) and the tool will automatically block popup ad windows for you when you surf in IE.

No Cost! No Configuration! No Popup! CleanMyPCTM Free PopUp Blocker help you get rid of the annoying popups when you surf Internet and say goodbye to popup ads forever! Just Enjoy It!
Home Page:   PopUp Blocker

PAL Spyware Remover

File: spyrem_setup.exe

  Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads!
  If you've downloaded some music, files or documents and suddenly started getting annoying ads popping up on your screen, you could definitely be infected with SpyWare and/or AdWare!
  SpyWare Remover will scan your PC Absolutely FREE and let you know if you have any files that are infecting your PC! You have to purchase the remover.
Price: 29.95$

Home Page:   SpyRemover


File: PopSwatterSetup2.0.4.0.exe
   Kill pop-up ads before they even appear - it's 100% free and accessible directly from your browser!
   Create "safe lists" for pop-ups you want to appear (media player, etc.)
   No Spyware. No Adware.
   Comes with FREE MyWebSearch accessible directly from your browser, plus Search Assistant - relevant search results in response to misspelled or incorrectly formatted browser address requests.
   Also includes free FunWebProducts such as Smiley Central\u2122, CursorMania\u2122, and Popular Screensavers\u2122!
Home Page:   PopUpSwatter

Personal firewall leakage tester

File: leaktest.exe

   Ensure that your PC's personal firewall can not be easily fooled by malicious
   "Trojan" programs or viruses. Thanks to this first version of LeakTest, most
   personal firewalls are now safe from such simple exploitation.

Home Page:   Gibson Research Corporation

PestBot Spyware Remover 1.08 for Windows

File: PestBotSetup.exe
PestBot Spyware Remover scans your computers processes, memory and system registry for hidden and dormant spyware, adware, Trojans, dialers, worms and other forms of Malware!
Free to try,$29.95 to buy

Home Page:   PestBot
- Q -
- R -

Registry Mechanic

File: regmech2.exe

With Registry Mechanic for Windows you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages. By using a registry cleaner regularly and fixing your registry your system should not only be more stable but it will also help Windows and your software run faster.
Free Trial - Actual $29.95

Home Page:   Registry Mech

Reg Rescue

File: regrescue.exe

Registry Rescue scan, removes, clean up and repairs invalid entries, references and links in your Windows registry. Errors in your registry, and stuff left behind by other programs in your registry are one of the main causes of system slow down, computer crashes and lockups, also a potential privacy threats. By repairing errors in the registry your system's performance will be visibly increased. This software is a shareware. You will be able to download and test Registry Rescue during a certain period of time, then, if it does what you need, you will have to buy the full version from Registry Rescue publisher. The Registry Rescue 2.0 free trial version contains an installer and an uninstaller, and has a size of 1057 Kilobytes. Only one minute will be needed to get it on a DSL connection, or up to 3 minutes if you are using a 56k modem to download Registry Rescue 2.0.
Registry Rescue 2.0 will run on Windows 95 / 98 / Me / 2000 / XP.
For information and support request related to Registry Rescue, please contact directly Registry Rescue publisher.
Shareware: $27.95

Home Page:   Registry Rescue

Regsvr32 - info

This command-line tool registers .dll files as command components in the registry.

regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname
Top of page

/u : Unregisters server.

/s : Specifies regsvr32 to run silently and to not display any message boxes.

/n : Specifies not to call DllRegisterServer. You must use this option with /i.

/i:cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u,
  it calls dll uninstall.

dllname : Specifies the name of the dll file that will be registered.

/? : Displays help at the command prompt.
Home Page:   M$ RegSvr32


File: regfixmantratrial.exe
Extremely effective Registry Cleaner designed to fix Windows Registry Errors, remove all registry inconsistencies and enhance performance of your PC. Eliminates all windows registry errors, hence optimizing your PC.

Cost US$ 39.95

Home Page:   RegFixMantra

Registry Repair Pro

File: registryrepair_rr31.exe
Windows Registry Repair Pro scans the Windows registry for invalid or obsolete information in the registry. When you fix this information it will make your PC run faster and will make your PC error free. By using a registry cleaner regularly and fixing your registry, your computer will become more stable and help Windows and your software run faster.
Shareware Price: $9.99

Home Page:   Top Shareware


can search for items, uninstall applications, clear histories, clean your registry, and more. It includes a powerful registry cleaner and can display various informations like your startup entries, several histories (even index.dat files), installed applications and much more. You can search for any item inside your registry, export/delete the results, open them in the registry. It also includes a tweaks panel to optimize your OS. It also includes a file tool to search for duplicate files, bad shortcuts and more. Freeware.

Home Page:   HoverDesk
- S -

Starter Setup


Starter is yet another startup manager.
  As a primary purpose, Starter allows one to view and manage all the programs that
are starting automatically whenever operating system is loading. It enumerates all the
hidden registry entries, startup folders' items and some of the initialization files,
so that the user could choose to temporarily disable selected entries, edit them, create
new, or delete them permanently.
  Secondary purpose is to list all the running processes with possibility to view extended
process' information (such as used DLLs, memory usage, thread count, priorities etc.), and
to terminate selected process (even a Windows NT service, having enough access rights).
  Starter is a real Freeware and is not crippled in any way among the similar products. The user
interface is pretty simple and has lots of options that are self-explanatory.

Home Page:   Code Stuff

Startup Control Panel

  Startup Control Panel is a nifty control panel applet that allows you to easily configure which programs run when your computer starts. It's simple to use and, like all my programs, is very small and won't burden your system. A valuable tool for system administrators!
  Startup Control Panel is compatible with all modern versions of Windows, including Windows 95, 98, 98SE, ME, NT 4.0, 2000, and XP.
Startup Control Panel is 100% Free.
Home Page: Startup Control Panel   



SmitFraudFix is a tool that can remove Desktop Hijack malware. It can remove for example: Smitfraud, Win32.puper, AVGold, Security iGuard, Spyware Vanisher,,,, Virtual Maid, SpySheriff, PSGuard, SpyAxe, WinHound, AlphaCleaner, AdwarePunisher, SpywareQuake, SpywareSheriff, PestTrap, MalwareWipe, Spyware Soft Stop, BraveSentry, SpyGuard, AdwareSheriff.


Home Page:   SmitfraudFix
File: spyzookasetup.exe
Computer Infection Problems Driving You Nuts?...

You Just Found The Only Complete Solution Because...

SpyZooka Annihilates All Your Spyware Problems
In 24 Hours Or Less...

By Removing 100% Of Your Infection - Guaranteed!
(No Other Company Makes This Claim)
SpyZooka Makes Your Computer Trouble-Free
Forever Since It Prevents Future Infection
Price: $29.95

Home Page:   SpyZooka

Spybot - Search & Destroy

File: spybotsd14.exe
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies.
Need to be carefule here with what you keep as Resident. Can cause conflicts and slow downs if you don't have the proper amount of memory... or a fast enough processor. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)

Home Page:   SpyBot


File: Spywarebot_setup.exe
I found this when looking for info on 2020search. It looked interesting so I decided to try it. It appears to be quite similar to Spybot above. Will have to check. 01 May 07 Freeware...well supposed to be

Home Page:   SpywareBot

SearchAssistant - Removal

File: nCASEAdsUninstaller.exe

1. Download Ad uninstaller.
2. Select 'Save' to save the nCASEAdsUninstaller.exe to your hard drive.
3. Make a note of where you save the uninstaller executable.
4. Locate the nCASEAdsUninstaller.exe you saved and double-click on it to run it.
5. Select 'Yes', to confirm you want to uninstall.
6. Select OK that you are connected to the internet.
7. Select OK at the "Uninstallation Complete" message.

Home Page:   uninstall program for 180searchassistant

System Restore - WinME / WinXP - info

To turn off System Restore in WinME:
   1. Select Start > Settings > Control Panel > System
   2. Select the Performance tab
   3. Click the File System button
   4. On the Troubleshooting tab, click the Disable System Restore check box,
      click OK and Close
   5. You will be prompted to restart your computer

To turn off System Restore in WinXP:
   1. Select Start > Settings > Control Panel > System
   2. Select System Restore tab.
   3. Check Turn Off System Restore.
   4. You will be prompted to restart your computer

Steve's multipurpose Windows gizmo

File: wizmo.exe

   Wizmo is a lightweight "Windows Gizmo" offering a wide array of handy Windows
   commands. With a single click it can power down monitors, trigger a screen saver,
   set audio volume, and much more. Wizmo also includes an intriguing highly
   customizable "Graviton" screen saver.

Home Page:   Gibson Research Corporation

ScanSpyware - Protect your PC from spywares

File: ss_install.exe
   ScanSpyware - The best solution for providing a 100% protection against most of the
   spywares and malicious software running on your computer, stealing your personal information,
   showing you annoying Popups, Advertisments and making your computer slower day by day. Using
   ScanSpyware you can cleanup your PC from such parasites and get a better internet speed with
   a complete satisfaction for keeping personal information secure.
Free Trial - Actual $29.95

Home Page:   Free Trial Download

Spyware Striker

File: sssr9206.exe
   Key Loggers, Spyware Cookies, Malware, Attack-Ware, and more.
Claims to be Free

Home Page:   Spyware Striker


File: spywareblastersetup351.exe
SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
Editors Note: If you receive an error that files are missing when starting SpywareBlaster, please download the Microsoft Visual Basic Run Time files.
Claims to be Free

Home Page:   SpywareBlaster


   This self-extracting archive is a stand-alone fix package that incorporates the Damage
   Cleanup Engine and Template. It replaces the traditional fix tool by addressing a wide
   variety of system infections rather than a specific malware infection.

   This tool supports the following features:

  o Terminate all malware instances in memory
  o Remove malware registry entries
  o Remove malware entries from system files
  o Scan for and delete all malware copies in all local hard drives
Appears to be free.

Home Page:   Trend Micro
- T -

ThreatFire Antivirus

File: tfinstall.exe
PCs are under constant attack from viruses, spyware and identity theft. Every day you hear about a new threat to your PC. They're coming faster than ever before, they're getting harder to stop and traditional antivirus products are not able to keep up.

Will your antivirus software catch the latest malware that just came out today? In most cases, no, because it simply does not know how to detect it yet. But ThreatFire's ActiveDefense technology does, and has proven to provide up to 243% more protection when combined with traditional AntiVirus products. See the table below.
Note: Please see avast! and Comodo Internet Security above to use in addition to this.
Freeware -or- $39.95.

Home Page:   ThreatFire

Anti-Trojan System for Windows

File: tds3setup.exe
   First released in 1997, TDS (Trojan Defence Suite) is one of the longest established
   anti-trojan programs in existence and today is widely considered to be the most powerful
   and comprehensive anti-trojan program by the Internet security community. It is the only
   anti-trojan program that has free daily database updates and is the only anti-trojan
   program supported by a fulltime team of dedicated internationally recognised anti-trojan
   professionals including Wayne Langlois, Gavin Coe and Jason Annice. You can even talk to
   them at the forum!

WARNING: Trojans are NOT viruses! Anti-virus scanners are unable to detect or deal with
trojans at the same level TDS can.
Free Trial - Actual $49.00

Home Page:   DiamondCS

Trojan Hunter

File: TrojanHunterSetup.exe
Trojan Hunter's sophisticated multifaceted detection capabilities allow it to detect insidious modern trojans with an ease that is only bettered by TDS-3. Unlike TDS-3, it has a friendly user interface which means that it can be used even by inexperienced users. As a trojan remover its performance was outstanding. Add to that the fact that it's fast, technically sophisticated and is very well supported and you have a winning combination.
Free for 30 days. Price: $49.00

Home Page:   Anti-Trojan Software

Trojan Remover

File: trsetup.exe
   Trojan Remover was written to aid in the removal of Trojan Horses from a computer when standard
   anti-virus software has either failed to detect the Trojan Horse or is unable to effectively
   eliminate it. The majority of Virus and Trojan scanners are well able to detect malicious Trojan
   Horses but are not very efficient in removing them if they have already been triggered. Trojan
   Remover was written. This is the top Trojan Remover program!

Removes trojan horses after they have been triggered.

First 30 days Free - Actual $24.95

Home Page:   WebTechGeek


ToolbarCop is a browser extensions manager which can disable or eliminate the following browser add-ons selectively from Internet Explorer:

* Browser Helper Objects (BHO)
* Toolbars
* Standard Toolbar buttons
* Context menu Extensions
* Download managers
* Protocol Handlers
* Horizontal / Vertical Explorer Bars (side-search bars)
* Startup applications originating from RUN registry keys.

ToolbarCop is not rules based, nor has any database. This utility just lists all the browser add-ons installed in your system. The list may contain legitimate items as well as the add-ons added by a Malware. You're the judge who determines which add-on to delete and which one not to delete. However, to gather the information on a particular add-on, select the item, and click the (i) button in the toolbar. Alternately, use the CTRL + I shortcut.


Home Page:   Windows XP Fixes
- U -

Universal Plug & Play management

File: unpnp.exe

   As originally urged by the FBI, and still urged by prominent security experts,
   our UnPnP utility easily disables the dangerous, and almost always unnecessary,
   Universal Plug and Play service. If you don't need it, turn it off.
   (For ALL versions of Windows.)

Home Page:   Gibson Research Corporation
- V -

Virus Text - info

At 4/6/04 01:26 AM, MR_IMPOSSIBLE_GAMEX wrote:
: : in WINNT/SYSTEM32:
: : CS4P028.exe
: : O.bat
: : bs5-nt15v.exe
: : biH.exe
: : ClrSchP028.exe
: : in10bH.dll
: : bsx32.ini
: : O (no extension)
: ahhhh you lost me

just follow the list and delete it. how straight forward is that?

easier instructions by request:

1) hit ctrl+alt+delete and go to your task manager.
end the task CS4P028.exe if it's running.

2) go to your windows/system32 or winnt/system32 or whatever/system32 and

O (no extension)

3) go to c:\program files and

the EARN folder
the bargain buddy folder
the eZula folder

4) do a search from your start menu for t8f.exe and DELETE it.

really glad to hear this is of some help to people!
    I am having the same problems, I just instaled this antivirus, 
    that detected another trojan in my computer.Try this one:

    Or you can try the online scan from RAV:

    I Installed the Ad-Aware from:
    It's better than the spy bot.

    I hope this helps.

Malware is a shortened version of 'malicious software code'. Malicious software
can include anything from trojans, hijackers, spyware and adware to computer 
worms and viruses. Any piece of content and code that acts in a way contrary to
xpectations could be deemed as malware. Therefore by this definition irritating 
opups and unsolicited email (spam) can be forms of malware.


File: vx2cleaner_inst.exe
VX2 is one of the most problematic applications to remove from your computer. While Ad-Aware SE effectively deals with most VX2 variants, there are a few that none of today's available anti-spyware applications can detect or remove. VX2 Cleaner v1.03 is a stand-alone removal tool for menacing VX2 applications.
This is only needed for Ad-Aware versions before 2006. The later versions have this protection in them already.


How does it work?

  1. Close Ad-Aware SE if it is currently open.
  2. Download VX2 Cleaner. After installation, re-start Ad-Aware SE before running the VX2 Cleaner.

Note: If you have already attempted to run Ad-Aware SE to remove VX2, you may need to run the VX2 Cleaner several times to remove possible VX2 remains. If you have already attempted to remove VX2 with Ad-Aware SE, follow these steps:

  1. Before running the VX2 Cleaner, close all anti-virus or anti-spyware applications.
  2. Run the VX2 Cleaner. If your computer is infected with VX2, a dialog box saying "New VX2 variant found" or "VX2 variant 1 found" will appear.
  3. Select "Clean" and a dialog box saying "The first phase is complete. Please reboot and perform a Smart Scan." will appear. After saving your work, reboot your system manually.
  4. Repeat this until the VX2 Cleaner reports "System clean". Select "Close" to exit.
  5. Run Ad-Aware SE one more time and scan your computer to make sure all VX2 variants have been found and removed.

VX2 is primarily a data mining form of spyware that monitors your activity and phones home. It can also install additional programs without you knowing which has a tendency to bring in pop ups and other bugs. There isn't anything good that comes from this and should be removed immediately. This can be pretty hard to completely remove from your system.
VX2, NetPal, Sputnik, VX2 RespondMiter, VX2.ABetterInternet, Transponder, Blackstone Data's Transponder, Blackstone Data's Transponder

Home Page:   Lavasoft    and    Ad-Aware Anniversary Edition
- W -


Files: wcpu31a.exe & wcpu330.exe

  WCPUID/XCPUID is the program that displays the CPU information of your personal computer. Shows Frequency, Multiplier, Chipset Info. etc ...
WCPUID is a program that displays detailed information about your CPU. it shows Frequency, Multiplier, Chipset Info, Cache information, System info and a lot more. it also includes several tweaks (if available for your chip) like disabling the Intel processor serial Number, Cache latency, AMD Athlon Level 2 cache speed settings and others. In addition, WCPUID includes a real-time CPU speed clocking gauge.

Home Page:   WcpuID    or   WebAttack

Windows Malicious Software Removal Tool

File: windows-kb890830-v2.11.exe
The Microsoft Windows Malicious Software Removal Tool checks Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 computers for and helps remove infections by specific, prevalent malicious software -- including Blaster, Sasser, and Mydoom. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed. The tool creates a log file named mrt.log in the %WINDIR%\debug folder.
IF needed, a 64-bit version is available. Check sites below.

Home Page:   At Microsoft    and/or   More Descriptive
  The 64-bit version is available here: Microsoft 64-bit Version


Pfind is a program that scans common locations on your hard drive for files that match certain patterns known to be used by malware. It will also provide exports of certain registry keys that are used by various malware.

Usage Instructions: Download and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard as a reply to where you are receiving help.

Note: It is important to note that not all files found with this program are necessarily bad. Please use extreme caution when deleting these files as it may cause problems with applications running on your machine. As always if you unsure, ask for help in the Forums. I have included a reference to the Forum from where is was obtained.

Note 2: As of now please do not distribute this file as there are numerous changes that will be slated for future releases.


Home Page:   Bleeping Computer
- X -

XoftSpy 2005 Edition

File: XoftSpy415_109.exe
   XoftSpy Detects and Removes Over 30,000 Parasite Definitions.
   In just a few minutes you can detect and eliminate all these harmful PC threats:
Spyware, Spybot, Hijackers,
Adware, Malware, Keyloggers,
Worms, Hacker Tools, PC Parasites,
Trojan Horses, Spy Programs, Trackware
Free Trial - Actual $39.00

Home Page:   ParetoLogic Inc
- Y -
- Z -


Ad-ware Spy-ware List
DLL Files
Some Free Stuff

Copyright © 2004-2010 All rights reserved.