Friday, December 31, 2010

Safe Browser - Free 100% Protection!Safe Browser - Free 100% Protection!

Safe Browser - Browser that you can surf safely at all time without letting virus to infect your computer. Is such browser available in the world? I acknowledge that there is no such browser. However, we can use a software to make the browser to become safe browser. What is it? Sandboxie is the answer.

It will give you 100% protection to your computer when you are surfing the net. How can it do? Please look at the picture below:
Safe Browser
The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

You can run your Web browser under the protection of Sandboxie that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially. It means that all the malicious software will not infected your computer, as they are trapped in the sandbox. They cannot make any changes to your registry or create any file to your computer as they can just work within the sandbox only. I will use this program almost two years. I feel very safe until now. No virus have infected my computer since I use this program.

How to use it?
After install the program, run the shortcut Run Web browser sandboxed. It will automatically run your default browser into Sandbox and you can start to enjoy 100% safe surfing. Try it.

Easy Scan Removal GuideEasy Scan Removal Guide

Easy Scan Removal Guide
Easy Scan is a fake optimization tool that will pretend to optimize the performance of hard drive, memory and the system but eventually will definitely state the user that there is errors in hard drive, memory and the system. Easy Scan produce fake results. Easy Scan cannot optimize the performance of the computer at all. Easy Scan is just a SCAM. Easy Scan continuously produce fake alert to urge the user to purchase the full version of Easy Scan so that to remove all the errors. In fact, Easy Scan cannot detect and remove any errors.

Easy Scan can be remove by using Emsisoft HiJackFree to stop and remove the processes ([random].exe]), remove the autorun setting and finally all related folders and files stated in the removal guide below.

Easy Scan should be removed immediately!

Easy Scan Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%userprofile%\Start Menu\Programs\Easy Scan
%userprofile%\Desktop\Easy Scan.lnk
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]

Protect Shield Removal GuideProtect Shield Removal Guide

Protect Shield Removal Guide
Protect Shield is a fake antivirus program which is created to "cheat money" from the users. Protect Shield infected the computers when the users accidentally or are cheated to click the links or images on misleading websites, web pop-ups and fake online scanners. Protect Shield install into PC without permission of users unless the user set the UAC level to the highest level.

Protect Shield run automatically when windows boot. It always cheat the user state that the computer is under attack from a remote computer! Protect Shield shows that there are many spyware, Trojans and other viruses on the computer! Besides, it also display many fake security alerts and pop-ups on the computer screen to urge the user to buy the full version of Protect Shield or the malwares will not be removed! In fact, Protect Shield is the real malware that should be removed.

If the user have already purchased the full version of Protect Shield, then the user should contact the credit card company and dispute the charges.

Protect Shield should be removed immediately!.

Protect Shield Removal Guide
Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Protect Shield"

Spyware Protection Removal GuideSpyware Protection Removal Guide

Spyware Protection Removal Guide
Spyware Protection is a fake antivirus program that shows the user that the computer is infected by malwares repeatedly so that to urge the user to purchase the full version of Spyware Protection. Spyware Protection is downloaded into computer when the user downloads video files from untrusted website. The video file downloaded cannot be viewed but is the Spyware Protection which cannot detect and remove any malware. Spyware Protection installs into the computer and will scan the computer when Windows boot. Then Spyware Protection will surely states that the computer have been infected by malwares. Then, the computer will start slowing down and behave strangely.

Spyware Protection provide fake feature like scanning the computer but in fact it cannot detect any malware. It claims that the user can get ultimate protection against identify theft, viruses, malwares and other threats if Spyware Protection is activated.

Spyware Protection should be removed immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
Spyware Protection.exe
SpywareProtection.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Spyware Protection"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
Wednesday, December 29, 2010

Emsisoft HiJackFreeEmsisoft HiJackFree

Emsisoft HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Malware, Spyware, Adware, Trojans and Worms. It is the best tool that I use to remove all type of viruses, malwares, trojans, fake antiviruses etc effectively.

Emsisoft HiJackFree manage all types of autoruns on your system. All viruses, malwares, torjans or fake antiviruses will configure themselves to start automatically when Windows boot. Emsisoft HiJackFree will detect all of them and let us to remove them effectively.

Emsisoft HiJackFree control all explorer and browser plugins (BHOs, toolbars, etc.). It also manage all running processes and their associated modules. Most dangerous malwares hide their processes so that they cannot be detected by Windows Task Manager. However, Emsisoft HiJackFree can detect all of them and offer us to stop the processes of malwares and at the same time, we can delete the files from the infected computer.

Emsisoft HiJackFree control all services, even those windows doesn't display. It view open ports and the associated listening processes. It view all DNS entries in the hosts file and manage installed layered service providers (LSPs). It also analyze the system configuration with using the live online analysis

Download Emsisoft HiJackFree now! It's free for private use! It comes with language packs for English, German, French, Spanish, Italian, Japanese and many more.

FullScan Removal GuideFullScan Removal Guide

FullScan Removal Guide
FullScan is a fake optimization tool that cheat the user that it can optimize the performance of hard drive, memory and the system. In fact, FullScan cannot optimize the performance, but just can scare the user with a lot of fake errors in hard drive and memory. FullScan will definitely tell the user that there are errors in hard drive and memory. FullScan even will stop other program such as legitimate antivirus to remove it from the computer. FullScan is just a SCAM. It can do nothing. FullScan will urge the user to purchase the full version of FullScan so that to cheat the money from the user. Do not buy FullScan as it cannot help to optimize or repair anything.

FullScan can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by FullScan. Finally, all the file related to FullScan must be deleted from the hard drive. All of them has been shown in the removal guide below.

FullScan should be removed immediately!

FullScan Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Unregister DLL files
%Temp%\[RANDOM].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\FullScan
%UserProfile%\Desktop\FullScan.lnk
%ProgramFiles%\FullScan
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\[RANDOM].dll
%Temp%\[RANDOM].exe
%Temp%\[RANDOM]
Monday, December 27, 2010

HDD Low Removal GuideHDD Low Removal Guide

HDD Low Removal Guide
HDD Low is a fake optimization tool that cheat the user that it can optimize the performance of hard drive, memory and the system. In fact, HDD Low cannot optimize the performance, but just can scare the user with a lot of fake errors in hard drive and memory. HDD Low will definitely tell the user that there are errors in hard drive and memory. HDD Low even will stop other program such as legitimate antivirus to remove it from the computer. HDD Low is just a SCAM. It can do nothing. HDD Low will urge the user to purchase the full version of HDD Low so that to cheat the money from the user. Do not buy HDD Low as it cannot help to optimize or repair anything.

HDD Low can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by HDD Low. Finally, all the file related to HDD Low must be deleted from the hard drive. All of them has been shown in the removal guide below.

HDD Low should be removed immediately!

HDD Low Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Unregister DLL files
%Temp%\[RANDOM].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\HDD Low
%UserProfile%\Desktop\HDD Low.lnk
%ProgramFiles%\HDD Low
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\[RANDOM].dll
%Temp%\[RANDOM].exe
%Temp%\[RANDOM]

Personal Internet Security 2011 Removal GuidePersonal Internet Security 2011 Removal Guide

Personal Internet Security 2011 Removal Guide
Personal Internet Security 2011 is a fake antivirus which will infect the computer after a Trojan opens a backdoor on the computer. Normally this program is installed to the computer without the permission of the users when they visit some websites. Personal Internet Security 2011 start automatically when the computer boot. It will scan the infected computer and shows that the computer has been infected by many malwares. In fact, the computer is infected by itself! Then, Personal Internet Security 2011 will persuade the user to purchase the license in order to activate it. This fake antivirus should be removed immediately.

Personal Internet Security 2011 lie to you that it will help protect your PC. It provide an Advanced Security Center which show that it will helps you to manage your Windows Security Settings. Moreover, It warned you that there are a lot of severe/high alerts detected in your PC! If you activate it, you will get ultimate protection against Identifiy Theft, Viruses, Malware and other threats!

Personal Internet Security 2011 must be removed from your computer immediately!

Removal Guide
Kill Process
(How to kill a process effectively?)
wksra_249.exe

Unregister DLL files
%UserProfile%\Recent\runddlkey.dll
%UserProfile%\Recent\ddv.dll
%UserProfile%\Recent\cid.dll

Delete Registry
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Internet Security 2011"
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://findgala.com/?&uid=7&q={searchTerms}"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"

Remove Folders and Files
%appdata%\personal internet security 2011
%startmenu%\Personal Internet Security 2011.lnk
%commonprograms%\Personal Internet Security 2011.lnk
%commonappdata%\sqhdr5
%commonappdata%\smeyfe
Friday, December 24, 2010

Best antivirus? Full protection?Best antivirus? Full protection?

Best antivirus
Many people like to install the best antivirus in their computer so that no virus will infect their computers. However, for me, there is no the best antivirus which can give full protection to our computers. Why?

There are a lot of antivirus in the world now. Every one have its strong points. However, no antivirus will protect your computer completely.

No antivirus can really make your computer free of virus.

Antivirus cannot remove virus effectively when the computer is infected by virus as most of the viruses nowadays will try to deactivate any antivirus installed in the computer.


Antivirus acts passively. It wait the enemy to attack them and after that it will find the antidote for the virus. It can not act actively as it does not know how the enemy will attack it with new technique.

The best policy is try to learn on how to protect our computer from being infected by virus and how to remove virus manually when our computer is infected by virus. Just antivirus will not really protect our computer.
Thursday, December 23, 2010

Win Scanner Removal GuideWin Scanner Removal Guide

Win Scanner Removal Guide
Win Scanner is a fake optimization tool that disguises itself to cheat the user that it can optimize the performance of hard disk, memory, registry and so on. In fact, Win Scanner WILL SURELY state that the hard disk is unreadable (if it is really unreadable, how can Win Scanner run in the hard disk?), ram is in danger and registry is under threat. All of them are lies! Win Scanner will display this types of fake alert to urge the user to purchase the full version of Win Scanner which cannot optimize the performance of Windows, hard disk, memory or registry.

Win Scanner can be removed by stopping all of the processes in random file name, delete all the related files and remove the registry keys stated below.

Win Scanner should be removed immediately!

Win Scanner Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
dfrg.exe
dfrgr.exe
Windows Update.exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CLASSES_ROOT\secfile
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command

Remove Folders and Files
%ProgramFiles%\Win Scanner
%USERPROFILE%\Desktop\Win Scanner.lnk
%Temp%\Windows Update.exe
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]
Wednesday, December 22, 2010

Windows Optimization Center Removal GuideWindows Optimization Center Removal Guide

Windows Optimization Center Removal Guide
Windows Optimization Center is an unwanted application which is a rogue computer security program. Windows Optimization Center is a fake optimization tool that cannot optimize the performance of the hard drive, memory and the system of the computer. Windows Optimization Center was created to cheat the money of the user by showing fake report to the user that there are serious errors found in the hard drive, memory and the system. Windows Optimization Center urge the user to purchase the full version of Windows Optimization Center to remove all the detected threats. Do not believe anything shown by Windows Optimization Center, as it can do nothing.

Windows Optimization Center just make the computer to operate slower,adds malicious registry entries and even download malware into the computer. It can hardly be removed.

Windows Optimization Center should be removed immediately!


Windows Optimization Center Removal Guide
Kill Process
(How to kill a process effectively?)
Windows Update.exe
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%Temp%\Windows Update.exe
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]
find the files in autorun setting in registry editor and remove all of them which is related to Windows Optimization Center

Ddosclean Removal GuideDdosclean Removal Guide

Ddosclean Removal Guide
Ddosclean is a fake antivirus which is a fake security application. Ddosclean install into computer through malwares without any permission of the user unless UAC is set to the highest level (for Windows 7 users). Ddosclean will automatically run when windows boot. Ddosclean produce false scan result and urge the user to activate the protection by purchasing the full version of Ddosclean.

Ddosclean once is installed in the computer, it will tell the user that the Windows is in danger! It will scan the computer and show that there are n Infection Found. It even state the malwares that infect the files such as Email-Worm.Win32.Meronda and in fact, it is a fake result.

Ddosclean should be removed immediately!


Ddosclean Removal Guide
Kill Process
(How to kill a process effectively?)
ddosclean[1].exe
ddoscleansetup.exe
uninst_ddosclean.exe
ddosclean.exe

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ddosclean\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ddosclean
[HKEY_LOCAL_MACHINE\SOFTWARE\ddosclean]

Remove Folders and Files
c:\documents and settings\{username}\local settings\temporary internet files\Content.IE5\ISF6HJK1\ddosclean[1].exe
c:\documents and settings\{username}\Desktop\ddoscleansetup.exe
c:\WINDOWS\system32\uninst_ddosclean.exe
c:\program files\ddosclean\ddosclean.exe

HDD Doctor Removal GuideHDD Doctor Removal Guide

HDD Doctor Removal Guide
HDD Doctor is a fake disk defragmenter program. HDD Doctor will start automatically when Windows boot once it is installed in the computer. HDD Doctor will SURELY produce fake report on Windows Registry, system memory and hard drive in order to scare the user. HDD Doctor will urge the user to buy the full version of HDD Doctor so that to solve the problems stated. HDD Doctor can be removed by stopping all the processes which filename is formed by random characters. After, the files should be deleted.

HDD Doctor will display fake "critical error" message stating that the hard drive is unreadable or damaged. In fact, if the hard drive is unreadable, how can the program run (as the program is in the hard drive too)? HDD Doctor also prevent the user from running other Windows programs or downloading any software from internet!

HDD Doctor should be removed immediately!

HDD Doctor Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
hdddoctor.exe
filename of any processes with name hdddoctor

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
refer to the files and folders obtained from the registry entries above.

Disk Repair Removal GuideDisk Repair Removal Guide

Disk Repair Removal Guide
Disk Repair is a fake antivirus program that DEFINITELY state that the computer is infected by viruses, system is in danger, Windows startup failure and even internet connection loss. Disk Repair is just a SCAM that cannot provide any advantage to the computer. Once Disk Repair is installed in the computer, it will run automatically when Windows boot and then do a fake scan to the computer. After that, Disk Repair will show plenty of fake alert to urge the user to remove the threats by purchasing the full version of Disk Repair which cannot detect and remove any threats in the computer.

Disk Repair must be removed from the computer as it will terminate the program running on the computer randomly. It means that some of your programs will be terminated suddenly without your notice.

Disk Repair should be removed immediately!

Disk Repair Removal Guide
Kill Process
(How to kill a process effectively?)
Windows Update.exe
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%ProgramFiles%\Disk Repair
%userprofile%\Desktop\Disk Repair.lnk
%Temp%\Windows Update.exe
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]
Tuesday, December 21, 2010

SystemPro2011 Removal GuideSystemPro2011 Removal Guide

SystemPro2011 Removal Guide
SystemPro2011 is a fake antivirus program that will automatically do a fake scan on the computer when Windows boot. SystemPro2011 will definitely give a fake alert that there are a lot of files infected by malwares, trojans or viruses. Do not believe it as SystemPro2011 CANNOT detect and remove any malware, virus and trojans. The purpose of SystemPro2011 is to urge the user to register SystemPro2011 by purchasing the full version of SystemPro2011 to earn some money from the user.

SystemPro2011 can be removed by stopping the processes with random name or filename which contain SystemPro2011. Then the files should be deleted after the processes are stopped. Refer the removal guide below.

SystemPro2011 should be removed immediately!


SystemPro2011 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
SystemPro2011.exe
SystemPro.exe

Delete Registry
HKEY_CURRENT_USER\Software\SystemPro
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "systempro"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "systempro2011"

Remove Folders and Files
%ProgramFiles%\SystemPro
%ApplicationData%\SystemPro
%ApplicationData%\Uninstall_Security

Antivirus 2010 RTK Removal GuideAntivirus 2010 RTK Removal Guide

Antivirus 2010 RTK Removal Guide
Antivirus 2010 RTK is a fake antivirus and dangerous program which will install rootkit and trojan on the computer so that to hijack the important information in the computer. After the installation of Antivirus 2010 RTK, it will install other trojans on the computer make itself very hard to be removed from the computer. Antivirus 2010 RTK also will scare the user with false report that there are a lot of files on the computer are infected by trojan and malware and it will urge the user the purchase the registered version of Antivirus 2010 RTK. Antivirus 2010 RTK CANNOT detect malware, trojan or virus but it can just bring more harm to the computer only.

Antivirus 2010 RTK can be removed by stop the processes: wingamma.exe, svchost.exe in c:\Program Files\AV2010, AV2010.exe and [random.exe]. Kill the files after stopping the processes. Then remove all the related files and registry entries as shown in the removal guide below.

Antivirus 2010 RTK should be removed immediately!


Antivirus 2010 RTK Removal Guide
Kill Process
(How to kill a process effectively?)
wingamma.exe
c:\Program Files\AV2010\svchost.exe
AV2010.exe

Unregister DLL files
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\mswmqnei.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CURRENT_USER\Software\AV2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFBCFDBA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_CLASSES_ROOT\Interface\{35c95ec8-f789-9a3a-375c-bdb89a3684fd}

Remove Folders and Files
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\WINDOWS\system32\wingamma.exe
c:\WINDOWS\system32\IEDefender.dll
c:\Program Files\AV2010
c:\WINDOWS\system32\drivers\vbma22b4.sys
c:\WINDOWS\system32\mswmqnei.dll
c:\Documents and Settings\All Users\Application Data\.wtav

System Tool 2.20 Removal GuideSystem Tool 2.20 Removal Guide

System Tool 2.20 Removal Guide
System Tool 2.20 is a fake antivirus program that CANNOT DETECT AND REMOVE any kind of virus, malware and trojan. System Tool 2.20 can do nothing but just show pop ups to convince the user that the computer has been infected by malwares and urge the user to purchase the full version of System Tool 2.20. System Tool 2.20 will start automatically when Windows boot. Then System Tool 2.20 will do a fake scan on the computer and then it will show the fake report. Do not purchase System Tool 2.20 as it can do nothing.

System Tool 2.20 can be removed by stopping all processes with random name and kill the files. Read the removal guide below.

System Tool 2.20 should be removed immediately!


System Tool 2.20 Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
c:\Users\All Users\AppData\Roaming\[random]\[random].exe
c:\Users\All Users\AppData\Roaming\[random]\[random]
c:\Documents and Settings\All Users\Application Data\[random]\[random].exe
c:\Documents and Settings\All Users\Application Data\[random]\[random]
Sunday, December 19, 2010

Internet Security 2011 Removal GuideInternet Security 2011 Removal Guide

Internet Security 2011 Removal Guide
Internet Security 2011 is a fake antivirus program which come with a rootkit to prevent many program from running on the computer. Internet Security 2011 cannot detect and remove any kind of virus, malware and trojan. What Internet Security 2011 can do is displaying fake report to tell the user that the computer has been infected by many malwares, trojans and viruses. Internet Security 2011 will urge the user to purchase the full version of Internet Security 2011 to remove all the detected malwares, viruses and trojan. Bare in mind that Internet Security 2011 CANNOT detect and remove any malware, virus and trojan.

Internet Security 2011 is difficult to remove. Internet Security 2011 will automatically terminate any program which try to terminate Internet Security 2011 such as legitimate antivirus. Internet Security 2011 will prevent the program from running by changing security permission on the executable file of the program. When the user attempt to run the program, Windows will give this error message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

or

"Access Denied."

To solve this problem, the user has to use command prompt and type "cacls [full path to the program] /G Everyone:F" and press "enter".

Internet Security 2011 should be removed immediately!


Internet Security 2011Removal Guide
Kill Process
(How to kill a process effectively?)
exefile.exe

Unregister DLL files
%windir%\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
%windir%\system32\mswmqnei.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiSpywareOverride" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit

Remove Folders and Files
%windir%\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909
%ALLUSERSPROFILE%\Application Data\.wtav
%windir%\assembly\GAC\__AssemblyInfo__.ini
%windir%\system32\drivers\vbma22b4.sys
%windir%\system32\mswmqnei.dll
%windir%\system32\exefile.exe
Saturday, December 18, 2010

Antivirus Scan Removal GuideAntivirus Scan Removal Guide

Antivirus Scan Removal Guide
Antivirus Scan is another type of fake antivirus program which will definitely show pop ups to tell the user that the computer has been infected by malwares, trojans and viruses. Antivirus Scan CANNOT detect and remove any kind of malware, trojan and virus. Antivirus Scan can only cheat the user to purchase the full version of Antivirus Scan so that to removed the detected threats. Do not believe any pop ups or report shown by Antivirus Scan. All of them is a lie.

Antivirus Scan scare the user will many virus name such as Downloader.JS.Small, Sality AN, GameThief.Win32, WinWebSecurity2008 etc. It can be removed by stopping

Antivirus Scan should be removed immediately!


Antivirus Scan Removal Guide
Kill Process
(How to kill a process effectively?)
[random]agnz.exe

Unregister DLL files

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]agnz.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]gnz.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyEnable" = "1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:33921″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter "Enabled" = "0″
HKEY_CURRENT_USER\Software\[random]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Scan
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Antivirus Scan"
HKEY_CURRENT_USER\Software\Antivirus Scan

Remove Folders and Files
search the hard drive for [random]agnz.exe and Antivirus Scan.lnk and then delete all of them.

HDD Restore Removal GuideHDD Restore Removal Guide

HDD Restore Removal Guide
HDD Restore is a program that is used to cheat the money of people by showing error message in the computer hard drive, memory and system. HDD Restore adds a registry entries to make itself to start automatically when Windows boot. After that, HDD Restore will do fake scan on the computer and then issue fake warning by showing pop ups to tell the the user that the hard drive, memory and system have serious errors which can only be solved by using the full version of HDD Restore. Thus, the user is urged to purchase it. Do not believe any report given by HDD Restore even the warning look so real. In fact, HDD Restore cannot detect and remove any error of computer.

HDD Restore can be uninstalled by by stopping all processes with random name and also kill its files. Then, all registry entries added and modified by HDD Restore must be cleared by using Windows Registry Editor.

HDD Restore should be removed immediately!


HDD Restore Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\HDD Restore
%UserProfile%\Start Menu\Programs\HDD Restore
%UserProfile%\Desktop\HDD Recovery.lnk
%Temp%\dfrgr
%Temp%\dfrg
Friday, December 17, 2010

CleanV Removal GuideCleanV Removal Guide

CleanV Removal Guide
CleanV is another type of fake antivirus program which provide fake features to scan the computer and will surely report that the computer has been infected by malwares, trojans and viruses. Do not believe any report given by CleanV as it will show that report to any computer (no matter is free of virus or infected by virus) which have installed CleanV. CleanV will run automatically when Windows boot. Then CleanV will do a fake scan on the computer and then it definitely show pop ups to scare the user that the computer has been infected. CleanV will urge the user to purchase the full version of CleanV to remove all the detected threats. However, CleanV cannot detect and remove any kind of virus, malware and trojan.

CleanV can be removed first by stopping its processes (CVMon.exe, CleanV.exe, CVAutoUpdate.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by CleanV (Read the removal guide below to remove CleanV successfully).

CleanV should be removed immediately!


CleanV Removal Guide
Kill Process
(How to kill a process effectively?)
CVAutoUpdate.exe
CleanV.exe
CVMon.exe

Delete Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CVFMON\0000\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "CleanV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanVMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CVFMON
HKEY_LOCAL_MACHINE\SOFTWARE\CleanV

Remove Folders and Files
%ProgramFiles%\CleanV

Support Tool 2011 Removal GuideSupport Tool 2011 Removal Guide

Support Tool 2011 is a fake optimization tool which use fake features to disguise itself that it can optimize the performance of hard drive, memory and the system. In fact, Support Tool 2011 cannot do anything. Support Tool 2011 can only do a fake scan onthe computer and then show pop ups to tell the user that there are errors in hard drive, memory and the system of the computer. Support Tool 2011 run automatically when Windows boot.

Support Tool 2011 can be uninstalled by first stopping the processes (Windows Update.exe,SupportTool.exe, [random].exe) and then kill all the related files. Finally, restore the registry entries added and modified by Support Tool 2011.

Support Tool 2011 should be removed immediately!


Support Tool 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
Windows Update.exe
[random].exe
Support Tool.exe
SupportTool.exe
Support Tool 2011.exe
SupportTool2011.exe

Delete Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"

Remove Folders and Files
%ProgramFiles%\Support Tool 2011
%Desktop%\Support Tool 2011.lnk
%TempDir%\Windows Update.exe
%TempDir%\dfrgr
%TempDir%\dfrg
Thursday, December 16, 2010

PCClear Removal GuidePCClear Removal Guide

PCClear Removal Guide
PCClear is a fake antivirus program that will do a fake scan on the computer and then it will definitely show a lot of pop ups to tell the user that the computer has been infected by malwares, trojan and viruses. What scare the user is that the malware, trojan and viruses detected by PCClear is the real name of the malwares. In fact, even the computer is really very clean, does not have any virus, malware or trojan, PCClear will also states that the computer is danger because of malwares infection. Then PCClear will urge the user to purchase the full version of PCClear to remove the threats. PCClear cannot detect and remove any malware, trojan and virus.

PCClear can be removed by terminating the processes and files (random.exe, pcclear.exe, pc clear.exe or any name contain pcclear). Then the user has to remove the autorun setting of PCClear or it will run automatically when Windows boot. It can be done by using Emsisoft HiJackFree

PCClear should be removed immediately!

Personal Security Sentinel Removal GuidePersonal Security Sentinel Removal Guide

Personal Security Sentinel Removal Guide
Personal Security Sentinel is a fake antivirus program that try to act like a legitimate antivirus such as Kaspersky Antivirus which can really protect our computer from viruses, malwares and torjan. However, Personal Security Sentinel cannot detect and remove any kind of viruses, malwares and trojan. Personal Security Sentinel will run automatically when Windows boot and will do a fake scan on the computer and will DEFINITELY state that the computer has been infected by many malwares, viruses and torjans. Then Personal Security Sentinel will shows pop ups to urge the user to purchase the full version of Personal Security Sentinel to remove all the detected threats. Do not buy Personal Security Sentinel, as it can do nothing.

Personal Security Sentinel can be removed by stopping the process PersonalSS.exe by Emsisoft HiJackFree and kill the file at the same time. Then, the user has to remove all the related files and registry entries added by Personal Security Sentinel (see removal guide below).

Personal Security Sentinel should be removed immediately!

Personal Security Sentinel Removal Guide
Kill Process
(How to kill a process effectively?)
PersonalSS.exe

Unregister DLL files
%ALLUSERSPROFILE%\Application Data\095a\sqlite3.dll
%ALLUSERSPROFILE%\Application Data\095a\mozcrt19.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe "Debugger" = "svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options "Debugger" = "svchost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Personal Security Sentinel"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:25553"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = '1'
HKEY_CLASSES_ROOT\PersonalSS.DocHostUIHandler
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Personal Security Sentinel.lnk
%UserProfile%\Start Menu\Personal Security Sentinel.lnk
%UserProfile%\Desktop\PersonalSS.exe.txt
%UserProfile%\Desktop\Personal Security Sentinel.lnk
%UserProfile%\Application Data\Personal Security Sentinel
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Personal Security Sentinel.lnk
%ALLUSERSPROFILE%\Application Data\PSZJLXVS
%ALLUSERSPROFILE%\Application Data\095a
Wednesday, December 15, 2010

HDD Tools Removal GuideHDD Tools Removal Guide

HDD Tools Removal Guide
HDD Tools is a fake optimization tool used to cheat the money from the unlucky user who accidentally install HDD Tools on the computer. HDD Tools will run automatically when Windows boot. Then HDD Tools will do a fake optimization on the hard drive, memory and the system of the computer. HDD Tools will surely display pop ups to scare the user that there are a lot of errors found in the hard drive, memory and the system. HDD Tools may state that the hard drive is unreadable (if it is really unreadable, how can HDD Tools run on the computer?). HDD Tools will urge the user to purchase the full version of HDD Tools so that to remove all detected errors. In fact, HDD Tools cannot detect and remove any errors in hard drive, memory and the system.

HDD Tools can be removed by stopping the processes and kill the files with random name found in the hard drive (it often found in %temp% folder). Then the registry entries should be removed as it has been added by HDD Tools so that it can run automatically when Windows boot. All of these can be done by following the removal guide below.

HDD Tools should be removed immediately!

HDD Tools Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
windowsupdate.exe

Unregister DLL files
%temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%ProgramFiles%\HDD Tools
%userprofile%\Desktop\HDD Tools.lnk
%TempDir%\Windows Update.exe
%TempDir%\dfrgr
%TempDir%\dfrg
%TempDir%\[random].dll
%TempDir%\[random].exe
%TempDir%\[random]
Tuesday, December 14, 2010

HDD Help Removal GuideHDD Help Removal Guide

HDD Help Removal Guide
HDD Help is one of the fake optimization tools which will surely scare the user with error messages in the hard drive, memory and the system of the computer no matter the computer is in good or bad condition. Once HDD Help is installed on the computer, it will run automatically when Windows boot. Then HDD Help will do a fake optimization on the hard drive, memory and the system. However, HDD Help will definitely states that there are errors in hard drive, memory and the system by showing a lot of annoying pop ups which HDD Help use to urge the user to purchase the full version of HDD Help so that to remove all the errors. In fact, the full version of HDD Help can do nothing. Do not believe whatever report or warnings shown by HDD Help.

HDD Help can be removed by stop the processes with random name and then kill the files. Then, unregistered the dll file found in the temporary folder of Windows. Next, kill all files related to HDD Help. Finally, restore the registry entries added and modified by HDD Help. Read the removal guide below to remove HDD Help successfully.

HDD Help should be removed immediately!

HDD Help Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%userprofile%\Start Menu\Programs\HDD Diagnostic
%userprofile%\Start Menu\Programs\HDD help
%userprofile%\Desktop\HDD help.lnk
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]

Defragmenter Removal GuideDefragmenter Removal Guide

Defragmenter Removal Guide
Defragmenter is a fake optimization tool which claims that it can optimize the performance of the hard drive, memory and the system of computer. However, the fact is that Defragmenter cannot optimize the performance of computer, but will definitely scare the user with a lot of fake warning by showing pop ups which states that the hard drive, memory and system have a lot of errors. Do not believe any report given by Defragmenter as it can do nothing but just try to urge the user to buy the full version of Defragmenter to remove all the detected errors. Full version or unregistered version of Defragmenter can do nothing.

Defragmenter can be removed by stopping and removing all the processes and files with random name in the hard drive and restoring the registry entries added and modified by Defragmenter. All of them has been shown in the removal guide below.

Defragmenter should be removed immediately!

Defragmenter Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\Defragmenter
%UserProfile%\Desktop\Defragmenter.lnk
%Temp%\[random].dll
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].exe

PCTool 2011 Removal GuidePCTool 2011 Removal Guide

PCTool 2011 Removal Guide
PCTool 2011 is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, PCTool 2011 cannot detect and remove any kind of virus, malware or trojan on the computer. When PCTool 2011 is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by PCTool 2011. PCTool 2011 will recommend the user to purchase the full version of PCTool 2011 in order to remove all the detected threats. Do not buy PCTool 2011 as it can do nothing.

PCTool 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by PCTool 2011. These can be done by using
Emsisoft HiJackFree.

PCTool 2011 should be removed immediately!

PCTool 2011Removal Guide
Kill Process
(How to kill a process effectively?)
[random digits].exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random digits]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

Remove Folders and Files
%UserProfile%\Application Data\[random digits]\[random digits].exe
%UserProfile%\Application Data\[random]\[random].exe

PC Tool 2011 Removal GuidePC Tool 2011 Removal Guide

PC Tool 2011 Removal Guide
PC Tool 2011 or PCTool 2011 is a fake antivirus program that look like a legitimate antivirus such as Kaspersky Antivirus which can protect the computer from the attack of viruses, malwares or trojans. However, PC Tool 2011 cannot detect and remove any kind of virus, malware or trojan on the computer. When PC Tool 2011 is installed in the computer, it will start automatically when Windows boot and then will do a fake scan on the computer and will surely scare the user with pop ups which show that the computer has been infected by a lot of malwares, viruses and trojans. Do not believe any pop ups shown by PC Tool 2011. PC Tool 2011 will recommend the user to purchase the full version of PC Tool 2011 in order to remove all the detected threats. Do not buy PC Tool 2011 as it can do nothing.

PC Tool 2011 or PCTool 2011 can be removed by stop processes and kill all files with random name in the hard drives. The user also must remove the autorun setting added by PC Tool 2011. These can be done by using
Emsisoft HiJackFree.

PC Tool 2011 or PCTool 2011 should be removed immediately!

PC Tool 2011 or PCTool 2011Removal Guide
Kill Process
(How to kill a process effectively?)
[random digits].exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random digits]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[random]"

Remove Folders and Files
%UserProfile%\Application Data\[random digits]\[random digits].exe
%UserProfile%\Application Data\[random]\[random].exe

HDD Recovery Removal GuideHDD Recovery Removal Guide

HDD Recovery Removal Guide
HDD Recovery is a fake optimization tool which cheat the money of the user by displaying fake report that the hard drive is unreadable. HDD Recovery provide fake features to check and optimize the performance of the hard drive, memory and the system of the computer. However, HDD Recovery cannot detect, check or optimize any performance of computer. HDD Recovery can only state fake report to the user by showing pop ups repeatedly to scare the user and to urge the user to purchase the full version of HDD Recovery to remove all the errors. In fact, HDD Recovery cannot remove any error.

HDD Recovery can be removed by using Emsisoft HiJackFree to stop the processes and delete the files ([random].exe). Then, the registry entries added and modified by HDD Recovery should be restored. All related files of HDD Recovery must be deleted.

HDD Recovery should be removed immediately!

HDD Recovery Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\HDD Recovery
%UserProfile%\Desktop\HDD Recovery.lnk
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]

Smart HDD Removal GuideSmart HDD Removal Guide

Smart HDD Removal Guide
Smart HDD is a fake optimization tool with a good and nice interface which cheat the user that it can improve the performance of the hard drive, memory and the system of computer. Actually, Smart HDD cannot optimize any performance of the computer. Smart HDD will start automatically when Windows boot by add registry entries in the Windows registry. Smart HDD will then do a fake scan on the computer and will definitely produce fake report to the user that there is a lot of errors in hard drive, memory and the system. Do not be cheated by these report. All of them is a lie. Smart HDD will urge the user to purchase the full version of Smart HDD by showing pop ups repeatedly to repair the hard drive and remove the threats. In fact, Smart HDD cannot repair any hard drive and remove any threat found in computer.

Smart HDD can be removed by using Emsisoft HiJackFree to stop the processes and delete the files ([random].exe). Then, the registry entries added and modified by HDD Recovery should be restored. All related files of HDD Recovery must be deleted. All of them have been shown in the removal guide below.

Smart HDD should be removed immediately!

Smart HDD Removal Guide
Kill Process
(How to kill a process effectively?)
Windows Update.exe
WindowsUpdate.exe
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and%ProgramsFiles%\Smart HDD
%UserProfile%\Desktop\Smart HDD.lnk
%Temp%\Windows Update.exe
%Temp%\dfrgr
%Temp%\dfrg
Sunday, December 12, 2010

HDD Rescue Removal GuideHDD Rescue Removal Guide

HDD Rescue Removal Guide
HDD Rescue is a fake optimization tool that cheat the user that it can optimize the performance of hard drive, memory and the system. In fact, HDD Rescue cannot optimize the performance, but just can scare the user with a lot of fake errors in hard drive and memory. HDD Rescue will definitely tell the user that there are errors in hard drive and memory. HDD Rescue even will stop other program such as legitimate antivirus to remove it from the computer. HDD Rescue is just a SCAM. It can do nothing. HDD Rescue will urge the user to purchase the full version of HDD Rescue so that to cheat the money from the user. Do not buy HDD Rescue as it cannot help to optimize or repair anything.

HDD Rescue can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by HDD Rescue. Finally, all the file related to HDD Rescue must be deleted from the hard drive. All of them has been shown in the removal guide below.

HDD Rescue should be removed immediately!

HDD Rescue Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe

Unregister DLL files
%Temp%\[RANDOM].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
%UserProfile%\Start Menu\Programs\HDD Rescue
%UserProfile%\Desktop\HDD Rescue.lnk
%Temp%\dfrg
%Temp%\dfrgr
%Temp%\[RANDOM].dll
%Temp%\[RANDOM].exe
%Temp%\[RANDOM]
Saturday, December 11, 2010

HDD Repair Removal GuideHDD Repair Removal Guide

HDD Repair Removal Guide
HDD Repair is a fake optimization tool that will definitely state that there is serious error found in the hard drive and other errors in the system and memory. HDD Repair cannot detect any error of any part of the computer, this includes hard drive and memory. HDD Repair claims that it can repair the so-called detected errors by purchasing the full version of HDD Repair. Do not believe it, HDD Repair can no nothing but cheat the money of the user by showing pop ups to urge the user to buy the wrong thing. The user is recommended to use the real legitimate software to optimize the performance of the computer.

HDD Repair can be removed by stopping and killing all the processes of HDD Repair ([random].exe) by using Emsisoft HiJackFree, removing all the related files , removing the autorun setting and other registry entries. All are shown in removal guide below.

HDD Repair should be removed immediately!

HDD Repair Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%userprofile%\Start Menu\Programs\HDD Plus
%userprofile%\Desktop\HDD Plus.lnk
%userprofile%\Start Menu\Programs\HDD Repair
%userprofile%\Desktop\HDD Repair.lnk
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]

UserVaccine Removal GuideUserVaccine Removal Guide

UserVaccine Removal Guide
UserVaccine or User Vaccine is a fake antivirus program that cannot detect and remove any malware, virus or trojan. UserVaccine can do nothing but showing pop ups to scare the user that the computer has been infected by a lot of malwares or trojans. UserVaccine will repeatedly urge the user about the fake report so that to purchase the full version of UserVaccine to kill all of the malwares. The full version of UserVaccine cannot eliminate any kind of malware.

UserVaccine can be removed by stopping and killing the process uservaccine.exe by using Emsisoft HiJackFree. Then the user has to remove the autorun settings so that it will not start automatically when Windows boot. Finally, remove the related files in the hard drive. All are shown in the removal guide below.

UserVaccine should be removed immediately!

UserVaccine Removal Guide
Kill Process
(How to kill a process effectively?)
uservaccine.exe

Delete Registry
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International"W2KLpk"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uservaccine]
[HKEY_LOCAL_MACHINE\SOFTWARE\uservaccine]

Remove Folders and Files
%ProgramFiles%\uservaccine

PowerCare Removal GuidePowerCare Removal Guide

PowerCare Removal Guide
PowerCare is a fake antivirus program try to cheat the money from the user by urge them to purchase the full version of PowerCare which can do nothing on the computer. PowerCare cannot detect and remove any kind of virus, malware or trojan. However, PowerCare will repeatedly show pop ups that the computer is infected by a lot of malware or trojans. PowerCare will convince the user that all of the detected malwares or trojans can be removed if the user purchase the full version of PowerCare which cannot remove malware or trojan actually.

PowerCare can be removed by stopping and killing all the the processes (powercarebk.exe, powercareu.exe, powercareu[1].exe, uninst_powercare[1].exe, powercarebk[1].exe, powercare[1].exe, uninst_powercare.exe, powercaresetup.exe, powercare.exe) by using Emsisoft HiJackFree. The user also has to restore all the registry entries added or modified by PowerCare by using Registry Editor. Finally, all the related files of PowerCare must be deleted from the hard drive. All of them are shown in the removal guide below.

PowerCare should be removed immediately!

PowerCare Removal Guide
Kill Process
(How to kill a process effectively?)
powercarebk.exe
powercareu.exe
powercareu[1].exe
uninst_powercare[1].exe
powercarebk[1].exe
powercare[1].exe
uninst_powercare.exe
powercaresetup.exe
powercare.exe

Unregister DLL files
%programfiles%\powercare\powercared.dll
%userprofiles%\local settings\temporary internet files\Content.IE5\ISF6HJK1\egutil[1].dll
$programfiles%\powercare\EGutil.dll

Delete Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\powercare
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "PowerCare"

Remove Folders and Files
Remove all temporary internet files
%programfiles%\powercare
%windir%\system32\uninst_powercare.exe
%userprofile%\Desktop\powercaresetup.exe
Friday, December 10, 2010

Internet Antivirus 2011 Removal GuideInternet Antivirus 2011 Removal Guide

Internet Antivirus 2011 Removal Guide
Internet Antivirus 2011 is a fake antivirus program that cannot detect and remove any kind of virus, malware or trojan. However, Internet Security Suite. pretends to be a legitimate antivirus which can protect computers from the attack malwares. Once Internet Security Suite is installed on the computer, it will start automatically when Windows boot. Then Internet Security Suite will do a fake scan on the computer and will definitely scare the user with pop ups which shows that the computer has been infected by a lot of malwares. Internet Security Suite will repeatedly shows the pop ups to urge the user to purchase the full version of Internet Security Suite so that to remove all the threats. However, Internet Security Suite cannot detect and remove any kind of virus, malware and trojan.

Internet Antivirus 2011 can be removed by stopping the processes and removing the files ([random].exe, Internet Antivirus 2011.exe, pal.exe, CLSV.exe, exec.exe, energy.exe) by using Emsisoft HiJackFree. Then the user should remove the registry entries added or modified by Internet Antivirus 2011 shown in the removal guide below. Internet Antivirus 2011 DLL Files should be unregistered too (see removal guide). All files related to Internet Antivirus 2011 must be deleted.

Internet Antivirus 2011 should be removed immediately!

Internet Antivirus 2011 Removal Guide
Kill Process
(How to kill a process effectively?)
Internet Antivirus 2011.exe
[random].exe
pal.exe
CLSV.exe
exec.exe
energy.exe

Unregister DLL files
%Recent%\kernel32.dll
%Recent%\PE.dll
%Recent%\ANTIGEN.dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Antivirus 2011"
HKEY_CLASSES_ROOT\MSSSys.DocHostUIHandler
HKEY_CURRENT_USER\Software\3

Remove Folders and Files
%ALLUSERSPROFILE%\AppData\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
%ALLUSERSPROFILE%\AppData\Internet Antivirus 2011
%USERPROFILE%\AppData\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus 2011.lnk
%USERPROFILE%\AppData\Internet Antivirus 2011
%ALLUSERSPROFILE%\Application Data\[RANDOM]
%USERPROFILE%\Application Data\[RANDOM]
%Desktop%\Internet Antivirus 2011.lnk
%StartMenu%Internet Antivirus 2011.lnk
%Programs%\Internet Antivirus 2011.lnk
%Recent%\tempdoc.tmp
%Recent%\pal.exe
%Recent%\kernel32.dll
%Recent%\fan.drv
%Recent%\eb.sys
%Recent%\delfile.sys
%Recent%\DBOLE.drv
%Recent%\ppal.drv
%Recent%\PE.dll
%Recent%\cid.tmp
%Recent%\CLSV.sys
%Recent%\CLSV.exe
%Recent%\ANTIGEN.drv
%Recent%\ANTIGEN.dll
%Recent%\exec.exe
%Recent%\energy.exe
Wednesday, December 8, 2010

HDD Plus Removal GuideHDD Plus Removal Guide

HDD Plus Removal Guide
HDD Plus is a fake optimization tool that will pretend to optimize the performance of hard drive, memory and the system but eventually will definitely state the user that there is errors in hard drive, memory and the system. HDD Plus produce fake results. HDD Plus cannot optimize the performance of the computer at all. HDD Plus is just a SCAM. HDD Plus continuously produce fake alert to urge the user to purchase the full version of HDD Plus so that to remove all the errors. In fact, HDD Plus cannot detect and remove any errors.

HDD Plus can be remove by using Emsisoft HiJackFree to stop and remove the processes ([random].exe]), remove the autorun setting and finally all related folders and files stated in the removal guide below.

HDD Plus should be removed immediately!

HDD Plus Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Unregister DLL files
%Temp%\[random].dll

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

Remove Folders and Files
%userprofile%\Start Menu\Programs\HDD Plus
%userprofile%\Desktop\HDD Plus.lnk
%Temp%\dfrgr
%Temp%\dfrg
%Temp%\[random].dll
%Temp%\[random].exe
%Temp%\[random]

Security Shield Removal GuideSecurity Shield Removal Guide

Security Shield Removal Guide
Security Shield is a fake antivirus program that will start automatically when Windows boot. After that, Security Shield will do a fake scan on the computer and WILL SURELY state that the computer is infected by malware and then Security Shield will prevent some antivirus from running on the computer. Security Shield cannot detect any kind of virus, trojan or malware. Security Shield can do nothing. Security Shield cannot remove any virus, trojan or malware. Security Shield just make the computer to operate slowly and show pop ups to urge the user to purchase the full version of Security Shield to remove the threats. Security Shield cannot remove any threat at all.

Security Shield can be removed by using Emsisoft HiJackFree by stopping the process ([random].exe) and delete the files at the same time. Then, remove the autorun setting set by Security Shield.

Security Shield should be removed immediately!

Security Shield Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "[RANDOM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"

Remove Folders and Files
[random].exe in hard drive