Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

Dear Jean,

Thank you for your follow-up. I did indeed use the Submit State feature last night and this morning, your team sent me instructions to run an 'update' and then re-run Exterminate It! on the PC. I just finished that process and the new update wiped it out. I ran my regular anti-spy/anti-virus to double-check and it wasn't able to detect it either. I appreciate the support from both you and your team.

Linda D.

SillyDl- Registry Values List

This is a complete list of SillyDl registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the SillyDl - trojan,adware,toolbar,downloader.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]securityproviders=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
  • [HKEY_CURRENT_USER\software]8636065b-fef0-4255-b14f-54639f7900a4=8636065b-fef0-4255-b14f-54639f7900a4
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]lanmanwrk.exe clean=[%SYSTEM%]\lanmanwrk.exe clean
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]microsoft service=[%PROFILE%]\M-487580275876824076547\winsvc.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]microsoft service=[%WINDOWS%]\mscssd.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\perce.jpg.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]conscorr=[%WINDOWS%]\conscorr.exe
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer]searchurl=http://searchmiracle.com/sp.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser]{825cf5bd-8862-4430-b771-0c15c5ca8def}=00
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\~tmpb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\103.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\b.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\5501.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\839A.tmp.exe
  • [HKEY_CURRENT_USER\software]8636065b-fef0-4255-b14f-54639f7900a4=0
  • [HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar]{825cf5bd-8862-4430-b771-0c15c5ca8def}=EliteToolBar
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]atiupdate=[%LOCAL_APPDATA%]\ATI\ATIUpdate\ATIupdt32.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]microsoft service=[%PROGRAM_FILES%]\MSBuild\Microsoft\wallpaperchsrv.lnk
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]twain=[%APPDATA%]\Twain\Twain.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cogad="[%APPDATA%]\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]jsf8uiw3jnjgffght=[%PROFILE_TEMP%]\winlognn.exe
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\main]search bar=http://searchmiracle.com/sp.php
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]microsoft service=[%PROGRAM_FILES%]\MSBuild\Microsoft\MSServices.lnk
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\~tmpa.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\3043.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\video232.cfg.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\E6C.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]microsoft service=microsoft.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]microsoft service=microsoft.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\12970.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]microsoft service=wsconf.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]microsoft service=wsconf.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\3325.exe
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer]searchurl=http://searchmiracle.com/sp.php
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]ptidle="[%APPDATA%]\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%WINDOWS%]\Temp\12A.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\xxx1943.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\30C.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]twain=[%PROGRAM_FILES%]\Twain\Twain.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\a.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\~tmpe.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]alchem=[%WINDOWS%]\alchem.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\1A.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]mediacodec.exe=[%PROFILE_TEMP%]\mediacodec.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\4341.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\video0.cfg.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\A.tmp.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]speedrunner=[%APPDATA%]\SpeedRunner\SpeedRunner.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{e2ba40a2-74f3-42bd-f434-2604812c8953}=sdfg54y54yhhgth6w4efvrg
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\xxx2186.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cogad="[%APPDATA%]\cogad\cogad.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1146635641
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\372.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1152760148
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\video1019.cfg.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]donotdelete="[%PROGRAM_FILES%]\CitiReg\CitiReg.exe"
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]windows thumbnails service=[%SYSTEM%]\winthumb.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]windows thumbnails service=[%SYSTEM%]\winthumb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cognac=[%PROFILE_TEMP%]\11381.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]somefox=[%PROFILE_TEMP%]\setup1018.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]mousie=[%SYSTEM%]\Mousie.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]cogad="[%APPDATA%]\cogad\cogad.exe" 61A847B5BBF7281034993A466188719AB689201522886B092CBD44BD8689220221DD3257
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1144023383
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1151600139
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1146515025
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1156838952
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1123686890
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1166212452
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{855875b5-93f3-429d-ff34-660b206d897c}=Keyboard Driver
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1155576311
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1155332699
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1122261111
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1152992221
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1158701181
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1151975746
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1155589372
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1150181315
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1146601256
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1143744559
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1147508907
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1159719798
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1155948642
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1145798351
  • [HKEY_LOCAL_MACHINE\software\microsoft]ati_ver=1159353877
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer] searchurl=http://searchmiracle.com/sp.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer] searchurl=http://www.1stsearchportal.com/sp2.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser] {825cf5bd-8862-4430-b771-0c15c5ca8def}=00
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] ATI_VER=1131519422
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] ATI_VER=1155669288
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft] ATI_VER=1157587864
  • [HKEY_LOCAL_MACHINE\software\microsoft] ati_ver=1163296463
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Alchem=[%WINDOWS%]\alchem.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] conscorr=[%WINDOWS%]\conscorr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] System service79=[%WINDOWS%]\etb\pokapoka79.exe
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer]searchurl=http://www.1stsearchportal.com/sp2.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\main]search bar=http://searchmiracle.com/sp.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\main]search bar=http://www.1stsearchportal.com/sp2.php
  • [HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser] {825cf5bd-8862-4430-b771-0c15c5ca8def}=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] atiupdate=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] avtapi=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] ixsso=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] mssaru=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] twain_32=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] wiascr=(EMPTY)
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] windows update checker=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft] ati_ver=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar] {825cf5bd-8862-4430-b771-0c15c5ca8def}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]appinit_dlls=[%SYSTEM%]\systf.dll
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects] {ed103d9f-3070-4580-ab1e-e5c179c1ae41}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] {855875b5-93f3-429d-ff34-660b206d897c}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]estarnet=estarnet2.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] alchem=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] alwwxoktpuqth=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] antiware=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]ckusdll=[%WINDOWS%]\ckusdll.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] conscorr=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] dkvscwqaoko=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] dmvkx=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] engshnxutxt=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] eqhrkfycgvo=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] exordgli=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]fuwxenc=[%WINDOWS%]\fuwxenc.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] lbihshbcw=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] mgslljacr=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] nsnushtr=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] onjkgtwisq=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] qnhwoebr=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] qyxkca=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] skwilu=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] system service78=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] system service79=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] tabxqtshybbq=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] wdfmgr21=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] wmicsmgr=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] wyygxwovfvmgv=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] xdatesbmroz=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, zshf5459=rundll32.exe w3b384d1.dll]n 004f5455000000053b384d1=(EMPTY)
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] system tools=(EMPTY)