Created Files

• %Desktop%Spyware Guard 2008.lnk
• %Windir%reged.exe
• %Windir%spoolsystem.exe
• %Windir%syscert.exe
• %Windir%sysexplorer.exe
• %Windir%vmreg.dll
• %Windir%sys.com

Created Folders

• %ProgramFiles%Spyware Guard 2008
• %CommonStartMenu%Spyware Guard 2008
• %ProgramFiles%Spyware Guard 2008

Registry Entries

• Key: HKEY_CURRENT_USER\software\spyware guard
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\spyware guard 2008
• Value:
• Data:
• Key: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
• Value: spywareguard
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Value: spywareguard
• Data: C:\Documents and Settings\%userprofile%\Desktop\d191d05514d2272258d61b5c98500261spywareguard.exe
• Key: HKEY_CURRENT_USER\Software\Spyware Guard 2008
• Value:
• Data:
• Key: HKEY_CLASSES_ROOT\CLSID\{53060826-BE77-4318-BB1E-B88F2DF4DEC8}
• Value:
• Data:
• Key: HKEY_CLASSES_ROOT\CLSID\{8CA47D9C-CE53-4369-9EB2-53AA4292F303}
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
• Value: ieModule
• Data: {8CA47D9C-CE53-4369-9EB2-53AA4292F303}
• Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
• Value: url2
• Data: http://sguardscan.com/
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Value: spywareguard
• Data: C:\Program Files\Spyware Guard 2008\spywareguard.exe
• Key: HKEY_CLASSES_ROOT\CLSID\{293CD179-F950-4D60-BBB5-FCCC4A992B48}
• Value:
• Data:
• Key: HKEY_CLASSES_ROOT\CLSID\{FF39D1F8-1EBF-48CA-B09A-764AF1175F57}
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2009
• Value:
• Data:
• Key: HKEY_CLASSES_ROOT\CLSID\{6CC348FE-AC79-437B-BE61-E664F5C54ED9}
• Value:
• Data:
• Key: HKEY_CLASSES_ROOT\CLSID\{FF524719-85E5-43F2-B0AE-181F8063E7C8}
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ceedbffaaddbaefc
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008
• Value:
• Data:
• Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• Value: spywareguard
• Data: C:\Documents and Settings\%userprofile%\Desktop\RESEARCH\1badd200b0182c248a6a007fc0d19a1c.exe