GameBar is a Browse Helper Object or BHO, a form of spyware and adware that installs onto the infected computer without the user's consent or knowledge.  This program is highly capable of starting whenever the computer starts. 

It can hijack the user's Internet browser and redirect your searches to unsolicited website.  It might even add a search toolbar to your computer to control your surfing habits more efficiently.

Additionally, GameBar tracks the user's browsing habits and uses the information to send or display advertisements related in content to the visited websites.  Typically, the advertisements are undesirable in nature. 

GameBar infects computers with the following operating systems: Windows 95, Windows 98, Windows NT, and Windows 2000.  Additionally, GameBar attempts to remain hidden from the user to make it more difficult to remove it.

However, it is best to remove GameBar as soon as you discover it.  GameBar can be removed with an anti-spyware program that is up to date.  Moreover, the anti-spyware program will remove other unwanted programs at the same time.

Additionally, manual removal of GameBar can be accomplished.  Since you  need to use the registry editor to remove the files pertaining to this adware, it is important to back up your computer files before you begin.  This should only be attempted by individuals who feel confident in their ability to do so.

The GameBar registry values, registry keys, DLL files, and files need to be completely removed from the infected computer.  To delete each file, process, and key manually, complete the following set of directions.  Remove any of the listed files that you locate.

• Click Start.
• Click Run.
• Type 'regedit'.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Click edit.
• Click find.
• Type in the one of the keys or files in the following lists, and click find or find next.  Begin with the ones that do not start with HKEY, since these are more easily discovered and deleted.  Make sure that the box is checked in front of keys, values, and data, so that the regedit looks in the correct places.  Regedit should locate a key for you.  Right click on the key and delete it by clicking delete in the menu that appeared or on the keyboard.
• You will do this one file at a time.  After you delete each one, hit the F3 key on your keyboard to reopen the find next box.  Continue the process and delete additional bad registry files.
• Once regedit indicates that the search is finished, you should click on my computer in the regedit and redo the search to guarantee that you have deleted all possible bad files from this program.

GameBar registry files:

system32\gamebar.dll
system\gamebar.dll

Detecting and deleting the GameBar files or keys that begin with HKEY involve a more involved set of steps.  Use the following steps to manually delete the GameBar values that start with HKEY.  Remove any of the listed files that you locate.

• Click Start.
• Click Run.
• Type 'regedit'.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Follow the path given in each value, clicking each folder open to locate the next item in the path until you have reached the last item.  Once you have gotten to the last item, you can delete it.  Each slash indicates a new folder.

GameBar registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Toolbar\4e7bd74f-2b8d-469e-c0ff-fd69b994bd7d

HKEY_CLASSES_ROOT\CLSID\4e7bd74f-2b8d-469e-c0ff-fd69b994bd7d

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\4e7bd74f-2b8d-469e-c0ff-fd69b994bd7d

Use the uppermost set of directions to find and delete these GameBar DLL files:

system32\gamebar.dll
system\gamebar.dll

Mirar, also sometimes called Getmirar, is adware and functions as a toolbar in your browser.  This program monitors your internet browsing and then displays advertising material based upon the websites viewed.  Some users have reported that this program may install without the computer user’s knowledge and will attempt to update itself without the computer user’s consent.  If you do not wish to view the advertising material, you may elect to remove Mirar from your computer.

If you aren’t certain whether Mirar, or another program, is displaying advertising material during your internet browsing, you may check by bringing up the Task Manager while the advertisements are displaying and checking for processes associated with Mirar.  These are reported to include:

875455-NOSB.exe
mirarsetup.exe

If you discover these processes running on your computer, Mirar may have been installed.

If you decide to remove Mirar from your computer, first you must consider whether to use an adware removal software, or whether you will attempt to manually remove the program from your computer without assistance from removal software.  Remember that manual removal is never advisable unless you are highly proficient in computers and comfortable altering items in the registry.  Even if this is the case, manual removal is performed only at your own risk because the manual removal of programs can have unexpected consequences and the deletion of the wrong item can result in computer instability.  For this reason, it is crucial that if manual deletion is attempted, you must be certain not to delete unrelated items from the computer.  If you are not certain whether or not an item should be deleted, do not proceed without consulting a computer professional.

Before any manual deletion is attempted, it is important to create a backup or System Restore point.  This way, if the deletion has unwanted consequences, you will have the ability to return your computer to its previous settings.  On a computer running Windows XP, you can access the System Restore wizard by selecting Control Panel from the Start menu, and then clicking on Performance and Maintenance.  The System Restore option will appear at the left side of the window, which will walk you through the easy steps to create a new System Restore point.  Only after a backup or System Restore point has been created should any manual deletion be attempted.

Next, it is important to end all processes associated with Mirar before attempting a manual deletion.  These processes include:

875455-NOSB.exe
Mirarsetup.exe

You may also elect to end all processes associated with your browser until after you have removed Mirar from your computer.

Then, the directories created by Mirar should be deleted.  These are reported to include:

648.WUT
URL1

Next, the following files should be deleted where they are found:

875455-NOSB.exe
CONFLICT.1\MirarSetup.exe
CONFLICT.1\MirarSetup.inf
mirarsearch_toolbar.exe
MirarSetup.exe
MirarSetup.inf
mit**.tmp
mit**.tmp.cab
mit**.tmp.exe
mit**.tmp.log
NN_Bar**.dll
NN_Bar.dll
SaveInstHlp.dll
SetupLauncher.exe
WinATS.dll
WinATS.inf
WinDmy.dll
WinNB**.dll

The cookie Mirar should also be deleted.

Then, the following registry keys should be deleted:

{1037B06C-84B7-4240-8D80-485810A0497D}
{159471E5-F30C-434F-A0AB-73BD7D4487BF}
{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}
{224302B0-94E9-45C2-9E5B-BA989EE556E1}
{34568171-E2CA-4FCD-A99F-43771F766B8A}
{4035DE1B-D54A-411E-9EE7-923295D2E86E}
{528DA727-EC08-461E-9564-DF5C971E8574}
{54B287F9-FD90-4457-B65E-CB91560C021D}
{566dede9-9ed8-45da-9be6-9b2eeab17f49}
{5FE0B6C8-F5C1-458E-91B3-0E5358B2F02F}
{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
{753B9349-7E46-4E5C-A27F-A60A6BF1EAB5}
{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}
CONFLICT.1/MirarSetup.exe
MIRAR_DUMMY_ATS.MIRAR_DUMMY_ATS1
MIRAR_DUMMY_ATS.MIRAR_DUMMY_ATS1.1
MirarSetup.exe
NN_Bar.NN_Bar_Helper
NN_Bar.NN_Bar_Helper.1
NN_Bar.NN_WebBand
NN_Bar.NN_WebBand.1
NN_Bar_Dummy.NN_BarDummy
NN_Bar_Dummy.NN_BarDummy.1
RelatedPageInstall
WinDmy.dll

Finally, the following registry values should be deleted:

{159471E5-F30C-434F-A0AB-73BD7D4487BF}
{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF}
{528DA727-EC08-461E-9564-DF5C971E8574}
{5FE0B6C8-F5C1-458E-91B3-0E5358B2F02F}
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
MirarSetup.exe
ToolbarInstall
WinDmy.dll

If this process appears to have a negative effect on your computer, use your backup or System Restore point and then either use an adware removal software or consult a computer professional.

MalwareWipe is circulated as a spyware scanning program that can detect spyware installed on your computer.  Unfortunately, users report that MalwareWipe can also detect false positives on systems that are completely free of spyware, and then encourage the computer user to purchase unnecessary spyware removal software.  If you believe that MalwareWipe is producing false positives for your computer, and if you do not wish to view MalwareWipe’s results and advertising material, you may elect to remove it.

If you choose to remove MalwareWipe from your computer, you must first decide whether you want to use a reputable removal software, consult a computer professional, or attempt to manually remove the program yourself.  Naturally, it is quite unwise to attempt a manual removal of any program unless you are extremely savvy and knowledgeable regarding the inner workings of your computer, and comfortable removing items from the registry.

If you decide to remove MalwareWipe from your computer manually, first attempt to remove the program using your computer’s Add/Remove tool.  You can access this tool by selecting Control Panel from your Start menu, and then selecting Add or Remove Programs.  A list of programs installed on your computer will be displayed.  If MalwareWipe appears among this list, you can attempt to remove it by clicking on Change/Remove, and then selecting Yes when asked if you are certain.

If the Add/Remove tool is unable to remove MalwareWipe from your computer, you may attempt a manual deletion, provided that you have sufficient computer expertise.  However, unexpected and unwanted results can occur when items are manually deleted, so this attempt is undertaken at your own risk.   No manual deletion of any program should ever be attempted without first creating a backup or System Restore point.

You can create a System Restore point on a computer running Windows XP by selecting Performance and Maintenance from the Control Panel, and then clicking on System Restore on the left side of the window and following the provided steps to create a System Restore point.  Only after a backup or System Restore point has been created should any manual deletion be attempted.

To manually remove MalwareWipe, it is first a good idea to pull up the Task Manager and end any processes associated with MalwareWipe.  Then, the following directories, created by MalwareWipe, should be deleted:

MalwareWipe
MalwareWipe\Lang
Quarantine

The following files should be deleted where they are found:

db.dat
ignorelist.dat
MalwareWipe 4.0 Website.lnk
MalwareWipe 4.0.lnk
MALWAREWIPE 4.0.LNK
MalwareWipe 4.1.lnk
MalwareWipe.exe
malwarewipe.ini
MALWAREWIPE.LNK
MalwareWipe\Lang\English.ini
MalwareWipe\MalwareWipe 4.0.lnk
MalwareWipe\MalwareWipe 4.1 Website.lnk
MalwareWipe\MalwareWipe 4.1.lnk
MalwareWipe\MalwareWipe.url
MalwareWipe\msvcp71.dll
MalwareWipe\msvcr71.dll
MalwareWipe\Uninstall MalwareWipe 4.0.lnk
MalwareWipe\Uninstall MalwareWipe 4.1.lnk
mw_install.exe
QUICK LAUNCH\MALWAREWIPE 4.1.LNK
uninst.exe

The following registry keys should be deleted:

{0B595E3D-27BE-4DA1-A278-CA4D904B5823}
{10D387E3-B30B-41FD-A0FF-1E464A901B53}
{14B07D86-9F52-424F-A5CB-C7DE0023E3C2}
{152D1D36-D0CD-41F4-A5A1-4D11ECC41177}
{177E74D6-E1D1-4D15-9D36-85399BA00729}
{1D1E9B3D-5A4C-4C70-A9B4-5A19E0C625DC}
{2848A01C-6BE5-4854-B1BD-DFC30761291D}
{2A34546C-C437-460A-88AF-D4703A548EA9}
{335CA9F4-858F-42EB-B6F7-47A0FFA46481}
{3D9FD47C-E0B5-4005-9ADE-552980D3761F}
{3E5B0894-FE91-4063-BB41-D885C7691581}
{479B1AEA-4414-4E43-8CBF-94BFC7C69B56}
{4A2ECC12-46BA-4C52-9749-C0FAF38D507B}
{4D6079CB-FD9E-46AF-A896-6E8582E52827}
{511A9BB1-917A-414A-88FD-3128E37032A1}
{70CE2C9B-9727-4FEA-8CB0-462CD172E74C}
{71DC737F-9935-4E1D-A995-B50DD8EB5EE7}
{77B520FE-71D6-41A2-A765-A6FE25BEFDDB}
{7C14774F-7491-41E4-A720-2A0B23B83F94}
{8CBED98F-8DDD-4AF0-A9EA-C75E10C937BC}
{8FD9BF62-1102-4B8B-B143-6DFA65A9B193}
{9B3FD365-1ACE-4AE9-84F5-A116726108CD}
{9F2DA855-4EC4-4718-AECF-5DB87DBB2DC2}
{A44CAB15-6B7E-406B-9D9B-B1C1C6BA8CDB}
{A5C70510-5A01-B2A5-CF84-D6DC13859967}
{A99AC77F-4DE5-4AA2-810A-35FAB5FC114B}
{B20C9258-CD4C-495B-BAF9-90D48AF40F1B}
{B57851EC-5A8C-40B9-A503-0821829F0612}
{B74B2B6C-9B8D-47D9-872F-E83D475AAF34}
{C0D7466A-B3EA-47BE-9A02-21880BD88F86}
{CE5ECF63-6065-4B92-8B7E-72B5042C2F25}
{D4BFBB89-4BC5-4D13-8D3A-75EDCC0CF50C}
{E86D0281-FA5A-4E36-B993-84FD87DA9DF1}
{ED793078-C780-48D0-88B4-73750C76E93B}
MALWAREWIPE
MALWAREWIPE.EXE

Finally, the registry value MALWAREWIPE should be deleted.

If MalwareWipe has not been successfully deleted, or if you believe that the manual removal attempt has rendered your computer unstable, use your backup or System Restore point, and then consult a computer professional, or utilize a reputable removal software in order to remove MalwareWipe from your computer.

Remove Adware, Popup Programs, Trojans, Hijackers and malicious worms.  XoftspySE offers simple, Powerful and Automatic Protection for your home and office PC!

Who should scan their PC with the XoftspySE Free scanner?

• Do you receive constant Popup Ads when you surf the internet?
• Are you pestered with homepage redirects, unsavory advertising popups, hijacked favorites/bookmarks?
• Is your PC running at the breakneck speed of a snail?
• Does your computer freeze, lock up or display error messages?
• Have you or someone in your household or office downloaded Music or Movies onto your Computer?

Did you answer yes to any of the questions above?

If so then your computer may be infected with harmful software! Spyware and Hijackers sneak can sneak onto your computer without even a hint of its presence. Some evil applications harvest your personal data like credit card numbers, bank account passwords and more. Frightfully common is theft of Paypal and EBay account info login IDs and account passwords.

Why not download XoftspySE right now?

It's free to try and incredibly easy to use. Once XoftspySE is downloaded, simply click "Scan Now". In just a few minutes you will know if your PC is infected.

• You will know which potentially unwanted programs have found their way onto your Computer.
• We will show you exactly how to get rid of them with the click of a button.
• Your computer will be clean and will again be running at Peak Efficiency!

Why are we offering our Industry Leading XoftspySE technology for Free?

If your computer is not at risk, then you don't pay a cent for trying our state of the art software, If you find that your PC is infected with harmful applications, then we hope you will join nearly 1 million other XoftspySE users, and register your XoftspySE Software.

The strength of our software and our database of known threats is fueled by the sheer power of our near million registered customer-base.

If any one of our members discovers a new threat, our support and development team will eagerly work with them one-on-one to customize complete removal instructions, then our developers go to work and update our software for the benefit of the entire XoftspySE community.

How's that for team-work?

We work tirelessly for our valued customers to ensure the most innovative and Truly Exceptional product in the Anti-Spyware Universe.

ClientMan, a form of spyware sponsored by Odysseus Marketing, Inc., places your computer at a high risk for personal security.  It is a Browser Helper Object, or BHO, that has the functionality of adware coupled with the capability of a Backdoor Trojan.

ClientMan captures, stores, and sends confidential information including IP address, browser identification, and user logins to a remote server.  It usurps the Internet bandwidth on the infected computer, possibly creating sluggishness in its processing.

ClientMan has the ability to generate pop up advertisements based upon the user's Internet activity.  Additionally, it can redirect your Web searches and add links to Web pages for advertising purposes.

ClientMan infects computers with the following operating systems: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, and Windows Server 2003.

It is best to remove ClientMan as soon as you discover it has infected your machine.  ClientMan can be removed with a current anti-spyware program.  Additionally, manual removal of ClientMan can be accomplished.  The registry editor will be used in a manual removal of this application.  Therefore, it is important to back up your computer files before attempting removal.  Using the registry editor may result in accidental deletion of important files.

The ClientMan registry values, registry keys, DLL files, processes, and files need to be completely removed from the infected computer.  To delete each file, process, and key manually, complete the following set of directions. 

• Click Start.
• Click Run.
• Type 'regedit'.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Click edit.
• Click find.
• Type in the one of the keys or files in the following lists, and click find or find next.  Begin with the ones that do not start with HKEY, since these are more easily discovered and deleted.  Make sure that the box is checked in front of keys, values, and data, so that the regedit looks in the correct places.  Regedit should locate a key for you.  Right click on the key and delete it by clicking delete in the menu that appeared or on the keyboard.
• You will do this one file at a time.  After you delete each one that you locate, hit the F3 key on your keyboard to reopen the find next box.  Continue the process and delete additional bad registry files.
• Once regedit indicates that the search is finished, you should click on my computer in the regedit and redo the search to guarantee that you have deleted all possible bad files from this program.

ClientMan files:

addata.lst
app.dat
ause3.exe
ause3-decoded.exe
blank.gif
cachelut.dat
clickthru.log
client.cfg
cmupd.exe
elitejho32.exe
firstrun.log
fixtitle.exe
getall.php
getbuys.exe
infoctl.exe
ipend.log
msawindows.exe
msckin.dat
msckin.exe
mscman.dat
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msnkmi.dll
msobfl.dll
msurlcli1.exe
msvc32.exe
mungedpage.html
popup.log
searchhijack.html
setup_jalapeno.exe
svc.exe 
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
uninstall.uni
unpacked-svc.exe 
whois-om.html
words.lst

Detecting and deleting the ClientMan files or keys that begin with HKEY involve a more involved set of steps.  Use the following steps to manually delete the ClientMan values that start with HKEY.

• Click Start.
• Click Run.
• Type 'regedit'.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Follow the path given in each value, clicking each folder open to locate the next item in the path until you have reached the last item.  Once you have gotten to the last item, you can delete it.  Each slash indicates a new folder.

ClientMan registry values:

HKEY_CLASSES_ROOT\AppID\urlcli.DLL

HKEY_CLASSES_ROOT\appid\{026e4b83-1bf7-41cb-8233-4af35341bc69}
HKEY_CLASSES_ROOT\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_CLASSES_ROOT\Disable.DisableObj
HKEY_CLASSES_ROOT\Disable.DisableObj.1
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj.1
HKEY_CLASSES_ROOT\interface\{a7370377-e217-4467-8448-9845270cd4a3}

HKEY_CLASSES_ROOT\Interface\{570F481A-1C3B-4DF6-9DBE-FAE17DD008F9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED50735-B0D9-47C6-9774-02DD8E6FE053}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927A13-4AAA-476A-989D-392456427688
HKEY_CLASSES_ROOT\typelib\{a1a986e7-7674-4d8b-8081-e422fdb8480b}

HKEY_CLASSES_ROOT\TypeLib\{75FC904C-6E6B-4E9D-9FD3-7A447962DA9B}
HKEY_CLASSES_ROOT\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}
HKEY_CLASSES_ROOT\urlcli.urlcliobj
HKEY_CLASSES_ROOT\urlcli.urlcliobj.1
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run msmc
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\classes\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_LOCAL_MACHINE\software\classes\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_LOCAL_MACHINE\software\classes\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{0982868C-47F0-4EFB-A664-C7B0B1015808}

Use the uppermost set of directions to find and delete these ClientMan DLL files:

2in1fd04f73f.dll
browserhelper.dll
browserhelper2db3ad7a.dll
browserhelper-decoded.dll
browserhelpere90a5c6.dll
disable.dll
disable1.dll
dnsrep13f4a6e5.dll
dnsrepa9c22ca5.dll
gstylebhob76a4c84.dll
iestcrmfrood.dll
metahelp60741389.dll
mscdka.dll
msdaim.dll
msdpdm.dll
mseclk.dll
msedah.dll
mseffm.dll
mselhm.dll
msfaol.dll
msibkd.dll
msjfbl.dll
mskceo.dll
mskhhe.dll
mskpkc.dll
msnkmi.dll
msobfl.dll
msvrfy804449fd.dll
newads.dll
searchrep6706569a.dll
searchrep8181a0e2.dll
tagger.dll
taggerbhoe884facd.dll
trackurl5f9d991e.dll
trackurl79ad003c.dll
trackurl7f663945.dll
trackurl7f663945-decoded.dll
trackurld66084b4.dll
unpacked-browserhelper.dll
urlcli25e74486.dll
urlcli67806664.dll
urlclia30956de.dll

To manually detect and delete the ClientMan processes, complete the following set of instructions:

• Click Start.
• Click Search.
• Click for files or folders.
• Type in the name of the file, one at a time, from the following list of ClientMan processes.
• Click search.
• Delete the found files.

ClientMan processes:

ause3.exe
ause3-decoded.exe
cmupd.exe
elitejho32.exe
fixtitle.exe
getbuys.exe
infoctl.exe
msawindows.exe
msckin.exe
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msurlcli1.exe
msvc32.exe
setup_jalapeno.exe
svc.exe
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
unpacked-svc.exe

A4Zeta Beta 1 is an insidious software application that belongs to the family of spyware.  It is a malicious and insidious Trojan known as a Remote Administration Tool or RAT.  This program is equipped to perform many clandestine activities that put the infected computer's safety and security features at risk, as well as disrupting the processing of the computer.

A4Zeta Beta 1 has been around since 2002, possibly originating in South America.  The author of this program is Renner.  The primary goal of this malware program is to gain access to a computer for the purpose of controlling the computer through a server and a remote client.  A4Zeta Beta 1 installs the server that it will use to access your personal information.

A program such as this is fully capable of monitoring the computer user's activity to the point of recording keystrokes, tracking the computer user's browsing habits, maintaining a log, and stealing personal information.  A4Zeta Beta 1 will be able to gain access to your important data, including account numbers for your bank accounts and credit card accounts, passwords, and any other information that you have stored on the infected computer.

Additionally, A4Zeta Beta 1 can usurp the infected computer's bandwidth, disrupting the computer's processing ability.  This particular program is known for restarting the infected computer, further disrupting the computer user's  time on the computer.  Moreover, A4Zeta Beta 1 is capable of downloading additional software applications onto the infected computer without the owner's consent or knowledge.

To remove A4Zeta Beta 1, it will be necessary to ensure that all A4Zeta Beta 1 processes, A4Zeta Beta 1 registry keys, A4Zeta Beta 1 DLL files, and other dangerous A4Zeta Beta 1 files from your computer.  This needs to be done with caution, however, due to the sensitive nature of the computer's registry.  Specifically, the A4Zeta Beta 1 process, a4zetabeta 1.exe needs to be removed.  In addition, the A4Zeta Beta 1 files, a4zetabeta 1.exe and leia-me.txt need to be removed.

To remove the A4Zeta Beta 1 Program manually, follow these instructions:

For Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT, and Windows XP in the classic view:

• Click the start button to open the menu.
• Click settings.
• Click control panel.
• Double click the "add/remove programs" icon in the control panel window to open it.
• Search for the A4Zeta Beta 1 program in the list of entries.
• Click on the phrase, A4Zeta Beta 1 to select it.
• Click on the button that will remove it, either "add/remove" or "change/remove."
• Follow the prompts that are given to remove A4Zeta Beta 1.
• Reboot your computer.
• Open the Add/Remove Programs icon and check to see if A4Zeta Beta 1 has been removed from the list of currently installed programs.
• If A4Zeta Beta 1 is still listed in the currently installed programs file, then you will need to take further steps to remove the application.

If your computer is using Windows XP in the default XP view, you will navigate directly from start to control panel.  The remaining removal steps for A4Zeta Beta 1 will be the same as those listed above. 

Manual removal is tedious and full of potential for mishap.  For these reasons, it is highly recommended that an anti-spyware application be considered for removal of this and all spyware, malware, and adware programs.

The Adware.MediaInject application is also known as the following:

• Generic.cb;
• Mediainj;
• Trojan.Win32.Inject.a;
• Virtool.MediaInject.a
• and Adware.Win32.MediaInject.

SoftBulldog.com reportedly published the Adware.MediaInject application. The publisher's website is www.softbulldog.com/ free.html.

The Adware.MediaInject program reportedly comes bundled with other software authored by softbulldog.com. These other programs which may carry the Adware.MediaInject application include:

• Greasemonkey (Internet Explorer extension);
• Customize Google (Google search enhancer);
• Omgili (search engine);
• MalWhere (process monitor);
• Sigster (search engine);
• YADA (download manager);
• and aSkin (skins for Internet Explorer).

The advertising software comes in several versions. These versions include Adware.MediaInject.a; Adware.MediaInject.c; and Adware.MediaInject.d.

The Adware.MediaInject program installs registry keys on the startup folder. This enables the program to run each time the computer starts or the user reboots the system.

The components commonly added by application are:

• %ProgramFiles%\ micore\ runc.exe;
• ..\ not-a-virus.adware.win32.mediainject.a \ 65b6f6e2.exe;
• ..\ Internet keyword\ inetmgr.exe;
• ..\ Internet keyword\ inetsvc.exe;
• and ..\ Internet keyword\ ikw.exe.

Some file processes associated with the Adware.MediaInject application include the expin.dll; wrdget.dll; runc.exe; micore.exe; runc.exe and expin.dllmicore.exe.

Adware applications are capable of displaying advertisements on a user's computer in an obtrusive manner. These are means of marketing tactics used by companies to gain profit. The advertisements usually come in pop-up form, banners, pop-unders and links in websites.

The Adware.MediaInject application can also track a user's browsing habits. This information goes to a central server. Advertisements then appear on the user's computer catering to the user's searches.

An infected computer exhibits constant appearance of pop-up advertisements. The user also gets redirected to a different website and the browser home page changes without his consent. Just like any infected computer, there is a slower computer performance and Internet connection speed. There is also an unexplainable high band width consumption and low disk space.

Reports show that the Advanced Registry Optimizer program is a seemingly legitimate program masked as a true registry cleaner. Experts however claim that Advanced Registry Optimizer is a Rogue Registry Cleaner program that purposely makes exaggerated claims on the user's computer system security. Reports claim that it does so to entice computer users into buying a paid version of the program.

Advocates of the Advanced Registry Optimizer application categorize the software as a user-friendly registry cleaner that can dramatically improve the performance of the user's computer. It allegedly does this by removing errors existing in the user's computer.

It is claimed that it is a Windows utility that aids in maintaining the stability of the user's computer by scanning for and repairing worthless registry entries.

It is claimed by the sponsors of this program that the Advanced Registry Optimizer application assists in providing the accelerated system speeds and enhanced response time of the user's computer. Some advertisers even claim that the application can give efficient system operation and a more secure system. It is also said to reduce error messages.

Publishers of this software also claim that this program can be helpful when the user is experiencing reduced Internet and computer speed. It can also help remove irremovable computer programs. In instances when the computer does not boot as it should be as well as in cases where some applications stopped when new software has been installed, the Advanced Registry Optimizer is said to be efficient

Supporters of the Advanced Registry Optimizer application claim that this product can perform actions such as scanning user's computer for errors and defragging the user's registry. It is also capable of executing backup files, restoring files, displaying and classifying registry errors. It can eradicate the detected registry errors.

Notwithstanding these acclaimed beneficial uses, security experts consider the Advanced Registry Optimizer application a malware. This is because it makes exaggerated claims regarding the security of the user's computer. It is also said by experts that the application can provide possibly incorrect results on the scan conducted. These seemingly legitimate results can be used as a tool to scare and persuade the users into purchasing a commercial version of the program.

This article is solely the opinion of the author of this article and is not in any way to be construed as the opinion of filetonic, its owners, techjocks or anyone affiliated with this website.

Reports show that the 1-ACT Parental Advisor 2006 application is marketed as a computer control utility used by parents and employers.  The author claims that the 1-ACT Parental Advisor 2006 application has the functions of protecting children from pornography, stalker and pedophiles. It also allows an employer to save money by making sure their employees are using their computer resources strictly for work purposes only.

Reports claim that the 1-ACT Parental Advisor 2006 application provides online and offline filter controls. It also provides parents or system administrators control on websites and programs accessed in a computer. Other reports show that the 1-ACT Parental Advisor 2006 allows blocking of particular URLs and programs and it permits a schedule when access can be granted. It is also allegedly able to place offline websites in a list and may allow a security password for programs.

The 1-ACT Parental Advisor 2006 application is reported to block websites with adult content and control access to the Internet. However, the 1-ACT Parental Advisor 2006 application is also claimed to log keystrokes. It can also monitor and log all actions in the computer. It may also reputedly email all recorded data to a user as it is capable of running secretly from the user. It steals passwords and confidential data and may have rootkit technology to be able to remain undetected by other software.

Anti-virus companies also state that the 1-ACT Parental Advisor 2006 application is installed by the executable file parentallock.exe.

It is also possible for the 1-ACT Parental Advisor 2006 application to make screenshots of the computer display and capture microphone and webcam data. It can also log sessions in Instant Messaging applications and record visited websites as well as files shared in a Peer-to-Peer network.

The 1-ACT Parental Advisor 2006 application is claimed to have undesirable effects in machine such as creating unwanted modifications to the computer. It can change the configuration of a Web browser's homepage and its settings. Lastly, it is capable of gathering and sending confidential data to a remote host without awareness or consent of the user.

A downloader Trojan program is often installed under a false pretense of being beneficial to the user. These applications install and execute a malicious component without the user's knowledge. Downloader Trojan applications have the capability to download and run other malware applications. The malicious software may have a variety of abilities, causing damage and disruption of normal system functions.

The 3wplayer application is affiliated with the websites http://www.3wplayer.com/ and DailyAppz.Play3w.com. The program is being marketed as a wide-ranging media player. Advertisements show that it can play several file formats. It also has an easy to use interface. The program is compatible with the Windows Operating System.

The 3wplayer application may be willingly installed into the system by the user. Users may be unaware of reports that show if the system is infected with the Trojan.Win32.Obfuscated.en program. Once installed, it can also download and execute other malware programs with adware capabilities into a system.

This application is often distributed in the tactic  associated with downloadable content. Videos that are likely to be downloaded are uploaded into file-sharing sites or networks. The files often appear to be in the conventional AVI format. Once the file is fully downloaded and the user attempts to watch the video, a message will appear.

The message then tells the user that the downloaded video can only be played with the 3wplayer application. It further directs the user to a site where the media player can be downloaded free. Upon installation, the program also installs adware programs that are included with its software. Downloaded media files mostly do not contain the expected videos.

Upon execution, the 3wplayer software reportedly creates the following files:

• C:\Documents and Settings\All Users\Start Menu\Programs\3wPlayer\Uninstall 3wPlayer.ink;
• %ProgramFiles%\3wPlayer\settings.ini;
• %ProgramFiles%\3wPlayer\settings.stp;
• and %ProgramFiles%\3wPlayer\SkinCrafterDll.dll.

One adware program that the 3wplayer application has been reported to download and install is the Adware.Lop application. This software can hijack the Web browser. It is also capable of adding a search button and toolbar to the Internet Explorer program without consent from the user. Malware programs downloaded by the 3wplayer application make the system susceptible to pop-up advertisements, undesired networks, security software disabling and personal information theft.

The 3wplayer application may be detected under the following names:

• domplayer;
• zixplayer;
• WinZix;

and DivoCodec.