Friday
2012-07-11, 12:33
The following instructions have been created to help you to get rid of "Ticno.BHO" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
bho
Description:
Ticno.BHO is a Trojan horse that pretends to be a game like Minecraft to get executed. After execution a downloader starts which will install various toolbars, browser addons and system services without properly informing about the extent of the installations.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "multibar.exe" and pointing to "?<$PROGRAMFILES>\Ticno\Multibar\multibar.exe? /auto".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "multibar".
Products that have a key or property named "Tabs".
Products that have a key or property named "Ticno Indexator".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$APPDATA>\Installer\h_p\homepage.exe".
The file at "<$APPDATA>\Installer\ticno_m.exe".
The file at "<$APPDATA>\Mozilla\Firefox\Profiles\anibwtkr.default\searchplugins\ticno.xml".
The file at "<$APPDATA>\Ticno\Multibar\plugins\wiki_search\wiki_search.dll".
The file at "<$APPDATA>\Ticno\Multibar\plugins\youtube_search\youtube_search.dll".
The file at "<$COMMONAPPDATA>\Ticno\LicUpd\updater.dll".
The file at "<$COMMONAPPDATA>\Ticno\LicUpd\Updater.exe".
The file at "<$COMMONDESKTOP>\MultiBar.lnk".
The file at "<$COMMONPROGRAMS>\Ticno Tabs\Uninstall.lnk".
The file at "<$COMMONSTARTUP>\Tabs.lnk".
The file at "<$DESKTOP>\minecraft_file.rar".
The file at "<$PROGRAMFILES>\Ticno\Indexator\database.dll".
The file at "<$PROGRAMFILES>\Ticno\Indexator\SearchService.exe".
The file at "<$PROGRAMFILES>\Ticno\Indexator\updater.dll".
The file at "<$PROGRAMFILES>\Ticno\Indexator\Updater.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\addto.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\friendmeter\friendmeter.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\games\games.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\inet_search\inet_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\local_search\local_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\weather\main.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\weather\TicnoWeather.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\wiki_search\wiki_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\youtube_search\youtube_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\helpscreen.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\hook2.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\multibar.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\multibar_main.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\runner.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\SearchPanel.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\SearchService.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\updater4.exe".
The file at "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe".
The file at "<$PROGRAMFILES>\Ticno\Tabs\updater.dll".
The file at "<$PROGRAMFILES>\Ticno\Tabs\Updater.exe".
Make sure you set your file manager to display hidden and system files. If Ticno.BHO uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$APPDATA>\Breakpad".
The directory at "<$APPDATA>\Installer\h_p".
The directory at "<$APPDATA>\Installer".
The directory at "<$APPDATA>\Mozilla\Firefox\Profiles\<$ENV(Ticno_FF_Path)>\extensions\tabs@ticno.com".
The directory at "<$APPDATA>\Ticno\Multibar".
The directory at "<$APPDATA>\Ticno\Tabs".
The directory at "<$APPDATA>\Ticno".
The directory at "<$COMMONAPPDATA>\Ticno\LicUpd".
The directory at "<$COMMONAPPDATA>\Ticno".
The directory at "<$COMMONPROGRAMS>\Ticno Tabs".
The directory at "<$LOCALAPPDATA>\ticno".
The directory at "<$PROGRAMFILES>\Ticno\Multibar".
The directory at "<$PROGRAMFILES>\Ticno\Tabs".
The directory at "<$PROGRAMFILES>\Ticno".
Make sure you set your file manager to display hidden and system files. If Ticno.BHO uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
A key in HKEY_CLASSES_ROOT\ named "BhoNew.BhoApp.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BhoNew.BhoApp", plus associated values.
Delete the registry key "{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{EDF06F4A-EF50-45F9-959D-1C083C92A402}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "bar" at "HKEY_CLASSES_ROOT\*\shell\".
Delete the registry key "Tabs" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Indexator" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "Ticno Multibar" at "HKEY_CURRENT_USER\HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Multibar" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Multibar" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "Ticno" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "DefaultScope={F857121E-A9E5-4fb4-8C54-C2851C5F22C9}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\".
Delete the registry value "DisplayName" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F857121E-A9E5-4fb4-8C54-C2851C5F22C9}\".
Delete the registry value "URL" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F857121E-A9E5-4fb4-8C54-C2851C5F22C9}\".
If Ticno.BHO uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer).
Please check your bookmarks for links to "start.ticno.com".
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
bho
Description:
Ticno.BHO is a Trojan horse that pretends to be a game like Minecraft to get executed. After execution a downloader starts which will install various toolbars, browser addons and system services without properly informing about the extent of the installations.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "multibar.exe" and pointing to "?<$PROGRAMFILES>\Ticno\Multibar\multibar.exe? /auto".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "multibar".
Products that have a key or property named "Tabs".
Products that have a key or property named "Ticno Indexator".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$APPDATA>\Installer\h_p\homepage.exe".
The file at "<$APPDATA>\Installer\ticno_m.exe".
The file at "<$APPDATA>\Mozilla\Firefox\Profiles\anibwtkr.default\searchplugins\ticno.xml".
The file at "<$APPDATA>\Ticno\Multibar\plugins\wiki_search\wiki_search.dll".
The file at "<$APPDATA>\Ticno\Multibar\plugins\youtube_search\youtube_search.dll".
The file at "<$COMMONAPPDATA>\Ticno\LicUpd\updater.dll".
The file at "<$COMMONAPPDATA>\Ticno\LicUpd\Updater.exe".
The file at "<$COMMONDESKTOP>\MultiBar.lnk".
The file at "<$COMMONPROGRAMS>\Ticno Tabs\Uninstall.lnk".
The file at "<$COMMONSTARTUP>\Tabs.lnk".
The file at "<$DESKTOP>\minecraft_file.rar".
The file at "<$PROGRAMFILES>\Ticno\Indexator\database.dll".
The file at "<$PROGRAMFILES>\Ticno\Indexator\SearchService.exe".
The file at "<$PROGRAMFILES>\Ticno\Indexator\updater.dll".
The file at "<$PROGRAMFILES>\Ticno\Indexator\Updater.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\addto.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\friendmeter\friendmeter.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\games\games.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\inet_search\inet_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\local_search\local_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\weather\main.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\weather\TicnoWeather.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\wiki_search\wiki_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\appdata\plugins\youtube_search\youtube_search.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\helpscreen.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\hook2.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\multibar.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\multibar_main.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\runner.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\SearchPanel.dll".
The file at "<$PROGRAMFILES>\Ticno\Multibar\SearchService.exe".
The file at "<$PROGRAMFILES>\Ticno\Multibar\updater4.exe".
The file at "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe".
The file at "<$PROGRAMFILES>\Ticno\Tabs\updater.dll".
The file at "<$PROGRAMFILES>\Ticno\Tabs\Updater.exe".
Make sure you set your file manager to display hidden and system files. If Ticno.BHO uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$APPDATA>\Breakpad".
The directory at "<$APPDATA>\Installer\h_p".
The directory at "<$APPDATA>\Installer".
The directory at "<$APPDATA>\Mozilla\Firefox\Profiles\<$ENV(Ticno_FF_Path)>\extensions\tabs@ticno.com".
The directory at "<$APPDATA>\Ticno\Multibar".
The directory at "<$APPDATA>\Ticno\Tabs".
The directory at "<$APPDATA>\Ticno".
The directory at "<$COMMONAPPDATA>\Ticno\LicUpd".
The directory at "<$COMMONAPPDATA>\Ticno".
The directory at "<$COMMONPROGRAMS>\Ticno Tabs".
The directory at "<$LOCALAPPDATA>\ticno".
The directory at "<$PROGRAMFILES>\Ticno\Multibar".
The directory at "<$PROGRAMFILES>\Ticno\Tabs".
The directory at "<$PROGRAMFILES>\Ticno".
Make sure you set your file manager to display hidden and system files. If Ticno.BHO uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
A key in HKEY_CLASSES_ROOT\ named "BhoNew.BhoApp.1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "BhoNew.BhoApp", plus associated values.
Delete the registry key "{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{EDF06F4A-EF50-45F9-959D-1C083C92A402}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "bar" at "HKEY_CLASSES_ROOT\*\shell\".
Delete the registry key "Tabs" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Indexator" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "Ticno Multibar" at "HKEY_CURRENT_USER\HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Multibar" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "Ticno Multibar" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "Ticno" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "TicnoIndexator" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "TicnoSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "<$PROGRAMFILES>\Ticno\Tabs\Ticno Tabs.exe" at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\".
Delete the registry value "DefaultScope={F857121E-A9E5-4fb4-8C54-C2851C5F22C9}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\".
Delete the registry value "DisplayName" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F857121E-A9E5-4fb4-8C54-C2851C5F22C9}\".
Delete the registry value "URL" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F857121E-A9E5-4fb4-8C54-C2851C5F22C9}\".
If Ticno.BHO uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer).
Please check your bookmarks for links to "start.ticno.com".
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
There are more files or system entries belonging to this product that <$SPYBOTSD> can remove, but that cannot be easily described in text. Please use <$SPYBOTSD> to make sure <$PRODUCTNAME> gets completely removed.