How to remove Employee Watcher (pop up)

Thursday, June 3rd, 2010 at 8:14 am  
 

Employee Watcher description

  
  Adware:Adware (or spyware) is a small program that is designed to show advertisements (in various form and degrees of intrusiveness) on your computer. It often reports personal information back to its owners. As a result your sense of privacy can be violated.

Employee Watcher is a complex commercial malware product that monitors user activity, records keystrokes, takes screenshots, captures chat conversations and e-mail messages. The application sends gathered data to a configurable e-mail address. Employee Watcher must be manually installed. It comes with the uninstaller, but is quite difficult to detect and remove. It runs on every Windows startup. 		 

 

Technical details (How to remove Employee Watcher(pop up))

  
 
processes files:
uninstaller.exe
employeewatcher[XVS]uninstaller.exe
csrss.ex
csrss.exe
initializer.exe
smss.exe
svchost.exe, smss.exe, initializer.exe, csrss.exe, csrss.exsvchost.exe

registry entries:
DE6317F7-6EF0-45C2-88D1-8E09415817F1
48E59290-9880-11CF-9754-00AA00C00908
3B7C8863-D78F-101B-B9B5-04021C009402
389B19AA-9A87-11D1-B77F-00001C1AD1F8
1FAA49C4-16B7-4D28-8930-31BE1810D943
0A4AFE1D-F664-11D0-B649-00001C1AD1F8
0468C941-83E2-11D3-BE51-00C0DFC2E32C
0468C933-83E2-11D3-BE51-00C0DFC2E32C
F7C1A3FA-C511-488A-B583-4F153B9368C4
ED117630-4090-11CF-8981-00AA00688B10
E9A5593C-CAB0-11D1-8C0B-0000F8754DA1
D937A3C0-8634-11D3-BE51-00C0DFC2E32C
B78B0E98-0431-4A6B-8C3D-F240FE8725F5
AB14F05E-4C1D-49DC-8BD5-9E6B510B3EBA
A834857C-9A90-11D1-B77F-00001C1AD1F8
A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8
8B8BB3A3-8576-11D3-BE51-00C0DFC2E32C
8B8BB3A1-8576-11D3-BE51-00C0DFC2E32C
859321D0-3FD1-11CF-8981-00AA00688B10
68B8DCDB-EFA4-420A-BB8A-71B9892A2063
48E59292-9880-11CF-9754-00AA00C00908
48E59291-9880-11CF-9754-00AA00C00908
3E3621C0-8635-11D3-BE51-00C0DFC2E32C
3B7C8862-D78F-101B-B9B5-04021C009402
389B19B7-9A87-11D1-B77F-00001C1AD1F8
0468C951-83E2-11D3-BE51-00C0DFC2E32C
0468C94F-83E2-11D3-BE51-00C0DFC2E32C
DE5C2449-65D5-4413-BFCF-6BFCDF294665
AFC634B0-4B8B-11CF-8989-00AA00688B10
8B8BB3A2-8576-11D3-BE51-00C0DFC2E32C
855C49A7-9C3C-11D1-B784-00001C1AD1F8
78E5A540-1850-11CF-9D53-00AA003C9CB6
6E29B982-9C50-11D1-B784-00001C1AD1F8
6E29B981-9C50-11D1-B784-00001C1AD1F8
48E59295-9880-11CF-9754-00AA00C00908
48E59294-9880-11CF-9754-00AA00C00908
48E59293-9880-11CF-9754-00AA00C00908
3B7C8860-D78F-101B-B9B5-04021C009402
389B19B9-9A87-11D1-B77F-00001C1AD1F8
2C704DBB-9C46-11D1-B784-00001C1AD1F8
253664FB-EDFC-4AC6-BD69-B322F466AEED
22B4C8F5-A686-42CC-8224-E4817445109F
0468C950-83E2-11D3-BE51-00C0DFC2E32C
HKEY_CLASSES_ROOTMabry.CPingXPropPage.1
HKEY_CLASSES_ROOTMabry.CPingXPropPage
HKEY_CLASSES_ROOTMabry.PingXCom.1
HKEY_CLASSES_ROOTMabry.PingXCom
HKEY_CLASSES_ROOTMabry.PingX.1
HKEY_CLASSES_ROOTMabry.PingX
HKEY_CLASSES_ROOTInetCtls.Inet.1
HKEY_CLASSES_ROOTInetCtls.Inet
HKEY_CLASSES_ROOTdwshk36.WinHook.6
HKEY_CLASSES_ROOTdwshk36.WinHook
HKEY_CLASSES_ROOTdwshk36.RegMsg.1
HKEY_CLASSES_ROOTdwshk36.RegMsg
HKEY_CLASSES_ROOTdwshk36.MsgList.1
HKEY_CLASSES_ROOTdwshk36.MsgList
HKEY_CLASSES_ROOTdwshk36.KeyPage.1
HKEY_CLASSES_ROOTdwshk36.KeyPage
HKEY_CLASSES_ROOTdwshk36.KeyList.1
HKEY_CLASSES_ROOTdwshk36.KeyList
HKEY_CLASSES_ROOTdwshk36.HookPage.1
HKEY_CLASSES_ROOTdwshk36.HookPage
HKEY_CLASSES_ROOTaxsCaptureScrn.axsCapScreen
HKEY_CLASSES_ROOTANSMTP.OBJ.1
HKEY_CLASSES_ROOTANSMTP.OBJ
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunWinUpdateProtection
HKEY_CLASSES_ROOTTypeLib{DE6317F7-6EF0-45C2-88D1-8E09415817F1}HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunWinUpdateProtection
HKEY_CLASSES_ROOTTypeLib{48E59290-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTTypeLib{3B7C8863-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOTTypeLib{389B19AA-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOTTypeLib{1FAA49C4-16B7-4D28-8930-31BE1810D943}
HKEY_CLASSES_ROOTTypeLib{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}
HKEY_CLASSES_ROOTTypeLib{0468C941-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTTypeLib{0468C933-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{F7C1A3FA-C511-488A-B583-4F153B9368C4}
HKEY_CLASSES_ROOTInterface{ED117630-4090-11CF-8981-00AA00688B10}
HKEY_CLASSES_ROOTInterface{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}
HKEY_CLASSES_ROOTInterface{D937A3C0-8634-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{B78B0E98-0431-4A6B-8C3D-F240FE8725F5}
HKEY_CLASSES_ROOTInterface{AB14F05E-4C1D-49DC-8BD5-9E6B510B3EBA}
HKEY_CLASSES_ROOTInterface{A834857C-9A90-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOTInterface{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}
HKEY_CLASSES_ROOTInterface{8B8BB3A3-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{8B8BB3A1-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{859321D0-3FD1-11CF-8981-00AA00688B10}
HKEY_CLASSES_ROOTInterface{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}
HKEY_CLASSES_ROOTInterface{48E59292-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTInterface{48E59291-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTInterface{3E3621C0-8635-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{3B7C8862-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOTInterface{389B19B7-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOTInterface{0468C951-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTInterface{0468C94F-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTCLSID{DE5C2449-65D5-4413-BFCF-6BFCDF294665}
HKEY_CLASSES_ROOTCLSID{AFC634B0-4B8B-11CF-8989-00AA00688B10}
HKEY_CLASSES_ROOTCLSID{8B8BB3A2-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTCLSID{855C49A7-9C3C-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOTCLSID{78E5A540-1850-11CF-9D53-00AA003C9CB6}
HKEY_CLASSES_ROOTCLSID{6E29B982-9C50-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOTCLSID{6E29B981-9C50-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOTCLSID{48E59295-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTCLSID{48E59294-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTCLSID{48E59293-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOTCLSID{3B7C8860-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOTCLSID{389B19B9-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOTCLSID{2C704DBB-9C46-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOTCLSID{253664FB-EDFC-4AC6-BD69-B322F466AEED}
HKEY_CLASSES_ROOTCLSID{22B4C8F5-A686-42CC-8224-E4817445109F}
HKEY_CLASSES_ROOTCLSID{0468C950-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOTMabry.CPingXPropPage.1
HKEY_CLASSES_ROOTMabry.CPingXPropPage
HKEY_CLASSES_ROOTMabry.PingXCom.1
HKEY_CLASSES_ROOTMabry.PingXCom
HKEY_CLASSES_ROOTMabry.PingX.1
HKEY_CLASSES_ROOTMabry.PingX
HKEY_CLASSES_ROOTInetCtls.Inet.1
HKEY_CLASSES_ROOTInetCtls.Inet
HKEY_CLASSES_ROOTdwshk36.WinHook.6
HKEY_CLASSES_ROOTdwshk36.WinHook
HKEY_CLASSES_ROOTdwshk36.RegMsg.1
HKEY_CLASSES_ROOTdwshk36.RegMsg
HKEY_CLASSES_ROOTdwshk36.MsgList.1
HKEY_CLASSES_ROOTdwshk36.MsgList
HKEY_CLASSES_ROOTdwshk36.KeyPage.1
HKEY_CLASSES_ROOTdwshk36.KeyPage
HKEY_CLASSES_ROOTdwshk36.KeyList.1
HKEY_CLASSES_ROOTdwshk36.KeyList
HKEY_CLASSES_ROOTdwshk36.HookPage.1
HKEY_CLASSES_ROOTdwshk36.HookPage
HKEY_CLASSES_ROOTaxsCaptureScrn.axsCapScreen
HKEY_CLASSES_ROOTANSMTP.OBJ.1
HKEY_CLASSES_ROOTANSMTP.OBJ
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunWinUpdateProtection
HKEY_CURRENT_USER SoftwareMicrosoftWindows CurrentVersionRunWinUpdateProtection

Free download remover for Employee Watcher (pop up)

  
  Screen Shots  
 



 
 

Download free removal tool to remove these items that have been created by Employee Watcher

 
     
 
facebok facbook Random Password Generator Defrag server Defrag server 2003 Spyware remover software Free registry cleaner xp Password generator Naruto Hentai Spyware Remover Freeware Spyware remover Free spyware removal software Crap cleaner System restore

  
   
  Latest threats
 
  Virus Remover Professional
  BankerFox.A
  USBcillin
  Contraviro
  Terminator 2009
  Spyware Protect 2009
  Trojan.win32.agent.azsy
  Antivirus System Pro
  Registry Easy
  WinPC Defender
  System Security
  Registry Cleaner Pro
  Personal Antivirus
  MalwareDoctor
  Internet Antivirus Pro
  More ...
 
Click to Run a Free Scan
li

remove Employee Watcher

Employee Watcher pop up