Arrival Details
This Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be manually installed by a user.
Installation
This Adware adds the following folders:
- %Application Data%\pdfforge
- %Application Data%\pdfforge\Images2PDF
- %Program Files%\PDFCreator
- %Program Files%\PDFCreator\COM
- %Program Files%\PDFCreator\COM\Dot Net
- %Program Files%\PDFCreator\COM\Dot Net\VS2005
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2
- %Program Files%\PDFCreator\COM\DOTNET Scripting Host
- %Program Files%\PDFCreator\COM\MS Office
- %Program Files%\PDFCreator\COM\Perl
- %Program Files%\PDFCreator\COM\Python
- %Program Files%\PDFCreator\COM\Ruby
- %Program Files%\PDFCreator\COM\VB6
- %Program Files%\PDFCreator\COM\VB6\Sample1
- %Program Files%\PDFCreator\COM\VB6\Sample2
- %Program Files%\PDFCreator\COM\WinBatch
- %Program Files%\PDFCreator\COM\Windows Scripting Host
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts
- %Program Files%\PDFCreator\GS9.10
- %Program Files%\PDFCreator\GS9.10\gs9.10
- %Program Files%\PDFCreator\GS9.10\gs9.10\Bin
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib
- %Program Files%\PDFCreator\Images2PDF
- %Program Files%\PDFCreator\Images2PDF\Languages
- %Program Files%\PDFCreator\languages
- %Program Files%\PDFCreator\PlugIns
- %Program Files%\PDFCreator\PlugIns\pdfforge
- %Program Files%\PDFCreator\Scripts
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses
- %Start Menu%\Programs\PDFCreator
- %Start Menu%\Programs\PDFCreator\Licenses
- %User Temp%\is-{random}.tmp
- %User Temp%\is-{random}.tmp\_isetup
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista, 7, and 8.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), 7 (32-bit), and 8 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), 7 (64-bit), and 8 (64-bit).. %ProgramData% is a version of the Program Files folder where any user on a multi-user computer can make changes to programs. This contains application data for all users. This is usually C:\ProgramData in Windows Vista, 7, and 8.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista, 7, and 8.. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, and 8.)
It drops the following files:
- %Application Data%\pdfforge\Images2PDF\Images2PDF.settings
- %Application Data%\pdfforge\Images2PDF\is-{random}.tmp
- %Desktop%\PDFCreator.lnk
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1\AssemblyInfo.cs
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1\Form1.cs
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1\Form1.resx
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample1\Sample1.csproj
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample2\AssemblyInfo.cs
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample2\Form1.cs
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample2\Form1.resx
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample2\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\C#\Sample2\Sample2.csproj
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1\AssemblyInfo.vb
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1\Form1.resx
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1\Form1.vb
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample1\Sample1.vbproj
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2\AssemblyInfo.vb
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2\Form1.resx
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2\Form1.vb
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Dot Net\VS2005\Visual Basic\Sample2\Sample2.vbproj
- %Program Files%\PDFCreator\COM\DOTNET Scripting Host\is-{random}.tmp
- %Program Files%\PDFCreator\COM\DOTNET Scripting Host\readme.txt
- %Program Files%\PDFCreator\COM\DOTNET Scripting Host\Sample1.dsh
- %Program Files%\PDFCreator\COM\MS Office\frmPDFCreatorExcel.frm
- %Program Files%\PDFCreator\COM\MS Office\frmPDFCreatorExcel.frx
- %Program Files%\PDFCreator\COM\MS Office\frmPDFCreatorWord.frm
- %Program Files%\PDFCreator\COM\MS Office\frmPDFCreatorWord.frx
- %Program Files%\PDFCreator\COM\MS Office\is-{random}.tmp
- %Program Files%\PDFCreator\COM\MS Office\modPDFCreatorAccess2000.bas
- %Program Files%\PDFCreator\COM\Perl\Convert2PDF.pl
- %Program Files%\PDFCreator\COM\Perl\Convert2TIFF.pl
- %Program Files%\PDFCreator\COM\Perl\Convert2TXT.pl
- %Program Files%\PDFCreator\COM\Perl\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Perl\Testpage2PDF.pl
- %Program Files%\PDFCreator\COM\Python\Convert2PDF.py
- %Program Files%\PDFCreator\COM\Python\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Python\SaveOptionsToFile.py
- %Program Files%\PDFCreator\COM\Python\TestEvents.py
- %Program Files%\PDFCreator\COM\Python\Testpage2PDF.py
- %Program Files%\PDFCreator\COM\Ruby\Convert2PDF.rb
- %Program Files%\PDFCreator\COM\Ruby\Convert2TIFF.rb
- %Program Files%\PDFCreator\COM\Ruby\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Ruby\Testpage2PDF.rb
- %Program Files%\PDFCreator\COM\VB6\Sample1\Form1.frm
- %Program Files%\PDFCreator\COM\VB6\Sample1\Form1.frx
- %Program Files%\PDFCreator\COM\VB6\Sample1\is-{random}.tmp
- %Program Files%\PDFCreator\COM\VB6\Sample1\Sample1.RES
- %Program Files%\PDFCreator\COM\VB6\Sample1\Sample1.vbp
- %Program Files%\PDFCreator\COM\VB6\Sample2\Form1.frm
- %Program Files%\PDFCreator\COM\VB6\Sample2\is-{random}.tmp
- %Program Files%\PDFCreator\COM\VB6\Sample2\Sample2.vbp
- %Program Files%\PDFCreator\COM\WinBatch\Convert2PDF.wbt
- %Program Files%\PDFCreator\COM\WinBatch\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\Convert2PDF.js
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\Convert2TIFF.js
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\Convert2TXT.js
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\TestEvents.js
- %Program Files%\PDFCreator\COM\Windows Scripting Host\JScripts\Testpage2PDF.js
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\CombineAndAddBookmarks.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\CombineJobs.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\CompareColorCompressionModes.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Convert2PDF.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Convert2PDFAndPrint.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Convert2TIFF.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Convert2TXT.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\ConvertJPEG2PDF.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\GhostscriptDirect.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\GUI.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\is-{random}.tmp
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\PS2PDF.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\SaveOptionsToFile.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\ShowLogfile.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\ShowOptions.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\TestCompression1.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\TestEvents.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Testpage2PDF.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\Testpage2PDFSendEmail.vbs
- %Program Files%\PDFCreator\COM\Windows Scripting Host\VBScripts\URL2PDF.vbs
- %Program Files%\PDFCreator\DeleteMonitorDll.exe
- %Program Files%\PDFCreator\Donate PDFCreator.url
- %Program Files%\PDFCreator\FairPlay License.txt
- %Program Files%\PDFCreator\GNU License.txt
- %Program Files%\PDFCreator\GS9.10\gs9.10\Bin\gsdll32.dll
- %Program Files%\PDFCreator\GS9.10\gs9.10\Bin\gsdll32.lib
- %Program Files%\PDFCreator\GS9.10\gs9.10\Bin\is-{random}.tmp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\acctest.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\addxchar.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\afmdiff.awk
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\align.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8.rpd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8gc12f.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8hg12f.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8oh06n.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8pa06n.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8pp12f.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bj8ts06n.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a0.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a1.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a2.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a3.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a4.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a5.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a6.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a7.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610a8.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b1.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b2.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b3.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b4.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b6.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b7.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\bjc610b8.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\caption.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cat.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cbjc600.ppd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cbjc800.ppd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cdj550.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cdj690.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cdj690ec.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cid2code.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\cidfmap
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\decrypt.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\dnj750c.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\dnj750m.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\docie.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\dvipdf
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\eciRGB_v2.icc
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\EndOfTask.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\eps2eps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\eps2eps.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\eps2eps.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\FAPIconfig-FCO
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\FCOfontmap-PCLPS3
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\FCOfontmap-PS3
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\font2c
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\font2c.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\font2c.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\font2c.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\font2pcl.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.ATB
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.ATM
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.OS2
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.OSF
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.SGI
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.Sol
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.Ult
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.URW-136.T1
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.URW-136.TT
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Fontmap.VMS
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ghostpdf.inf
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ghostpdf.ppd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_ce_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_cmdl.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_fform.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_il2_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_kanji.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_ksb_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_l_m.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_l.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_l.xpm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_lgo_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_lgx_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_m_m.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_m.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_m.xpm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_pfile.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_rdlin.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_s_m.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_s.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_s.xpm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_t_m.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_t.xbm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_t.xpm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_wl1_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_wl2_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gs_wl5_e.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsbj
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsbj.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsdj
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsdj.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsdj500
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsdj500.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gslj
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gslj.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gslp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gslp.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gslp.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsnd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsnd.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsndt.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gsnup.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gssetgs.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gssetgs32.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gssetgs64.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gst.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\gstt.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ht_ccsto.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\image-qa.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\impath.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\Info-macos.plist
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\is-{random}.tmp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ISOcoated_v2_300_eci.icc
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\jispaper.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\jobseparator.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\landscap.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\level1.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lines.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lp386.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lp386r2.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lpgs.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lpr2.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\lprsetup.sh
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\markhint.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\markpath.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\mkcidfm.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\necp2x.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\necp2x6.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\opdfread.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\packfile.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pcharstr.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2dsc
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2dsc.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2dsc.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2ps.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdf2ps.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\PDFA_def.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pdfwrite.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\PDFX_def.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pf2afm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pf2afm.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pf2afm.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pf2afm.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pfbtopfa
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pfbtopfa.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pfbtopfa.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pftogsf.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ppath.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pphs
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\pphs.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\prfont.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\printafm
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\printafm.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ai.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ascii
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ascii.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ascii.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ascii.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2epsi
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2epsi.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2epsi.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2epsi.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf12
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf12.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf12.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf13
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf13.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf13.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf14
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf14.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdf14.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdfwr
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2pdfxx.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps2
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps2.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ps2ps2.cmd
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\quit.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras1.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras24.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras3.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras32.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras4.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\ras8m.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\rinkj-2200-setup
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\rollconv.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\showchar.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\showpage.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640ih.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640ihg.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640p.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640pg.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640pl.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\st640plg.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc_h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc_l.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc1520h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc2_h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc2.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc200_h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc2s_h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc300.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc300bl.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc300bm.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc500p.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc500ph.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc600ih.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc600p.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc600pl.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc640p.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc800ih.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc800p.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stc800pl.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stcany_h.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stcany.upp
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stcinfo.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stcolor.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\stocht.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\traceimg.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\traceop.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\type1enc.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\type1ops.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\uninfo.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\unix-lpr.sh
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\unprot.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewcmyk.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewgif.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewjpeg.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewmiff.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewpbm.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewpcx.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewps2a.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\viewrgb.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\wftopfa
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\wftopfa.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\winmaps.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\wmakebat.bat
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\wrfont.ps
- %Program Files%\PDFCreator\GS9.10\gs9.10\Lib\zeroline.ps
- %Program Files%\PDFCreator\History.txt
- %Program Files%\PDFCreator\Images2PDF\Images2PDF.exe
- %Program Files%\PDFCreator\Images2PDF\Images2PDFC.exe
- %Program Files%\PDFCreator\Images2PDF\is-{random}.tmp
- %Program Files%\PDFCreator\Images2PDF\Languages\dutch.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\english.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\german.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\is-{random}.tmp
- %Program Files%\PDFCreator\Images2PDF\Languages\italian.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\portuguese_br.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\russian.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\ukrainian.ini
- %Program Files%\PDFCreator\is-{random}.tmp
- %Program Files%\PDFCreator\languages\english.ini
- %Program Files%\PDFCreator\languages\is-{random}.tmp
- %Program Files%\PDFCreator\languages\TransTool.exe
- %Program Files%\PDFCreator\PDFCreator_english.chm
- %Program Files%\PDFCreator\PDFCreator.exe
- %Program Files%\PDFCreator\PDFCreator.url
- %Program Files%\PDFCreator\PlugIns\pdfforge\FairPlay License.txt
- %Program Files%\PDFCreator\PlugIns\pdfforge\is-{random}.tmp
- %Program Files%\PDFCreator\PlugIns\pdfforge\itextsharp.dll
- %Program Files%\PDFCreator\PlugIns\pdfforge\pdfforge.chm
- %Program Files%\PDFCreator\PlugIns\pdfforge\pdfforge.dll
- %Program Files%\PDFCreator\PlugIns\pdfforge\readme.txt
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\AddWatermarkToPDF.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\EncryptAES128.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\FTPUpload.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\is-{random}.tmp
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\Logger.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\MSAgent.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\NetSend.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\PopUpMessage.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\SayIt.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\SendMail.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramAfterSaving\Watermark.pdf
- %Program Files%\PDFCreator\Scripts\RunProgramBeforeSaving\AddBookmarks.vbs
- %Program Files%\PDFCreator\Scripts\RunProgramBeforeSaving\is-{random}.tmp
- %Program Files%\PDFCreator\Scripts\RunProgramBeforeSaving\PopUpMessage.vbs
- %Program Files%\PDFCreator\SetupLog.txt
- %Program Files%\PDFCreator\unins000.dat
- %Program Files%\PDFCreator\unins000.exe
- %Program Files%\PDFCreator\vblocal.exe
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Donate PDFCreator.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\History.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Help.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator on the Web.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk
- %Start Menu%\Programs\PDFCreator\Donate PDFCreator.lnk
- %Start Menu%\Programs\PDFCreator\History.lnk
- %Start Menu%\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
- %Start Menu%\Programs\PDFCreator\Images2PDF\Images2PDF.lnk
- %Start Menu%\Programs\PDFCreator\Licenses\AFPL License.lnk
- %Start Menu%\Programs\PDFCreator\Licenses\FairPlay License.lnk
- %Start Menu%\Programs\PDFCreator\Licenses\GPL License.lnk
- %Start Menu%\Programs\PDFCreator\PDFCreator Help.lnk
- %Start Menu%\Programs\PDFCreator\PDFCreator on the Web.lnk
- %Start Menu%\Programs\PDFCreator\PDFCreator.lnk
- %Start Menu%\Programs\PDFCreator\Translation Tool.lnk
- %System%\is-{random}.tmp
- %System%\MSCOMCT2.OCX
- %System%\MSMAPI32.OCX
- %System%\MSMPIDE.DLL
- %System%\pdfcmon.dll
- %System%\spool\drivers\w32x86\is-{random}.tmp
- %System%\spool\DRIVERS\W32X86\PDFCREAT.PPD
- %System%\spool\DRIVERS\W32X86\PS_SCHM.GDL
- %System%\spool\DRIVERS\W32X86\PS5UI.DLL
- %System%\spool\DRIVERS\W32X86\PSCRIPT.HLP
- %System%\spool\DRIVERS\W32X86\PSCRIPT.NTF
- %System%\spool\DRIVERS\W32X86\PSCRIPT5.DLL
- %User Temp%\is-{random}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{random}.tmp\CheckInstalledPDFCreator.exe
- %User Temp%\is-{random}.tmp\CheckInstalledPDFCreator.ini
- %User Temp%\is-{random}.tmp\CheckInstalledPDFCreator.tmp
- %User Temp%\is-{random}.tmp\DownloadUpdateInfo.exe
- %User Temp%\is-{random}.tmp\DownloadUpdateInfo.tmp
- %User Temp%\is-{random}.tmp\InstallCheck.exe
- %User Temp%\is-{random}.tmp\InstallCheck.tmp
- %User Temp%\is-{random}.tmp\installCheck.txt
- %User Temp%\is-{random}.tmp\itd_english.ini
- %User Temp%\is-{random}.tmp\itdownload.dll
- %User Temp%\is-{random}.tmp\OCSetupHlp.dll
- %User Temp%\is-{random}.tmp\PDFArchitect_latest_setup.msi
- %User Temp%\is-{random}.tmp\PDFArchitectAd1_english.bmp
- %User Temp%\is-{random}.tmp\PDFArchitectAd2_english.bmp
- %User Temp%\is-{random}.tmp\PDFArchitectAd3_english.bmp
- %User Temp%\is-{random}.tmp\PDFCreator-Setup.tmp
- %User Temp%\is-{random}.tmp\Program license - english - OC.rtf
- %User Temp%\is-{random}.tmp\update-info.txt
(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents and Settings\{user name}\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming on Windows Vista, 7, and 8.. %Desktop% is the current user's desktop, which is usually C:\Documents and Settings\{User Name}\Desktop on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\Desktop on Windows Vista, 7, and 8.. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000, Server 2003, and XP (32-bit), Vista (32-bit), 7 (32-bit), and 8 (32-bit), or C:\Program Files (x86) in Windows XP (64-bit), Vista (64-bit), 7 (64-bit), and 8 (64-bit).. %ProgramData% is a version of the Program Files folder where any user on a multi-user computer can make changes to programs. This contains application data for all users. This is usually C:\ProgramData in Windows Vista, 7, and 8.. %Start Menu% is the current user's Start Menu folder, which is usually C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista, 7, and 8.. %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.. %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, and 8.)
Other System Modifications
This Adware adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator\
Program
HKEY_CURRENT_USER\Software\PDFCreator
HKEY_CURRENT_USER\Software\PDFCreator\
Program
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Fonts
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\JPEG (graphic file)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\JPEG (graphic file)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PDF/A 2b (digital preservation)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PDF/A 2b (digital preservation)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PNG (grahic file)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PNG (grahic file)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\TIFF (grahic file)
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\TIFF (grahic file)\Printing
HKEY_CURRENT_USER\Software\PDFCreator\
Ghostscript
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.Images2PDF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\shell\open\
command
It adds the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator\
Program
ApplicationVersion = 1.7.2
HKEY_CURRENT_USER\Software\PDFCreator\
Program
LastsaveDirectory =
HKEY_CURRENT_USER\Software\PDFCreator\
Program
Language = english
HKEY_CURRENT_USER\Software\PDFCreator\
Program
PrinterTemppath = PDFCreator\
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorCompressionChoice = 6
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorCompressionJPEGManualFactor = 10
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorResample = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorResampleChoice = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorResolution = 72
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyCompressionChoice = 6
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyCompressionJPEGManualFactor = 10
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyResample = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyResampleChoice = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyResolution = 72
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoCompressionChoice = 0
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoResample = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoResampleChoice = 0
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoResolution = 72
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionTextCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High compression (small file sizes)\Printing\
Formats\PDF\Fonts
PDFFontsEmbedAll = 0
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionColorCompressionChoice = 7
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionGreyCompressionChoice = 7
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionMonoCompressionChoice = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\High quality (bigger file sizes)\Printing\
Formats\PDF\Compression
PDFCompressionTextCompression = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\JPEG (graphic file)\Printing
StandardSaveformat = 4
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PDF/A 2b (digital preservation)\Printing
StandardSaveformat = 1
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\PNG (grahic file)\Printing
StandardSaveformat = 3
HKEY_CURRENT_USER\Software\PDFCreator\
Profiles\TIFF (grahic file)\Printing
StandardSaveformat = 7
HKEY_CURRENT_USER\Software\PDFCreator\
Ghostscript
DirectoryGhostscriptBinaries = %Program Files%\PDFCreator\GS9.10\gs9.10\Bin
HKEY_CURRENT_USER\Software\PDFCreator\
Ghostscript
DirectoryGhostscriptFonts = %Program Files%\PDFCreator\Gs9.10\Fonts
HKEY_CURRENT_USER\Software\PDFCreator\
Ghostscript
DirectoryGhostscriptLibraries = %Program Files%\PDFCreator\GS9.10\gs9.10\Lib
HKEY_CURRENT_USER\Software\PDFCreator\
Ghostscript
DirectoryGhostscriptResource = %Program Files%\PDFCreator\GS9.10\gs9.10\Resource
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.Images2PDF
(Default) = pdfforge Images2PDF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF
(Default) = Images2PDF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\DefaultIcon
(Default) = %Program Files%\PDFCreator\Images2PDF\Images2PDF.EXE,0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
pdfforge Images2PDF\shell\open\
command
(Default) = %Program Files%\PDFCreator\Images2PDF\Images2PDF.EXE "%1"
HKEY_CURRENT_USER\Software\PDFCreator\
Program
AutosaveDirectory =
Other Details
This Adware connects to the following possibly malicious URL:
- http://download.{BLOCKED}ge.org/download/pdfarchitect/PDFArchitect-stable?download
- http://api.{BLOCKED}ndy.com?bn=3&bv=8.00.7600.16385&clientv=39&cltzone=480&language=en,en&method=get_offers&mstime=0.421&os={OS}&product_key={value}&v=1.0&signature={value}
- http://api.{BLOCKED}ndy.com?clientv=39&method=track_product_installed&mstime=178.262&product_key={value}&v=1.0&signature={value}