Version history for SmitFraudFix
<<Back to software description
Changes for v2.422 - v2.423
- [-HKEY_CURRENT_USER\Software\ColdWare]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "WinProtect"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "winupdate.exe"=-
- "ColdWare"=-
- %SYSTEM%\AVR09.exe
- %SYSTEM%\msa.exe
Changes for v2.421 - v2.422
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B1D95A2-F547-4e5e-8902-622B08354622}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B1D95A2-F547-4e5e-8902-622B08354622}]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
- %STARTMENU%\Advanced Virus Remover.lnk
- %DESKTOP%\Advanced Virus Remover.lnk
- %PROGRAMFILES%\AdvancedVirusRemover\
- [-HKEY_CURRENT_USER\Software\AVR]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Advanced Virus Remover"=-
Changes for v2.418 - v2.419
- %DESKTOP%\XP Deluxe Protector.lnk
- %STARTMENU%\XP Deluxe Protector.lnk
- %USERPROFILE%\XP Deluxe Protector\
- [-HKEY_CURRENT_USER\Software\XP Deluxe Protector]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "xpprotect "=-
Changes for v2.417 - v2.418
- Update: WS2Fix v1.3
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\UnVirex.lnk
- %ALLUSERSTARTMENU%\Programs\UnVirex\
- %ALLUSERSTARTMENU%\Programs\UnVirex.lnk
- %ALLUSERDESKTOP%\UnVirex.lnk
- %PROGRAMFILES%\UnVirex\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEAddon.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C0E56Ac2-9F72-436E-B6E7-Aec28Af9E4Eb}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAddon.StatusBarPane]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEAddon.StatusBarPane.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UnVirex]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\UnVirex]
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DRVFLTIP]
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DrvFltIp]
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DRVFLTIP]
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DrvFltIp]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
- "UnVirex"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "UnVirex"=-
Changes for v2.416 - v2.417
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Presto TuneUp"=-
- %WINDOWS%\pp10.exe
- %SYSTEM%\SYSDLL.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "SYSDLL"=-
Changes for v2.414 - v2.416
- O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}]
- %SYSTEM%\SYS32DLL.exe
- %PROGRAMFILES%\PCenter\
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "SYS32DLL"=-
- "agent.exe"=-
Changes for v2.413 - v2.414
- %SYSTEM%\DL32.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "DL32"=-
Changes for v2.411 - v2.412
- %HOMEDRIVE%\asasa.exe
- %HOMEDRIVE%\syst.exe
- %PROGRAMFILES%\Microsoft Security Adviser\
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "msctrl.exe"=-
- "msavsc.exe"=-
- "msscan.exe"=-
- "msiemon.exe"=-
- "msfw.exe"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "msctrl.exe"=-
- "msavsc.exe"=-
- "msscan.exe"=-
- "msiemon.exe"=-
- "msfw.exe"=-
- %ALLUSERS%\ApplicationData\Tally software LTD\
- %STARTMENU%\Programs\Extra Antivirus\
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\Extra Antivirus 3.0]
- [-HKEY_CURRENT_USER\Software\Tally software LTD]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Extra Antivirus"=-
Changes for v2.409 - v2.411
- %STARTMENU%\Programs\AV AntiSpyware\
- %ALLUSERS%\ApplicationData\LastSun Ltd\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV AntiSpyware 1.8]
- [-HKEY_CURRENT_USER\Software\LastSun Ltd]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AV AntiSpyware"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\browser helper objects\{36DBC179-A19F-48F2-B16A-6A3E19B42A87}]
- %SYSTEM%\ipv6monl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\WiniBlueSoft]
- [-HKEY_CURRENT_USER\Software\WiniBlueSoft]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WiniBlueSoft]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "WiniBlueSoft"=-
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "setup2.exe"=-
- %SYSTEM%\setup2.exe
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\WiniBlueSoft.lnk
- %ALLUSERSTARTMENU%\Programs\WiniBlueSoft\
- %ALLUSERDESKTOP%\WiniBlueSoft.lnk
- %PROGRAMFILES%\WiniBlueSoft Software\
Changes for v2.408 - v2.409
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\homeantivirus2009.lnk
- %STARTMENU%\Programs\homeantivirus2009\
- %DESKTOP%\homeantivirus2009.lnk
- %PROGRAMFILES%\homeantivirus2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HomeAntivirus2009]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "HomeAntivirus 2009"=-
Changes for v2.407 - v2.408
- %SYSTEM%\ahtn.htm
- %SYSTEM%\warning.gif
- %SYSTEM%\frmwrk32.exe
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "Framework Windows"=-
- %STARTMENU%\Programs\MS AntiSpyware 2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusXP]
- [-HKEY_CURRENT_USER\Software\AntivirusXP]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AntivirusXP.exe"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusXP.lnk
- %DESKTOP%\AntivirusXP.lnk
- %STARTMENU%\Programs\AntivirusXP\
- %PROGRAMFILES%\AntivirusXP\
Changes for v2.405 - v2.406
- Added: Option 6, ProxyDisable.exe
- %WINDOWS%\ld03.exe
- %WINDOWS%\pp06.exe
- %SYSTEM%\winsource.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\TSC.lnk
- %DESKTOP%\TSC.lnk
- %STARTMENU%\Programs\TSC\
- %PROGRAMFILES%\TSC\
- %SYSTEM%\userload.exe
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "restor"=-
Changes for v2.404 - v2.405
- %WINDIR%\ieocx.dll
- [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
- %DESKTOP%\WinPC Defender.lnk
- %STARTMENU%\WinPC Defender.lnk
- [-HKEY_CURRENT_USER\Software\WinPC Defender]
- %SYSTEM%\rs32net.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "rs32net"=-
- %HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "rs32net"=-
- [-HKEY_CURRENT_USER\Software\renus2008]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "renus2008.exe"=-
Changes for v2.403 - v2.404
- %USERPROFILE%\Application Data\sysrc32.exe
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Win32load"=-
Changes for v2.402 - v2.403
- %ProgramFiles%\AntiSpyware Pro
- %PROGRAMFILES%\RegistryFox\
- %ALLUSERDESKTOP%\RegistryFox.lnk
- %USERPROFILE%\Application Data\RegistryFox\
- %ALLUSERSTARTMENU%\Programmes\RegistryFox\
- [-HKEY_CURRENT_USER\SOFTWARE\RegistryFox]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6B4F6929EB6FE0E458263EBA6AF2EB30]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6B4F6929EB6FE0E458263EBA6AF2EB30]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryFox]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9296F4B6-F6BE-4E0E-8562-E3ABA62FBE03}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "RegistryFox"=-
Changes for v2.401 - v2.402
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell"="Explorer.exe svchostw.exe"
- %SYSTEM%\svchostw.exe
Changes for v2.400 - v2.401
- %WINDOWS%\ld01.exe
- %WINDOWS%\ld02.exe
- %WINDOWS%\pp2.exe
- %SYSTEM%\dll32.exe
- %SYSTEM%\dll32.dll
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "dll"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "sysldtray"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "pp"=-
- %STARTMENU%\Programs\Malware Defender 2009\
- %DESKTOP%\Malware Defender 2009.lnk
- %PROGRAMFILES%\Malware Defender 2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "malwaredef"=-
- %STARTMENU%\Programs\System Guard 2009\
- %DESKTOP%\System Guard 2009.lnk
- %PROGRAMFILES%\System Guard 2009\
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\DLLs\iemodule.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "systemguard"=-
Changes for v2.399 - v2.400
- %WINDOWS%\iehost32.dll
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "system tool"=-
Changes for v2.398 - v2.399
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "WmpTray"=-
- %PROGRAMFILES%\MediaSystem\
Changes for v2.397 - v2.398
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Microsoft Internet Agent"=-
- %SYSTEM%\winagent.exe
- %PROGRAMFILES%\HDQuality\
- %STARTMENU%\Programs\HDQuality\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HDQuality]
- [-HKEY_CURRENT_USER\SOFTWARE\HDQuality]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]
Changes for v2.395 - v2.396
- %PROGRAMFILES%\CMVideoPlugin
- %PROGRAMFILES%\SmitFraudFixTool\
- %ALLUSERDESKTOP%\SmitFraudFixTool.lnk
- %USERPROFILE%\\Application Data\SmitFraudFixTool\
- %ALLUSERSTARTMENU%\Programs\SmitFraudFixTool\
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "SmitFraudFixTool"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EE433D-A290-4811-B562-8A1878AEE706}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{10EE433D-A290-4811-B562-8A1878AEE706}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB63BB6D-4A8A-4E69-9F4B-E099C874A2AA}]
- [-HKEY_CURRENT_USER\Software\SmitFraudFixTool]
Changes for v2.394 - v2.395
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "systeminit.exe"=-
Changes for v2.393 - v2.394
- %PROGRAMFILES%\freshplay\
- %STARTMENU%\Programs\freshplay
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
- [-HKEY_CURRENT_USER\SOFTWARE\freshplay]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
- "NoFolderOptions"=-
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
- "NoFolderOptions"=-
- %ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
- [-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "MS AntiSpyware 2009"=-
Changes for v2.392 - v2.393
- %WINDOWS%\sysguard.exe
- %SYSTEM%\iehelper.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
- [-HKEY_CURRENT_USER\Software\AvScan]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "sysguard"=-
Changes for v2.391 - v2.392
- %SYSTEM%\winsystems.dll
- %STARTMENU%\Programs\IE-Security.lnk
- %DESKTOP%\IE-Security.lnk
- %PROGRAMFILES%\IE-Security\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security]
- [-HKEY_CURRENT_USER\Software\IE-Security]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "IE-Security"=-
- %STARTMENU%\XP Police Antivirus.lnk
- %DESKTOP%\XP Police Antivirus.lnk
- %PROGRAMFILES%\XPPoliceAntivirus\
- [-HKEY_CURRENT_USER\Software\XP Police Antivirus]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "PoliceAV"=-
Changes for v2.388 - v2.391
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CMVideo.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{36B94DC8-FA3B-45DF-8F6B-215A2A469BCC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D23EE44-2319-4B6C-93D2-A572E0F5B0E0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B87FA0EF-26D7-4B2A-B7EE-38C7271C4843}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2EB32B07-6A19-4D18-9A19-4DE49F18A1FB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{638E0063-BA00-487C-BAFF-423E356F52F6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AC4A66D0-BB91-45E5-BB00-E0F091F630B8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CMVideo.CMVideoPlugin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CMVideo.CMVideoPlugin.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CMVideo.XMLDOMDocumentEventsSink]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CMVideo.XMLDOMDocumentEventsSink.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D23EE44-2319-4B6C-93D2-A572E0F5B0E0}]
- [-HKEY_CURRENT_USER\Software\CMVideoPlugin]
- %SYSTEM%\CMVideo.dll
- %PROGRAMFILES%\totalvid\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "msiexec.exe"=-
Changes for v2.387 - v2.388
- %STARTMENU%\Programs\videosoft\
- %PROGRAMFILES%\videosoft\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videosoft]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft]
- [-HKEY_CURRENT_USER\Software\videosoft]
- %PROGRAMFILES%\Total Protect 2009\
- %ALLUSERPROFILE%\StartMenu\Programs\Total Protect 2009\
- %ALLUSERPROFILE%\Desktop\Run Total Protect 2009.lnk
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\totalprotect]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Total Protect 2009"=-
Changes for v2.386 - v2.387
- %WINDIR%\fd.dll
Changes for v2.385 - v2.386
- Update: Hostschk 0.2 (10 lines max in log)
Changes for v2.383 - v2.385
- Added: Agent.OMZ.Fix.exe tool to remove Zlob hidden folder.
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk
- %STARTMENU%\Antivirus 360\
- %DESKTOP%\Antivirus 360.lnk
- %PROGRAMFILES%\A360\
Changes for v2.382 - v2.383
- %PROGRAMFILES%\vrl32software\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{305043E5-F9D9-4B3A-A618-C4D0DA8031CE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{536CBA8A-9DB6-45CF-8D65-F486C49242D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B3A0AA5C-9FA3-408D-8193-2A948EF51D2D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vrl32]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vrl32]
- [-HKEY_CURRENT_USER\Software\vrl32]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\vrl32software\vrl32.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\vrl32software\vrl32.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "vrl32"=-
Changes for v2.381 - v2.382
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Smax4"=-
- %USERPROFILE%\Application Data\Google\kjzna1562565.exe
- %USERPROFILE%\Application Data\Google\spcffwl.dll
Changes for v2.380 - v2.381
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
- "QuickTime Task"=-
- "VMware hptray"=-
- %PROGRAMFILES%\avrlabs\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\avrlabs]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avrlabs]
- [-HKEY_CURRENT_USER\Software\avrlabs]
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\avrlabs\avrlabs.exe"=-
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- "C:\Program Files\avrlabs\avrlabs.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "avrlabs"=-
Changes for v2.379 - v2.380
- %PROGRAMFILES%\WebMediaViewer\
- O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
- O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}]
- %PROGRAMFILES%\AnvTrgrsoftware\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C8B2A9C-24A0-4991-A74B-1E4931BD3A57}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAE92F67-539C-41CD-9183-162BB40AAA0C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AnvTrgrsoft]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnvTrgrsoft]
- [-HKEY_CURRENT_USER\Software\AnvTrgrsoft]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AnvTrgr"=-
Changes for v2.376 - v2.378
- %PROGRAMFILES%\WMVideoPlugin\
- %SYSTEM%\mws31209.dll
- %SYSTEM%\ws31209.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
- [-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C77BD12E-4A3C-33E3-858C-F2D04591C6B5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BB62EE8-3528-39F7-9070-F9F0C09329D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
- %PROGRAMFILES%\AvirTrsoftware\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft]
- [-HKEY_CURRENT_USER\Software\AvirTrsoft]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AvirTr"=-
Changes for v2.375 - v2.376
- %PROGRAMFILES%\msvideoplugin\
- %PROGRAMFILES%\homeview\
- %STARTMENU%\Programs\homeview\
- %SYSTEM%\mws55681.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
- %SYSTEM%\msiconf.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "msiexec.exe"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\antivirustrigger 2.1.lnk
- %STARTMENU%\antivirustrigger 2.1.lnk
- %STARTMENU%\Programs\antivirustrigger 2.1\
- %DESKTOP%\antivirustrigger 2.1.lnk
- %PROGRAMFILES%\virtrigger\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirTrigger]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirTrigger]
- [-HKEY_CURRENT_USER\Software\VirTrigger]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirTrigger\VirTrigger.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirTrigger\VirTrigger.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "VirTrigger"=-
Changes for v2.374 - v2.375
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
- %STARTMENU%\VirusTrigger 2.1.lnk
- %STARTMENU%\Programs\VirusTriggerBin\
- %DESKTOP%\VirusTrigger 2.1.lnk
- %PROGRAMFILES%\VirusTriggerBin\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin]
- [-HKEY_CURRENT_USER\Software\VirusTriggerBin]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "VirusTriggerBin"=-
Changes for v2.373 - v2.374
- %PROGRAMFILES%\Google\googletoolbar1.dll
- %PROGRAMFILES%\Google\setupcom.dat
- %PROGRAMFILES%\Google\setupext.dat
- %SYSTEM%\crypts.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
- O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
- O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}"=-
Changes for v2.372 - v2.373
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard]
- [-HKEY_CURRENT_USER\Software\Spyware Guard]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "spywareguard"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "OLESys"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "Explorer"=-
- %USERSTARTMENU%\Programs\Spyware Guard 2008\
- %PROGRAMFILES%\Spyware Guard 2008\
- %allusersprofile%\Application Data\Microsoft\Internet Explorer\olesys.dll
- %allusersprofile%\Application Data\Microsoft\Protect\conf.sys
- %allusersprofile%\Application Data\Microsoft\Protect\ie.dll
- %allusersprofile%\Application Data\Microsoft\Protect\svhost.exe
- %allusersprofile%\Application Data\Microsoft\Protect\track.sys
- %allusersprofile%\Application Data\winlogon.exe
- %DESKTOP%\Spyware Guard 2008.lnk
- %WINDOWS%\reged.exe
- %WINDOWS%\spoolsystem.exe
- %WINDOWS%\sys.com
- %WINDOWS%\syscert.exe
- %WINDOWS%\sysexplorer.exe
- %WINDOWS%\vmreg.dll
- %SYSTEM%\wsc32x.exe
Changes for v2.371 - v2.372
- Removed: AntiXPVSTFix tool
Changes for v2.370 - v2.371
- %USERSTARTMENU%\Programs\sexvid\
- %PROGRAMFILES%\sexvid\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sexvid]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sexvid]
- [-HKEY_CURRENT_USER\Software\sexvid]
- %TEMP%\winlogon.exe
- %SYSTEM%\msansspc.dll
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Firewall auto setup"=-
Changes for v2.369 - v2.370
- %userprofile%\Application Data\Google\sccmsk.dll
- %userprofile%\Application Data\Google\mupd1_2_1711951.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "asus32"=-
- %USERSTARTMENU%\Personal Defender 2009.lnk
- %USERSTARTMENU%\Programs\Personal Defender 2009\
- %PROGRAMFILES%\Personal Defender 2009\
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "Personal Defender 2009"=-
Changes for v2.367 - v2.368
- %DESKTOP%\SMS TRAP.url
- %FAVORITES%\SMS TRAP.url
- %STARTMENU%\SMS TRAP.url
- %SYSTEM%\p.ico
- %DESKTOP%\AntiVirus Sentry.lnk
- %PROGRAMFILES%\AVS\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVS]
- [-HKEY_CURRENT_USER\Software\AVS]
Changes for v2.366 - v2.367
- %SYSTEM%\ntload.dll
- %SYSTEM%\sex1.ico.tmp
- %SYSTEM%\sex2.ico.tmp
- %SYSTEM%\update32.exe.tmp
- %SYSTEM%\winupdate.exe
- %SYSTEM%\wscmp.dll.tmp
- %DESKTOP%\Uncensored porn.url
- %DESKTOP%\BDSM galleries.url
- %SYSTEM%\winupdate.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- "run"=-
Changes for v2.365 - v2.366
- %WINDIR%\woprdagt.exe
- %PROGRAMFILES%\TS-2009
Changes for v2.364 - v2.365
- %USERPROFILE%\Application Data\spyprotector\
- %USERPROFILE%\Application Data\install.exe
- %USERPROFILE%\Application Data\shellex.dll
- %USERPROFILE%\Application Data\srcss.exe
- %ALLUSERSTARTMENU%\Programs\spy protector\
- %DESKTOP%\spy protector.lnk
- %PROGRAMFILES%\spy protector\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Spy Protector]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex.TBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SpyProtector]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Spy Protector"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
- "{107A1D63-2EAA-4694-8ABA-EC209C630D83}"=-
Changes for v2.361 - v2.363
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
- [-HKEY_CURRENT_USER\Software\VirusRemover2008]
- [-HKEY_CURRENT_USER\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusRemover2008"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk
- %USERPROFILE%\Application Data\virusremover2008\
- %STARTMENU%\Programs\virusremover2008\
- %DESKTOP%\virusremover2008.lnk
- %PROGRAMFILES%\virusremover2008\
- %ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
- %ALLUSERDESKTOP%\PC Protection Center 2008.lnk
- %PROGRAMFILES%\PC Protection Center 2008\
- %SYSTEM%\vbzlib2.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "PC Protection Center"=-
- %WINDOWS%\ieguard.dll
- %WINDOWS%\sysguard\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
- [-HKEY_CURRENT_USER\Software\sysguard]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell"=-
Changes for v2.360 - v2.361
- %SYSTEM%\msxml71.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9233C3C0-1472-4091-A505-5580A23BB4AC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XML.XML]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XML.XML.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
- [-HKEY_CURRENT_USER\Software\XML]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "MSFox"=-
Changes for v2.359 - v2.360
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
- %STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
- %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
- %DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
- %PROGRAMFILES%\virrl2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirRL2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirRL2009]
- [-HKEY_CURRENT_USER\Software\VirRL2009]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirRL2009\VirRL2009.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirRL2009\VirRL2009.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "VirRL2009"=-
Changes for v2.358 - v2.359
- %WINDIR%\karna.dat
- %SYSTEM%\brastk.exe
- %SYSTEM%\karna.dat
- O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "brastk"=-
Changes for v2.357 - v2.358
- %WINDIR%\karna.dat
- %SYSTEM%\brastk.exe
- %SYSTEM%\karna.dat
- O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "brastk"=-
Changes for v2.356 - v2.357
- %STARTMENU%\Programs\av2010\
- %DESKTOP%\av2010.lnk
- %PROGRAMFILES%\av2010\
- %SYSTEM%\IEDefender.dll
- %SYSTEM%\wingamma.exe
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEDefender.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO.1]
- [-HKEY_CURRENT_USER\Software\AV2010]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Windows Gamma Display"=-
Changes for v2.355 - v2.356
- Update: VACFix definition
Changes for v2.352 - v2.354
- %SYSTEM%\fbxrqtwn.exe
- %SYSTEM%\MicroAV.cpl
- %DESKTOP%\Micro Antivirus 2009.lnk
- %PROGRAMFILES%\MicroAV\
- [-HKEY_CURRENT_USER\Software\AntiVirus]
- [-HKEY_CURRENT_USER\Software\uav]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=-
- %PROGRAMFILES%\uav\
- %DESKTOP%\Ultimate Antivirus 2008.lnk
- %SYSTEM%\uav.cpl
Changes for v2.351 - v2.352
- %SYSTEM%\users64.dat
- %SYSTEM%\sysppu?.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow\pr]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectShow]
- "10"=-
- "di"=-
- "u1"=-
- "lk1"=-
Changes for v2.350 - v2.351
- O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{144A6B24-0EBC-4D89-BF09-A06A718E57B5}"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk
- %STARTMENU%\VirusResponse Lab 2009 2.1.lnk
- %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\
- %DESKTOP%\VirusResponse Lab 2009 2.1.lnk
- %PROGRAMFILES%\VirusResponseLab2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusResponseLab2009]
- [-HKEY_CURRENT_USER\Software\VirusResponseLab2009]
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "VirusResponseLab2009"=-
Changes for v2.349 - v2.350
- %SYSTEM%\algg.exe
- O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
- O3 - Toolbar: Internet Service - {0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Lab 2009 2.1.lnk
- %STARTMENU%\AntiVirus Lab 2009 2.1.lnk
- %STARTMENU%\Programs\AntiVirus Lab 2009 2.1\
- %DESKTOP%\AntiVirus Lab 2009 2.1.lnk
- %PROGRAMFILES%\AntiVirusLab2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirusLab2009]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirusLab2009]
- [-HKEY_CURRENT_USER\Software\AntiVirusLab2009]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AntiVirusLab2009"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-
Changes for v2.346 - v2.347
- %SYSDIR%\c.ico
- %STARTMENU%\VIP Casino.url
- %FAVORITES%\VIP Casino.url
- %DESKTOP%\VIP Casino.url
- %WINDOWS%\mqgldfvo.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "\YUR1.exe"=-
- "\YUR2.exe"=-
- "\YUR3.exe"=-
- "\YUR4.exe"=-
- "\YUR5.exe"=-
- "\YUR6.exe"=-
- "\YUR7.exe"=-
- "\YUR8.exe"=-
- "\YURA.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "\YUR1.exe"=-
- "\YUR2.exe"=-
- "\YUR3.exe"=-
- "\YUR4.exe"=-
- "\YUR5.exe"=-
- "\YUR6.exe"=-
- "\YUR7.exe"=-
- "\YUR8.exe"=-
- "\YURA.exe"=-
- %DESKTOP%\BEST ZOO PORN.url
- %DESKTOP%\QUALITY PORN.url
- %SYSTEM%\YUR*.exe
Changes for v2.345 - v2.346
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk
- %USERPROFILE%\Start Menu\Programs\Smart Antivirus 2009\
- %DESKTOP%\Smart Antivirus-2009.lnk
- %PROGRAMFILES%\Smart Antivirus 2009\
- [-HKEY_CURRENT_USER\Software\Smart Antivirus 2009]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Smart Antivirus-2009.exe"=-
Changes for v2.344 - v2.345
- %SYSTEM%\Cpl32ver.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Cpl32ver"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Somefox"=-
- %DESKTOP%\System Antivirus 2008.lnk
- %PROGRAMFILES%\sav\
- [-HKEY_CURRENT_USER\Software\AntiVirus] (Already removed)
- [-HKEY_CURRENT_USER\Software\SAV]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=- (Already removed)
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=- (Already removed)
Changes for v2.343 - v2.344
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk
- %ALLUSERPROFILE%\Start Menu\Programs\AntiSpywareExpert\
- %DESKTOP%\AntiSpywareExpert.lnk
- %PROGRAMFILES%\AntiSpywareExpert\
- [-HKEY_CURRENT_USER\Software\AntiSpywareExpert]
- [-HKEY_CURRENT_USER\Software\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiSpywareExpert"=-
- %USERPROFILE%\Application Data\printer.exe
- %USERPROFILE%\Application Data\temp.dll
- %SYSTEM%\mcrupdate.exe
- %SYSTEM%\npad.exe
- %ProgramFiles%\altcmd\
- O2 - BHO: BhoApp Class - {3EDBF8E9-3130-72C8-ED30-32A3DB08ED44} - C:\Program Files\altcmd\altcmd32.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EDBF8E9-3130-72C8-ED30-32A3DB08ED44}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EDBF8E9-3130-72C8-ED30-32A3DB08ED44}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\adczaznsersgfm1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\adczaznsersgfm=]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoApp Class]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare]
Changes for v2.339 - v2.343
- %ProgramFiles%\aspch\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ThreatWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ThreatWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\aspch]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1FAB6BD-4A34-47ce-82AF-50B16A6BE77E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aspch]
- [HKEY_CURRENT_USER\Software\aspch]
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\aspch\ASpCh.exe"=-
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
- "C:\Program Files\aspch\ASpCh.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "aspch"=-
- %DESKTOP%\Total Secure 2009.lnk
- %USERPROFILE%\Start Menu\Programs\Total Secure 2009.lnk
- %ProgramFiles%\TotalSecure2009\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Secure 2009]
- [-HKEY_CURRENT_USER\Software\TotalSecure2009]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "TotalSecure2009"=-
- %ProgramFiles%\Power-Antivirus-2009\
- %USERPROFILE%\Application Data\Power-Antivirus-2009\
- %USERPROFILE%\Start Menu\Programs\Power-Antivirus-2009\
- %desktop%\Power-Antivirus-2009.lnk
- [-HKEY_CURRENT_USER\Software\Power-Antivirus-2009]
- %ProgramFiles%\RichVideoCodec\ (Already removed)
- %SYSTEM%\RichVideoCodec.dll (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CodecBHO.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e12b39a5-df4a-4f04-a85b-4ecf048e359f}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37b3779-e4f3-424c-a495-a60ea8063476}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65c5ebd-0989-40b5-a2a0-84642539bf82}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E46194A9-C4B1-4C0F-A75E-E9C5BDED7874}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7309FD6-0FD0-459D-A5E8-27D7A23215F1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B648A7F7-DD8F-4535-AFAD-CE5BA0E8320E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b3779-e4f3-424c-a495-a60ea8063476}]
- [-HKEY_CURRENT_USER\Software\RichVideoCodec] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "\VIE2.exe"=-
- "\VIE3.exe"=-
- "\VIE4.exe"=-
- "\VIE5.exe"=-
- "\VIEA.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "\VIE2.exe"=-
- "\VIE3.exe"=-
- "\VIE4.exe"=-
- "\VIE5.exe"=-
- "\VIEA.exe"=-
- %DESKTOP%\EXTREME FUCK.url
- %DESKTOP%\TITS AND ASS.url
- %SYSTEM%\1.ico
- %SYSTEM%\2.ico
- %SYSTEM%\VIEA.exe
- %SYSTEM%\VIE5.exe
- %SYSTEM%\VIE4.exe
- %SYSTEM%\VIE3.exe
- %SYSTEM%\VIE2.exe
- %WINDOWS%\rvoelbxt.exe
- O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
- O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BEBF2FE-7248-40E2-9752-8163EB6C4038}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{3BEBF2FE-7248-40E2-9752-8163EB6C4038}"=-
Changes for v2.338 - v2.339
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "buritos"=-
- %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
- %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
- %AllUserDesktop%\Antivirus XP 2008.lnk
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
Changes for v2.336 - v2.338
- Update: 404Fix v1.3
- %Desktop%\FETISH PICS.url
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
- "smile"=-
- Update: IEDFix.C 1.1
- O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
- %SYSTEM%\scui.cpl
- %ProgramFiles%\AV9\
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
- %USERPROFILE%\Start Menu\Programs\Antivirus 2009\
- %desktop%\Antivirus 2009.lnk
- %SYSTEM%\winsrc.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
Changes for v2.335 - v2.336
Changes for v2.3324 - v2.335
- tdssserv.sys Rootkit detection
- %ProgramFiles%\IA\
- %ProgramFiles%\Internet Antivirus\
- %USERPROFILE%\Application Data\Internet Antivirus\
- %ALLUSERPROFILE%\Desktop\Internet Antivirus.lnk
- %ALLUSERPROFILE%\Start Menu\Programs\Internet Antivirus\
- %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
- %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
- %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
- %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
- "iv"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Internet Antivirus"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
- "3P_UDEC_IA"=-
- %desktop%\GAY PORN.url
- %desktop%\MASTURBATION VIDS.url
- %ProgramFiles%\PCHealthCenter\
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "\Win2.exe"=-
- "\Win3.exe"=-
- "\Win4.exe"=-
- "\Win5.exe"=-
- "\Win6.exe"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "\Win2.exe"=-
- "\Win3.exe"=-
- "\Win4.exe"=-
- "\Win5.exe"=-
- "\Win6.exe"=-
- %ProgramFiles%\VAV\
- %desktop%\Vista Antivirus 2008.lnk
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus"=-
Changes for v2.333 - v2.3324
- Update: 404Fix v1.2
- O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{254B87BB-510D-41FA-A887-52C5FA9BE585}"=-
- %SYSTEM%\ieupdates.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "ieupdate"=-
Changes for v2.332 - v2.333
- %ProgramFiles%\Applications\
- O3 - Toolbar: Internet Service - {38BF827A-D7C5-46E1-A9A2-47B1B5BB5438} - C:\Program Files\Applications\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38BF827A-D7C5-46E1-A9A2-47B1B5BB5438}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{38BF827A-D7C5-46E1-A9A2-47B1B5BB5438}"=-
Changes for v2.331 - v2.332
- %ProgramFiles%\ASpyC\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F58FF278-2198-403b-9170-C95022A194C6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ASpyC]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F58FF278-2198-403b-9170-C95022A194C6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASpyC]
- [-HKEY_CURRENT_USER\Software\ASpyC]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "ASpyC"=-
Changes for v2.330 - v2.331
- Update: Generic Renos Fix 1.16
Changes for v2.328 - v2.329
- %ProgramFiles%\RichVideoCodec\ (Already removed)
- %SYSTEM%\RichVideoCodec.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RichVideoCodec.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A85A2972-D35F-4089-86AE-83DFEF054E23}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35DA02A8-1D27-43EB-8088-3210521AA154}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B2DBC9D-7D49-48F4-8DDC-1B15415FF253}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{11446072-F8F2-4C03-8A8A-D337AD2B13F2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAF84F6B-038B-40E2-9688-1E3BF20988D8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EF350A6-8AF0-40B5-ADE7-CB82FD02C3AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichVideoCodec.VideoCodec]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichVideoCodec.VideoCodec.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichVideoCodec.XMLDOMDocumentEventsSi.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RichVideoCodec.XMLDOMDocumentEventsSink]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
- [-HKEY_CURRENT_USER\Software\RichVideoCodec]
- O3 - Toolbar: Internet Service - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - C:\Program Files\Web Technologies\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}"=-
- O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2090673-256B-4632-94EE-FEC7F551543C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2090673-256B-4632-94EE-FEC7F551543C}]
Changes for v2.326 - v2.328
- %STARTMENU%\Programs\LookForPorn\
- %PROGRAMFILES%\LookForPorn\
- [-HKEY_CURRENT_USER\Software\LookForPorn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LookForPorn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LookForPorn]
- %SYSTEM%\CbEvtSvc.exe
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc]
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC]
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc]
Changes for v2.325 - v2.326
- %favorites%\Antivirus Scan.url
- %startmenu%\Antivirus Scan.url
- %desktop%\Antivirus Scan.url
- %startmenu%\Online Spyware Test.url
- %desktop%\Online Spyware Test.url
- %WINDOWS%\pebgkxwq
- %WINDOWS%\neltabxw.exe
- %PROGRAMFILES%\Web Technologies\
- O2 - BHO: (no name) - {A49E097A-D6EF-4B2F-8B0F-1230E998587F} - C:\Program Files\Web Technologies\iebt.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49E097A-D6EF-4B2F-8B0F-1230E998587F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A49E097A-D6EF-4B2F-8B0F-1230E998587F}]
- O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B}"=-
- [-HKEY_CURRENT_USER\Software\Web Technologies]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9989F1F6-70DE-4244-AC9F-6672983681A0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9989F1F6-70DE-4244-AC9F-6672983681A0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEWarning32.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEWarning32.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyCheck 2.1.lnk
- %STARTMENU%\AntiSpyCheck 2.1.lnk
- %STARTMENU%\Programs\AntiSpyCheck 2.1\
- %DESKTOP%\AntiSpyCheck 2.1.lnk
- %PROGRAMFILES%\AntiSpyCheck 2.1\
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiSpyCheck 2.1"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AUTORUN_VAL"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyCheck 2.1.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyCheck 2.1]
- [-HKEY_CURRENT_USER\Software\AntiSpyCheck 2.1]
Changes for v2.324 - v2.325
- Update: IEDFix.C
Changes for v2.323 - v2.324
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpyCheck 2.1.0.lnk
- %STARTMENU%\AntiSpyCheck 2.1.0.lnk
- %STARTMENU%\Programs\AntiSpyCheck 2.1.0\
- %DESKTOP%\AntiSpyCheck 2.1.0.lnk
- %PROGRAMFILES%\AntiSpyCheck\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2608046-DD09-A225-01BF-70C1EDD8B2E8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEWarning.WarningBHO]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEWarning.WarningBHO.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiSpyCheck.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56FA7933-DC3E-403b-8D47-BB5E3F345A21}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpyCheck]
- [-HKEY_CURRENT_USER\Software\AntiSpyCheck]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiSpyCheck 2.1.0"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "AntiSpyCheck"=-
Changes for v2.320 - v2.323
- New Componant: Policies.exe
- This tool is run first (then it runs SmitfraudFix.cmd) to restore some policies that prevent command line execution.
Changes for v2.319 - v2.320
- %WINDOWS%\spwoqbmv.exe
- %WINDOWS%\xbaqktfv.exe
- %WINDOWS%\qadovnel.dll
- VirusHeat 4.4.exe
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.4.lnk
- %STARTMENU%\VirusHeat 4.4.lnk
- %STARTMENU%\Programs\VirusHeat 4.4\
- %DESKTOP%\VirusHeat 4.4.lnk
- %PROGRAMFILES%\VirusHeat 4.4\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DFBA66B-DB48-4292-831A-E7186D8A61AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46F309AE-9D11-4C10-9D20-2C084B1C8BCE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4CB95561-AF37-4BBD-823C-1E355A744A43}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76157861-4996-4711-90E4-6D868B877B24}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81DA01DB-8100-4865-B9B0-A83F54378435}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{910EF37B-A486-41FC-8A1B-28C5581AB3AC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6B2BC38-7F2A-4202-9B43-A28615727FEE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B11DA4C8-52DC-44A2-B21B-02BF7A93EB5B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5AE5932-F1B3-45E4-842A-59EEA65B13A8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA18BA7B-9567-4408-9B87-3D3990C3969E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D56509AB-9821-4DB0-BF2F-115159804140}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFF203EA-222C-44FA-8B78-ED88B4587AA2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB22B708-E0D3-4FCE-800B-6DD0C5B30D42}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6E18622-DFA8-4DBA-B05E-D3D147E16D44}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{23624BD0-2A69-4F91-BE6A-9F1F22B72C13}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.4.exe 4.4]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.4]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.4]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusHeat 4.4"=-
Changes for v2.318 - v2.319
- %DESKTOP%\IE AntiVirus 3.2.lnk
- %STARTMENU%\Programs\IE AntiVirus 3.2.lnk
- %PROGRAMFILES%\IEAntiVirus
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE AntiVirus]
- [-HKEY_CURRENT_USER\Software\IEAntiVirus]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "antispy"=-
Changes for v2.317 - v2.318
- Update: VACFix definition
- %WINDOWS%\wxvgsdbq.exe
- %WINDOWS%\olgdqarf.exe
Changes for v2.314 - v2.315
- %SYSTEM%\892267\
- O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\System32\892267\892267.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E0128D-AAFC-49FF-AB11-1F12C2FCC391}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25E0128D-AAFC-49FF-AB11-1F12C2FCC391}]
Changes for v2.313 - v2.314
- %DESKTOP%\Malware Bell 3.2.lnk
- %STARTMENU%\Programs\Malware Bell 3.2.lnk
- %PROGRAMFILES%\MalwareBell
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Bell]
- [-HKEY_CURRENT_USER\Software\MalwareBell]
Changes for v2.312 - v2.313
- %SYSTEM%\403445\
- O2 - BHO: 403445 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\System32\403445\403445.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E654A16-4765-4EAA-94EC-D5A6578053A4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E654A16-4765-4EAA-94EC-D5A6578053A4}]
Changes for v2.311 - v2.312
- Update: IEDFix Signatures
Changes for v2.310 - v2.311
- %WINDOWS%\config.ini
- %WINDOWS%\mywallpaper.bmp
- %WINDOWS%\sysabmpmfr.exe
- %WINDOWS%\sysahbecjh.exe
- %WINDOWS%\sysatjsicj.exe
- %WINDOWS%\sysavxjgdu.exe
- %WINDOWS%\sysawechod.exe
- %WINDOWS%\zysalwhkkw.exe
- %WINDOWS%\zysaoxcjiy.exe
- %WINDOWS%\zysapghucv.exe
- %WINDOWS%\zysaxyczld.exe
- [-HKEY_CURRENT_USER\Software\CrystalRealityCleaner]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "{DD651081-A909-45ad-BD71-2335B0ADE043}"=- (Already removed)
- "{9754B85A-3B34-4969-BE1F-CD03227E9470}"=- (Already removed)
- "{7DD4A7AC-A3F1-4495-884A-7947C5B89108}"=-
- "{2C70168B-97CE-4f31-B85D-1FEC5002721D}"=-
- "{BAAA759D-56F0-428c-B8DA-827EA3B08C2C}"=-
Changes for v2.309 - v2.310
- %SYSTEM%\215651\
- O2 - BHO: 215651 helper - {0BC5E8C9-6EFF-4976-9A3C-D74148442CE7} - C:\WINDOWS\System32\215651\215651.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC5E8C9-6EFF-4976-9A3C-D74148442CE7}]
- O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51D81DD5-55B7-497F-95DB-D356429BB54E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
Changes for v2.308 - v2.309
- O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C109800-A5D5-438F-9640-18D17E168B88}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
- %SYSTEM%\375013\
- O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - C:\WINDOWS\System32\375013\375013.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B}]
Changes for v2.307 - v2.308
- %WINDOWS%\sysqyzwud.exe
- %WINDOWS%\config.ini
- %WINDOWS%\sysscpmqn.exe
- %WINDOWS%\syssngbeh.exe
- %WINDOWS%\sysutrnez.exe
- %WINDOWS%\syszweuas.exe
- %WINDOWS%\xcbhwuq.exe
- %WINDOWS%\xewuaqj.exe
- %WINDOWS%\xfjzrby.dll
- %WINDOWS%\xhbxcnv.exe
- %WINDOWS%\mywallpaper.bmp
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "{B081DB1F-4EE6-4021-9DD4-8B300F0D636D}"=-
- "{05CD0D77-4947-4a56-94FA-0DF0DC644D7B}"=-
- "{DD651081-A909-45ad-BD71-2335B0ADE043}"=-
- "{9754B85A-3B34-4969-BE1F-CD03227E9470}"=-
Changes for v2.305 - v2.307
- %SYSTEM%\tdidrv32.sys
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {DF47DD37-AC11-4A93-8E16-2B2364AF0897} - C:\Program Files\Helper\??????????.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF47DD37-AC11-4A93-8E16-2B2364AF0897}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF47DD37-AC11-4A93-8E16-2B2364AF0897}]
- %WINDOWS%\norlatmx.exe
- %WINDOWS%\fmrcjmdc.exe
Changes for v2.304 - v2.305
- %USERPROFILE%\Application Data\?????.exe (Awola6 Dropper, Random filename)
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Microsoft Windows Adapter 5.1.3214"=-
- %USERPROFILE%\Application Data\Awola6\
- %STARTMENU%\Programs\Awola6\
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "Awola6"=-
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\??????????.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8}]
Changes for v2.303 - v2.304
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow]
- "*.securewebinfo.com"=-
- "*.safetyincludes.com"=-
- "*.securemanaging.com"=-
Changes for v2.300 - v2.301
- O4 - HKCU\..\Run: [Pest-Capture] C:\Program Files\PestCapture\PestCapture.exe
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Pest-Capture"=-
- %SYSTEM%\sysockeu.exe
- %SYSTEM%\sysokuaw.exe
- %SYSTEM%\sysodkcs.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "[1029BB4B-16A9-4E77-AA3D-96930BD68EEC]"=-
- "[2177F056-0AA6-4D6C-A944-13F71F341C29]"=-
- "[852EBF20-A95D-4F1F-B9C2-B2CD24350F3E]"=-
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - C:\Program Files\Helper\??????????.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F10DE2B-E923-4548-B524-4D9C5FA80777}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1 (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F10DE2B-E923-4548-B524-4D9C5FA80777}
Changes for v2.299 - v2.300
- %SYSTEM%\mgmrwmrv.exe
- F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
Changes for v2.298 - v2.299
- Update: IEDFix.exe 1.5
- O2 - BHO: Windows Media Player - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\wmpdxm.dll
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - C:\Program Files\Helper\??????????.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03B902B1-9B25-4173-9468-56775C85A8D4}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1 (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}
Changes for v2.297 - v2.298
- Update: VAC Fix 0.5
Changes for v2.295 - v2.296
- C:\WINDOWS\Installer\{ff24a0f4-b93e-4b4b-9bfb-e398e98db703}\RomAvp.dll
- C:\WINDOWS\Installer\{ff24a0f4-b93e-4b4b-9bfb-e398e98db703}\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff24a0f4-b93e-4b4b-9bfb-e398e98db703}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "RomAvp"=-
Changes for v2.292 - v2.293
- %WINDOWS%\764.exe
- %WINDOWS%\7search.dll
- %WINDOWS%\absolute key logger.lnk
- %WINDOWS%\aconti.exe
- %WINDOWS%\aconti.ini
- %WINDOWS%\aconti.log
- %WINDOWS%\aconti.sdb
- %WINDOWS%\acontidialer.txt
- %WINDOWS%\adbar.dll
- %WINDOWS%\cbinst$.exe
- %WINDOWS%\daxtime.dll
- %WINDOWS%\default.htm
- %WINDOWS%\dp0.dll
- %WINDOWS%\eventlowg.dll
- %WINDOWS%\fhfmm-Uninstaller.exe
- %WINDOWS%\fhfmm.exe
- %WINDOWS%\flt.dll
- %WINDOWS%\hcwprn.exe
- %WINDOWS%\hotporn.exe
- %WINDOWS%\iexplorr23.dll
- %WINDOWS%\ie_32.exe
- %WINDOWS%\jd2002.dll
- %WINDOWS%\kkcomp$.exe
- %WINDOWS%\kkcomp.dll
- %WINDOWS%\kkcomp.exe
- %WINDOWS%\kvnab$.exe
- %WINDOWS%\kvnab.dll
- %WINDOWS%\kvnab.exe
- %WINDOWS%\liqad$.exe
- %WINDOWS%\liqad.dll
- %WINDOWS%\liqad.exe
- %WINDOWS%\liqui-Uninstaller.exe
- %WINDOWS%\liqui.dll
- %WINDOWS%\liqui.exe
- %WINDOWS%\ngd.dll
- %WINDOWS%\pbar.dll
- %WINDOWS%\pbsysie.dll
- %WINDOWS%\settn.dll
- %WINDOWS%\spredirect.dll
- %WINDOWS%\vxddsk.exe
- %WINDOWS%\wbeCheck.exe
- %WINDOWS%\wbeInst$.exe
- %WINDOWS%\wml.exe
- %WINDOWS%\xadbrk.dll
- %WINDOWS%\xadbrk.exe
- %WINDOWS%\xadbrk_.exe
- %WINDOWS%\xxxvideo.exe
- %SYSTEM%\ace16win.dll
- %SYSTEM%\acespy\
- %SYSTEM%\ESHOPEE.exe
- %SYSTEM%\msole32.exe
- %SYSTEM%\rxjddnvj.exe
- %SYSTEM%\vxddsk.exe
- %SYSTEM%\winfrun32.bin
- %SYSTEM%\wml.exe
- %PROGRAMFILES%\3721\
- %PROGRAMFILES%\Accoona\
- %PROGRAMFILES%\akl\
- %PROGRAMFILES%\amsys\
- %PROGRAMFILES%\e-zshopper\
- %PROGRAMFILES%\p2pnetworks\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- Cleaning Userinit or deleting if empty
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- Cleaning Userinit
Changes for v2.291 - v2.292
- %SYSTEM%\txdkfh.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d9f6ce57-0718-4bd1-916f-5fb1f86911c2}"="arborize"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk
- %STARTMENU%\VirusHeat 4.3.lnk
- %STARTMENU%\Programs\VirusHeat 4.3\
- %DESKTOP%\VirusHeat 4.3.lnk
- %PROGRAMFILES%\VirusHeat 4.3\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EC085A8-9818-43B7-B975-EC7555EDA4D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A74C41C-0837-4FBE-BA50-621EB70F01CE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25297614-1B76-4C2C-82C6-62738AA0E8F0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37F89457-1208-4670-9245-58C62BD6D870}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45477032-ABD0-454D-9CE4-EA34C10322F8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69E34747-0B27-4B30-AE20-1023BF29E246}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EBB34CF-1728-4136-A968-48F231DAD1B4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88DAA291-B413-4C46-B378-3BE66F65369E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{936A2F4A-53F8-4D2F-92AA-2F9DE889841C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFCC3FA7-82A9-42D5-A405-78711E97A5D6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC05A4A3-7B28-488F-AB02-6AAEDB86ACCF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E80114AA-6653-4952-9E97-5F1DC63BEE0F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FCA3958A-8D38-4D14-8B81-CCD7F68A8A01}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBD02E9B-37EF-47D2-96B0-3ABBB2EB92BF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.3.exe 4.3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 4.3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 4.3]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusHeat 4.3"=-
Changes for v2.290 - v2.291
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\??????????.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1 (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}
- %STARTMENU%\Programs\SearchVideo\
- %Programs%\SearchVideo
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchVideo]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchVideo]
- [-HKEY_CURRENT_USER\Software\SearchVideo]
- %SYSTEM%\svxmhpz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67dc0736-075a-4647-95f5-d5421b838fed}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{67dc0736-075a-4647-95f5-d5421b838fed}"="esperantido"
Changes for v2.289 - v2.290
- %STARTMENU%\Programs\SearchPorn\
- %Programs%\SearchPorn
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchPorn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn]
- [-HKEY_CURRENT_USER\Software\SearchPorn]
Changes for v2.288 - v2.289
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - C:\Program Files\Helper\1203020309.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1 (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2}
- %STARTMENU%\Programs\ChristmasPorn\
- %Programs%\ChristmasPorn
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChristmasPorn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChristmasPorn]
- [-HKEY_CURRENT_USER\Software\ChristmasPorn]
- %SYSTEM%\eeioq.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{917f93bf-6714-4e11-8982-59db2e0f88fc}"="epistylar"
Changes for v2.287 - v2.288
- %PROGRAMFILES%\Helper\ (Already removed)
- O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202750081.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E404.e404mgr.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C03FD59D-9104-44B7-929A-9EAA0BA05211}]
Changes for v2.282 - v2.283
- %SYSTEM%\iinqyl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27cb634d-c84e-4c00-9b53-f5523601dbad}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{27cb634d-c84e-4c00-9b53-f5523601dbad}"="cariniana"
- %SYSTEM%\wuuawkz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 3.9.lnk
- %STARTMENU%\VirusHeat 3.9.lnk
- %STARTMENU%\Programs\VirusHeat 3.9\
- %DESKTOP%\VirusHeat 3.9.lnk
- %PROGRAMFILES%\VirusHeat 3.9\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1922071-390C-418D-916D-91209E95D286}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 3.9.exe 3.9]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusHeat 3.9]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusHeat 3.9]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusHeat 3.9"=-
Changes for v2.280 - v2.281
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{132E4218-F960-4E17-B3F6-0F05431D81C6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{435DEA43-7D14-47F0-8223-B416BD296464}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82FC6E1B-7C32-4144-B95D-22D757327778}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D604E3C4-21ED-43D4-8CDF-759954DE7E88}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{132E4218-F960-4E17-B3F6-0F05431D81C6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB41490A-2B8A-414F-BFFB-D3527364EE25}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19C93F79-69BC-4994-B6C6-8D9CCCD9C454}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB7E3AA3-D273-428B-A0DD-579689D26EC1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.bsdw]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.ToolBar.1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{AB41490A-2B8A-414F-BFFB-D3527364EE25}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1AEEDB2-C2BA-4F27-B591-44EA89388299}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DD6CD4E-6AAA-44DC-A804-88EB672341D7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE78CF65-D188-487A-9A39-5DBFC77BF015}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15EE94F8-5660-47F1-8358-0D386BC64247}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AEEDB2-C2BA-4F27-B591-44EA89388299}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AB01356-C318-4E73-998C-8E54C8EB5E64}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA97E13E-1DED-4851-B684-BAD36D8E29B3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.brgk]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.ToolBar.1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{5FF6FACA-CFF7-499D-AB5B-8EEA9CE80739}"=-
- %SYSTEM%\ctfmona.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "ctfmona"=-
- %PROGRAMFILES%\IECodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F27B120-0DED-4701-85B4-4CC58D92534C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D18326E-AD27-4757-8564-79929B2F6363}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45490C66-3E2A-46cb-880B-547D69157450}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECodec] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\IECodec] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VSCHelp]
- [-HKEY_CURRENT_USER\Software\Classes\AppID\IECodec.DLL] (Already removed)
- [-HKEY_CURRENT_USER\Software\Classes\AppID\{A45C8C0C-E056-4892-A589-E389355E1E31}]
- [-HKEY_CURRENT_USER\Software\Classes\CLSID\{45490C66-3E2A-46cb-880B-547D69157450}]
- [-HKEY_CURRENT_USER\Software\Classes\IECodec.IECodecBHO] (Already removed)
- [-HKEY_CURRENT_USER\Software\Classes\IECodec.IECodecBHO.1] (Already removed)
Changes for v2.277 - v2.278
- Changelog is now private.
- Some people were using informations of this page to include malware files and keys to update and develop their tools.
Changes for v2.276 - v2.277
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center]
- [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
- [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8113B5DE-F7EB-4154-A311-497FB80D8BD0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"=-
- O2 - BHO: SXG Advisor - {EF39E67B-8383-4A49-AAC6-29349FA7F623} - C:\WINDOWS\dntpkwodpx.dll
- O3 - Toolbar: ekxdvft - {F25117E3-2A27-4A0C-88EE-D9307F678DD0} - C:\WINDOWS\ekxdvft.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF39E67B-8383-4A49-AAC6-29349FA7F623}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F25117E3-2A27-4A0C-88EE-D9307F678DD0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27DBACCC-358C-4C2A-98FB-C79AFD3691C9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A74AFE4-24A0-49E7-9FC9-2A603F486441}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8323182A-2264-4A99-B9F8-40F3A425FCD7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1385D09E-8B2D-45E1-B235-49E12B248AD5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A98CC268-6435-4453-8DB5-A31C3DEB74BA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.bwtn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ekxdvft.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF39E67B-8383-4A49-AAC6-29349FA7F623}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{F25117E3-2A27-4A0C-88EE-D9307F678DD0}"=-
- %WINDOWS%\fxtqdrl.exe
- %WINDOWS%\agrlmvp.dll
- %WINDOWS%\bmlvqkn.dll
- O21 - SSODL: agrlmvp - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\agrlmvp.dll
- O21 - SSODL: bmlvqkn - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\bmlvqkn.dll
Changes for v2.275 - v2.276
- VideoAccessCodec update.
Changes for v2.274 - v2.275
- Update: IEDFix v1.3
Changes for v2.273 - v2.274
- Update: IEDFix v1.1. The tool will now detected new generic files and registry keys/subkeys without updates.
Changes for v2.272 - v2.273
- %WINDOWS%\pdswin.dll
Changes for v2.270 - v2.271
- %WINDOWS%\websrc32.dll
Changes for v2.269 - v2.270
- %SYSTEM%\cjuvwa.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0123eb75-964c-4cb3-b796-431cc9099570}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{0123eb75-964c-4cb3-b796-431cc9099570}"="disgorging"
- %WINDOWS%\corpol.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E330678D-C3B1-4AC1-AD7B-2F9CAC58F889}]
Changes for v2.268 - v2.269
- %WINDOWS%\pmspl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38583F22-1B12-4893-9D7A-BD3FA2A114C7}]
Changes for v2.266 - v2.267
- Added: IEDFix.exe tool to remove IE Defender keys and BHO from registry.
- %SYSTEM%\sysvideo32.dll
Changes for v2.265 - v2.266
- %WINDOWS%\msvideo.dll
- O2 - BHO: Video - {80590BC5-F4BA-4AD1-B216-C19EE86E2A77} - C:\WINDOWS\msvideo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\msvideo.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{80590BC5-F4BA-4AD1-B216-C19EE86E2A77}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80590BC5-F4BA-4AD1-B216-C19EE86E2A77}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37FB07D0-16B8-4975-A848-1DB62FEE0048}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76BFB9CF-A8AB-4826-B2AB-02E04A202C73}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msvideo.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80590BC5-F4BA-4AD1-B216-C19EE86E2A77}]
Changes for v2.264 - v2.265
- %WINDOWS%\windivx.dll
- O2 - BHO: Video - {F5E81149-92B2-47D2-A12B-1B966AB46EA7} - C:\WINDOWS\windivx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\windivx.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F5E81149-92B2-47D2-A12B-1B966AB46EA7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5E81149-92B2-47D2-A12B-1B966AB46EA7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37FB07D0-16B8-4975-A848-1DB62FEE0048}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76BFB9CF-A8AB-4826-B2AB-02E04A202C73}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\windivx.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5E81149-92B2-47D2-A12B-1B966AB46EA7}]
Changes for v2.263 - v2.264
- %WINDOWS%\windivx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\windivx.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4AB15165-917A-4AE4-AE42-7FF13F61805B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AB15165-917A-4AE4-AE42-7FF13F61805B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37FB07D0-16B8-4975-A848-1DB62FEE0048}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76BFB9CF-A8AB-4826-B2AB-02E04A202C73}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\windivx.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AB15165-917A-4AE4-AE42-7FF13F61805B}]
Changes for v2.260 - v2.262
- %WINDOWS%\windivx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\windivx.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{632F6863-1E54-49FC-A72F-BDEE592EAD52}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{632F6863-1E54-49FC-A72F-BDEE592EAD52}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37FB07D0-16B8-4975-A848-1DB62FEE0048}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76BFB9CF-A8AB-4826-B2AB-02E04A202C73}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\windivx.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{632F6863-1E54-49FC-A72F-BDEE592EAD52}]
- %WINDOWS%\jokvip.exe
- %WINDOWS%\blopenvt??.dll
- %WINDOWS%\retnsrp.dll
- %WINDOWS%\nopzet.dll
- %WINDOWS%\leorop.dll
- O2 - BHO: OFK System - {29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A} - C:\WINDOWS\blopenvtlv.dll
- O3 - Toolbar: The retnsrp - {5FCD26F2-55C1-40F3-838A-FB4FD8833A53} - C:\WINDOWS\retnsrp.dll
- O21 - SSODL: nopzet - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\nopzet.dll
- O21 - SSODL: leorop - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\leorop.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FCD26F2-55C1-40F3-838A-FB4FD8833A53}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A914309-35E8-4A15-A175-56F7C7631A5F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E7132F-BC0F-4464-81AC-25F677AA7500}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18A7928B-2F6D-4B65-8DBB-96579CE0702D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D2CF7C5-E65C-470A-86FE-56C68CF07CBD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31820FB5-5CBD-49FF-92AD-795165A01C92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D7FDFC0-2192-4150-B573-DEE0661876C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F48D75B5-D574-4059-8D6B-6FA61DC0EAE0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{88BB4245-F609-48CF-9C95-FAE9735037F8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E8C85D6-5E9F-467B-896E-7127AED75504}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DD0501B8-8D05-446E-A510-EDCC0E43618D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\retnsrp.blos]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\retnsrp.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{5FCD26F2-55C1-40F3-838A-FB4FD8833A53}"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "nopzet"=-
- "leorop"=-
- %ProgramFiles%\IECodec\
- O2 - BHO: IECodecBHO - {4507C219-24AA-4813-9561-A2003F9920C3} - C:\Program Files\IECodec\IECodec.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DA5EAB81-9E79-4751-8E06-3E68FF0CFFB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7C12A866-F10B-43B4-A9D0-8857C318AF17}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4507C219-24AA-4813-9561-A2003F9920C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECodec]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\IECodec]
- [-HKEY_CURRENT_USER\Software\Classes\AppID\IECodec.DLL]
- [-HKEY_CURRENT_USER\Software\Classes\AppID\{9F264A67-6126-451A-8D14-D6EE64364CD0}]
- [-HKEY_CURRENT_USER\Software\Classes\CLSID\{4507C219-24AA-4813-9561-A2003F9920C3}]
- [-HKEY_CURRENT_USER\Software\Classes\IECodec.IECodecBHO]
- [-HKEY_CURRENT_USER\Software\Classes\IECodec.IECodecBHO.1]
Changes for v2.258 - v2.260
- %SYSTEM%\uglgs.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76fbb79c-2ec6-4962-a324-fd4362588e1c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{76fbb79c-2ec6-4962-a324-fd4362588e1c}"="graphologists"
- %SYSTEM%\ncrjf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b87dcc7-9b89-4205-aa82-076b2a1edfe0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8b87dcc7-9b89-4205-aa82-076b2a1edfe0}"="caribi"
- %SYSTEM%\tvtpwp.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}\InProcServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}"="eaton"
- O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Online Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8249E69-A809-4544-832F-64EB65747A92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
- O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php
- O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}]
- %WINDOWS%\stream32a.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\stream32a.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6430CCA7-032A-4EB0-BCFF-838998E73EF5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6430CCA7-032A-4EB0-BCFF-838998E73EF5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18D23D68-9E03-4FF0-8035-C6184C8784EF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60B18D81-366A-4156-83B9-CF310ED9A8B7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stream32a.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6430CCA7-032A-4EB0-BCFF-838998E73EF5}]
- %WINDOWS%\vipext???.dll (Already removed)
- O2 - BHO: OFK System - {014F04C1-4440-4901-9A39-D08B116C1BA0} - C:\WINDOWS\vipextgpk.dll
- O3 - Toolbar: The voipwet - {476B38B7-6E7C-46B4-8080-F61ED0E814F2} - C:\WINDOWS\voipwet.dll (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014F04C1-4440-4901-9A39-D08B116C1BA0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{476B38B7-6E7C-46B4-8080-F61ED0E814F2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7ADB274-7419-4788-906D-C880FBAD11B9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEEEB14B-DB9F-48BB-B56D-CCDA3B942592}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{209A3C3B-B2C9-4451-9DD8-7B1C585ACC8E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{25474AF2-E3DE-4E68-8DE8-0B0786735E01}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5846BDF0-1EBB-4112-B601-2DA11EEF610E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CE5A74B-1E8B-4FD5-8C10-F49A2092FF8A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF809BE5-B8E2-4CD1-92DB-68129F895A64}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{13FD02D1-7E01-4CEA-B81D-595847E04645}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4795C864-D705-4009-B0A2-5F432FE6B61B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5383337F-EEC2-4B25-9C42-8992B49C7AFA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.bmrl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.ToolBar.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014F04C1-4440-4901-9A39-D08B116C1BA0}]
Changes for v2.257 - v2.258
- %SYSTEM%\ymmzwd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{075a465d-0af2-4b79-8db3-2fda0fd8d74c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{075a465d-0af2-4b79-8db3-2fda0fd8d74c}"="arsenicism"
- %SYSTEM%\zcwlnic.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d66c22b6-2217-4d1a-9a90-1a54de1fc706}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"="edgers"
- %WINDOWS%\vipext???.dll
- O2 - BHO: MSVPS System - {00A00BA9-9D58-4B56-8FC6-C280650A8BD7} - C:\WINDOWS\vipextpnk.dll
- O3 - Toolbar: The voipwet - {167F6405-019D-4F32-8FBE-23B3C63CD8FD} - C:\WINDOWS\voipwet.dll
- O21 - SSODL: jetctrl - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\jetctrl.dll (Already removed)
- O21 - SSODL: kopmet - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\kopmet.dll (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A00BA9-9D58-4B56-8FC6-C280650A8BD7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167F6405-019D-4F32-8FBE-23B3C63CD8FD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EB24324-3394-4C5F-B69C-744A74797952}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F02C37AC-F6DC-4C75-B61A-8F86BC5A9E9A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{133621C3-9F52-4497-A814-97D268F8CACE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{36009226-067D-47C0-A497-7B2E5D3FAF03}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63115489-CFBF-4B7F-8B2F-EC1811041239}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A98BEE2D-F5D8-4BBB-B041-077CEFF0CA41}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{603C15E0-CC27-45BB-82FD-8B2B6143E574}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A930694-495D-4C93-A483-D72FEF0EF1CE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFD7B225-FD88-40C7-931F-1FEEA9585D5C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.bros]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.ToolBar.1] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A00BA9-9D58-4B56-8FC6-C280650A8BD7}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{167F6405-019D-4F32-8FBE-23B3C63CD8FD}"=-
Changes for v2.256 - v2.257
- %SYSTEM%\sysdivx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\sysdivx.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609F107D-88EE-4D19-B56F-6C21A3E9DC1F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F94E2B67-3D7A-4F94-AF35-5BBEDAAD3AC4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sysdivx.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A23A1E8-B2AB-4C50-AD12-9E19B747E17C}]
- %WINDOWS%\nretcip.exe
- %WINDOWS%\vipextoxn.dll
- %WINDOWS%\voipwet.dll
- %WINDOWS%\jetctrl.dll
- %WINDOWS%\kopmet.dll
- O2 - BHO: MSVPS System - {5EF40AC5-1BBE-4436-A9E3-F129C0D605D8} - C:\WINDOWS\vipextoxn.dll
- O3 - Toolbar: The voipwet - {D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C} - C:\WINDOWS\voipwet.dll
- O21 - SSODL: kopmet - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\kopmet.dll
- O21 - SSODL: jetctrl - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\jetctrl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EF40AC5-1BBE-4436-A9E3-F129C0D605D8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D79308A2-F924-4CD6-A52A-158C68EF41F8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{602F5204-5CD4-4160-9506-2CA8266FAC4D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60C84877-62D8-4996-88E5-BAF3D115F09F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9924DC07-F8D2-4A19-A396-9871B55612D7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B039EF74-B33F-468E-BE93-2A4F0D61DF59}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{212B4E0F-BEA8-4894-800D-2C7E2EF097AD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3DD88B10-20E4-4085-BB2C-5A58B49910A9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5216FD0F-3915-4F95-95CF-4F09659F58C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.btgn]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\voipwet.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5EF40AC5-1BBE-4436-A9E3-F129C0D605D8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "gormet"=-
- "pmkret"=-
- %WINDOWS%\oprevpfm.dll
- O2 - BHO: MSVPS System - {3CE12841-9438-48A0-9DA9-D3D2D3D562CC} - C:\WINDOWS\oprevpfm.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CE12841-9438-48A0-9DA9-D3D2D3D562CC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CE12841-9438-48A0-9DA9-D3D2D3D562CC}]
- %WINDOWS%\werbetpwg.dll (already removed)
- O2 - BHO: MSVPS System - {7EB8B2AC-28EE-45F1-9834-418FC9D72DDF} - C:\Windows\werbetpwg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB8B2AC-28EE-45F1-9834-418FC9D72DDF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EB8B2AC-28EE-45F1-9834-418FC9D72DDF}]
- %WINDOWS%\hdtip.dll (already removed)
- O3 - Toolbar: The hdtip - {E3E087D3-CA1D-4ECA-9960-D85944C2554C} - C:\Windows\hdtip.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3E087D3-CA1D-4ECA-9960-D85944C2554C}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{E3E087D3-CA1D-4ECA-9960-D85944C2554C}"=-
Changes for v2.255 - v2.256
- %SYSTEM%\ivrllc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b585105c-0e84-4ef0-9c6a-fbe134a72945}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b585105c-0e84-4ef0-9c6a-fbe134a72945}"="ineffulgent"
- %SYSTEM%\PowerVideo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PowerVideo.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F627A939-3F63-42E2-B77B-F733CB2439C9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FADC335E-6A47-47EF-97B8-704C72D1E725}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerVideo.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323301C5-CB6B-490C-B59F-E7FAD4D69C93}]
- O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}=-
Changes for v2.254 - v2.255
- %WINDOWS%\monhop.exe
- %WINDOWS%\werbet???.dll
- %WINDOWS%\hdtip.dll
- %WINDOWS%\gormet.dll
- %WINDOWS%\pmkret.dll
- O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
- O3 - Toolbar: The hdtip - {85B2F289-7128-4C5A-A330-F9FC01432D3A} - C:\WINDOWS\hdtip.dll
- O21 - SSODL: gormet - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\gormet.dll
- O21 - SSODL: pmkret - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\pmkret.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F25839C-CB93-4394-A938-2194851C544F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85B2F289-7128-4C5A-A330-F9FC01432D3A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9024FB63-4FBA-4A65-B607-5D13B76CF13F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D78A01B-FD57-464B-B5F2-BFC1702F26DF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A5ED75E-2562-4266-A85D-4D66E33C50FC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA978B5D-E354-47FD-9E95-ACE61FC665DF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7AAFD5DA-55D0-4FAB-8AEF-9643707042F6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hdtip.bpnv]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\hdtip.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{85B2F289-7128-4C5A-A330-F9FC01432D3A}"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "gormet"=-
- "pmkret"=-
- %WINDOWS%\oprevxlw.dll
- O2 - BHO: MSVPS System - {27A5292F-0C87-4E81-A34E-3131DBFCE994} - C:\WINDOWS\oprevxlw.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27A5292F-0C87-4E81-A34E-3131DBFCE994}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27A5292F-0C87-4E81-A34E-3131DBFCE994}]
- %WINDOWS%\bonsws.dll
- O3 - Toolbar: The bonsws - {2181E54F-274D-48B7-9E51-BC374933CD24} - C:\WINDOWS\bonsws.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2181E54F-274D-48B7-9E51-BC374933CD24}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{2181E54F-274D-48B7-9E51-BC374933CD24}"=-
- %WINDOWS%\oprevgkx.dll
- O2 - BHO: MSVPS System - {1658DABA-FC4C-46C6-BC48-246CFEA0C436} - C:\WINDOWS\oprevgkx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1658DABA-FC4C-46C6-BC48-246CFEA0C436}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658DABA-FC4C-46C6-BC48-246CFEA0C436}]
- O3 - Toolbar: The bonsws - {3FDA21ED-312C-44DD-9030-A2DC90FD1CCD} - C:\WINDOWS\bonsws.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FDA21ED-312C-44DD-9030-A2DC90FD1CCD}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{3FDA21ED-312C-44DD-9030-A2DC90FD1CCD}"=-
- %WINDOWS%\oprevnpx.dll
- O2 - BHO: MSVPS System - {F675EED8-4A4B-4A11-801B-08297749B83D} - C:\WINDOWS\oprevnpx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F675EED8-4A4B-4A11-801B-08297749B83D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F675EED8-4A4B-4A11-801B-08297749B83D}]
- O3 - Toolbar: The bonsws - {05E9894E-9C5F-454B-A6E1-7BEF518EC87E} - C:\WINDOWS\bonsws.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05E9894E-9C5F-454B-A6E1-7BEF518EC87E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{05E9894E-9C5F-454B-A6E1-7BEF518EC87E}"=-
- %WINDOWS%\ddkret.dll
- O21 - SSODL: ddkret - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\ddkret.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "ddkret"=-
- %WINDOWS%\nopctrl.dll
- O21 - SSODL: nopctrl - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\nopctrl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "nopctrl"=-
- %WINDOWS%\sawkip.exe
- %WINDOWS%\jokwmp.dll
- O3 - Toolbar: The jokwmp - {6BA27973-068D-4F85-BE84-1251E0B20FD3} - C:\WINDOWS\jokwmp.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BA27973-068D-4F85-BE84-1251E0B20FD3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{6BA27973-068D-4F85-BE84-1251E0B20FD3}"=-
- %WINDOWS%\popnetmtq.dll
- O2 - BHO: MSVPS System - {6A78E352-B1FA-4C18-9C48-96DD03979770} - C:\WINDOWS\popnetmtq.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A78E352-B1FA-4C18-9C48-96DD03979770}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A78E352-B1FA-4C18-9C48-96DD03979770}]
- %WINDOWS%\rmvgor.dll
- O21 - SSODL: rmvgor - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\rmvgor.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "rmvgor"=-
- %WINDOWS%\sapnet.dll
- O21 - SSODL: sapnet - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\sapnet.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "sapnet"=-
- O3 - Toolbar: The jokwmp - {AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34} - C:\WINDOWS\jokwmp.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{AB9235F6-DB9F-4FDC-AAFB-A3BAF1849E34}"=-
- %WINDOWS%\popnetkqw.dll
- O2 - BHO: MSVPS System - {A4D00A75-F69A-49FD-9058-AB925712CCFF} - C:\WINDOWS\popnetkqw.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4D00A75-F69A-49FD-9058-AB925712CCFF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D00A75-F69A-49FD-9058-AB925712CCFF}]
- %WINDOWS%\popnetnlf.dll
- O2 - BHO: MSVPS System - {AEAAD087-D66D-4FA3-A366-8F47C32E9E5F} - C:\WINDOWS\popnetnlf.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEAAD087-D66D-4FA3-A366-8F47C32E9E5F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAAD087-D66D-4FA3-A366-8F47C32E9E5F}]
Changes for v2.253 - v2.254
- %SYSTEM%\PowerVideo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PowerVideo.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{741403DD-46A4-4D58-8FA7-427335C3BBF6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F627A939-3F63-42E2-B77B-F733CB2439C9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FADC335E-6A47-47EF-97B8-704C72D1E725}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PowerVideo.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{741403DD-46A4-4D58-8FA7-427335C3BBF6}]
- O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
- O3 - Toolbar: IE Custom Tools - {70CC76D5-A4EE-4F25-9931-B109A63E298E} - C:\Program Files\Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70CC76D5-A4EE-4F25-9931-B109A63E298E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{70CC76D5-A4EE-4F25-9931-B109A63E298E}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {70CC76D5-A4EE-4F25-9931-B109A63E298E}=-
- %SYSTEM%\bubbj.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}"="exegeses"
- %SYSTEM%\ijftc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6a36d4a-1a41-4d0e-adf2-e797f230c20a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a6a36d4a-1a41-4d0e-adf2-e797f230c20a}"="bigfeet"
- %SYSTEM%\fftktmk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea}"="doglike"
- %SYSTEM%\moywh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8373a2e0-bdd0-42bd-b4ec-ba5451eb6607}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8373a2e0-bdd0-42bd-b4ec-ba5451eb6607}"="haeckel"
- %SYSTEM%\ucmbegr.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d653e105-3e53-480a-b129-54d957d174bb}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d653e105-3e53-480a-b129-54d957d174bb}"="groutiest"
- %SYSTEM%\rldyt.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0883848-1466-4470-a418-3fe7d36694b9}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b0883848-1466-4470-a418-3fe7d36694b9}"="bemocked"
Changes for v2.252 - v2.253
- %ProgramFiles%\RichVideoCodec
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtect 3.8.lnk
- %STARTMENU%\VirusProtect 3.8.lnk
- %STARTMENU%\Programs\VirusProtect 3.8\
- %DESKTOP%\VirusProtect 3.8.lnk
- %PROGRAMFILES%\VirusProtect 3.8\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C9058D-0F9C-32C0-83B6-740DFD8A6726}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21688E5D-A895-4B60-B127-B76607420334}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40E563B2-61B2-4215-819A-A7E24CF8AA3E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45FBEFBF-E8B6-44A5-B0A1-A143E1A74816}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5146B43E-B36D-4A2A-B617-CC05CC500150}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B8BED0F-5F18-4051-9908-C5C569A1AAE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63667718-EBF2-4CAB-B1E8-994D41589C24}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{972F0BE3-976F-40B8-8EB4-88A25987416E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F80EA2D-53CF-4AA5-A154-F4FBF1EF6A5A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A35F8FAC-755D-4F90-A5D3-F7E18D9EB100}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C269F4C1-7558-4DFC-9FB6-4C149B482586}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE92A296-3142-493C-B64E-6ED73EAFB9AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7C0DF6C-91FF-48BD-AD98-E35769394138}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8EC2704-B249-4495-A7A4-A90857BDDF4D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D91E9F36-9E44-44AB-803C-0D941FDA7988}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0757BDD-69BE-4C3F-AFC6-50D6524FA9B6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2F8C877-B06C-4B5E-95E7-AACFC9E8219D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3B8E549E-0C73-4AAB-8939-5EA2ED102CC6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtect 3.8.exe 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtect 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtect 3.8]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusProtect 3.8"=-
Changes for v2.250 - v2.252
- %SYSTEM%\VideoMP3.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\VideoMP3.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{64130BE8-2B67-4A65-9CA5-1CC6948C1471}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4E54D728-1FA3-4125-B468-C8B43C123E65}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoMP3.MP3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFE49B7-F475-4EAB-8E80-E5D74C4E8D5F}]
- %SYSTEM%\fnczfh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6fddce1-36ae-41c1-87d3-f49e514273d4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a6fddce1-36ae-41c1-87d3-f49e514273d4}"="citrinous"
- %SYSTEM%\xovdzz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1977ce08-a38f-43db-a856-f4aa6122131b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1977ce08-a38f-43db-a856-f4aa6122131b}"="bothrops"
- %SYSTEM%\vtewupi.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{831b4681-6ab9-436c-b2f1-6139158e3a91}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{831b4681-6ab9-436c-b2f1-6139158e3a91}"="eulalia"
- %WINDOWS%\qdertu.exe
- %WINDOWS%\ipwypkmg.dll
- O2 - BHO: MSVPS System - {7E1C6E3E-FD4E-42C8-B60B-5EC7D23728D2} - C:\WINDOWS\ipwypkmg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E1C6E3E-FD4E-42C8-B60B-5EC7D23728D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19A236AD-F37B-40A8-A11A-7E9ABFD56CB0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8955B427-6C0C-413E-A0A7-0DC2948ADA3D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BE1A8EBF-5AC3-488E-8226-F38C167B6C5F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E1C6E3E-FD4E-42C8-B60B-5EC7D23728D2}]
- %WINDOWS%\bonrep.dll (Already removed)
- O3 - Toolbar: The bonrep - {2357FC16-D8FC-4BF6-AFCA-573F9BD52644}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2357FC16-D8FC-4BF6-AFCA-573F9BD52644}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0E1B3BA-3D8E-456B-BCC5-163B09308240}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F575BBB6-A0A5-42C1-8406-CEDC8579FD75}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7586FC82-2EF8-4731-BAE1-22607AC0CC4A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E317C0F8-81DD-4AE8-87C7-B575A64B3696}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02A78E77-525D-4AF0-A822-CD04678CD638}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B141181-E967-42FD-AD64-52F283E12AAB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7B0446D3-68BB-4A03-B907-EEE372655460}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RichVideoCodec]
- %WINDOWS%\advrepkon.dll
- O2 - BHO: MSVPS System - {6BE306E6-555D-41B1-98FF-6453622F4F4B} - C:\WINDOWS\advrepkon.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BE306E6-555D-41B1-98FF-6453622F4F4B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BE306E6-555D-41B1-98FF-6453622F4F4B}]
- %WINDOWS%\advrepgds.dll
- O2 - BHO: MSVPS System - {FC91E698-C4BA-4564-9B85-659E38FCE154} - C:\WINDOWS\advrepgds.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC91E698-C4BA-4564-9B85-659E38FCE154}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC91E698-C4BA-4564-9B85-659E38FCE154}]
- %WINDOWS%\ipwypwpk.dll
- O2 - BHO: MSVPS System - {1BD6031F-BD9B-4DDF-A164-1D3A6701F374} - C:\WINDOWS\ipwypwpk.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BD6031F-BD9B-4DDF-A164-1D3A6701F374}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BD6031F-BD9B-4DDF-A164-1D3A6701F374}]
Changes for v2.249 - v2.250
- O2 - BHO: (no name) - {D1BD315B-8706-4C47-B443-A0784865CD04} - C:\Program Files\Video Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1BD315B-8706-4C47-B443-A0784865CD04}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1BD315B-8706-4C47-B443-A0784865CD04}]
- %WINDOWS%\advreprwd.dll
- O2 - BHO: MSVPS System - {7A22D62B-562F-4D55-8B1E-3AAA6C2BA688} - C:\WINDOWS\advreprwd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A22D62B-562F-4D55-8B1E-3AAA6C2BA688}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A22D62B-562F-4D55-8B1E-3AAA6C2BA688}]
- %WINDOWS%\advrepvto.dll
- O2 - BHO: MSVPS System - {E6E59F48-7BF8-4BEE-B906-273526C25DA4} - C:\WINDOWS\advrepvto.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6E59F48-7BF8-4BEE-B906-273526C25DA4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6E59F48-7BF8-4BEE-B906-273526C25DA4}]
- %WINDOWS%\movctrlknq.dll
- O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlknq.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
- %WINDOWS%\ipwypktx.dll
- O2 - BHO: MSVPS System - {9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E} - C:\WINDOWS\ipwypktx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F2EA14C-CC8D-4EC6-B8F9-90760A3DAF9E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27B9F7C0-3728-48DB-BEEE-FA1279B7E62C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC9A032C-651A-41C7-AA02-781AF6F0B132}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FB301567-C982-4C81-A21A-BDAF829299D0}]
- %WINDOWS%\bonrep.dll
- O3 - Toolbar: The bonrep - {6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86B93136-309C-4763-8F63-DD95DA7D4A91}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bonrep.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bonrep.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{6BBD76F0-FDBB-4D2D-AD36-5C922F510AF5}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F3EEF4B8-F62A-471A-8565-48BDF3BFE163}]
- %PROGRAMFILES%\VideoAccessCodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55C68B1E-8FE7-46FE-8269-FBDE29BF6300}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B98015-F9F4-4B36-A9D8-EE9BCA7C2AC6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C14EEF3C-32F1-47DF-AFE1-ED8EEC9F0C0C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD2D9F83-5761-4291-B713-A2C5044DD722}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BCF3C064-B623-4934-A025-56F151FA3778}]
- %WINDOWS%\neobus.dll
- O21 - SSODL: neobus - {5D1C9A4F-438B-4C5C-BE66-FAAA08D4BF49} - C:\WINDOWS\neobus.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "neobus"=-
- %WINDOWS%\kbdctrl.dll
- O21 - SSODL: kbdctrl - {A3023D18-B93F-4892-B89B-56FB36382B8F} - C:\WINDOWS\kbdctrl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "kbdctrl"=-
Changes for v2.248 - v2.249
- %SYSTEM%\eulbn.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a7a70a-e118-4506-a373-c9d4e8a212a1}\InProcServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{48a7a70a-e118-4506-a373-c9d4e8a212a1}"="arturo"
- %WINDOWS%\advrepnok.dll
- O2 - BHO: MSVPS System - {CFF8726A-9262-441C-8163-C6371E9EDE47} - C:\WINDOWS\advrepnok.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF8726A-9262-441C-8163-C6371E9EDE47}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFF8726A-9262-441C-8163-C6371E9EDE47}]
- %SYSTEM%\mp3avi.dll
- O2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\mp3avi.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8388594E-D5C0-4933-A977-867D32D8FF19}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAEDDCA3-3989-4FF4-A773-3AC188C70A16}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mp3avi.MP3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF}]
Changes for v2.247 - v2.248
- %SYSTEM%\bqrcr.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dcea392-ea10-4e6d-aba4-329ac377119c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{2dcea392-ea10-4e6d-aba4-329ac377119c}"="brachypyramid"
- %PROGRAMFILES%\EZVideo\
- %STARTMENU%\Programs\EZVideo\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EZVideo]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo]
- [-HKEY_CURRENT_USER\Software\EZVideo]
- %SYSTEM%\a3gpcodec.dll
- O2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D67E2E7-0C2B-4491-87C4-37F2AC6033D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\a3gpcodec.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5D67E2E7-0C2B-4491-87C4-37F2AC6033D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8388594E-D5C0-4933-A977-867D32D8FF19}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAEDDCA3-3989-4FF4-A773-3AC188C70A16}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\a3gpcodec.a3GP]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D67E2E7-0C2B-4491-87C4-37F2AC6033D2}]
- %DESKTOP%\IE Defender 2.3.lnk
- %STARTMENU%\Programs\IE Defender 2.3.lnk
- %PROGRAMFILES%\IE Defender
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Defender]
- [-HKEY_CURRENT_USER\Software\IEDefender]
Changes for v2.246 - v2.247
- Update, due to legit software (XunLei, a Chinese downloader) , using the same CLSID as the infection, this one is not removed anymore:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0EEDB911-C5FA-486F-8334-57288578C627}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB911-C5FA-486F-8334-57288578C627}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB911-C5FA-486F-8334-57288578C627}]
- %SYSTEM%\dx50codec.dll
- O2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dx50codec.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8388594E-D5C0-4933-A977-867D32D8FF19}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAEDDCA3-3989-4FF4-A773-3AC188C70A16}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dx50codec.RealMedia]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95}]
- %SYSTEM%\yneid.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41591d7f-9e25-4bd0-af53-9908fcf3a738}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{41591d7f-9e25-4bd0-af53-9908fcf3a738}"="complacential"
- %PROGRAMFILES%\Image Add-on\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Image Add-on]
- O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Image Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43BF8E0C-886D-4103-8DDB-2DFE0E8A0168}]
- %WINDOWS%\bndsrpfn.dll
- %WINDOWS%\advrepdow.dll
- O2 - BHO: MSVPS System - {CF368FC4-3241-409B-B1D6-0EA4FE33A555} - C:\WINDOWS\advrepdow.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF368FC4-3241-409B-B1D6-0EA4FE33A555}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF368FC4-3241-409B-B1D6-0EA4FE33A555}]
- %WINDOWS%\advrepgpd.dll
- O2 - BHO: MSVPS System - {93205C3F-1221-43F4-847F-007C6A4CE9A5} - C:\WINDOWS\advrepgpd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93205C3F-1221-43F4-847F-007C6A4CE9A5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93205C3F-1221-43F4-847F-007C6A4CE9A5}]
- %WINDOWS%\sdrmod.dll
- O3 - Toolbar: The sdrmod - {210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{210F79EC-C4B8-4AD5-B5B7-2B228F4376E9}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdrmod.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdrmod.ToolBar.1]
- %WINDOWS%\hupsrv.dll
- O21 - SSODL: hupsrv - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\hupsrv.dll
- %WINDOWS%\bindmod.dll
- O21 - SSODL: bindmod - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\bindmod.dll
- %SYSTEM%\proper.exe
- F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\proper.exe
- %SYSTEM%\bronto.dll
- O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\System32\bronto.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
- %SYSTEM%\winter.exe
- O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
- O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\System32\winter.exe
- %USERPROFILE%\StartMenu\Program\Startup\infos.exe
- O4 - Startup: infos.exe
- %AllUsers%\StartMenu\Program\Startup\autos.exe
- O4 - Global Startup: autos.exe
- %SYSTEM%\skuns.dat
- O20 - AppInit_DLLs: C:\WINDOWS\System32\skuns.dat
Changes for v2.245 - v2.246
- %SYSTEM%\XunLeiBHO_Now.dll
- O2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\XunLeiBHO_Now.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0EEDB911-C5FA-486F-8334-57288578C627}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EEDB911-C5FA-486F-8334-57288578C627}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8388594E-D5C0-4933-A977-867D32D8FF19}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAEDDCA3-3989-4FF4-A773-3AC188C70A16}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\xunleiBHO_Now.XunLei]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB911-C5FA-486F-8334-57288578C627}]
Changes for v2.244 - v2.245
- %WINDIR%\movctrlqtn.dll
- O2 - BHO: MSVPS System - {24038BE3-4EF2-41E2-A603-4CE3BDD9E874} - C:\WINDOWS\movctrlqtn.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24038BE3-4EF2-41E2-A603-4CE3BDD9E874}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24038BE3-4EF2-41E2-A603-4CE3BDD9E874}]
- O3 - Toolbar: The nssfrch - {1699137C-B90E-4488-97BC-575C896C2B5C} - C:\WINDOWS\nssfrch.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1699137C-B90E-4488-97BC-575C896C2B5C}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{1699137C-B90E-4488-97BC-575C896C2B5C}"=-
- %WINDIR%\movctrlnkd.dll
- O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}]
- O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD}"=-
- %WINDIR%\movctrlwxq.dll
- O2 - BHO: MSVPS System - {90CF5384-7C70-4CD6-A30D-B2F14537B5C3} - C:\WINDOWS\movctrlwxq.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90CF5384-7C70-4CD6-A30D-B2F14537B5C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90CF5384-7C70-4CD6-A30D-B2F14537B5C3}]
- O3 - Toolbar: The nssfrch - {7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC} - C:\WINDOWS\nssfrch.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC}"=-
Changes for v2.243 - v2.244
- %SYSTEM%\IntelVideo.dll
- %SYSTEM%\sysinit32.exe
- O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IntelVideo.dll]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{04F7FAC5-F506-4F29-9094-9CB9144B192C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04F7FAC5-F506-4F29-9094-9CB9144B192C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8388594E-D5C0-4933-A977-867D32D8FF19}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAEDDCA3-3989-4FF4-A773-3AC188C70A16}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IntelVideo.IntelVideoCodec]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04F7FAC5-F506-4F29-9094-9CB9144B192C}]
Changes for v2.241 - v2.242
- %PROGRAMFILES%\Video Add-on\
- %PROGRAMFILES%\Video Add-on Setup\
- O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}=-
- O3 - Toolbar: IE Custom Tools - {062F3F8B-CB94-4D76-A98A-EF800A438F01} - C:\Program Files\Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{062F3F8B-CB94-4D76-A98A-EF800A438F01}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{062F3F8B-CB94-4D76-A98A-EF800A438F01}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {062F3F8B-CB94-4D76-A98A-EF800A438F01}=-
- O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {23ED2206-856D-461A-BBCF-1C2466AC5AE3}=-
- O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Online Video Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B499D34E-58EF-4927-AB9F-7AF52B2C4C82}]
- %SYSTEM%\ugbtna.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}"="boardwalk"
- %WINDIR%\bndsrfst.dll
- %WINDIR%\bndsrsvk.dll
- %WINDIR%\bndsrdkq.dll
- %WINDIR%\bndsrgxt.dll
- %WINDIR%\bndsrkwm.dll
- %WINDIR%\bndsrtvd.dll
- %WINDIR%\bndsrvnl.dll
- %WINDIR%\bndsrwlq.dll
- %WINDIR%\movctrlswd.dll
- %WINDIR%\movctrlfqd.dll
- %WINDIR%\ntspknlg.dll
- %WINDIR%\ntspklqs.dll
- %WINDIR%\ntspkfnd.dll
- O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrfst.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15272B08-F6FE-4E71-B2BD-A59AD23EBE3C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15272B08-F6FE-4E71-B2BD-A59AD23EBE3C}]
- O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05F79890-CFA6-4D53-87BC-2F390DA6645E}]
- O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspknlg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480598DD-AE28-48B7-82F7-6ADDA1AA6B66}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{480598DD-AE28-48B7-82F7-6ADDA1AA6B66}]
- O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64DE95E5-0A25-4DD9-A472-97BC1D419101}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64DE95E5-0A25-4DD9-A472-97BC1D419101}]
- O2 - BHO: MSVPS System - {6EB10F79-5E53-4F76-B146-409EFCDCB957} - C:\WINDOWS\movctrlfqd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EB10F79-5E53-4F76-B146-409EFCDCB957}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EB10F79-5E53-4F76-B146-409EFCDCB957}]
- O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1413F77-5B69-4562-84E1-78F997794E9D}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{D1413F77-5B69-4562-84E1-78F997794E9D}"=-
- O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{899B0EF2-E0BE-41BA-BB41-0ABFB232813C}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{899B0EF2-E0BE-41BA-BB41-0ABFB232813C}"=-
- %WINDOWS%\kthemup.exe
- %WINDOWS%\nssfrch.dll
- O3 - Toolbar: The nssfrch - {DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70}
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{DF0ACE0C-4A3F-4A1F-8676-BA16DEB23C70}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBar.1]
- O21 - SSODL: hostctrl - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\hostctrl.dll
- O21 - SSODL: hostctrl - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\hostctrl.dll
- O21 - SSODL: hstsys - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\hstsys.dll
- O21 - SSODL: bxsbang - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\bxsbang.dll
- O21 - SSODL: ocgrep - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\ocgrep.dll
Changes for v2.240 - v2.241
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRay 3.8.lnk
- %STARTMENU%\VirusRay 3.8.lnk
- %STARTMENU%\Programs\VirusRay 3.8\
- %DESKTOP%\VirusRay 3.8.lnk
- %PROGRAMFILES%\VirusRay 3.8\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97C6E0E9-1D24-48CA-11E7-DC22C5308ABA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D723C81-2C9F-44DD-8F94-A2D3A06845E9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41FC2EBD-79F5-4FE0-8558-708DCB7FE255}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45DB217B-965D-4917-A653-C2A871534B4C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48A95844-A761-4D96-8191-0913D493823E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60FD2747-818B-4242-A041-4C1209F3D3A6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{70F731FD-6C5F-4D46-A29C-6B97FABEF0D0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77F6ABAA-C14B-4E0C-975E-0CFFA568B0BE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78AA9209-DED5-4F37-93A0-89FBEE57E4FC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{869B656B-142E-47E6-B4F6-973D17E80BBF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89F84A04-F5EF-4F4A-AF97-7DA43DD0371F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8F9C1393-41D7-4BE1-8752-098BC97514D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9097FA96-8EFD-4D04-8024-C920AB56BBEA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ACD5D550-4481-4F05-B6D8-A78566BD81D3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE096ECD-D62E-4B2D-BBA5-CBF9BFA4AB23}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDA20808-84A0-48C3-902A-7E31FF47EA6B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9C4CBEB-7BDF-47FF-8EDF-D72B50BB50EF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1AE427B0-E3B7-4D2E-A6B9-36605B0F214E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRay 3.8.exe 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRay 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRay 3.8]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusRay 3.8"=-
- %SYSTEM%\beahahl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb4c6870-721f-4989-9c90-8cbfa46d0298}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{eb4c6870-721f-4989-9c90-8cbfa46d0298}"="anomuran"
- %SYSTEM%\dfrep.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab75cc7d-2751-4144-a278-5462d5a5884c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ab75cc7d-2751-4144-a278-5462d5a5884c}"="bokard"
- %SYSTEM%\mxhfjy.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"
- %system%\gaaplp.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e0e6e3da-f3af-4fb4-9411-2cf92fdeefc2}"="forayer"
- %SYSTEM%\nczupfw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6d478c6-7961-4fe9-be4b-e621dd640112}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a6d478c6-7961-4fe9-be4b-e621dd640112}"="benzaldoxime"
- %SYSTEM%\clbrcek.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}"="inquisitionist"
- %SYSTEM%\siiyal.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1adb94e-0dc6-487c-b274-981bee6301a1}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e1adb94e-0dc6-487c-b274-981bee6301a1}"="armillifer"
- %SYSTEM%\sttwrd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}"="designers"
- %SYSTEM%\rrtrit.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b}"="eurymus"
Changes for v2.239 - v2.240
- %WINDIR%\bndsrvqt.dll
- %SYSTEM%\flirek.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34ec76b6-53c4-4686-822f-910c790683fb}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
- %SYSTEM%\gdrtul.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a47e7ce0-263d-40aa-86bc-27c1f6433143}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a47e7ce0-263d-40aa-86bc-27c1f6433143}"="chinned"
- %SYSTEM%\hteogat.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e155c1-202c-43a5-a212-58bb67d4341c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{02e155c1-202c-43a5-a212-58bb67d4341c}"="bearlike"
Changes for v2.238 - v2.239
- %SYSTEM%\fifzqip.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16be3225-e902-4d2a-ac98-aab162796927}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{16be3225-e902-4d2a-ac98-aab162796927}"="ataxics"
- %SYSTEM%\hymww.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79cdca21-5055-4cae-b609-e1685ef55cf7}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"
- %SYSTEM%\veptlh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92050ffb-b796-4146-ae27-7e5e1d93b8a8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{92050ffb-b796-4146-ae27-7e5e1d93b8a8}"="endopsychic"
- %PROGRAMFILES%\WinMsg\
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "sware"=-
- "sclick"=-
Changes for v2.237 - v2.238
- O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFE15135-C591-4000-A55E-A50E5F9F82BC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFE15135-C591-4000-A55E-A50E5F9F82BC}]
- %WINDIR%\bndsronw.dll
- %WINDIR%\wsremover.exe
- %WINDIR%\netadv.dll
- O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsronw.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A}]
- O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - netadv.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABF529BE-6245-465A-BBD4-238C4EAB0F0A}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{ABF529BE-6245-465A-BBD4-238C4EAB0F0A}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\netadv.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\netadv.ToolBar.1]
Changes for v2.236 - v2.237
- Update: WS2Fix v1.1
Changes for v2.235 - v2.236
- %WINDOWS%\svhjdsah.exe
- %WINDOWS%\afxp.dll
- %WINDOWS%\msvb.dll
- %WINDOWS%\sysdx.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msvb"=-
- "sysdx"=-
- %PROGRAMFILES%\Online Add-on\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Add-on]
Changes for v2.234 - v2.235
- %WINDIR%\exploeee.exe
- %SYSTEM%\explore.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "DoNotDelete"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "DoNotDelete"=-
- O4 - Startup: info.exe
- O4 - Global Startup: info.exe
- O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\sulimo.dat"
- %SYSTEM%\mvwqn.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f691d7-01bf-4fed-926c-7368034a45e3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e0f691d7-01bf-4fed-926c-7368034a45e3}"="barbican"
- O2 - BHO: MSVPS System - {ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1} - C:\WINDOWS\div32.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ECBD04D1-1133-4480-8A8C-BC9FDD54D6C1}]
Changes for v2.233 - v2.234
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirGear 3.8.lnk
- %STARTMENU%\AntiVirGear 3.8.lnk
- %STARTMENU%\Programs\AntiVirGear 3.8\
- %DESKTOP%\AntiVirGear 3.8.lnk
- %PROGRAMFILES%\AntiVirGear 3.8\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A0FC1A4-41D4-4793-9AC5-0B55CDC95AE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14F47CA3-2291-4B3E-9ED4-8C7E6AE80851}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2447284F-3590-4E8C-A869-049BD87CAD07}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38EEEF46-CA24-4ACA-A90D-540978DF7252}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D5E5AE1-5DED-4520-BDC2-B9292EA708CA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{409A05EF-1B48-4198-B6BF-993B8B52790C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{47A93011-1004-440C-9960-BD3B0348A7C2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50B388D5-4A80-4191-8BCC-5DD031D7F3EE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58A1ACE6-0DBA-45D2-8154-E8253A7B87BB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{73D25394-992F-43D1-BF92-48494CC0D1AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D2A83A4-0687-4704-937E-A29045826F77}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A7FE54B2-B167-4017-BCCC-CF73B2F678E3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C183B073-2D7F-45BC-8967-80147CECEE45}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6FDBF9A-19A7-4F0A-9F46-6F015A067B44}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F90A7969-20A0-4257-B39D-9C73D64CE3B0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA38F299-57F8-4FEB-9096-715460AE943C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE6AE29A-EB7D-4656-9418-26D5FCC9ADF5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.8.exe 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirGear 3.8]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirGear 3.8]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiVirGear 3.8"=-
- %SYSTEM%\vzfhprk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95dde900-8bf3-428c-b9be-8345c9d194f7}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{95dde900-8bf3-428c-b9be-8345c9d194f7}"="homeridae"
- O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\Windows\div32.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D5227BF-0C5B-4EA8-833C-FE09F1496F39}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D5227BF-0C5B-4EA8-833C-FE09F1496F39}]
Changes for v2.231 - v2.233
- Added: WS2Fix.exe
- %SYSTEM%\laf1.dll
- %SYSTEM%\laf1.ini
- %SYSTEM%\laf2.dll
- %SYSTEM%\laf2.ini
- %SYSTEM%\laf3.dll
- %SYSTEM%\laf3.ini
- %SYSTEM%\laf4.dll
- %SYSTEM%\laf4.ini
- %SYSTEM%\laf5.dll
- %SYSTEM%\laf5.ini
- %PROGRAMFILES%\Online Video Add-on\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Video Add-on] (C:\Program Files\Online Video Add-on\uninst.exe)
- O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"=-
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
- {41F6170D-6AF8-4188-8D92-9DDAB3C71A78}=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features]
- %SYSTEM%\ieffse32.dll
- %SYSTEM%\regmod.exe
- O2 - BHO: ieffse32.msdn_hlp - {C1C6426B-FB16-4123-ACBE-74D94FB0E663} - C:\WINDOWS\System32\ieffse32.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1C6426B-FB16-4123-ACBE-74D94FB0E663}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieffse32.msdn_hlp]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1C6426B-FB16-4123-ACBE-74D94FB0E663}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\yggyfnhb]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
- "some"=-
- "start"=-
- %SYSTEM%\swqzdtj.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa"
- %SYSTEM%\vusxqm.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5feba593-3e6d-4606-ae6e-0680501cd29e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{5feba593-3e6d-4606-ae6e-0680501cd29e}"="cacomixls"
Changes for v2.230 - v2.231
- O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:\Program Files\Online Video Add-on\isfmdl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D579A683-0CC7-4023-BAE7-0544D0D1DA3A}]
- %WINDOWS%\mscore.dll
- %WINDOWS%\drvsvp.dll
- %WINDOWS%\msmduo.dll
- %WINDOWS%\msmduo2.dll
- %WINDOWS%\div32.dll
- %WINDOWS%\mssql.dll
- %WINDOWS%\syscore.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{428FA4A4-C8EC-427C-85DE-11C80F67893A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{428FA4A4-C8EC-427C-85DE-11C80F67893A}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "drvsvp"=-
- "msmduo"=-
- "msmduo2"=-
- "mssql"=-
- "syscore"=-
Changes for v2.229 - v2.230
- %PROGRAMFILES%\Online Image Add-on\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\imageactivexobject.Chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Image Add-on] (C:\Program Files\Online Image Add-on\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Online Add-on]
- %SYSTEM%\jrpkmgh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60dea04c-9817-4309-bfa2-f8a1766c3cd1}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{60dea04c-9817-4309-bfa2-f8a1766c3cd1}"="haruspicy"
Changes for v2.227 - v2.229
- Minor Bug correction in path retriever on French SP2 OS.
- O2 - BHO: MSVPS System - {31CBB13B-244D-4C44-AED5-DCAD70F66281} - C:\WINDOWS\nsduo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CBB13B-244D-4C44-AED5-DCAD70F66281}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31CBB13B-244D-4C44-AED5-DCAD70F66281}]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
- "DisableRegedit"=-
- O20 - AppInit_DLLs: C:\WINDOWS\System32\stdole32.dat
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\stdole32.dat"
- %SYSTEM%\pluwue.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6ef030a-a235-41ba-9ead-89b6ff542f00}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d6ef030a-a235-41ba-9ead-89b6ff542f00}"="flensburg"
- %SYSTEM%\zdhgsp.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc25189b-1b13-4abe-900e-65e08bd961af}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{cc25189b-1b13-4abe-900e-65e08bd961af}"="escalators"
- %SYSTEM%\fwjgtk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6747456b-cea8-463d-ad2a-50d67ae73d30}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{6747456b-cea8-463d-ad2a-50d67ae73d30}"="cakewalks"
Changes for v2.226 - v2.227
- %SYSTEM%\lgaac.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{655560a9-3ca8-4509-9632-6abbef21426b}"="andropogon"
- %SYSTEM%\iheuv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27882a9f-8937-4ae4-87ab-ed669c8b6d7a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{27882a9f-8937-4ae4-87ab-ed669c8b6d7a}"="bund"
- O2 - BHO: MSVPS System - {60D3EC53-56A8-46A8-9D01-1AB64410665C} - C:\WINDOWS\nsduo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D3EC53-56A8-46A8-9D01-1AB64410665C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60D3EC53-56A8-46A8-9D01-1AB64410665C}]
Changes for v2.225 - v2.226
- %SYSTEM%\vmlwp.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4c4bc43-0974-4dec-a669-9f7bfcb3503d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d4c4bc43-0974-4dec-a669-9f7bfcb3503d}"="coexpire"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirGear 3.7.lnk
- %STARTMENU%\AntiVirGear 3.7.lnk
- %STARTMENU%\Programs\AntiVirGear 3.7\
- %DESKTOP%\AntiVirGear 3.7.lnk
- %PROGRAMFILES%\AntiVirGear 3.7\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BC3AC5B-3BBB-9DBE-8166-EC650E3B9B48}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{418985AE-4FE4-448D-83EE-238C887D8FC2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F251303-F8C4-44C3-A7C2-9E8A93C59322}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61840430-C7CF-43A0-9D49-3B3ED563FED1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{64A8E3CA-AE17-4EB0-8C67-47D1103A5B6F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{765A8F7D-F57B-4601-A038-3F463A4D3193}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77E616D5-5DB4-4B6A-8BDA-2BE4103A9921}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8742F319-C916-4930-B781-1C148134C05C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{897F5CB6-C1C1-494E-8F17-972784193442}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2224C72-745E-4046-882F-1A48C9311D77}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA500EFC-3C92-44C9-B1D6-7A7033343A50}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB5E9971-7086-4E6E-ADFA-BE9C685BE68B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD7CA0BC-693A-4AF9-B31A-60472248F761}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2882CC2-0077-426B-916D-E0B9EA23A1B5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE241504-6F15-49E4-847F-B4D7DA9EA8F9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1666E4E-45C8-462A-97FF-BFD5A103BFFA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD9A05E8-4A1E-45E6-B3B6-37CE20140278}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AF0C5CBA-52E1-4B29-A2DC-58D91D599612}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirGear 3.7.exe 3.7]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirGear 3.7] (C:\Program Files\AntiVirGear 3.7\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirGear 3.7]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiVirGear 3.7"=-
Changes for v2.224 - v2.225
- O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACD85107-9CF9-4C9E-B0B7-39940A0017C0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACD85107-9CF9-4C9E-B0B7-39940A0017C0}]
- %SYSTEM%\ddllup.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8ea5f37-7327-4923-9808-8fd3b6f0d529}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b8ea5f37-7327-4923-9808-8fd3b6f0d529}"="beers"
- %PROGRAMFILES%\DirectAccess\
- %STARTMENU%\Programs\DirectAccess\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectAccess]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAccess] (C:\Program Files\DirectAccess\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\DirectAccess]
Changes for v2.223 - v2.224
- %SYSTEM%\vvihh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b36d60c8-e1ce-464e-b74c-8128a627ef56}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b36d60c8-e1ce-464e-b74c-8128a627ef56}"="hyracina"
- O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C3C4699-B285-475F-BE47-0B26088CE876}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C3C4699-B285-475F-BE47-0B26088CE876}]
- O2 - BHO: MSVPS System - {3CB70CC2-303F-4A6C-824D-013AE8CFDB6B} - C:\WINDOWS\nsduo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CB70CC2-303F-4A6C-824D-013AE8CFDB6B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CB70CC2-303F-4A6C-824D-013AE8CFDB6B}
Changes for v2.222 - v2.223
- O2 - BHO: MSVPS System - {695A94FD-15D0-4ED7-8F40-D2B3BDC42C15} - C:\WINDOWS\nsduo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{695A94FD-15D0-4ED7-8F40-D2B3BDC42C15}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{695A94FD-15D0-4ED7-8F40-D2B3BDC42C15}
- %SYSTEM%\iklqcx.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5ede53-9db0-422d-b32d-5c41c96d6f52}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{de5ede53-9db0-422d-b32d-5c41c96d6f52}"="heterotroph"
- %SYSTEM%\kzpkwj.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f39d0dee-b2f0-4591-9187-1cc39c1df98a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{f39d0dee-b2f0-4591-9187-1cc39c1df98a}"="biisk"
- %SYSTEM%\ddomv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f5cb985-d4a4-49af-9185-133f956b5756}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9f5cb985-d4a4-49af-9185-133f956b5756}"="anthracosaurus"
- %SYSTEM%\gkymhk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{903902a8-0691-460e-8351-24df3d425e9c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{903902a8-0691-460e-8351-24df3d425e9c}"="apdu"
- %SYSTEM%\ayjhc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95a4b6d8-dcd9-453a-aedf-f5d10af2519a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{95a4b6d8-dcd9-453a-aedf-f5d10af2519a}"="cordiformis"
- %SYSTEM%\osdjhjc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8}"="disenfranchising"
Changes for v2.221 - v2.222
- %SYSTEM%\systems.txt
- O20 - AppInit_DLLs: C:\WINDOWS\System32\systems.txt
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\systems.txt"
Changes for v2.219 - v2.221
- Added: VCCLSID.exe tool.
- Removes ShellServiceObjectDelayLoad LeftOvers random CLSID (newmediacodec/videoaccesscodec infections):
- O21 - SSODL: msmdev - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\msmdev.dll
- O21 - SSODL: msmhost - {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} - C:\WINDOWS\msmhost.dll
- %WINDOWS%\nsduo.dll
- %WINDOWS%\msmdev.dll
- %WINDOWS%\msmhost.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88418AA3-16F5-4FC2-A9D8-90B1266DF841}
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msmdev"=-
- "msmhost"=-
- %SYSTEM%\muvdjo.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{46f5a8b0-0b73-48c5-9e40-3c443a43c161}"="aht"
- %SYSTEM%\tqcwm.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bb2b2d6-8b86-412e-acca-d656a8979b3e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{2bb2b2d6-8b86-412e-acca-d656a8979b3e}"="fraternalism"
Changes for v2.218 - v2.219
- %STARTMENU%\Programs\StartUp\autorun.exe
- %ALLUSERSTARTMENU%\Programs\Startup\findfast.exe
- %WINDIR%\shell.exe
- F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
- [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell"="Explorer.exe C:\WINDOWS\shell.exe"
- O4 - HKLM\..\Run: [Printer] C:\WINDOWS\System32\printer.exe
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Printer"=-
- %SYSTEM%\spoolvs.exe
- O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
- "Spoolsv"=-
- %SYSTEM%\fyhwfc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c}"="biltongs"
Changes for v2.217 - v2.218
- %SYSTEM%\guxmhcd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fedff4ae-1302-4b8a-bda9-43b9f67b9749}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fedff4ae-1302-4b8a-bda9-43b9f67b9749}"="astronomically"
- %SYSTEM%\kvfvw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}"="glauke"
- %SYSTEM%\hrum.txt
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\hrum.txt"
- %FAVORITE%\Error Cleaner.url
- %FAVORITE%\Privacy Protector.url
- %FAVORITE%\Spyware&Malware Protection.url
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4CF814F-970F-405D-A42C-0CE06EB97373}]
- O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Program Files\Video ActiveX Access\iesbpl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}"=-
Changes for v2.216 - v2.217
- %SYSTEM%\mivmv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6625fc6c-731c-443a-b3f0-2c8c520a1766}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{6625fc6c-731c-443a-b3f0-2c8c520a1766}"="anhydrase"
- %SYSTEM%\zdwii.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fdde73c-273e-4e55-84dc-455de06e4866}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{2fdde73c-273e-4e55-84dc-455de06e4866}"="amaretti"
- %SYSTEM%\tiqmcx.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22}"="athermancies"
Changes for v2.215 - v2.216
- %SYSTEM%\fwrkqfl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{6e886df7-914d-48f0-86b3-a5cf24385361}"="falsism"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\hadjajr.ini"
- %SYSTEM%\hadjajr.ini
- %SYSTEM%\gopa.exe
Changes for v2.213b - v2.215
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.7.lnk
- %STARTMENU%\VirusProtectPro 3.7.lnk
- %STARTMENU%\Programs\VirusProtectPro 3.7\
- %DESKTOP%\VirusProtectPro 3.7.lnk
- %PROGRAMFILES%\VirusProtectPro 3.7\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{03F65A7B-6E49-4ACE-848B-4459DDBD3981}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{15125718-D196-47C9-8FBF-9889C0C85D67}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21C40A12-3079-4A70-A715-8A44CE0DE829}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A3E745F-1EAE-441F-A5D5-E53C909CEEC1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F6A3DCF-D68F-4663-8C25-312BCDBE4D47}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48129B70-2F29-4DBA-A499-BEB1A1554E10}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{484E9A1B-C631-47F3-9BC0-F752CDAAFB9A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1886D5E-3508-4109-A8A0-F045AA86F3A3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2817460-5C53-4B41-8D01-D3EF255DD41E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEEA2138-2168-449E-B995-B56612EEF65E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AEFD40BB-03E3-4C66-ABFB-B5720ACB833E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9C7A624-88E3-4DFA-8D56-438B10BC0149}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D21FBDCE-EF01-417C-A1A1-C1EEDB8D5DB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EBA2671E-29BF-42D8-B17E-AB5315CC73C5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F105F0C9-50E2-44FA-B3EC-92CA7BFE0C0D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F664EA90-9B91-4825-9B51-5635AC38CCA6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6D7F9517-F134-45E3-BF2E-73414FF15CA1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.7.exe 3.7]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.7] (C:\Program Files\VirusProtectPro 3.7\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.7]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusProtectPro 3.7"=-
- %SYSTEM%\tmxxxh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{70d17a5f-ef27-4295-90f5-20ad6f24834f}"="dizening"
- %SYSTEM%\ccyszwl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}"="arachnodacty"
- %SYSTEM%\igzxwrl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18a8f76b-804b-4981-b87c-460699971a4b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{18a8f76b-804b-4981-b87c-460699971a4b}"="dataria"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\hrum323.txt"
- Update: %SYSTEM%\vtr167.dll -> %SYSTEM%\vtr???.dll
- O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr???.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCDECF0-4B15-11D1-ABED-709549C10000}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "AppInit_DLLs"="C:\WINDOWS\System32\hanonvt.ini"
- %SYSTEM%\hanonvt.ini
- %SYSTEM%\vtr167.dll
Changes for v2.213 - v2.213b
- Correction of a minor bug (missing caracter } ) in
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}"=-
Changes for v2.212 - v2.213
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{283A0EE3-2CC1-45AB-8207-B1D7B69C7F83}]
- %SYSTEM%\ryxrho.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d}"="archiblast"
- %SYSTEM%\zkpssqa.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}"="bosken"
Changes for v2.211 - v2.212
- O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}]
- O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Image ActiveX Access\iesbpl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}"=-
- %SYSTEM%\vpccw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e758745e-b8aa-47ac-a652-6307ff5f3ebf}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e758745e-b8aa-47ac-a652-6307ff5f3ebf}"="counterclaim"
Changes for v2.210 - v2.211
- %PROGRAMFILES%\Video iCodec\
- %STARTMENU%\Programs\Video iCodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Video iCodec]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video iCodec]
- [-HKEY_CURRENT_USER\Software\Video iCodec]
- %SYSTEM%\eigbbb.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{c4da240e-7525-404a-b366-f50a422376d8}"="arouse"
- %SYSTEM%\nexpegp.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}"="electroosmoses"
- %SYSTEM%\xtsyynm.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4029063-4fe3-422c-ac72-12905c09642a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a4029063-4fe3-422c-ac72-12905c09642a}"="clinker"
- %SYSTEM%\fqdqs.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc}"="heterostyly"
- %PROGRAMFILES%\VideoAccessCodec\
- %WINDOWS%\duocore.dll
- %WINDOWS%\wmpenv.dll
- %WINDOWS%\wmpconf.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{150EA8E7-A97C-4816-AD02-4865EEF8C5FF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABA5BDB-4EFF-48DB-B443-679651D37128}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B6A3935F-8FE4-49A4-B987-A1C09E53589F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF94A58F-599B-4602-9C34-99683C5859B1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CDC0999C-999C-4EE1-875B-5C3542641768}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoAccessCodec] (C:\Program Files\VideoAccessCodec\Uninstall.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VAC.Video]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C54F02-1B28-45F1-AE46-B5CDFB6E7926}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo] (C:\WINDOWS\main_uninstaller.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AF59C20-A1D8-4C1C-927A-99DD9F2A9E0B}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "wmpenv"=-
- "wmpconf"=-
Changes for v2.209 - v2.210
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.6.lnk
- %STARTMENU%\VirusProtectPro 3.6.lnk
- %STARTMENU%\Programs\VirusProtectPro 3.6\
- %DESKTOP%\VirusProtectPro 3.6.lnk
- %PROGRAMFILES%\VirusProtectPro 3.6\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40331B9F-75E5-4E1E-B511-5AA6638B9ADE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.6.exe 3.6]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.6] (C:\Program Files\VirusProtectPro 3.6\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.6]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusProtectPro 3.6"=-
- %SYSTEM%\vophqmn.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}\InProcServer32] (Already Removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e71aba09-d81a-4876-baa3-df133c1dfc48}"="helicoid" (Already Removed)
- %SYSTEM%\fshqaln.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}] (Already Removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4a9e875b-d032-45e4-8294-789fe3be5b19}"="atrichia" (Already Removed)
- %SYSTEM%\ktrxe.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9}"="hemprich"
Changes for v2.208 - v2.209
- %SYSTEM%\gusur.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f5f16ef-af9d-4fe6-8410-f0670b58979d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4f5f16ef-af9d-4fe6-8410-f0670b58979d}"="exultet"
- %SYSTEM%\khtbpdl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c82e1789-207a-4b8a-806f-76b62dfac2a2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{c82e1789-207a-4b8a-806f-76b62dfac2a2}"="hutlet"
- %SYSTEM\afqgda.exe
- %SYSTEM\printer.exe
- %SYSTEM\WinAvX.exe
- %SYSTEM%\WinAvXX.exe
- %SYSTEM\atzrdada.dll
- %STARTMENU%\Programs\StartUp\system.exe
- %ALLUSERSTARTMENU%\Programs\Startup\autorun.exe
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
- "DisableRegistryTools"=0x00000001
- "DisableTaskMgr"=0x00000001
- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "WinAVX"="C:\WINDOWS\System32\WinAvX.exe"
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
- "NoControlPanel"=0x00000001
- "NoWindowsUpdate"=0x00000001
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
- "WinAVX"="C:\WINDOWS\System32\WinAvX.exe"
- [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell"="Explorer.exe C:\WINDOWS\System32\printer.exe"
Changes for v2.207 - v2.208
- %SYSTEM%\zpuwriz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{547aaa89-7e6b-42b4-b112-a64955f86a2a}"="adirondack"
- %SYSTEM%\tkrsw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8b3850e-a22e-43ab-a15e-63f6e47db7e6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b8b3850e-a22e-43ab-a15e-63f6e47db7e6}"="clamourers"
- %SYSTEM%\lrnjnzf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c46558-da01-4637-a85e-f1ccb1c7436a}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e4c46558-da01-4637-a85e-f1ccb1c7436a}"="hyams"
- %SYSTEM%\afzdbl.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8068bf35-3711-4dce-a2f3-f008cecfe894}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8068bf35-3711-4dce-a2f3-f008cecfe894}"="araca"
- %SYSTEM%\ugofuq.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c704547b-26c0-4222-a034-81653c07b494}] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{c704547b-26c0-4222-a034-81653c07b494}"="eperdument" (Already removed)
- %SYSTEM%\gtawclv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e71aba09-d81a-4876-baa3-df133c1dfc48}"="enjoyment"
- %SYSTEM%\vjxwnn.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd2948f8-c949-464f-824a-6272608c739e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{bd2948f8-c949-464f-824a-6272608c739e}"="criticalness"
- %SYSTEM%\fdpzgi.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c6fd4e6-49ce-4178-875b-df70eac260c5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1c6fd4e6-49ce-4178-875b-df70eac260c5}"="aguilarite"
- O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}]
- %STARTMENU%\Programs\XXXAccess\
- %PROGRAMFILES%\XXXAccess\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XXXAccess]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XXXAccess] (C:\Program Files\XXXAccess\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\XXXAccess]
Changes for v2.206 - v2.207
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service]
- O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D61D7E1A-6613-49CA-B6F9-51DB248E209D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Security Plug-in]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Secure Bar]
- %SYSTEM%\wzhtjqo.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}"="enlodgement"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.5.lnk
- %STARTMENU%\VirusProtectPro 3.5.lnk
- %STARTMENU%\Programs\VirusProtectPro 3.5\
- %DESKTOP%\VirusProtectPro 3.5.lnk
- %PROGRAMFILES%\VirusProtectPro 3.5\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00628C22-6886-439B-AA2E-3639367F02A0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14B512A9-25CF-4C90-AE5F-418689DF0A8D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39D23F6A-E2DE-4F5D-9118-ECDFAAE47E9C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B334543-06C2-4B5F-B7CB-8028A4570B39}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E79A538-7998-4BB7-B8A7-0E12243D7A99}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42348314-FC64-4B2E-B314-3F872C321B87}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58BD1E88-EFEE-404E-BE17-DF639B57CB56}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{64D947B2-5505-4347-80A5-E28EEBE38F2A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D3C0252-8850-440E-A386-4A0159C8A4DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B8BE22F-B2BB-472B-8959-C0828C0ADDC7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CD68722-9A43-42E4-BD01-2DE85D9CB565}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8502478-83BC-48DB-9937-6EEB77CED41E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF1B7AB6-9715-472D-B469-74DE8D030EB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEB46F7E-CF37-4E8F-BA48-D96F1A434224}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2315CDD-4F9A-4DDA-8671-252465FF0B5D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF442B5E-B5C0-4469-85C8-4B0B2A579EE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD3A8ECE-6016-469E-9964-C479F9157BCC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.5.exe 3.5]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.5] (C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.5]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Changes for v2.205 - v2.206
- %WINDOWS%\sconf32.dll
- %WINDOWS%\wmplayer.dll
- %WINDOWS%\wmsound.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C014816-5BD4-4166-85EA-62FE05E517C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C014816-5BD4-4166-85EA-62FE05E517C3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "wmplayer"=-
- "wmsound"=-
- %SYSTEM%\psndz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa55d551-9698-48ac-b639-9b00cf1a6ea0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fa55d551-9698-48ac-b639-9b00cf1a6ea0}"="grazable"
- %SYSTEM%\cqsfk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cea2e5cd-e849-427b-80f0-59298caef1c4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{cea2e5cd-e849-427b-80f0-59298caef1c4}"="convalescently"
Changes for v2.204 - v2.205
- %WINDOWS%\soundplugin.dll
- %WINDOWS%\sounddrv.dll
- %WINDOWS%\xvideo.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85E659D3-E110-4CE7-9D99-416FD61A1720}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85E659D3-E110-4CE7-9D99-416FD61A1720}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "sounddrv"=-
- "xvideo"=-
- %SYSTEM%\cefrjsh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1c16871-b797-4ec7-bbee-83852379c390}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{a1c16871-b797-4ec7-bbee-83852379c390}"="formicivora"
- %SYSTEM%\onljweo.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}] (Already Removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{33b8d257-07f6-4c06-8605-94bc21728635}"="discommodiousness" (Already Removed)
- %SYSTEM%\yhjbbzf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49f29a27-2451-4314-a480-8d2481ce6c81}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{49f29a27-2451-4314-a480-8d2481ce6c81}"="cyk"
- %SYSTEM%\vgibz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4a9e875b-d032-45e4-8294-789fe3be5b19}"="dustuck"
- %SYSTEM%\wpchz.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5889f7b0-3277-4266-b4bd-1bf2d394aee6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{5889f7b0-3277-4266-b4bd-1bf2d394aee6}"="hydronephrosises"
Changes for v2.203 - v2.204
- %SYSTEM%\surzzh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.4.lnk
- %STARTMENU%\VirusProtectPro 3.4.lnk
- %STARTMENU%\Programs\VirusProtectPro\ (Already Removed)
- %DESKTOP%\VirusProtectPro 3.4.lnk
- %PROGRAMFILES%\VirusProtectPro 3.4\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A8C61AE-9639-4E4D-AF61-25B0CE935EAB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DF3EB27-E122-4E77-9481-D9332351B606}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1BA582C8-6240-4DC4-BB8E-1B764134A47B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F6BD5E9-CEBD-4EB8-94B5-9C4E9C219306}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DE68A1C-09C2-4724-BB80-CB5AAFB96D99}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{720B32BB-73D5-4551-B743-986224487121}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72A238C6-F6A8-41D3-90FD-95F31F02FB33}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76C8C569-C4B8-4E0C-AE87-E1166D7FE005}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79E77B74-D820-4E39-802F-084F9DDCE038}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8F7AFA67-ADC0-4227-B799-34F7800EBC96}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C254C9C5-DE04-49F1-9FC1-72EF4F7F1F6C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA91A4F1-3DC6-4D10-8AE3-8545E86D9DB8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0E42329-DCA9-4825-B87D-04B789BBB169}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D92E0D32-8D1B-4B8B-AF26-0676C5158ADA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E082EF71-40AF-4A4E-B036-BB773F450B53}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB5EB70-E2F1-4ADA-B033-151A71B9AA3F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{795175C7-3F75-4F45-AB6C-4FFE32A85BCB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.4.exe 3.4]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.4] (C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.4]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusProtectPro 3.4"=-
Changes for v2.202 - v2.203
- O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118}]
- %SYSTEM%\wfcof.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9af8f31b-b778-4413-b8ed-ae63a62e1f7d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9af8f31b-b778-4413-b8ed-ae63a62e1f7d}"="firstlings"
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F4DB301-0698-4AF4-A8A2-473996DF425A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F4DB301-0698-4AF4-A8A2-473996DF425A}]
Changes for v2.201 - v2.202
- %windir%\msddx.dll
- %windir%\msqnx.dll
- %windir%\qnxplugin.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msddx"=-
- "msqnx"=-
- %SYSTEM%\drivers\svchost.exe
- %USERPROFILE%\svchost.exe
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "autoload"=-
- "autorun"=-
- %SYSTEM%\myqlejy.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"
Changes for v2.200 - v2.201
- %SYSTEM%\winntify.exe
- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winnotify]
- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winnotify]
- O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}]
- %SYSTEM%\xnvaogd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"
- %SYSTEM%\lapmvzf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fde1bd72-ca80-443f-9526-595337b73878}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fde1bd72-ca80-443f-9526-595337b73878}"="hieroglyphist"
Changes for v2.199 - v2.200
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 4.3.lnk
- %STARTMENU%\SpyLocked 4.3.lnk
- %STARTMENU%\Programs\SpyLocked 4.3\
- %DESKTOP%\SpyLocked 4.3.lnk
- %PROGRAMFILES%\SpyLocked 4.3\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2BD02A28-2CE5-41E6-83DB-6763E671CB86}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D5D65CB-D4DE-46D9-985F-F80D9F34C979}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4249D82A-882F-467B-9AA3-DCC40078EA69}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4FBE506D-6726-42B5-ADB0-0B56AF0AEFB7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54DA8FE1-16CC-4304-921D-88DD591884EA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6036EFF9-4750-435D-BA00-2E4971A17954}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{67BFFC72-F133-4C2A-8C2C-EC9B46FFB80C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B619BBA-1BB8-47F4-85B2-AEEE204AFE3A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E02BA95-D9BC-4E9F-AE33-38DD988CC868}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90B449E1-A378-4DBB-BAE6-4F5492B954C4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{99D26682-D444-4106-B346-A31B25B315E4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9A76871A-CBEB-479C-9984-253AEF6CB3E2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B11649A-0DA6-4581-9A17-9DA31AD7FD42}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A7152573-FA25-4BEA-8026-1EC8A5205D11}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA7301E0-686C-4C7C-95B7-1B96D2ED1A61}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E831429A-73A3-44D4-8935-DEEC11216093}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A321A998-2771-4235-B458-6B09AF6463B5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 4.3.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 4.3] (C:\Program Files\SpyLocked 4.3\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 4.3]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 4.3"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100B21CD-3B97-44FB-B1C0-EA6249E482E8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XVideo]
- %WINDOWS%\avp.exe
- %WINDOWS%\mgrs.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "avp"=-
- "smgr"=-
Changes for v2.198 - v2.199
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.3.lnk
- %STARTMENU%\VirusProtectPro 3.3.lnk
- %STARTMENU%\Programs\VirusProtectPro\ (Already Removed)
- %DESKTOP%\VirusProtectPro 3.3.lnk
- %PROGRAMFILES%\VirusProtectPro 3.3\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D52BB09-465C-4AA4-9FBD-71D1690CAED3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24998748-6E8A-40D1-AA97-E9952EE9ED18}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{287FFE0C-15D0-4BFD-BAA9-0582C6361BBB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45973D31-5CE3-4503-BC81-25E525119C48}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46D4D563-1C43-4CEE-AF98-471385F2BC42}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5596A310-2E54-4B75-ADA3-7EE0AD10E228}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C17F7D3-8460-4488-84EB-986A38BEDD2D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71DF187C-DC99-4A35-BDB2-C099821A435D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74DF3F5E-99D7-4F4D-81C3-95201D4CDA88}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91478017-FF82-4C5D-9FFF-7801F8D99CCC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F9C8CF3-EB4A-4851-A4F6-2370F5BC79EE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1B9C911-CA24-4E1E-9F56-838486218327}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C78E49C0-AB82-4C79-A189-F1E34980643B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2A0598F-FBC4-4721-BC85-F75C0712C100}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7B2831E-A25A-430B-B3E3-3D414F9C4288}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDC652FF-2EA2-4E46-8849-D9041B77B88E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{049FECE3-18C7-4023-A1BE-CFAA2C4EE387}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtectPro 3.3.exe 3.3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusProtectPro 3.3] (C:\Program Files\VirusProtectPro 3.3\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtectPro 3.3]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VirusProtectPro 3.3"=-
Changes for v2.196 - v2.197
- %WINDOWS%\vpsnetwork.dll
- %WINDOWS%\expro.dll
- %WINDOWS%\vpssup.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1770FD6-A7CB-44DA-AD2C-692D2A2B521B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1770FD6-A7CB-44DA-AD2C-692D2A2B521B}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "expro"=-
- "vpssup"=-
Changes for v2.195 - v2.196
- O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDE8EAB9-CEF3-4885-B12F-26960A25C800}]
- O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ADA89D-2440-4DC4-820A-3A05E8630935}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36ADA89D-2440-4DC4-820A-3A05E8630935}]
- O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Image ActiveX Access\iesbpl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}"=-
- %SYSTEM%\iauoi.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ff419a8-1748-4ca7-99df-d269465b0e8b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9ff419a8-1748-4ca7-99df-d269465b0e8b}"="cornerer"
- %SYSTEM%\igpfced.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}"="crawley"
- %SYSTEM%\cdwvhbf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3afa7405-68e8-4bdb-920e-0d506f552826}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{3afa7405-68e8-4bdb-920e-0d506f552826}"="concise"
- %SYSTEM%\gbjkog.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41eaa909-24be-4d24-877f-076a0576a6fd}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{41eaa909-24be-4d24-877f-076a0576a6fd}"="castigating"
- %SYSTEM%\tczij.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"
- %SYSTEM%\iwwvh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c0c879c-9091-45d1-807f-2adc37d7d6d6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9c0c879c-9091-45d1-807f-2adc37d7d6d6}"="breadthes"
- %SYSTEM%\xedasn.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{33b8d257-07f6-4c06-8605-94bc21728635}"="drays"
- %SYSTEM%\dooep.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"
- %SYSTEM%\afkvvy.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4688f900-0d0c-4788-b297-59cc10e70ccc}"="bipinnatifid"
- %WINDOWS%\ddesupport.dll
- %WINDOWS%\msole.dll
- %WINDOWS%\msdde.dll
- %WINDIR%\main_uninstaller.exe (Already removed)
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49CF52D7-8D58-4E22-A874-AAD721F5B523}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49CF52D7-8D58-4E22-A874-AAD721F5B523}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSDNS] (C:\WINDOWS\main_uninstaller.exe 1) (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WINSP] (C:\WINDOWS\main_uninstaller.exe 2) (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msole"=-
- "msdde"=-
Changes for v2.194 - v2.195
- Update: Generic Renos Fix 1.14
- %SYSTEM%\yesgnhr.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f396a67-f473-48c9-9950-636ce17e584e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{6f396a67-f473-48c9-9950-636ce17e584e}"="hellenophile"
- %SYSTEM%\xpuupdate.exe
- O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF4E7A0C-E233-4906-B4C1-A404356541FF}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{DF4E7A0C-E233-4906-B4C1-A404356541FF}"=-
- %WINDOWS%\wincom27.dll
- %SYSTEM%\ext32inc.dll
Changes for v2.192 - v2.193
- %SYSTEM%\ckimzeb.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{5bf53d50-b1ec-47b6-a00a-0bd32baeb7ef}"="damkjernite"
- %USERPROFILE%\Application Data\AdProtect NoSpam\
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk
- %STARTMENU%\ContraVirus 2.0.lnk
- %STARTMENU%\Programs\ContraVirus\
- %DESKTOP%\ContraVirus 2.0.lnk
- %PROGRAMFILES%\ContraVirus\
- %SYSTEM%\xpuupdate.exe
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ad-protect.EXE] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEControl.DLL] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\spamdet.DLL]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ToolBarNotifier.EXE]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6B677F1F-F86C-4757-BF24-7D865EF20639}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7C11C36C-2AE0-4489-9B09-A6129139D52D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DA1990B-9BCA-4c80-AEFB-11A40FA849F9}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C628512D-A058-4BD4-B47B-B036F45FA02B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BE8C6A5-A75F-4e33-89C3-18CC58A0B952}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61877300-54DB-4746-BA42-03E03A2B269C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBBD3E11-D201-46C9-8471-091D33159287}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCBB188-18E3-1DEB-59D5-BACE1CE655A4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7ABE914-B8CF-4602-9145-6BDAAEDA21AA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBE5BEE8-F032-11DB-826A-C4BB56D89593}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA038DDD-0FE0-41f5-BA60-FC3660529E71}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{214345B8-BB69-498D-A168-29F58F15D806}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61877300-54DB-4746-BA42-03E03A2B269C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63321A5C-D8FE-432C-8D2F-61C0FC264320}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2C1986A-FBEC-4472-AABF-6D42F08DBC8E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6B4AB50-F423-4EE6-9839-B35DCFCDFA49}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F51BC478-D997-4C56-988D-79D9EEAAD1EC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F82FD7D4-2EC8-40B3-A141-DE051C98DCE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD4DCB8B-C33A-4E70-A351-6FAB7E1071A4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{283ED043-D403-4808-BF28-FCDE29DCF1FB}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C02E5FC-7FE3-4122-911F-829314FE9BBC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{32BD20FD-41FD-47FB-9BC9-28DCBD7D55D7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B677F1F-F86C-4757-BF24-7D865EF20639}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DFCDA823-80C5-4F55-B328-7EFD4AFBD9A0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Addin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Addin.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Server]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ad-Protect.Server.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEControl.IEExtension] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEControl.IEExtension.1] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCToolBand.SCToolBandObj]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCToolBand.SCToolBandObj.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\spamdet.SpamDetector.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarNotifier.Notifier]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarNotifier.Notifier.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ContraVirus.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBE5BEE8-F032-11DB-826A-C4BB56D89593}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContraVirus] (C:\Program Files\ContraVirus\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\ContraVirus]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\AdLoader]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Trace7]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\1das]
- [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell\dnl7]
- [-HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\Ad-Protect.Addin.1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{EA038DDD-0FE0-41f5-BA60-FC3660529E71}"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "ContraVirus"=-
- "Windows Updater Servc"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyCrush 3.1.lnk
- %STARTMENU%\SpyCrush 3.1.lnk
- %STARTMENU%\Programs\SpyCrush\ (Already Removed)
- %DESKTOP%\SpyCrush 3.1.lnk
- %PROGRAMFILES%\SpyCrush 3.1\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}] (Already Removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{14D6736F-9918-46D2-A96B-75713158DC9C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33220D50-BB09-4F83-ABC2-E94011D088B5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35A2B3DD-3B38-4E9E-A547-6E459A6E91AA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{472B58B5-B00C-4DC5-83ED-FE8185FFBCBE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4CB98812-6071-4D01-BC87-7E2CECB9C248}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DBE72DB-B023-47C2-AB01-D2323AADFA5A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60F366A1-5D3B-4D3E-ACE3-CB8C25474FF6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{754E70B2-E0DF-45CE-9429-CCFE0DD7AEA5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7583195C-5F83-4AD6-82D1-3C2F553F93E2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77CAC444-50CC-4E1C-955C-55E325360864}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7DF4D9FC-1B6F-4093-8BC7-6A0F750B59D8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91EF3AD8-9373-4B3F-AAF5-2984E3E34385}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAD385C7-7B45-43FC-BF4E-EABB990337FF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC2A49C8-5970-4DA5-B784-32CD8617B6B8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F3FAE2B3-0961-40A7-94C7-67A28967BE58}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB65F713-07A1-404D-889A-5789E383AB02}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3C4CCBFA-2ADA-43F3-9A40-F729DD31EC5A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyCrush 3.1.exe 3.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyCrush 3.1] (C:\Program Files\SpyCrush 3.1\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyCrush 3.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyCrush 3.1"=-
Changes for v2.191 - v2.192
- Added: Rustock, xpdx driver detection
- %SYSTEM%\pkjcoxq.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d3b05d-4dd9-468d-982e-c342f05436e5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e1d3b05d-4dd9-468d-982e-c342f05436e5}"="crowsteps"
Changes for v2.190 - v2.191
- %SYSTEM%\ipmon.exe
- O4 - HKLM\..\Run: [ipmon] ipmon.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "ipmon"=-
- %SYSTEM%\eeuydc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{44e670f2-d57b-4815-a576-955d17dbbf2d}"="auditioned"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 4.1.lnk
- %STARTMENU%\SpyLocked 4.1.lnk
- %STARTMENU%\Programs\SpyLocked 4.1\
- %DESKTOP%\SpyLocked 4.1.lnk
- %PROGRAMFILES%\SpyLocked 4.1\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D3F4979-14F0-4344-95F9-D019C75ED669}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1DEAC6D1-27B1-4804-8309-86F80E64D91F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21EE18CF-E24C-4AD8-A279-C34EEB5F18A9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22489F95-AA2E-4DFE-A00C-4F5D0DFDAFD6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{273582F0-3C1E-4BFC-B2A4-8348AE47F717}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27491041-2CCB-4A37-9297-FB84134ECAD4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{464B2A01-EB39-4CF6-B6BB-6262776B79DA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{60DDD776-BD47-421A-9B75-C5965C1AAEB3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C2AD1F2-670F-4096-9CF5-6FBEA48D2E38}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A45C94F8-E114-48EB-84C9-DE1B871E1A3A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B48F25A0-49A8-46AE-B506-A789F8E91A51}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3F81C5A-3A2D-464C-B617-289495AE52DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6BC961E-2230-4A37-B7DC-F311773C7DBE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F8681E4A-3B1B-46C5-9A0E-E4BDCD240A92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA08D9EC-0C7B-4C37-8D7A-E7837B997E90}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC51DED7-D056-45E5-A4FF-A308E2DECFA5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9F99FD1A-5C53-4B82-981A-92A0F587D59B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 4.1.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 4.1] (C:\Program Files\SpyLocked 4.1\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 4.1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 4.1"=-
Changes for v2.189 - v2.190
- %PROGRAMFILES%\PornoPlayer\
- %STARTMENU%\Programs\PornoPlayer\
- [-HKEY_CURRENT_USER\SOFTWARE\PornoPlayer]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PornoPlayer]
Changes for v2.188 - v2.189
- %PROGRAMFILES%\VideoPlugin\
- %STARTMENU%\Programs\VideoPlugin\
- %WINDIR%\ossmart.dll
- %WINDIR%\pssms.dll
- %WINDIR%\vpnconfig.dll
- %WINDIR%\privacy_danger\ (Already removed)
- %WINDIR%\main_uninstaller.exe (Already removed)
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16789285-C094-4aa6-88B9-2BB9DC13A485}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16789285-C094-4aa6-88B9-2BB9DC13A485}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "ossmart"=-
- "vpnconfig"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSDNS] (C:\WINDOWS\main_uninstaller.exe 1)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WINSP] (C:\WINDOWS\main_uninstaller.exe 2)
Changes for v2.186 - v2.188
- ded: xpdt driver detection
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5}"=-
- %SYSTEM%\viuaoq.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7058baa-49a4-40b7-95c2-eec95cdf51f3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d7058baa-49a4-40b7-95c2-eec95cdf51f3}"="infumate"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 4.0.lnk
- %STARTMENU%\SpyLocked 4.0.lnk
- %STARTMENU%\Programs\SpyLocked 4.0\
- %DESKTOP%\SpyLocked 4.0.lnk
- %PROGRAMFILES%\SpyLocked 4.0\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 4.0.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 4.0] (C:\Program Files\SpyLocked 4.0\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 4.0]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 4.0"=-
Changes for v2.185 - v2.186
- %PROGRAMFILES%\Security Tools\
- %SYSTEM%\indwvm.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"
Changes for v2.184 - v2.185
- %WINDIR%\mssmart.dll
- %WINDIR%\vsmart.dll
- %WINDIR%\wow.dll
- %WINDIR%\wowsupport.dll
- %WINDIR%\privacy_danger\
- %WINDIR%\main_uninstaller.exe (Already removed)
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2724E072-19D0-486d-A819-9D914191AE92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wow.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wow.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2724E072-19D0-486d-A819-9D914191AE92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "mssmart"=-
- "vsmart"=-
Changes for v2.183 - v2.184
- Update: Generic Renos Fix 1.14
Changes for v2.182 - v2.183
- %PROGRAMFILES%\Image ActiveX Access\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Image ActiveX Access]
- O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Image ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}]
- %SYSTEM%\dtjby.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive"
Changes for v2.181 - v2.182
- %SYSTEM%\uimcu.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"="floripondio"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.9.lnk
- %STARTMENU%\SpyLocked 3.9.lnk
- %STARTMENU%\Programs\SpyLocked 3.9\
- %DESKTOP%\SpyLocked 3.9.lnk
- %PROGRAMFILES%\SpyLocked 3.9\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 3.9.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.9] (C:\Program Files\SpyLocked 3.9\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.9]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 3.9"=-
Changes for v2.180 - v2.181
- %WINDIR%\msdn.dll
- %WINDIR%\bandserv.dll
- %WINDIR%\loader.exe (Already removed)
- %WINDIR%\tlhelp.dll
- %WINDIR%\iereport.dll
- %WINDIR%\main_uninstaller.exe (Already removed)
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D76F06D4-1659-482d-BCB2-3F731BFE0941}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bandserv.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bandserv.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D76F06D4-1659-482d-BCB2-3F731BFE0941}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "tlhelp"=-
- "iereport"=-
Changes for v2.179 - v2.180
- %SYSTEM%\antzozc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa4fbf53-c766-4622-8011-a87a805eebf0}\InProcServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fa4fbf53-c766-4622-8011-a87a805eebf0}"="deboner"
- %PROGRAMFILES%\Protection Tools\
- %PROGRAMFILES%\Video ActiveX Access\
- O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8}]
- O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31615D5C-5126-448A-818A-A7CDFEE85A9B}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{31615D5C-5126-448A-818A-A7CDFEE85A9B}"=-
Changes for v2.178 - v2.179
- %SYSTEM%\kgkdbsk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.7.lnk
- %STARTMENU%\SpyLocked 3.7.lnk
- %STARTMENU%\Programs\SpyLocked 3.7\
- %DESKTOP%\SpyLocked 3.7.lnk
- %PROGRAMFILES%\SpyLocked 3.7\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05436423-E2DA-4307-AEE4-275C2522D4DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17A868CD-C8B9-4A46-8224-85E4D81CD764}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3037B797-A390-4DCD-BCA6-272815FC4265}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4470C18E-1EF2-453C-BEC1-1745D781BCAB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52BF24CF-8378-42B4-8962-135CFB6C4F77}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{680FA31F-43BC-47DA-9405-A0D1B1C1151B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EBB57F2-B416-4F76-9384-A8F669FF60E4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8262777C-7176-4A9C-A8A6-D0C4AEB467B6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8AFC508B-6B96-479C-A1AC-848EB3F4EFDE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7E3C69-4A2E-4F48-B690-47BEEEF16FF5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9309BDC4-952B-4146-8303-2FDA3F5B218F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3250C2D-C398-4EC9-8A79-85BCF65F6608}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D237BD03-5808-4B64-942D-6746FE50EE66}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8CD0D4F-47B6-4499-AF5A-48446972E058}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEB82BF1-47BB-4863-B85C-77363D3C37D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAE9695A-B942-4C07-B94F-7CFBE3F35A37}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{27B1DED9-7493-4204-AFCE-9AFD4B7FC662}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 3.7.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6] (Already removed - C:\Program Files\SpyLocked 3.7\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.7]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 3.7"=-
Changes for v2.176 - v2.177
- %SYSTEM%\egzcqg.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}"="antiforeigner"
- O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9}]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 6.1.lnk
- %STARTMENU%\MalwareWiped 6.1.lnk
- %STARTMENU%\Programs\MalwareWiped 6.1\
- %DESKTOP%\MalwareWiped 6.1.lnk
- %PROGRAMFILES%\MW\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A3C742D-8A14-4DD6-806C-CAEC606F6F83}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16398BFE-0D35-45A1-AD20-3E5B605D79C5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{347D361F-EC65-450D-9121-AF8E20A3F1C1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E2F7E84-20BA-45FA-A72E-9C09B3891E30}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3F84EE83-FD4B-4223-B76E-F23F645DCCB3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50CE778D-7505-4374-ABDB-99C6A5139374}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58ADBAFD-D14D-49A2-94EC-4FE8165FD336}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6BEAC051-C197-4951-AF23-4B0522F0303D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{768C89B1-97D9-4153-ACB4-A03FBBFDE184}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{98198A41-C7DB-4F67-AF6C-80F90FEFE047}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A13D839A-E2F0-4E33-B615-592F5CCA5B26}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0E59B82-9A6A-4DFC-94EE-1753A82269A8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C70A5BCF-0F65-4F9E-B869-119D60184E1F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DB9996C3-E22F-4096-8349-C3821C08B1E2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5C6D1A4-502C-4EC2-A472-D14BE3311335}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE0BB4EE-ECC6-4696-BED1-A802ACFECA80}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A538B417-2054-4F1D-9843-0BC8F94B9889}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWiped 6.1.exe 6.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWiped 6.1] (C:\Program Files\MW\MalwareWiped 6.1\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWiped 6.1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "MalwareWiped 6.1"=-
Changes for v2.175 - v2.176
- %SYSTEM%\xuoce.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility"
Changes for v2.174 - v2.175
- %WINDIR%\iedns.dll
- %WINDIR%\loader.exe (Already removed)
- %WINDIR%\main_uninstaller.exe (Already removed)
- %WINDIR%\msdn32.dll
- %WINDIR%\msdns.dll
- %WINDIR%\tlhelper.dll
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msdn32.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msdn32.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDNS.MSDNSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}"=- (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msdns"=-
- "iedns"=-
Changes for v2.173 - v2.174
- %WINDIR%\browsers.dll
- %WINDIR%\ieproxy.dll
- %WINDIR%\loader.exe (Already removed)
- %WINDIR%\main_uninstaller.exe (Already removed)
- %WINDIR%\msie.dll
- %WINDIR%\service.dll
- %DESKTOP%\Error Cleaner.lnk (Already removed)
- %DESKTOP%\Privacy Protector.lnk (Already removed)
- %DESKTOP%\Spyware&Malware Protection.lnk (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5574E139-F59C-4bee-9A61-150B0D3A16C7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\browsers.StockBar]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\browsers.ToolBar.1]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDNS.MSDNSApp]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5574E139-F59C-4bee-9A61-150B0D3A16C7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}"=- (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "msie"=-
- "ieproxy"=-
Changes for v2.172 - v2.173
- Update: Generic Renos Fix 1.13
- %SYSTEM%\lcsrsrv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}"="huet"
Changes for v2.171 - v2.172
- %SYSTEM%\ilmpjy.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"
- %SYSTEM%\rcohty.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b23dc537-3e13-44c7-bf67-d8405eb377f7}"="bedstead"
- %SYSTEM%\dxovx.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.6.lnk
- %STARTMENU%\SpyLocked 3.6.lnk
- %STARTMENU%\Programs\SpyLocked 3.6\
- %DESKTOP%\SpyLocked 3.6.lnk
- %PROGRAMFILES%\SpyLocked 3.6\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{062BC936-7CE4-421C-944E-BD388EC91C86}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22F1A770-B823-48D4-8693-B953902A06EF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7A14FD-7FEC-48CF-A06F-210344DE6E75}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41E4ADCD-CCC2-4DA0-97C3-83051A4C35F1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54D2D4FC-914C-432C-B638-599F48D77A08}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F342C0C-EF49-49E2-B3F1-FE28F193B974}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6F61B413-1DFE-4C4C-8CD4-B97BE0B17504}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764CE36A-C778-42A8-B3B2-4B09A4B10469}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87EA76C9-411E-44D0-8270-EA2DF3941133}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94792C8E-6FE0-462C-9D20-AD560608DDA1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{99EAEF8C-652D-407C-8319-781A2BB30FF7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A392D107-AFBF-4E1B-8092-DB508BC890A5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD2AA1CD-22FF-4562-A616-1C64A42985BB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2D197C9-8570-4AC8-A121-92F9A8CCD857}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CBCCB1D8-AB10-4B4C-9982-A8DEA99F3111}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F198A883-6BCF-4B94-A890-D8ED007FBCF7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2DA226F0-FE43-4F80-A94A-1848039DE0DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked 3.6.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked 3.6] (C:\Program Files\SpyLocked 3.6\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked 3.6]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked 3.6"=-
Changes for v2.170 - v2.171
- %SYSTEM%\yuspej.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}"="ephemeran"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.5.lnk
- %STARTMENU%\SpywareLocked 3.5.lnk
- %STARTMENU%\Programs\SpywareLocked 3.5\
- %DESKTOP%\SpywareLocked 3.5.lnk
- %PROGRAMFILES%\SpywareLocked 3.5\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02743820-2E7C-42C6-B60C-726D67379EDB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D8286F5-9606-46C5-89D8-9B6379877732}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{521C4C7E-D2CF-4EB1-A078-6E126269E0AD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{67E054FA-0F1E-4AF8-899B-0B52660D7043}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{697C34C8-BBAC-418C-999A-A5525F4FF8C3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{711C2540-AA7D-4C40-A8C0-9B1BC920378D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80A2BFBD-7906-48EF-9F76-49B9F822393B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87A8C087-37C2-40C4-9CDF-97437A9F54BA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED3825E-77A7-41D4-BDCB-FD8CC2B0D183}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A2E56D03-930A-4BBF-8C8E-4D63D15F88EE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABAE0DAF-A6BA-481F-B3BA-0666D0D1B2EB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5B6AA2C-F0C7-44B9-A861-261958ECD0B8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD8C66A5-617B-4ABF-B56D-F547597FE0FA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D675FD26-7200-466F-A380-182FE49AF8AA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8073D3D-D957-45BE-82CA-BB44FD0E9C4B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF906CF9-6EEB-4626-9A17-2E48C11D2995}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5A74E275-351B-4072-8F0B-CBE2B7231B37}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareLocked 3.5.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked 3.5] (C:\Program Files\SpywareLocked 3.5\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareLocked 3.5]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpywareLocked 3.5"=-
- %PROGRAMFILES%\Video AX Object\
- O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F5D71-99E4-4D96-91CA-F4104F69B8AE}]
- O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0993251-2512-4710-AF6E-0A13EA199D02}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{F0993251-2512-4710-AF6E-0A13EA199D02}"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video AX Object]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert]
- [-HKEY_CURRENT_USER\Software\Protection Tools]
Changes for v2.169 - v2.170
- NTFS Bug Correction
- %SYSTEM%\czxtyx.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"
Changes for v2.168 - v2.169
- %WINDOWS%\dxdiag.dll
- %WINDOWS%\iebrowser.dll
- %WINDOWS%\iecontext.dll
- %WINDOWS%\loader.exe
- %WINDOWS%\main_uninstaller.exe (Already removed)
- %DESKTOP%\Privacy Protector.url
- %DESKTOP%\Spyware&Malware Protection.url
- %DESKTOP%\Error Cleaner.url
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06CB2908-DD90-4293-8C98-9ABA1025F163}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3828496C-9E4F-4278-8C85-0DF3A3CB41EB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477D1353-BA0E-43CC-8F40-DEA6BF81ADEE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BD7DB09-1199-41E2-BE9D-AB1D29DD0C3E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C42E5047-FCAD-4B62-A4B0-1052C76A9E1B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F301710A-1204-44C8-A611-E89E58FEFFDA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VPNS.VPNSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoExtension]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "iebrowser"=-
- "iecontext"=-
Changes for v2.167 - v2.168
- Update: Generic Renos Fix 1.12
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.4.lnk
- %STARTMENU%\SpywareLocked 3.4.lnk
- %STARTMENU%\Programs\SpywareLocked 3.4\
- %DESKTOP%\SpywareLocked 3.4.lnk
- %PROGRAMFILES%\SpywareLocked 3.4\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareLock.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked 3.4] (C:\Program Files\SpywareLocked 3.4\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareLocked 3.4]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpywareLocked 3.4"=-
Changes for v2.166 - v2.167
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brave-Sentry]
- [-HKEY_CURRENT_USER\Software\Brave-Sentry]
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Brave-Sentry"=-
- %SYSTEM%\ygjun.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{abef791f-947e-4cdf-83c3-e72a240afb67}"="frisbee"
Changes for v2.165 - v2.166
- %PROGRAMFILES%\MovieBox\
- %STARTMENU%\Programs\MovieBox\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MovieBox]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieBox] (C:\Program Files\MovieBox\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\MovieBox]
Changes for v2.164 - v2.165
- %SYSTEM%\pkgvyg.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ded443-5e68-4001-a81b-0a0001621ab8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b0ded443-5e68-4001-a81b-0a0001621ab8}"="excreted"
Changes for v2.162 - v2.164
- %WINDOWS%\iesettings.dll
- %WINDOWS%\iesupport.dll
- %WINDOWS%\iedebug.dll
- %WINDOWS%\main_uninstaller.exe
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F90B57B-3F17-4D9B-8909-1A32AFD6EC0C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0D1E98-4FAF-44BD-8ECA-E745820E63DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VPNS.VPNSApp] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FA1AA9E-7ECF-4f3b-AC23-7F09E01298E4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "iesupport"=-
- "iedebug"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{234FF2FC-BB16-4A7C-AC09-A833CB3D56FC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27CF2E73-9839-404B-85A8-8FB7EE27474C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F86727C-57A3-410E-AB91-176730DAEB45}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5D099E3-B033-4DB3-A7A6-465859B7A477}]
- %SYSTEM%\qzviz.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"
- Spy-Locked.exe
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.3.lnk
- %STARTMENU%\SpywareLocked 3.3.lnk
- %STARTMENU%\Programs\SpywareLocked 3.3\
- %DESKTOP%\SpywareLocked 3.3.lnk
- %PROGRAMFILES%\SpywareLocked 3.3\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0118155F-254E-4899-B4B0-C12A7D27BD43}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0F4C207D-8105-4A69-9597-CA35DD7D40E0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1767B8C0-D7CA-4714-B50E-E10883B49423}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{222B2001-A14D-40AB-A97A-866C31E64B6C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38CD31E1-73C2-48C0-B0DF-80BD6BA93F40}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5799265E-3E51-4B72-8420-75A71EE94E26}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{866B2BD1-5F33-4472-80E5-3216A92373E8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9894863A-C28A-4D01-B3C5-E6222A789AFE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2266AD8-EAA6-4934-98E3-34CF67E08374}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC25B50A-E1AE-4345-BB9B-0778DF760BE1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C108A1D9-28AD-40E5-B257-ED9062A14244}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CED85FB9-B4C0-4CFC-A7BE-2C73BAE15D51}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7473324-9D79-45B6-AD7F-333EF7D1A64B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D753CDA9-396B-415B-8379-AAF5902814DA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F33B0E47-DB00-4DF3-B930-A3C558D58B33}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FBC8307B-4BD0-46F1-8350-122585D75DB2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AE68E48B-1A55-49D7-BF9F-A8DFDA47A91F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Spy-Locked.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked 3.3] (C:\Program Files\SpywareLocked 3.3\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareLocked 3.3]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpywareLocked 3.3"=-
Changes for v2.161 - v2.162
- Added: DNS IP to detect: (69.50.x.x, 195.95.x.x)
Changes for v2.159 - v2.161
- Added: Check for DNS Hijack and configure to DHCP
- %SYSTEM%\yronl.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}"="haefner"
Changes for v2.158 - v2.159
- Added: HostsChk.exe (filter for WhiteList hosts)
- %SYSTEM%\oyopu.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"
Changes for v2.157 - v2.158
- Update: Generic Renos Fix 1.11
- %SYSTEM%\qvjpt.dll
- [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{07a582e8-bae3-457d-9d29-2048de45a369}"="grithbreach"
Changes for v2.156 - v2.157
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareLocked 3.2.lnk
- %STARTMENU%\SpywareLocked 3.2.lnk
- %STARTMENU%\Programs\SpywareLocked\
- %DESKTOP%\SpywareLocked.lnk
- %PROGRAMFILES%\SpywareLocked\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{15A6894B-53B5-46C0-8C38-050E21DDD201}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17468406-36B6-4BD1-9B6C-3CC320CF28F6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F3FF99D-E078-4968-B9C1-87A74C7736CB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34A0B812-915E-46F2-9F29-DF0F0CF97611}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46018FD4-1675-4020-85DC-A3A0EEB7BDA0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54F04ACA-CC8C-4C70-A8BC-D5C53D381EE7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{655C070F-6724-45BC-BD5E-23609B6D4A3F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78C9E0DA-3BB5-4156-A03C-8326322F10DD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F21289A-BB27-49E9-92C3-2BF7910B6072}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88C13519-616E-4A0D-B9EF-441D04891B6F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94E13FCA-4BAC-4C2A-A5DF-746460090F9E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CEBEA6DB-DAE7-4146-BABA-1FBCD1D50426}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D152938D-32E1-43A6-81C7-898502AABF9A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD348AC9-1D04-439A-B451-9A83BD66423B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DEB2FC31-CCC1-4D85-869F-D288E2386DBD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F9A34E6B-4C2A-4F58-B302-79CACCD62C5A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0181CF2-4A15-4CB5-88D7-15EAA2D08A46}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpywareLocked.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareLocked] (C:\Program Files\SpywareLocked\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareLocked]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpywareLocked"=-
Changes for v2.155 - v2.156
- Added: Process List
- Added to Process Killed: isamntr.exe, pmmnt.exe, pmsnrr.exe
- %SYSTEM%\AntiSpy.exe
- %SYSTEM%\Spykiller.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "value"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
- "value"=-
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "value"=-
- %SYSTEM%\tahxqcj.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine"
Changes for v2.154 - v2.155
- %SYSTEM%\bhoSearchSpy.dll
- O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\system32\bhoSearchSpy.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5BDC469-1EC5-4193-824B-2E209993D183}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bhoSearchSpy.IESecPlugin]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5BDC469-1EC5-4193-824B-2E209993D183}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE SecPlugin_is1]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwaresWipeds 5.3.lnk
- %STARTMENU%\MalwaresWipeds 5.3.lnk
- %STARTMENU%\Programs\MalwaresWipeds\
- %DESKTOP%\MalwaresWipeds.lnk
- %PROGRAMFILES%\MalwaresWipeds\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DDBC9CF-30B8-8733-7445-754FC2F405F2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07F8DED2-2140-400E-86F3-6C6E5AD2B002}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23BFD4B1-C4EA-453A-89BD-EC9D536891B3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D5B03F2-3D12-4BC2-8A89-8D40AFE15190}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E699B22-FC07-4A9B-B98C-E9B965BFFE7C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{32C42863-E65F-453C-A8FF-60A8F035F57D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{350C54AD-E069-454C-A613-CA8154149E7A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{404A6E3F-1747-4D1B-8285-2C4B8A4B21D4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{776E27AE-419C-4529-9B18-4E71A5EA64A2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BC72975-C801-4534-B103-476EF5D0D17D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BF1461E-228F-4509-8C58-4EB1FBFC19F3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ECD20CF-AF6D-40E1-A1B8-7B6BEABB793E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC158F0C-319D-42A9-8532-134D746D136D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF1A0A91-ABFB-4717-B7B9-D88647EA2529}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C492F812-B194-4C72-81EF-B17D9D973777}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57FD11F-52DA-42F6-B12E-2447593B402B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1B13777-B021-41E1-BFE6-896E5C1CF163}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A366DE26-3628-46F9-9ABA-0BD450247999}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwaresWipeds.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwaresWipeds] (C:\Program Files\MalwaresWipeds\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\MalwaresWipeds]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "MalwaresWipeds"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyHeals 2.3.lnk
- %STARTMENU%\SpyHeals 2.3.lnk
- %STARTMENU%\Programs\SpyHeals\
- %DESKTOP%\SpyHeals.lnk
- %PROGRAMFILES%\SpyHeals\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0CB769E-2057-5D37-EA39-F7F57583005F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A479D87-72AC-4DCE-A3F1-FDC882390F60}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{161D399B-0789-4402-864E-F4347690BD48}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16737204-F9B6-45D0-BA08-EC632ACA96EA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22C0F9FE-1453-4925-A7C9-7D118611770E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37EEB3B8-A21E-4799-9266-9EC7D945674B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3BEE5AE6-A4D8-4FD3-B5D5-1385CEA2A22C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46593BFA-1D7A-4A56-90EE-88E852649F3D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A7CC1B7-3BA5-4CF6-8098-56D315EBEE11}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55DADDE6-2501-415A-BC5F-6F75D6E771C5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6C6E6CB6-8156-4901-AA42-B535181D17A3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{775AD947-7128-4774-8623-55FADB5F74BB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77DF43A0-4CD3-4BE1-B4FC-8B9F3857CBB6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80787CB9-2E40-42BA-927A-C7E09C2C3D2E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8458EDF5-1DFD-4BF0-95AC-1D7463031D92}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5BB6E2B-6CB5-4AAD-AEF7-2484D3E04EEF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7137690-A900-4F77-824E-EC0177D74FD0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BE9DD753-BB1A-4B56-9A06-5BD5E02C90AE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHeals.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyHeals] (C:\Program Files\SpyHeals\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyHeals]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyHeals"=-
Changes for v2.151 - v2.152
- %STARTMENU%\Programs\MovieCommander\
- %PROGRAMFILES%\MovieCommander\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MovieCommander]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MovieCommander] (C:\Program Files\MovieCommander\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\MovieCommander]
- %STARTMENU%\Programs\SiteEntry\
- %PROGRAMFILES%\SiteEntry\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SiteEntry]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteEntry] (C:\Program Files\SiteEntry\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\SiteEntry]
- %SYSTEM%\mshlpp.exe
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ms-wordapp]
- %STARTMENU%\Programs\PrivateVideo\
- %PROGRAMFILES%\PrivateVideo\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PrivateVideo]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrivateVideo] (C:\Program Files\PrivateVideo\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\PrivateVideo]
Changes for v2.150 - v2.151
- %WINDOWS%\iexplorer.exe
- %WINDOWS%\ielocales.dll
- %WINDOWS%\policies.dll
- %WINDOWS%\policyverifier.exe
- %SYSTEM%\policies\
- %SYSTEM%\policies\ppdriver.sys (ppdriver service)
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
- "PolicyVerifier"=-
- O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}]
- O2 - BHO: TMSN Class - {B72549CE-5644-4116-B8A4-A2B042321EC4} - C:\WINDOWS\Policies.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B72549CE-5644-4116-B8A4-A2B042321EC4}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72549CE-5644-4116-B8A4-A2B042321EC4}]
- O2 - BHO: TKTS System - {A717DBE3-D78D-4aa7-BDCF-2CC06B36371B} - C:\WINDOWS\Policies.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A717DBE3-D78D-4aa7-BDCF-2CC06B36371B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A717DBE3-D78D-4aa7-BDCF-2CC06B36371B}]
- O2 - BHO: VPNS System - {366B2151-E1C7-44a3-86A3-E5686C2A3D2F} - C:\WINDOWS\iedrives.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{366B2151-E1C7-44a3-86A3-E5686C2A3D2F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{366B2151-E1C7-44a3-86A3-E5686C2A3D2F}]
- O2 - BHO: MSNM System - {A646CE7E-951E-44d1-B93C-F7136DA41E58} - C:\WINDOWS\ielocales.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A646CE7E-951E-44d1-B93C-F7136DA41E58}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A646CE7E-951E-44d1-B93C-F7136DA41E58}]
- %SYSTEM%\onwtj.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}"="chitosan"
- %SYSTEM%\fyxkaah.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyLocked 3.1.lnk
- %STARTMENU%\SpyLocked 3.1.lnk
- %STARTMENU%\Programs\SpyLocked\
- %DESKTOP%\SpyLocked.lnk
- %PROGRAMFILES%\SpyLocked\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D06E2EAE-1922-4A0B-6A7C-8D9E3DE0E708}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C5B5226-045D-4A46-B4FC-228B0891FEEC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{314120E4-5A05-492C-9BF2-22558CF0F202}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{392D4A36-6ADF-4A99-A820-3014A53E62E3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3BF6C840-4D12-4FB5-88A2-E2BC03461DC2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42F16135-D0A4-43A2-990C-27FCABD9C19F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43DF1CEE-70B3-4E2D-A740-4AC468786207}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D31CCA1-C42B-4796-851F-CA8ED4CD2A7E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CA1A9F6-10F8-4008-B884-755B25B6848A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{630CBF61-54CC-4AC3-97B0-D4071345807C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AFB5B8E-ACFD-4489-91B3-DAA1388A31EC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{815B01A0-BF97-41E9-ACF2-32B76F98A960}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5BF4465-5322-462F-B41F-459F649F3996}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E4703CF2-7F82-4AD7-B317-8EC1CBC9B619}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9817993-83FF-4343-B14E-6CDFB378B21D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EDE2A2B4-B1CB-4BF8-93D1-154E49284A71}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F5D23930-23C6-440E-AB55-D019E1171539}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{50450F27-B90B-422B-A4C9-5EC5A5B78001}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyLocked.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyLocked] (C:\Program Files\SpyLocked\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyLocked]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyLocked"=-
- %SYSTEM%\wincrt.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Windows Critical Alert"=-
Changes for v2.149 - v2.150
- %SYSTEM%\msdrives\
- %SYSTEM%\msdrives\driverpp.sys (driverpp service)
- %WINDOWS%\iedrives.dll
- %WINDOWS%\msdrv.exe
- %WINDOWS%\msdrvctrl.exe
- %PROGRAMFILES%\NewMediaCodec
- %SYSTEM%\drives\
- %SYSTEM%\drives\pnpdrv.sys (pnpdrv service)
- %WINDOWS%\iedrv.exe
- %WINDOWS%\iedrvctrl.exe
- %WINDOWS%\iexploree.dll
- %WINDOWS%\mslog.exe
- %DESKTOP%\PrivacyProtector.url
- %DESKTOP%\SystemDoctor.url
- %DESKTOP%\WinAntiSpyware 2007.url
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5845A98-EBDA-4670-9DE6-5201C506E741}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VPNS.VPNSApp]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5845A98-EBDA-4670-9DE6-5201C506E741}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
- "iedrvctrl"=-
- "ielogger"=-
- "IExplorer"=-
- "msdrvctrl"=-
Changes for v2.147 - v2.148
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoAXObject.Chl]
- O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}]
Changes for v2.145 - v2.147
- %SYSTEM%\geplxss.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"
- %SYSTEM%\tvomnc.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{634be415-da12-496b-b89e-329b73c4807f}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{634be415-da12-496b-b89e-329b73c4807f}"="cam"
Changes for v2.144 - v2.145
- %SYSTEM%\tcpipmon.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "tcpipmon"=-
Changes for v2.143 - v2.144
- %PROGRAMFILES%\Internet Security
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
- "user32.dll"=-
- "rare"=-
Changes for v2.142 - v2.143
- %PROGRAMFILES%\Video Access ActiveX Object
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videoaccessactivex.Chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Access ActiveX Object] (C:\Program Files\Video Access ActiveX Object\uninst.exe)
- %SYSTEM%\higehsg.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "eitheror"="{2016a466-91a2-43c6-97d8-2fd380f065ef}"
- %SYSTEM%\xkrdk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8329660f-e248-4872-98cc-fb9c4fec7ba8}"="didynamia"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "didynamia"="{8329660f-e248-4872-98cc-fb9c4fec7ba8}"
Changes for v2.141 - v2.142
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyDawn 3.1.lnk
- %STARTMENU%\SpyDawn 3.1.lnk
- %STARTMENU%\Programs\SpyDawn\
- %DESKTOP%\SpyDawn.lnk
- %PROGRAMFILES%\SpyDawn\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1DF2728-8510-0773-96D8-5D0C1F27821B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyDawn.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyDawn] (C:\Program Files\SpyDawn\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyDawn]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyDawn"=-
Changes for v2.140 - v2.141
- %SYSTEM%\svshost.dll (Backdoor.Win32.Small.ls)
- %SYSTEM%\wininet.exe (Backdoor.Win32.Small.ls)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7FFD784-5276-42D1-887B-00267870A4C7}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "SysRun"=-
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyCrush 5.1.lnk
- %STARTMENU%\SpyCrush 5.1.lnk
- %STARTMENU%\Programs\SpyCrush\
- %DESKTOP%\SpyCrush.lnk
- %PROGRAMFILES%\SpyCrush\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3820350F-5092-2ADD-8A4C-8DE2C609FAE5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}] (Already removed with SpywareQuake)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyCrush.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyCrush] (C:\Program Files\SpyCrush\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyCrush]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "SpyCrush"=-
Changes for v2.139 - v2.140
- Update: remove from hosts file computing.net, spywareinfo.com,
- lavasoftsupport.com, majorgeeks.com, microsoft.com, pandasoftware.com,
- wilderssecurity.com
- Add: Update mirror
- %WINDOWS%\dr.exe
- %WINDOWS%\user32.exe
- %WINDOWS%\Tasks\At1.job
- %WINDOWS%\Tasks\At2.job
- %PROGRAMFILES%\dr.exe
- %PROGRAMFILES%\dr.exe~
- %PROGRAMFILES%\patcher.exe
- %PROGRAMFILES%\serial.dat
- %PROGRAMFILES%\serial.zip
- %PROGRAMFILES%\user32.exe
- %PROGRAMFILES%\widupdate.exe
- %PROGRAMFILES%\widupdate.exe~
Changes for v2.138 - v2.139
- Update: remove following servers from hosts file:
- arovax.com, bleepingcomputer.com, boskak.za.net, bullguard.com, castlecops.com,
- compu-docs.com, dell.com, depannetonpc.net, digitaltrends.com, ewido.net,
- geekstogo.com, greyknight17.com, idg.pl, infos-du-net.com, innovative-sol.com,
- lockergnome.com, mytechsupport.ca, prevx.com, siri.urz.free.fr, spybot.info,
- stevengould.org, sunbelt-software.com, spywareinfo.dk, superantispyware.com, techguy.org,
- techsupportforum.com, tomcoyote.org
- %SYSTEM%\cwgppb.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "exemplars"="{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"
Changes for v2.137 - v2.138
- Update: Generic Renos Fix
- %SYSTEM%\vblhanf.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "didymiums"="{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVermeans 2.1.lnk
- %STARTMENU%\AntiVermeans 2.1.lnk
- %STARTMENU%\Programs\AntiVermeans\
- %DESKTOP%\AntiVermeans.lnk
- %PROGRAMFILES%\AntiVermeans\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82C9202F-07E7-C95D-0A61-7FCBB3DC4E2A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E109276-830E-4543-980D-660F305D052C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21E5890D-B0C0-43FC-9FFA-971E53757CEC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A7C0BB3-BAB7-4203-BF09-AE0F7187A76B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{349FB887-0A21-47FF-95AD-F311B68E1B0C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{73F1B1C8-D0FF-466A-91C0-2995ECE1D7E7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{796854B1-D0B2-471A-9047-9FAABA829DDD}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B519915-0E5C-429B-AF50-2B1FD12A80C7}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82B8F5FA-8541-4E3E-BB71-9237B638E51C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91251C12-212A-4847-AB34-6C0DE694F83D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92F553B0-3499-4E89-A25D-AB0865DD8A69}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0305F7E-4BEF-49AB-9FC1-3CD0964FEE9E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A426E333-4E91-4995-9662-E709BBDAA549}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6CA4EAC-3168-4F1B-B8CF-84765E1781C8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C24E6ABD-2409-478E-91C2-9AFF9817C10A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E20C255D-E938-49DB-89BA-1A1B27ABDCF3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3A2FFC7-5B66-4150-AA51-5D4CED1E73EB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A4EC679-4D9A-4165-8562-9584E13A9CEA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVermeans.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVermeans] (C:\Program Files\AntiVermeans\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntiVermeans]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiVermeans"=-
Changes for v2.136 - v2.137
- Bug correction in huy32 service detection
- %STARTMENU%\Programs\SpyMarshal\
- %DESKTOP%\SpyMarshal.lnk
- %PROGRAMFILES%\SpyMarshal\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpyMarshal] (C:\Program Files\SpyMarshal\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\Install] (Already removed)
- [-HKEY_CURRENT_USER\Software\SpyMarshal]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "SpyMarshal"=-
Changes for v2.135 - v2.136
- Added: huy32 driver detection.
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWipePro 4.3.lnk
- %STARTMENU%\MalwareWipePro 4.3.lnk
- %STARTMENU%\Programs\MalwareWipePro\
- %DESKTOP%\MalwareWipePro.lnk
- %PROGRAMFILES%\MalwareWipePro\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DFD0A51-6176-5770-217C-A5BCD7E6F3E2}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01AEC716-82E6-4D7D-AAE9-E7A3C77669FC}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{158CB0F8-4E71-483B-8A1F-E5F6A2925186}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43B4B286-7D63-49BF-925C-76DB02FB913C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E308A8E-090D-41D4-9566-0CF5DBCE77BA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B457C20-B311-47D6-8462-2A58D14444F3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6570C315-8FE3-4C92-8772-B2EE963CE446}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D4714BE-DA43-41F5-BCF3-5AEF3C95EC42}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86861886-7780-4650-BFED-60E07AE63ED3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94C6F9C7-CDE7-4E81-A5B0-8245E3001B23}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E0A6A56-E495-41B1-A72C-DDBFF7B1147D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A62C8043-EDE3-45B8-8477-FD77CB8746C6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD9BDAB2-76A9-400C-8F4D-F12733D33526}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C8296F61-C691-498E-A509-C1C0C1A879A9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CCBF4AEA-E9E3-4D8A-9F51-7D20C4415C2C}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D65BDB94-8AE3-4509-B0CA-2AC8A3B758EE}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC780A3C-EE81-47B9-97F0-4886EE215105}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E6CD430B-4CDF-4D5E-9071-16085471B882}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWipePro.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWipePro] (C:\Program Files\MalwareWipePro\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWipePro]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "MalwareWipePro"=-
- %STARTMENU%\Programs\VideoBox\
- %PROGRAMFILES%\VideoBox\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoBox]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoBox] (C:\Program Files\VideoBox\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\VideoBox]
- %PROGRAMFILES%\WinAntiSpyPro\
- mstss.exe
- plugin.exe
- updchk.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "mstss"="C:\Program Files\WinAntiSpyPro\mstss.exe"
- [-HKEY_CURRENT_USER\Software\WinRAR SFX]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpySoldier.lnk
- %USERPROFILE%\Local Settings\Application Data\SpySoldier\
- %ALLUSERSTARTMENU%\Programs\SpySoldier\
- %DESKTOP%\SpySoldier.lnk
- %PROGRAMFILES%\SpySoldier\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpySoldier_is1] (C:\Program Files\SpySoldier\unins000.exe)
- [-HKEY_CURRENT_USER\Software\SpySoldier]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareKnight.lnk
- %USERPROFILE%\Local Settings\Application Data\SpywareKnight\
- %ALLUSERSTARTMENU%\Programs\SpywareKnight\
- %DESKTOP%\SpywareKnight.lnk
- %PROGRAMFILES%\SpywareKnight\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareKnight_is1] (C:\Program Files\SpywareKnight\unins000.exe)
- [-HKEY_CURRENT_USER\Software\SpywareKnight]
- %STARTMENU%\Programs\PestCapture\
- %DESKTOP%\PestCapture.lnk
- %PROGRAMFILES%\PestCapture\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PestCapture] (C:\Program Files\PestCapture\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\Install]
- [-HKEY_CURRENT_USER\Software\PestCapture]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "PestCapture"=-
- O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{84938242-5C5B-4A55-B6B9-A1507543B418}"=-
Changes for v2.134 - v2.135
- Update: Detection of new version of the CTDrive key and drv???.dll
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "ctpmon"=-
Changes for v2.133 - v2.134
- %SYSTEM%\ctpmon.exe
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Svshostt.arty]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "ctpmon"=-
- %SYSTEM%\RegistryCleanerSetup.exe
- %DESKTOP%\Registry Cleaner.lnk
- %STARTMENU%\Programs\Registry Cleaner\
- %PROGRAMFILES%\RegistryCleaner\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegistryCleaner] (C:\Program Files\RegistryCleaner\uninstall.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryCleaner]
Changes for v2.132 - v2.133
- %SYSTEM%\gwquvw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"
- %SYSTEM%\axlet.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "eupeptic"="{8670ee50-01f9-47da-ac1e-cf8549e9e521}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{8670ee50-01f9-47da-ac1e-cf8549e9e521}"="eupeptic"
- %SYSTEM%\oksrqqu.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "breadthes"="{5c4f2cbc-f32d-4a03-9812-86f39379811b}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{5c4f2cbc-f32d-4a03-9812-86f39379811b}"="breadthes"
- %SYSTEM%\nbbrhbd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "hirtellous"="{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVerminser 2.1.lnk
- %STARTMENU%\AntiVerminser 2.1.lnk
- %STARTMENU%\Programs\AntiVerminser\
- %DESKTOP%\AntiVerminser.lnk
- %PROGRAMFILES%\AntiVerminser\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVerminser.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVerminser] (C:\Program Files\AntiVerminser\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\AntiVerminser]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiVerminser"=-
Changes for v2.131 - v2.132
- %SYSTEM%\autosys.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AutoSys"=-
- %FAVORITES%\Online Security Test.url
- %STARTMENU%\Programs\SiteTicket\
- %PROGRAMFILES%\SiteTicket\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SiteTicket]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteTicket] (C:\Program Files\SiteTicket\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\SiteTicket]
- %STARTMENU%\Programs\DirectVideo\
- %PROGRAMFILES%\DirectVideo\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectVideo]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectVideo] (C:\Program Files\DirectVideo\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\DirectVideo]
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiped 5.2.lnk
- %STARTMENU%\MalwareWiped 5.2.lnk
- %STARTMENU%\Programs\MalwareWiped\
- %DESKTOP%\MalwareWiped.lnk
- %PROGRAMFILES%\MalwareWiped\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B5398C2-D494-426C-A32B-4C27687ABE1B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12BFCFD5-4661-430F-A6C9-75CBA2396880}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B845818-D6E1-4B94-B3BE-65B184165B13}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22E02478-B924-4878-B671-6C620BAC5F46}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{314009BF-F3FC-4C90-82E0-2DE859FD1ED8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{363FFCD3-D837-4949-BB15-9FF91D8D3D6F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{434FB119-3862-46DD-A420-D8A1836549E5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{612CA5DF-DDBD-4BA3-BEB6-F879CB521AE0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D5247D5-609B-4C07-A04B-D8EAE34A2E10}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80361051-7283-4C4F-A774-7392FC2B1703}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EB34398-737F-46DD-BC79-FFF8CDE2782A}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1B5425B-9D99-4419-B3E6-24C0944EF382}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B74B7120-D7B8-4BF7-8CC0-8B49196E1642}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0EE9256-C6A0-491D-B28A-48807B5572BF}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2220318-770B-45C7-B2CF-66022CE7E073}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF42E571-31B5-4BF6-B80A-19B83F030DB0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B73CD73D-026D-43A5-97D4-D175A5DEC129}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWiped.exe]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWiped] (C:\Program Files\MalwareWiped\uninst.exe)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWiped]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "MalwareWiped"=-
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VAXObject.Chl]
- %PROGRAMFILES%\Image ActiveX Object\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IAXObject.Chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Image ActiveX Object] (C:\Program Files\Image ActiveX Object\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Key Generator\isaddon.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}]
- O3 - Toolbar: Safety Bar - {fbea0445-4c4a-4136-864a-c72a4a182a84} - C:\Program Files\Safety Bar\SafetyBar.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbea0445-4c4a-4136-864a-c72a4a182a84}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{fbea0445-4c4a-4136-864a-c72a4a182a84}"=-
- O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18668683-731c-48fa-b1b9-ad013748fb00}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{18668683-731c-48fa-b1b9-ad013748fb00}"=-
- O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\VideoKeyCodec\iesplugin.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}"=-
- %SYSTEM%\cthkpcv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "buprestidae"="{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"
- %SYSTEM%\ownyhr.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a4b860b-b18e-4afe-9b26-2a19268eb6be}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "cecropia"="{9a4b860b-b18e-4afe-9b26-2a19268eb6be}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9a4b860b-b18e-4afe-9b26-2a19268eb6be}"="cecropia"
- %SYSTEM%\vwfps.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{951a98d0-dad6-4a77-8280-a494279a884b}"="beeper"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "beeper"="{951a98d0-dad6-4a77-8280-a494279a884b}"
Changes for v2.130 - v2.131
- Update: Generic Renos Fix 1.10
- %SYSTEM%\cvnzie.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe288882-f661-4522-88f3-20cfb7866fa4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{fe288882-f661-4522-88f3-20cfb7866fa4}"="gutturalness"
- %SYSTEM%\hjpprpu.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"
- %SYSTEM%\kuhmk.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"
- AntiVermins changes:
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0A1949AB-8B12-4A6F-9B5D-12D4115CCCEA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1724E437-1FCE-4D21-95E2-6E2452C25628}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1ECABCEE-5F00-449B-BBE3-9C35E160E832}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D652EC7-AF61-487A-B82A-0C4A6A9FF3C8}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{500B879D-86C3-4C45-943F-3FC3BF793B38}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50FE5318-DC2A-440A-AC94-B9041819EE48}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59DAA331-B3F9-408E-81DF-ADE79D129600}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B768BE7-942B-4838-89BF-40AB729A62AB}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C0B132E-86CB-4B3B-9CAF-CB7F57A60C81}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E2412E-3C9A-4EE8-AD97-3ABD95EC49D3}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85524659-53E5-40AF-835B-2F0B8745DF0B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9A9D1422-D311-4673-8579-61FCDB76BD0D}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B6CDDF17-9F1A-47CA-8E3D-FF6BD1B05D3F}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6BD48FC-DD6F-4242-90B0-6CBE4AD43362}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7D22218-EBF0-454C-B948-11BB8FC3118B}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECA8F1E3-C03F-47E6-842D-7B2BCF0445CA}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "AntiVermins"=-
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Antivirus-Golden"=-
Changes for v2.129 - v2.130
- %SYSTEM%\olnohdw.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"
Changes for v2.128 - v2.129
- %SYSTEM%\qrzsyr.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"
- %SYSTEM%\rosdzop.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb720bab-2f75-456b-a850-04d77b20f6b8}
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{bb720bab-2f75-456b-a850-04d77b20f6b8}"="impasse"
- O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt0.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4d74aaa-a178-4463-846b-b4bc87a024e0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d74aaa-a178-4463-846b-b4bc87a024e0}]
- O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}"=-
Changes for v2.127 - v2.128
- SYSTEM%\vcehaeb.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "flammei"="{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"
- %SYSTEM%\xqpauzx.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "blippers"="{f2efa195-4785-4db1-9316-b48c64bb71da}"
- %SYSTEM%\mlraakb.dll"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "gloomily"="{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"
Changes for v2.126 - v2.127
- Now detect and remove: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="kd???.exe"
- O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll
- [-HKEY_CLASSES_ROOT\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}]
- O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\system32\ixt0.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67270207-b9ee-4d26-9270-860fdb060ca1}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67270207-b9ee-4d26-9270-860fdb060ca1}]
Changes for v2.125 - v2.126
- Export of: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="kd???.exe"
- %PROGRAMFILES%\Video ActiveX Object\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object] (C:\Program Files\Video ActiveX Object\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Video ActiveX Object\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object] (C:\Program Files\Video ActiveX Object\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Brain Codec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec] (C:\Program Files\Brain Codec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Key Generator\
- %DESKTOP%\Key Generator.lnk
- %STARTMENU%\Programs\Key Generator\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Key Generator] (C:\Program Files\Key Generator\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\My Pass Generator\
- %DESKTOP%\My Pass Generator.lnk
- %STARTMENU%\Programs\My Pass Generator\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Pass Generator] (C:\Program Files\My Pass Generator\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\VideoAccess\
- %STARTMENU%\Programs\VideoAccess\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoAccess]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoAccess] (C:\Program Files\VideoAccess\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\VideoAccess]
- O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f}-C:\WINDOWS\System32\ixt0.dll
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755bbd1a-aa59-456c-afeb-b4c42c4dcb6f}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{755bbd1a-aa59-456c-afeb-b4c42c4dcb6f}]
Changes for v2.124 - v2.125
- %SYSTEM%\xxfgmy.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "emptins"="{588599f4-de26-4c28-ba14-f4eb17e33481}"
- %SYSTEM%\dbqlrij.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{af4fd984-a939-4c32-82b2-8bae7abe9aec}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{af4fd984-a939-4c32-82b2-8bae7abe9aec}"="benumbment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "benumbment"="{af4fd984-a939-4c32-82b2-8bae7abe9aec}"
- %SYSTEM%\tpedvf.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "expatriates"="{1a01a98c-4f25-42e1-971a-185cf63569b2}"
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk
- %STARTMENU%\Virus-Bursters 6.3.lnk
- %STARTMENU%\Programs\Virus-Bursters\ (Already removed)
- %DESKTOP%\Virus-Bursters.lnk (Already removed)
- %PROGRAMFILES%\Virus-Bursters\ (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{150D28AC-7C2D-4B57-B837-C74DCE7CC728}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{276D86B8-010B-4576-8444-9A670070A3F4}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D9CAF75-4B36-455B-ADEF-0CFD7ADF3154}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{38CD62AA-98AC-4B47-9CB8-8E1F108AD32F}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41F834DA-AF4B-4C04-BD2E-9FA131FF39E5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48CE44BF-E439-46DE-8CD8-88CB5B3D6D6E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F7FA7BF-007C-46E6-A49C-B8E7373C046E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F412259-081E-4B21-815D-93AE1E71AE95}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78EA0C93-1AAA-4922-84F0-42CBA685F6BC}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{887D7071-FB68-49F6-A77C-E12D0A83BF91}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ECEF347-16E8-45B3-BB6D-AE9DDFC4EC11}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EE20753-220C-4A2C-87DC-F86FB78F3774}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A4BB2045-C8B4-4A9F-B509-7A626797B961}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BED38B7D-66E0-47B2-A7EF-8682B62828D6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D87A739B-AD9A-4973-B8C5-9D55B3EC0401}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC6921C1-F723-49C9-B760-274DE8238ED6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters] (C:\Program Files\Virus-Bursters\uninst.exe)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Virus-Bursters"="C:\Program Files\Virus-Bursters\virus-bursters.exe /h"
Changes for v2.123 - v2.124
- O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
- [-HKEY_CLASSES_ROOT\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}]
- O3 - Toolbar: Protection Bar - {74a49269-9779-48b4-a0e6-3a5af2a3ade6} - C:\Programfiler\Perfect Codec\iesplugin.dll
- [-HKEY_CLASSES_ROOT\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74a49269-9779-48b4-a0e6-3a5af2a3ade6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}"=-
- O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
- [-HKEY_CLASSES_ROOT\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{96ebbe6a-2864-4345-b32b-26ee9be524b5}"=-
- %PROGRAMFILES%\Gold Codec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gold Codec] (C:\Program Files\Gold Codec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Silver Codec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Silver Codec] (C:\Program Files\Silver Codec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
Changes for v2.122 - v2.123
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.2.lnk
- %STARTMENU%\Virus-Bursters 6.2.lnk
- %STARTMENU%\Programs\Virus-Bursters\
- %DESKTOP%\Virus-Bursters.lnk
- %PROGRAMFILES%\Virus-Bursters\
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}] (Already removed)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0249BEB1-A2AA-45A3-9EC5-95D9C4A40A62}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{082DA6AF-F994-4C6C-A2B0-DFC3B3FF540A}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C9A71B1-8A8A-48A1-AA3F-0C83CE1C0BBD}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0EF25077-DA22-4FF2-B6FF-6FC1C26F5740}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20DC1F8E-4640-4FFF-9858-05E7B978CC71}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2613CF74-4FC5-4251-9F48-260496364852}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{27D8CD06-82E3-4E1E-8917-86A9B3AE41F6}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CAEFBCD-55A9-4A68-AA02-E69B12B3BE57}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{898272CF-3ACE-4A7B-98FA-9EB8DB8B26DC}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8CBF5BAC-E609-4863-ABC9-68A7BD13B1D0}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9981DDEF-81C4-4CC8-A5F2-62A7912D8037}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CB68DF7-F336-45A2-BDE2-5DCA3998986F}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4BB620F-3AE7-4910-8171-F9FC8120D9EF}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D838D7A3-1551-4B32-BF7A-7F4F769BB885}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E1751F23-00E6-4F6C-AD78-CA7D8A96FD3E}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED639B1F-1B3F-473F-BD8D-6DE9C2D1972A}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\virus-bursters.exe]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus-Bursters] (C:\Program Files\Virus-Bursters\uninst.exe)
- [HKEY_LOCAL_MACHINE\SOFTWARE\Virus-Bursters]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Virus-Bursters"="C:\Program Files\Virus-Bursters\virus-bursters.exe /h"
- %SYSTEM%\dcvwaah.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{40dcff6e-af8d-4183-8ebe-a82270ac449e}"="gimmicks"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "gimmicks"="{40dcff6e-af8d-4183-8ebe-a82270ac449e}"
- %SYSTEM%\fmrmhc.dll
- [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0bad5052-665d-40d4-a9bd-a2891eaafb42}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{0bad5052-665d-40d4-a9bd-a2891eaafb42}"="boucicault"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "boucicault"="{0bad5052-665d-40d4-a9bd-a2891eaafb42}"
- %SYSTEM%\oebxpba.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fc003c3-87a0-489c-85cd-878246eb2d18}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{4fc003c3-87a0-489c-85cd-878246eb2d18}"="amaranthaceous"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "amaranthaceous"="{4fc003c3-87a0-489c-85cd-878246eb2d18}"
Changes for v2.121 - v2.122
- %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWiper 4.3.lnk
- %STARTMENU%\MalwareWiper 4.3.lnk
- %STARTMENU%\Programs\MalwareWiper\
- %DESKTOP%\MalwareWiper.lnk
- %PROGRAMFILES%\MalwareWiper\
- HKLM\SOFTWARE\Classes\AppID\MalwareWipe.EXE (Already removed)
- HKLM\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5} (Already removed)
- HKLM\SOFTWARE\Classes\CLSID\{1FC4ADE1-15D3-057E-81D5-DD934DE6542E}
- HKLM\SOFTWARE\Classes\Interface\{04DA0CE8-87C6-4379-9CBD-5D6E93C919E8}
- HKLM\SOFTWARE\Classes\Interface\{0678CAB9-7825-467E-9310-CDD2DCA855D0}
- HKLM\SOFTWARE\Classes\Interface\{1386F568-F1AB-477D-B69E-31D66B6E4DAA}
- HKLM\SOFTWARE\Classes\Interface\{210E3B48-776B-4F4B-B80A-2BB59F1A676D}
- HKLM\SOFTWARE\Classes\Interface\{2E3C5BE8-3EA7-48A7-97FA-7E2AB0A88392}
- HKLM\SOFTWARE\Classes\Interface\{576BB1E3-B26D-4BCB-A0BD-B49FF2469936}
- HKLM\SOFTWARE\Classes\Interface\{5F8BD6DC-6D30-4A6F-9D07-3822DFA605D7}
- HKLM\SOFTWARE\Classes\Interface\{694E0F65-5EF7-40FB-9412-48AFCE704720}
- HKLM\SOFTWARE\Classes\Interface\{74878382-B258-484B-A614-475D8DCF104B}
- HKLM\SOFTWARE\Classes\Interface\{7B8A51F7-0700-4CEB-978E-E0A3C88CB4B4}
- HKLM\SOFTWARE\Classes\Interface\{87FF9647-1710-4EB6-97C9-65484F9C61E9}
- HKLM\SOFTWARE\Classes\Interface\{A7358DCF-6343-45AE-930D-5C2BB96B9116}
- HKLM\SOFTWARE\Classes\Interface\{B4BFACA9-37BA-45BC-8EE6-6F9910651B0B}
- HKLM\SOFTWARE\Classes\Interface\{BE18EBF9-4F98-4333-8DD2-AEBA2911A80B}
- HKLM\SOFTWARE\Classes\Interface\{DDC17036-3DE8-4FEB-948E-D225CF5BCC95}
- HKLM\SOFTWARE\Classes\Interface\{E8194604-B6D1-4D63-ABC7-8C2D89E6D497}
- HKLM\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400}
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWiper.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWiper] (C:\Program Files\MalwareWiper\uninst.exe)
- HKLM\SOFTWARE\MalwareWiper
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- "MalwareWiper"=-
- %PROGRAMFILES%\JPEG Encoder\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JPEGEncoder.Chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JPEG Encoder] (C:\Program Files\JPEG Encoder\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Perfect Codec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Codec] (C:\Program Files\Perfect Codec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\Super Codec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Codec] (C:\Program Files\Super Codec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
Changes for v2.120 - v2.121
- Update: Bug correction in CTDrive Fix routine (causes a jump to the scan part while fixing)
- O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\QualityCodec\isaddon.dll
- [-HKEY_CLASSES_ROOT\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}]
- O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - C:\Program Files\QualityCodec\isaddon.dll
- [-HKEY_CLASSES_ROOT\CLSID\{2810fba5-55ec-4bee-8263-0e2fa5883768}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2810fba5-55ec-4bee-8263-0e2fa5883768}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2810fba5-55ec-4bee-8263-0e2fa5883768}]
- O2 - BHO: (no name) - {4734044c-7427-43d8-adbe-df942e52bef2} - C:\Program Files\QualityCodec\isaddon.dll (file missing)
- [-HKEY_CLASSES_ROOT\CLSID\{4734044c-7427-43d8-adbe-df942e52bef2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4734044c-7427-43d8-adbe-df942e52bef2}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4734044c-7427-43d8-adbe-df942e52bef2}]
- O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Program Files\QualityCodec\iesplugin.dll
- [-HKEY_CLASSES_ROOT\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
- "{bf1ced2c-4b3f-4079-a330-864eda5a4cff}"=-
- %SYSTEM%\jbtazy.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "featherweed"="{ab340860-fd81-4a65-b345-82eb77a66b5e}"
- %SYSTEM%\cfltygd.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff170564-36c8-43f7-9100-559e166405cf}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{ff170564-36c8-43f7-9100-559e166405cf}"="cussers"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "cussers"="{ff170564-36c8-43f7-9100-559e166405cf}"
Changes for v2.119 - v2.120
- %SYSTEM%\yosdjh.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b28b396b-b9e8-44f5-aa04-ed4f383d79ad}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "anatolian"="{b28b396b-b9e8-44f5-aa04-ed4f383d79ad}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "anatolian"="{b28b396b-b9e8-44f5-aa04-ed4f383d79ad}"
- O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt?.dll
- [-HKEY_CLASSES_ROOT\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84}]
- O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll
- O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\QualityCodec\isaddon.dll
- [-HKEY_CLASSES_ROOT\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{274c0420-ebe0-4f1d-b473-edd1aa9b85dd}]
- %PROGRAMFILES%\QualityCodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QualityCodec] (C:\Program Files\QualityCodec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %USERPROFILE%\StartMenu\Programs\FreeVideo\
- %PROGRAMFILES%\FreeVideo\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeVideo]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeVideo] (C:\Program Files\FreeVideo\Uninstall.exe)
- [-HKEY_CURRENT_USER\Software\FreeVideo]
- %PROGRAMFILES%\EliteCodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteCodec] (C:\Program Files\EliteCodec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
Changes for v2.117 - v2.119
- %PROGRAMFILES%\iVideoCodec\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVZipEnchancer.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecsSoftwarePackage.chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideoCodec] (C:\Program Files\iVideoCodec\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- %PROGRAMFILES%\VidCodecs\
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EMediaCodek.Chl] (Already removed)
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PlayVideoEnchancer.chl]
- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VidCodecs] (C:\Program Files\VidCodecs\uninst.exe)
- [-HKEY_CURRENT_USER\Software\Internet Security] (Already removed)
- Update: Generic Renos Fix 1.9
- %SYSTEM%\sacskza.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01d8d081-0f76-4ab5-b5e4-9b23a709670e}
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "detachments"="{01d8d081-0f76-4ab5-b5e4-9b23a709670e}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{01d8d081-0f76-4ab5-b5e4-9b23a709670e}"="detachments"
- %SYSTEM%\impgsje.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "archenteric"="{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"
- %SYSTEM%\okkmtv.dll
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- "bonspells"="{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
- "{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"