SmitFraudFix

Discussion in 'news, general information and FAQs' started by NICK ADSL UK, Aug 10, 2008.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.334 (August 09, 2008


    Update: 404Fix v1.2

    O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{254B87BB-510D-41FA-A887-52C5FA9BE585}"=-

    %SYSTEM%\ieupdates.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ieupdate"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


    please note this software is to be used under supervision only from a malware specialist
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Re: SmitFraudFix 2.334

    Changelog:
    Version 2.335 (August 11, 2008



    tdssserv.sys Rootkit detection

    %ProgramFiles%\IA\
    %ProgramFiles%\Internet Antivirus\
    %USERPROFILE%\Application Data\Internet Antivirus\
    %ALLUSERPROFILE%\Desktop\Internet Antivirus.lnk
    %ALLUSERPROFILE%\Start Menu\Programs\Internet Antivirus\

    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "iv"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Internet Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "3P_UDEC_IA"=-

    %desktop%\GAY PORN.url
    %desktop%\MASTURBATION VIDS.url
    %ProgramFiles%\PCHealthCenter\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\Win2.exe"=-
    "\Win3.exe"=-
    "\Win4.exe"=-
    "\Win5.exe"=-
    "\Win6.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\Win2.exe"=-
    "\Win3.exe"=-
    "\Win4.exe"=-
    "\Win5.exe"=-
    "\Win6.exe"=-

    %ProgramFiles%\VAV\
    %desktop%\Vista Antivirus 2008.lnk

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.336 (August 13, 2008


    %WINDIR%\buritos.exe
    %WINDIR%\karina.dat

    %SYSTEM%\braviax.exe
    %SYSTEM%\buritos.exe
    %SYSTEM%\karina.dat
    %SYSTEM%\winivstr.exe

    Search and restore infected:
    %SYSTEM%\drivers\beep.sys

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-

    O20 - AppInit_DLLs: C:\WINDOWS\System32\karina.dat


    %AllUserDesktop%\XPSecurityCenter.lnk
    %ALLUSERPROFILE%\Start Menu\Programs\XPSecurityCenter\
    %ProgramFiles%\XPSecurityCenter\
    %SYSTEM%\_scui.cpl

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XP SecurityCenter"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"="0x00000000"
    "FirewallDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter\]

    [HKEY_CURRENT_USER\Control Panel\don't load]
    "scui.cpl"=-
    "wscui.cpl"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ForceClassicControlPanel"=-


    %desktop%\Antivirus Master.lnk
    %ProgramFiles%\AVM\
    %SYSTEM%\avm.cpl

    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\AVM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-


    %desktop%\TheSpyBot.lnk
    %USERPROFILE%\Start Menu\Programs\TheSpyBot\
    %ProgramFiles%\TheSpyBot\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheSpyBot]
    [HKEY_CURRENT_USER\Software\TheSpyBot]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "TheSpyBot"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.337 (August 18, 2008



    Update: 404Fix v1.3

    %Desktop%\FETISH PICS.url

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
    "smile"=-



    Version 2.337 (August 14, 2008

    Update: IEDFix.C 1.1

    O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]

    %SYSTEM%\scui.cpl
    %ProgramFiles%\AV9\
    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
    %USERPROFILE%\Start Menu\Programs\Antivirus 2009\
    %desktop%\Antivirus 2009.lnk

    %SYSTEM%\winsrc.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.339 (August 21, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "buritos"=-

    %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
    %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
    %AllUserDesktop%\Antivirus XP 2008.lnk
    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.342 (August 28, 2008



    %DESKTOP%\Total Secure 2009.lnk
    %USERPROFILE%\Start Menu\Programs\Total Secure 2009.lnk
    %ProgramFiles%\TotalSecure2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Secure 2009]
    [-HKEY_CURRENT_USER\Software\TotalSecure2009]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "TotalSecure2009"=-



    Version 2.341 (August 28, 2008


    %ProgramFiles%\Power-Antivirus-2009\
    %USERPROFILE%\Application Data\Power-Antivirus-2009\
    %USERPROFILE%\Start Menu\Programs\Power-Antivirus-2009\
    %desktop%\Power-Antivirus-2009.lnk

    [-HKEY_CURRENT_USER\Software\Power-Antivirus-2009]


    %ProgramFiles%\RichVideoCodec\ (Already removed)
    %SYSTEM%\RichVideoCodec.dll (Already removed)

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CodecBHO.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e12b39a5-df4a-4f04-a85b-4ecf048e359f}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37b3779-e4f3-424c-a495-a60ea8063476}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65c5ebd-0989-40b5-a2a0-84642539bf82}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E46194A9-C4B1-4C0F-A75E-E9C5BDED7874}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7309FD6-0FD0-459D-A5E8-27D7A23215F1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B648A7F7-DD8F-4535-AFAD-CE5BA0E8320E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink.1]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b3779-e4f3-424c-a495-a60ea8063476}]

    [-HKEY_CURRENT_USER\Software\RichVideoCodec] (Already removed)



    Version 2.340 (August 27, 2008

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\VIE2.exe"=-
    "\VIE3.exe"=-
    "\VIE4.exe"=-
    "\VIE5.exe"=-
    "\VIEA.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\VIE2.exe"=-
    "\VIE3.exe"=-
    "\VIE4.exe"=-
    "\VIE5.exe"=-
    "\VIEA.exe"=-

    %DESKTOP%\EXTREME ****.url
    %DESKTOP%\TITS AND ASS.url
    %SYSTEM%\1.ico
    %SYSTEM%\2.ico
    %SYSTEM%\VIEA.exe
    %SYSTEM%\VIE5.exe
    %SYSTEM%\VIE4.exe
    %SYSTEM%\VIE3.exe
    %SYSTEM%\VIE2.exe

    %WINDOWS%\rvoelbxt.exe

    O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]

    O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BEBF2FE-7248-40E2-9752-8163EB6C4038}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3BEBF2FE-7248-40E2-9752-8163EB6C4038}"=-


    please note this software is to be used under supervision only from a malware specialist

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.346 (September 05, 2008



    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk
    %USERPROFILE%\Start Menu\Programs\Smart Antivirus 2009\
    %DESKTOP%\Smart Antivirus-2009.lnk
    %PROGRAMFILES%\Smart Antivirus 2009\


    [-HKEY_CURRENT_USER\Software\Smart Antivirus 2009]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Smart Antivirus-2009.exe"=-



    Version 2.345 (September 03, 2008


    Update: some malwares definitions and reboot.exe counter.


    %SYSTEM%\Cpl32ver.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cpl32ver"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Somefox"=-


    %DESKTOP%\System Antivirus 2008.lnk
    %PROGRAMFILES%\sav\

    [-HKEY_CURRENT_USER\Software\AntiVirus] (Already removed)
    [-HKEY_CURRENT_USER\Software\SAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=- (Already removed)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=- (Already removed)

    please note this software is to be used under supervision only from a malware specialist

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.347 (September 08, 2008


    %SYSDIR%\c.ico
    %STARTMENU%\VIP Casino.url
    %FAVORITES%\VIP Casino.url
    %DESKTOP%\VIP Casino.url

    %WINDOWS%\mqgldfvo.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\YUR1.exe"=-
    "\YUR2.exe"=-
    "\YUR3.exe"=-
    "\YUR4.exe"=-
    "\YUR5.exe"=-
    "\YUR6.exe"=-
    "\YUR7.exe"=-
    "\YUR8.exe"=-
    "\YURA.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\YUR1.exe"=-
    "\YUR2.exe"=-
    "\YUR3.exe"=-
    "\YUR4.exe"=-
    "\YUR5.exe"=-
    "\YUR6.exe"=-
    "\YUR7.exe"=-
    "\YUR8.exe"=-
    "\YURA.exe"=-

    %DESKTOP%\BEST ZOO PORN.url
    %DESKTOP%\QUALITY PORN.url
    %SYSTEM%\YUR*.exe


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.352 (September 16, 200:cool:


    %SYSTEM%\users64.dat
    %SYSTEM%\sysppu?.dll



    Version 2.351 (September 15, 200:cool:


    O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{144A6B24-0EBC-4D89-BF09-A06A718E57B5}"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk
    %PROGRAMFILES%\VirusResponseLab2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusResponseLab2009]
    [-HKEY_CURRENT_USER\Software\VirusResponseLab2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusResponseLab2009"=-



    Version 2.350 (September 14, 200:cool:


    %SYSTEM%\algg.exe

    O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]

    O3 - Toolbar: Internet Service - {0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Lab 2009 2.1.lnk
    %STARTMENU%\AntiVirus Lab 2009 2.1.lnk
    %STARTMENU%\Programs\AntiVirus Lab 2009 2.1\
    %DESKTOP%\AntiVirus Lab 2009 2.1.lnk
    %PROGRAMFILES%\AntiVirusLab2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirusLab2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirusLab2009]
    [-HKEY_CURRENT_USER\Software\AntiVirusLab2009]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirusLab2009"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-



    Version 2.349 (September 11, 200:cool:


    Update: IEDFix.C 1.3



    Version 2.348 (September 09, 200:cool:


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\MicroAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\MicroAV.cpl
    %DESKTOP%\MicroAntivirus.lnk
    %PROGRAMFILES%\MicroAntivirus\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\XPA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\XPA.cpl
    %DESKTOP%\XPert Antivirus.lnk
    %PROGRAMFILES%\XPA\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\PWA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\PWA.cpl
    %DESKTOP%\Power Antivirus.lnk
    %PROGRAMFILES%\PWA\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\AAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\aav.cpl
    %DESKTOP%\Advanced Antivirus.lnk
    %PROGRAMFILES%\AAV\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\MSx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANTIVIRUS"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANTIVIRUS"=-

    %SYSTEM%\MSx.cpl
    %DESKTOP%\MS Antivirus.lnk
    %PROGRAMFILES%\MSX\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:
    Version 2.356 (October 01, 2008



    Update: VACFix definition




    Version 2.355 (September 24, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cognac"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cognac"=-



    Version 2.354 (September 23, 2008


    %SYSDIR%\m.ico
    %STARTMENU%\Free MP3 Search.url
    %FAVORITES%\Free MP3 Search.url
    %DESKTOP%\Free MP3 Search.url

    %SYSDIR%\p.ico
    %STARTMENU%\Free Porn.url
    %FAVORITES%\Free Porn.url
    %DESKTOP%\Free Porn.url

    %WINDIR%\k.txt


    %SYSTEM%\fbxrqtwn.exe


    %SYSTEM%\MicroAV.cpl
    %DESKTOP%\Micro Antivirus 2009.lnk
    %PROGRAMFILES%\MicroAV\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\uav]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %PROGRAMFILES%\uav\
    %DESKTOP%\Ultimate Antivirus 2008.lnk
    %SYSTEM%\uav.cpl



    Version 2.353 (September 20, 2008



    Added: o4Patch.exe tool to detect infected binaries.

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.359 (October 11, 2008


    %WINDIR%\karna.dat
    %SYSTEM%\brastk.exe
    %SYSTEM%\karna.dat

    O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "brastk"=-



    Version 2.358 (October 10, 2008

    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %PROGRAMFILES%\virusrl2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRL2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRL2009]
    [-HKEY_CURRENT_USER\Software\VirusRL2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusRL2009"=-


    O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]



    Version 2.357 (October 07, 2008


    %STARTMENU%\Programs\av2010\
    %DESKTOP%\av2010.lnk
    %PROGRAMFILES%\av2010\

    %SYSTEM%\IEDefender.dll
    %SYSTEM%\wingamma.exe

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEDefender.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO.1]
    [-HKEY_CURRENT_USER\Software\AV2010]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Gamma Display"=-



    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  12. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.360 (October 14, 2008


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %PROGRAMFILES%\virrl2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirRL2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirRL2009]
    [-HKEY_CURRENT_USER\Software\VirRL2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirRL2009\VirRL2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirRL2009\VirRL2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirRL2009"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  13. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.365 (October 18, 2008


    %USERPROFILE%\Application Data\spyprotector\
    %USERPROFILE%\Application Data\install.exe
    %USERPROFILE%\Application Data\shellex.dll
    %USERPROFILE%\Application Data\srcss.exe
    %ALLUSERSTARTMENU%\Programs\spy protector\
    %DESKTOP%\spy protector.lnk
    %PROGRAMFILES%\spy protector\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex.TBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SpyProtector]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spy Protector"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{107A1D63-2EAA-4694-8ABA-EC209C630D83}"=-



    Version 2.364 (October 18, 2008


    %HOMEDRIVE%\resycled
    %HOMEDRIVE%\autorun.inf

    Restoring infected %SYSTEM%\userinit.exe

    %USERSTARTMENU%\Programs\Pornovid\
    %PROGRAMFILES%\Pornovid
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pornovid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pornovid]
    [-HKEY_CURRENT_USER\Software\Pornovid]



    Version 2.363 (October 17, 2008


    %ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
    %ALLUSERDESKTOP%\PC Protection Center 2008.lnk
    %PROGRAMFILES%\PC Protection Center 2008\
    %SYSTEM%\vbzlib2.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Protection Center"=-


    %WINDOWS%\ieguard.dll
    %WINDOWS%\sysguard\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
    [-HKEY_CURRENT_USER\Software\sysguard]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"=-



    Version 2.362 (October 16, 2008

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
    [-HKEY_CURRENT_USER\Software\VirusRemover2008]
    [-HKEY_CURRENT_USER\{5222008A-DD62-49c7-A735-7BD18ECC7350}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VirusRemover2008"=-

    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk
    %USERPROFILE%\Application Data\virusremover2008\
    %STARTMENU%\Programs\virusremover2008\
    %DESKTOP%\virusremover2008.lnk
    %PROGRAMFILES%\virusremover2008\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  14. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.367 (October 26, 2008


    %SYSTEM%\ntload.dll
    %SYSTEM%\sex1.ico.tmp
    %SYSTEM%\sex2.ico.tmp
    %SYSTEM%\update32.exe.tmp
    %SYSTEM%\winupdate.exe
    %SYSTEM%\wscmp.dll.tmp
    %DESKTOP%\Uncensored porn.url
    %DESKTOP%\BDSM galleries.url

    %SYSTEM%\winupdate.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "run"=-



    %PROGRAMFILES%\VResLab\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VResLab]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VResLab]
    [-HKEY_CURRENT_USER\Software\VResLab]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VResLab\VResLab.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VResLab\VResLab.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VResLab"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  15. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.368 (October 28, 2008


    %DESKTOP%\SMS TRAP.url
    %FAVORITES%\SMS TRAP.url
    %STARTMENU%\SMS TRAP.url
    %SYSTEM%\p.ico

    %DESKTOP%\AntiVirus Sentry.lnk
    %PROGRAMFILES%\AVS\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVS]
    [-HKEY_CURRENT_USER\Software\AVS]
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  16. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.369 (October 30, 2008


    %USERSTARTMENU%\Programs\WinDefender 2009.lnk
    %DESKTOP%\WinDefender 2009.lnk
    %PROGRAMFILES%\WinDefender

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDefender 2009]
    [-HKEY_CURRENT_USER\Software\WinDefender2009]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WinDefender2009"



    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  17. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:
    Version 2.373 (November 06, 2008



    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard]
    [-HKEY_CURRENT_USER\Software\Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "spywareguard"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "OLESys"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Explorer"=-

    %USERSTARTMENU%\Programs\Spyware Guard 2008\
    %PROGRAMFILES%\Spyware Guard 2008\

    %allusersprofile%\Application Data\Microsoft\Internet Explorer\olesys.dll
    %allusersprofile%\Application Data\Microsoft\Protect\conf.sys
    %allusersprofile%\Application Data\Microsoft\Protect\ie.dll
    %allusersprofile%\Application Data\Microsoft\Protect\svhost.exe
    %allusersprofile%\Application Data\Microsoft\Protect\track.sys
    %allusersprofile%\Application Data\winlogon.exe
    %DESKTOP%\Spyware Guard 2008.lnk
    %WINDOWS%\reged.exe
    %WINDOWS%\spoolsystem.exe
    %WINDOWS%\sys.com
    %WINDOWS%\syscert.exe
    %WINDOWS%\sysexplorer.exe
    %WINDOWS%\vmreg.dll
    %SYSTEM%\wsc32x.exe



    Version 2.372 (November 06, 2008


    Removed: AntiXPVSTFix tool



    Version 2.371 (October 31, 2008


    %USERSTARTMENU%\Programs\sexvid\
    %PROGRAMFILES%\sexvid\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sexvid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sexvid]
    [-HKEY_CURRENT_USER\Software\sexvid]


    %TEMP%\winlogon.exe
    %SYSTEM%\msansspc.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Firewall auto setup"

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  18. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.375 (November 12, 2008


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
    %STARTMENU%\VirusTrigger 2.1.lnk
    %STARTMENU%\Programs\VirusTriggerBin\
    %DESKTOP%\VirusTrigger 2.1.lnk
    %PROGRAMFILES%\VirusTriggerBin\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin]
    [-HKEY_CURRENT_USER\Software\VirusTriggerBin]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusTriggerBin"=-



    Version 2.374 (November 09, 2008


    %PROGRAMFILES%\Google\googletoolbar1.dll
    %PROGRAMFILES%\Google\setupcom.dat
    %PROGRAMFILES%\Google\setupext.dat
    %SYSTEM%\crypts.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]


    O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710DF42-3171-4A3B-9079-3F7D7101552B}]

    O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  19. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.376 (November 20, 2008


    %PROGRAMFILES%\msvideoplugin\
    %PROGRAMFILES%\homeview\
    %STARTMENU%\Programs\homeview\


    %SYSTEM%\mws55681.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]


    %SYSTEM%\msiconf.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msiexec.exe"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\antivirustrigger 2.1.lnk
    %STARTMENU%\antivirustrigger 2.1.lnk
    %STARTMENU%\Programs\antivirustrigger 2.1\
    %DESKTOP%\antivirustrigger 2.1.lnk
    %PROGRAMFILES%\virtrigger\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirTrigger]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirTrigger]
    [-HKEY_CURRENT_USER\Software\VirTrigger]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirTrigger\VirTrigger.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirTrigger\VirTrigger.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirTrigger"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  20. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:
    Version 2.383 (December 10, 2008



    %PROGRAMFILES%\vrl32software\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{305043E5-F9D9-4B3A-A618-C4D0DA8031CE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{536CBA8A-9DB6-45CF-8D65-F486C49242D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B3A0AA5C-9FA3-408D-8193-2A948EF51D2D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vrl32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vrl32]
    [-HKEY_CURRENT_USER\Software\vrl32]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\vrl32software\vrl32.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\vrl32software\vrl32.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "vrl32"=-



    Version 2.382 (December 9, 2008


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Smax4"=-

    %USERPROFILE%\Application Data\Google\kjzna1562565.exe
    %USERPROFILE%\Application Data\Google\spcffwl.dll



    Version 2.381 (December 3, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
    "QuickTime Task"=-
    "VMware hptray"=-


    %PROGRAMFILES%\avrlabs\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\avrlabs]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avrlabs]
    [-HKEY_CURRENT_USER\Software\avrlabs]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\avrlabs\avrlabs.exe"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    "C:\Program Files\avrlabs\avrlabs.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "avrlabs"=-



    Version 2.380 (November 30, 2008


    %PROGRAMFILES%\WebMediaViewer\

    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

    O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}]


    %PROGRAMFILES%\AnvTrgrsoftware\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C8B2A9C-24A0-4991-A74B-1E4931BD3A57}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAE92F67-539C-41CD-9183-162BB40AAA0C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AnvTrgrsoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnvTrgrsoft]
    [-HKEY_CURRENT_USER\Software\AnvTrgrsoft]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AnvTrgr"=-



    Version 2.379 (November 29, 2008

    Update: IEDFix.C 1.12



    Version 2.378 (November 24, 2008

    %PROGRAMFILES%\AvirTrsoftware\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft]
    [-HKEY_CURRENT_USER\Software\AvirTrsoft]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AvirTr"=-



    Version 2.377 (November 21, 2008


    %PROGRAMFILES%\WMVideoPlugin\
    %SYSTEM%\mws31209.dll
    %SYSTEM%\ws31209.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
    [-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C77BD12E-4A3C-33E3-858C-F2D04591C6B5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BB62EE8-3528-39F7-9070-F9F0C09329D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  21. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.388 (December 31, 2008


    %STARTMENU%\Programs\videosoft\
    %PROGRAMFILES%\videosoft\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videosoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft]
    [-HKEY_CURRENT_USER\Software\videosoft]


    %PROGRAMFILES%\Total Protect 2009\
    %ALLUSERPROFILE%\StartMenu\Programs\Total Protect 2009\
    %ALLUSERPROFILE%\Desktop\Run Total Protect 2009.lnk

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\totalprotect]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Total Protect 2009"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  22. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.394 (February 8, 2009)



    %PROGRAMFILES%\freshplay\
    %STARTMENU%\Programs\freshplay

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
    [-HKEY_CURRENT_USER\SOFTWARE\freshplay]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    %ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
    [-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MS AntiSpyware 2009"=-



    Version 2.393 (February 7, 2009)

    %WINDOWS%\sysguard.exe
    %SYSTEM%\iehelper.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
    [-HKEY_CURRENT_USER\Software\AvScan]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "sysguard"=-



    Version 2.392 (January 27, 2009)


    %SYSTEM%\winsystems.dll

    %STARTMENU%\Programs\IE-Security.lnk
    %DESKTOP%\IE-Security.lnk
    %PROGRAMFILES%\IE-Security\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security]
    [-HKEY_CURRENT_USER\Software\IE-Security]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "IE-Security"=-

    %STARTMENU%\XP Police Antivirus.lnk
    %DESKTOP%\XP Police Antivirus.lnk
    %PROGRAMFILES%\XPPoliceAntivirus\

    [-HKEY_CURRENT_USER\Software\XP Police Antivirus]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "PoliceAV"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  23. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.398 (February 19, 2009)



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Internet Agent"=-
    %SYSTEM%\winagent.exe


    %PROGRAMFILES%\HDQuality\
    %STARTMENU%\Programs\HDQuality\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HDQuality]
    [-HKEY_CURRENT_USER\SOFTWARE\HDQuality]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]



    Version 2.397 (February 16, 2009)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "[IA3_]"=-

    %WINDOWS%\iehost.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c7290a-157b-4f43-b109-97e792c598ed}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A10FC9B-8D76-4E95-A9BE-ACDA2F665C30}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c7290a-157b-4f43-b109-97e792c598ed}]



    Version 2.396 (February 15, 2009)


    %PROGRAMFILES%\CMVideoPlugin

    %PROGRAMFILES%\SmitFraudFixTool\
    %ALLUSERDESKTOP%\SmitFraudFixTool.lnk
    %USERPROFILE%\\Application Data\SmitFraudFixTool\
    %ALLUSERSTARTMENU%\Programs\SmitFraudFixTool\

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SmitFraudFixTool"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EE433D-A290-4811-B562-8A1878AEE706}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{10EE433D-A290-4811-B562-8A1878AEE706}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB63BB6D-4A8A-4E69-9F4B-E099C874A2AA}]
    [-HKEY_CURRENT_USER\Software\SmitFraudFixTool]



    Version 2.395 (February 9, 2009)


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "systeminit.exe"=-



    Version 2.394 (February 8, 2009)


    %PROGRAMFILES%\freshplay\
    %STARTMENU%\Programs\freshplay

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
    [-HKEY_CURRENT_USER\SOFTWARE\freshplay]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    %ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
    [-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MS AntiSpyware 2009"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  24. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.399 (March 04, 2009)


    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WmpTray"=-

    %PROGRAMFILES%\MediaSystem\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  25. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Changelog:

    Version 2.405 (March 18, 2009)


    %WINDIR%\ieocx.dll
    [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]


    %DESKTOP%\WinPC Defender.lnk
    %STARTMENU%\WinPC Defender.lnk

    [-HKEY_CURRENT_USER\Software\WinPC Defender]


    %SYSTEM%\rs32net.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "rs32net"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "rs32net"=-


    [-HKEY_CURRENT_USER\Software\renus2008]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "renus2008.exe"=-



    Version 2.404 (March 16, 2009)


    %USERPROFILE%\Application Data\sysrc32.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Win32load"=-



    Version 2.403 (March 12, 2009)


    %ProgramFiles%\AntiSpyware Pro

    %PROGRAMFILES%\RegistryFox\
    %ALLUSERDESKTOP%\RegistryFox.lnk
    %USERPROFILE%\Application Data\RegistryFox\
    %ALLUSERSTARTMENU%\Programmes\RegistryFox\

    [-HKEY_CURRENT_USER\SOFTWARE\RegistryFox]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6B4F6929EB6FE0E458263EBA6AF2EB30]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6B4F6929EB6FE0E458263EBA6AF2EB30]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryFox]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9296F4B6-F6BE-4E0E-8562-E3ABA62FBE03}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryFox"=-



    Version 2.402 (March 11, 2009)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="Explorer.exe svchostw.exe"

    %SYSTEM%\svchostw.exe



    Version 2.401 (March 09, 2009)

    %WINDOWS%\ld01.exe
    %WINDOWS%\ld02.exe
    %WINDOWS%\pp2.exe
    %SYSTEM%\dll32.exe
    %SYSTEM%\dll32.dll


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dll"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysldtray"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pp"=-

    %STARTMENU%\Programs\Malware Defender 2009\
    %DESKTOP%\Malware Defender 2009.lnk
    %PROGRAMFILES%\Malware Defender 2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "malwaredef"=-


    %STARTMENU%\Programs\System Guard 2009\
    %DESKTOP%\System Guard 2009.lnk
    %PROGRAMFILES%\System Guard 2009\
    %ALLUSERSPROFILE%\Application Data\Microsoft\Network\DLLs\iemodule.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "systemguard"=-



    Version 2.400 (March 05, 2009)


    %WINDOWS%\iehost32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
Thread Status:
Not open for further replies.