SmitFraudFix

Discussion in 'spyware news and general information' started by NICK ADSL UK, Aug 10, 2008.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.334 (August 09, 2008


    Update: 404Fix v1.2

    O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{254B87BB-510D-41FA-A887-52C5FA9BE585}"=-

    %SYSTEM%\ieupdates.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ieupdate"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


    please note this software is to be used under supervision only from a malware specialist
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Re: SmitFraudFix 2.334

    Changelog:
    Version 2.335 (August 11, 2008



    tdssserv.sys Rootkit detection

    %ProgramFiles%\IA\
    %ProgramFiles%\Internet Antivirus\
    %USERPROFILE%\Application Data\Internet Antivirus\
    %ALLUSERPROFILE%\Desktop\Internet Antivirus.lnk
    %ALLUSERPROFILE%\Start Menu\Programs\Internet Antivirus\

    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iGSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iMSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iPSh.png
    %USERPROFILE%\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "iv"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Internet Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "3P_UDEC_IA"=-

    %desktop%\GAY PORN.url
    %desktop%\MASTURBATION VIDS.url
    %ProgramFiles%\PCHealthCenter\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\Win2.exe"=-
    "\Win3.exe"=-
    "\Win4.exe"=-
    "\Win5.exe"=-
    "\Win6.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\Win2.exe"=-
    "\Win3.exe"=-
    "\Win4.exe"=-
    "\Win5.exe"=-
    "\Win6.exe"=-

    %ProgramFiles%\VAV\
    %desktop%\Vista Antivirus 2008.lnk

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.336 (August 13, 2008


    %WINDIR%\buritos.exe
    %WINDIR%\karina.dat

    %SYSTEM%\braviax.exe
    %SYSTEM%\buritos.exe
    %SYSTEM%\karina.dat
    %SYSTEM%\winivstr.exe

    Search and restore infected:
    %SYSTEM%\drivers\beep.sys

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "braviax"=-

    O20 - AppInit_DLLs: C:\WINDOWS\System32\karina.dat


    %AllUserDesktop%\XPSecurityCenter.lnk
    %ALLUSERPROFILE%\Start Menu\Programs\XPSecurityCenter\
    %ProgramFiles%\XPSecurityCenter\
    %SYSTEM%\_scui.cpl

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XP SecurityCenter"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"="0x00000000"
    "FirewallDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter\]

    [HKEY_CURRENT_USER\Control Panel\don't load]
    "scui.cpl"=-
    "wscui.cpl"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ForceClassicControlPanel"=-


    %desktop%\Antivirus Master.lnk
    %ProgramFiles%\AVM\
    %SYSTEM%\avm.cpl

    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\AVM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-


    %desktop%\TheSpyBot.lnk
    %USERPROFILE%\Start Menu\Programs\TheSpyBot\
    %ProgramFiles%\TheSpyBot\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TheSpyBot]
    [HKEY_CURRENT_USER\Software\TheSpyBot]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "TheSpyBot"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.337 (August 18, 2008



    Update: 404Fix v1.3

    %Desktop%\FETISH PICS.url

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
    "smile"=-



    Version 2.337 (August 14, 2008

    Update: IEDFix.C 1.1

    O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300CF5C9-F02D-4CB8-ABED-9C229DA56825}]

    %SYSTEM%\scui.cpl
    %ProgramFiles%\AV9\
    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
    %USERPROFILE%\Start Menu\Programs\Antivirus 2009\
    %desktop%\Antivirus 2009.lnk

    %SYSTEM%\winsrc.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}]


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.339 (August 21, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "buritos"=-

    %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008\
    %ALLUSERPROFILE%\Start Menu\Programs\Antivirus XP 2008.lnk
    %AllUserDesktop%\Antivirus XP 2008.lnk
    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    please note this software is to be used under supervision only from a malware specialist
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.342 (August 28, 2008



    %DESKTOP%\Total Secure 2009.lnk
    %USERPROFILE%\Start Menu\Programs\Total Secure 2009.lnk
    %ProgramFiles%\TotalSecure2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Secure 2009]
    [-HKEY_CURRENT_USER\Software\TotalSecure2009]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "TotalSecure2009"=-



    Version 2.341 (August 28, 2008


    %ProgramFiles%\Power-Antivirus-2009\
    %USERPROFILE%\Application Data\Power-Antivirus-2009\
    %USERPROFILE%\Start Menu\Programs\Power-Antivirus-2009\
    %desktop%\Power-Antivirus-2009.lnk

    [-HKEY_CURRENT_USER\Software\Power-Antivirus-2009]


    %ProgramFiles%\RichVideoCodec\ (Already removed)
    %SYSTEM%\RichVideoCodec.dll (Already removed)

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CodecBHO.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{e12b39a5-df4a-4f04-a85b-4ecf048e359f}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a37b3779-e4f3-424c-a495-a60ea8063476}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65c5ebd-0989-40b5-a2a0-84642539bf82}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E46194A9-C4B1-4C0F-A75E-E9C5BDED7874}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E7309FD6-0FD0-459D-A5E8-27D7A23215F1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B648A7F7-DD8F-4535-AFAD-CE5BA0E8320E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.CodecPlugin.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CodecBHO.XMLDOMDocumentEventsSink.1]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b3779-e4f3-424c-a495-a60ea8063476}]

    [-HKEY_CURRENT_USER\Software\RichVideoCodec] (Already removed)



    Version 2.340 (August 27, 2008

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\VIE2.exe"=-
    "\VIE3.exe"=-
    "\VIE4.exe"=-
    "\VIE5.exe"=-
    "\VIEA.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\VIE2.exe"=-
    "\VIE3.exe"=-
    "\VIE4.exe"=-
    "\VIE5.exe"=-
    "\VIEA.exe"=-

    %DESKTOP%\EXTREME ****.url
    %DESKTOP%\TITS AND ASS.url
    %SYSTEM%\1.ico
    %SYSTEM%\2.ico
    %SYSTEM%\VIEA.exe
    %SYSTEM%\VIE5.exe
    %SYSTEM%\VIE4.exe
    %SYSTEM%\VIE3.exe
    %SYSTEM%\VIE2.exe

    %WINDOWS%\rvoelbxt.exe

    O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BD44AB1-76A7-4E05-92F4-4B065FE72BD6}]

    O3 - Toolbar: Internet Service - {3BEBF2FE-7248-40E2-9752-8163EB6C4038} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BEBF2FE-7248-40E2-9752-8163EB6C4038}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3BEBF2FE-7248-40E2-9752-8163EB6C4038}"=-


    please note this software is to be used under supervision only from a malware specialist

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.346 (September 05, 2008



    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk
    %USERPROFILE%\Start Menu\Programs\Smart Antivirus 2009\
    %DESKTOP%\Smart Antivirus-2009.lnk
    %PROGRAMFILES%\Smart Antivirus 2009\


    [-HKEY_CURRENT_USER\Software\Smart Antivirus 2009]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Smart Antivirus-2009.exe"=-



    Version 2.345 (September 03, 2008


    Update: some malwares definitions and reboot.exe counter.


    %SYSTEM%\Cpl32ver.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cpl32ver"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Somefox"=-


    %DESKTOP%\System Antivirus 2008.lnk
    %PROGRAMFILES%\sav\

    [-HKEY_CURRENT_USER\Software\AntiVirus] (Already removed)
    [-HKEY_CURRENT_USER\Software\SAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=- (Already removed)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=- (Already removed)

    please note this software is to be used under supervision only from a malware specialist

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.347 (September 08, 2008


    %SYSDIR%\c.ico
    %STARTMENU%\VIP Casino.url
    %FAVORITES%\VIP Casino.url
    %DESKTOP%\VIP Casino.url

    %WINDOWS%\mqgldfvo.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\YUR1.exe"=-
    "\YUR2.exe"=-
    "\YUR3.exe"=-
    "\YUR4.exe"=-
    "\YUR5.exe"=-
    "\YUR6.exe"=-
    "\YUR7.exe"=-
    "\YUR8.exe"=-
    "\YURA.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "\YUR1.exe"=-
    "\YUR2.exe"=-
    "\YUR3.exe"=-
    "\YUR4.exe"=-
    "\YUR5.exe"=-
    "\YUR6.exe"=-
    "\YUR7.exe"=-
    "\YUR8.exe"=-
    "\YURA.exe"=-

    %DESKTOP%\BEST ZOO PORN.url
    %DESKTOP%\QUALITY PORN.url
    %SYSTEM%\YUR*.exe


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.352 (September 16, 200:cool:


    %SYSTEM%\users64.dat
    %SYSTEM%\sysppu?.dll



    Version 2.351 (September 15, 200:cool:


    O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{144A6B24-0EBC-4D89-BF09-A06A718E57B5}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{144A6B24-0EBC-4D89-BF09-A06A718E57B5}"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk
    %PROGRAMFILES%\VirusResponseLab2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusResponseLab2009]
    [-HKEY_CURRENT_USER\Software\VirusResponseLab2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusResponseLab2009\VirusResponseLab2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusResponseLab2009"=-



    Version 2.350 (September 14, 200:cool:


    %SYSTEM%\algg.exe

    O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CFEE97A3-4911-444D-8BE8-E243A23D3DE2}]

    O3 - Toolbar: Internet Service - {0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0CF79C5F-22AB-4E2A-82A5-BC9F4F3D4F87}"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Lab 2009 2.1.lnk
    %STARTMENU%\AntiVirus Lab 2009 2.1.lnk
    %STARTMENU%\Programs\AntiVirus Lab 2009 2.1\
    %DESKTOP%\AntiVirus Lab 2009 2.1.lnk
    %PROGRAMFILES%\AntiVirusLab2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVirusLab2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirusLab2009]
    [-HKEY_CURRENT_USER\Software\AntiVirusLab2009]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AntiVirusLab2009"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AntiVirusLab2009\AntiVirusLab2009.exe"=-



    Version 2.349 (September 11, 200:cool:


    Update: IEDFix.C 1.3



    Version 2.348 (September 09, 200:cool:


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\MicroAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\MicroAV.cpl
    %DESKTOP%\MicroAntivirus.lnk
    %PROGRAMFILES%\MicroAntivirus\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\XPA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\XPA.cpl
    %DESKTOP%\XPert Antivirus.lnk
    %PROGRAMFILES%\XPA\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\PWA]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\PWA.cpl
    %DESKTOP%\Power Antivirus.lnk
    %PROGRAMFILES%\PWA\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\AAV]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %SYSTEM%\aav.cpl
    %DESKTOP%\Advanced Antivirus.lnk
    %PROGRAMFILES%\AAV\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\MSx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANTIVIRUS"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ANTIVIRUS"=-

    %SYSTEM%\MSx.cpl
    %DESKTOP%\MS Antivirus.lnk
    %PROGRAMFILES%\MSX\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:
    Version 2.356 (October 01, 2008



    Update: VACFix definition




    Version 2.355 (September 24, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cognac"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cognac"=-



    Version 2.354 (September 23, 2008


    %SYSDIR%\m.ico
    %STARTMENU%\Free MP3 Search.url
    %FAVORITES%\Free MP3 Search.url
    %DESKTOP%\Free MP3 Search.url

    %SYSDIR%\p.ico
    %STARTMENU%\Free Porn.url
    %FAVORITES%\Free Porn.url
    %DESKTOP%\Free Porn.url

    %WINDIR%\k.txt


    %SYSTEM%\fbxrqtwn.exe


    %SYSTEM%\MicroAV.cpl
    %DESKTOP%\Micro Antivirus 2009.lnk
    %PROGRAMFILES%\MicroAV\


    [-HKEY_CURRENT_USER\Software\AntiVirus]
    [-HKEY_CURRENT_USER\Software\uav]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Antivirus"=-

    %PROGRAMFILES%\uav\
    %DESKTOP%\Ultimate Antivirus 2008.lnk
    %SYSTEM%\uav.cpl



    Version 2.353 (September 20, 2008



    Added: o4Patch.exe tool to detect infected binaries.

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  11. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.359 (October 11, 2008


    %WINDIR%\karna.dat
    %SYSTEM%\brastk.exe
    %SYSTEM%\karna.dat

    O20 - AppInit_DLLs: C:\WINDOWS\System32\karna.dat

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "brastk"=-



    Version 2.358 (October 10, 2008

    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %PROGRAMFILES%\virusrl2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VRLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRL2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0DCD4F35-9FD5-420b-A9AA-FED0E2AECEE0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRL2009]
    [-HKEY_CURRENT_USER\Software\VirusRL2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusRL2009\VirusRL2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusRL2009"=-


    O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]



    Version 2.357 (October 07, 2008


    %STARTMENU%\Programs\av2010\
    %DESKTOP%\av2010.lnk
    %PROGRAMFILES%\av2010\

    %SYSTEM%\IEDefender.dll
    %SYSTEM%\wingamma.exe

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEDefender.DLL]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEDefender.IEDefenderBHO.1]
    [-HKEY_CURRENT_USER\Software\AV2010]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Gamma Display"=-



    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  12. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.360 (October 14, 2008


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %STARTMENU%\Programs\VirusResponse Lab 2009 2.1\ (Already removed)
    %DESKTOP%\VirusResponse Lab 2009 2.1.lnk (Already removed)
    %PROGRAMFILES%\virrl2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5734812-E6A1-8833-ECA9-949B5B8A88BF}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirRLWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirRL2009]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirRL2009]
    [-HKEY_CURRENT_USER\Software\VirRL2009]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirRL2009\VirRL2009.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirRL2009\VirRL2009.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirRL2009"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  13. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.365 (October 18, 2008


    %USERPROFILE%\Application Data\spyprotector\
    %USERPROFILE%\Application Data\install.exe
    %USERPROFILE%\Application Data\shellex.dll
    %USERPROFILE%\Application Data\srcss.exe
    %ALLUSERSTARTMENU%\Programs\spy protector\
    %DESKTOP%\spy protector.lnk
    %PROGRAMFILES%\spy protector\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{107A1D63-2EAA-4694-8ABA-EC209C630D83}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Spy Protector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shellex.TBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\srcss.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBE202A6-3B75-4189-B161-9B4DF370BEE9}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\SpyProtector]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spy Protector"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{107A1D63-2EAA-4694-8ABA-EC209C630D83}"=-



    Version 2.364 (October 18, 2008


    %HOMEDRIVE%\resycled
    %HOMEDRIVE%\autorun.inf

    Restoring infected %SYSTEM%\userinit.exe

    %USERSTARTMENU%\Programs\Pornovid\
    %PROGRAMFILES%\Pornovid
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pornovid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pornovid]
    [-HKEY_CURRENT_USER\Software\Pornovid]



    Version 2.363 (October 17, 2008


    %ALLUSERSTARTMENU%\Programs\PC Protection Center 2008\
    %ALLUSERDESKTOP%\PC Protection Center 2008.lnk
    %PROGRAMFILES%\PC Protection Center 2008\
    %SYSTEM%\vbzlib2.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Protection Center 2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC Protection Center"=-


    %WINDOWS%\ieguard.dll
    %WINDOWS%\sysguard\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D032570A-5F63-4812-A094-87D007C23012}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ieguard.TIEAdvBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard]
    [-HKEY_CURRENT_USER\Software\sysguard]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"=-



    Version 2.362 (October 16, 2008

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusRemover2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\VirusRemover2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\{5222008A-DD62-49c7-A735-7BD18ECC7350}]
    [-HKEY_CURRENT_USER\Software\VirusRemover2008]
    [-HKEY_CURRENT_USER\{5222008A-DD62-49c7-A735-7BD18ECC7350}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VirusRemover2008"=-

    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\virusremover2008.lnk
    %USERPROFILE%\Application Data\virusremover2008\
    %STARTMENU%\Programs\virusremover2008\
    %DESKTOP%\virusremover2008.lnk
    %PROGRAMFILES%\virusremover2008\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  14. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.367 (October 26, 2008


    %SYSTEM%\ntload.dll
    %SYSTEM%\sex1.ico.tmp
    %SYSTEM%\sex2.ico.tmp
    %SYSTEM%\update32.exe.tmp
    %SYSTEM%\winupdate.exe
    %SYSTEM%\wscmp.dll.tmp
    %DESKTOP%\Uncensored porn.url
    %DESKTOP%\BDSM galleries.url

    %SYSTEM%\winupdate.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "run"=-



    %PROGRAMFILES%\VResLab\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VResLabWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VResLab]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B494E7BB-1E33-4922-A947-F74EFF4E714F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VResLab]
    [-HKEY_CURRENT_USER\Software\VResLab]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VResLab\VResLab.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VResLab\VResLab.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VResLab"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  15. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.368 (October 28, 2008


    %DESKTOP%\SMS TRAP.url
    %FAVORITES%\SMS TRAP.url
    %STARTMENU%\SMS TRAP.url
    %SYSTEM%\p.ico

    %DESKTOP%\AntiVirus Sentry.lnk
    %PROGRAMFILES%\AVS\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVS]
    [-HKEY_CURRENT_USER\Software\AVS]
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  16. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.369 (October 30, 2008


    %USERSTARTMENU%\Programs\WinDefender 2009.lnk
    %DESKTOP%\WinDefender 2009.lnk
    %PROGRAMFILES%\WinDefender

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDefender 2009]
    [-HKEY_CURRENT_USER\Software\WinDefender2009]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "WinDefender2009"



    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  17. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:
    Version 2.373 (November 06, 2008



    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Guard 2008]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard]
    [-HKEY_CURRENT_USER\Software\Spyware Guard]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "spywareguard"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "OLESys"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Explorer"=-

    %USERSTARTMENU%\Programs\Spyware Guard 2008\
    %PROGRAMFILES%\Spyware Guard 2008\

    %allusersprofile%\Application Data\Microsoft\Internet Explorer\olesys.dll
    %allusersprofile%\Application Data\Microsoft\Protect\conf.sys
    %allusersprofile%\Application Data\Microsoft\Protect\ie.dll
    %allusersprofile%\Application Data\Microsoft\Protect\svhost.exe
    %allusersprofile%\Application Data\Microsoft\Protect\track.sys
    %allusersprofile%\Application Data\winlogon.exe
    %DESKTOP%\Spyware Guard 2008.lnk
    %WINDOWS%\reged.exe
    %WINDOWS%\spoolsystem.exe
    %WINDOWS%\sys.com
    %WINDOWS%\syscert.exe
    %WINDOWS%\sysexplorer.exe
    %WINDOWS%\vmreg.dll
    %SYSTEM%\wsc32x.exe



    Version 2.372 (November 06, 2008


    Removed: AntiXPVSTFix tool



    Version 2.371 (October 31, 2008


    %USERSTARTMENU%\Programs\sexvid\
    %PROGRAMFILES%\sexvid\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sexvid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sexvid]
    [-HKEY_CURRENT_USER\Software\sexvid]


    %TEMP%\winlogon.exe
    %SYSTEM%\msansspc.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Firewall auto setup"

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  18. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.375 (November 12, 2008


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusTrigger 2.1.lnk
    %STARTMENU%\VirusTrigger 2.1.lnk
    %STARTMENU%\Programs\VirusTriggerBin\
    %DESKTOP%\VirusTrigger 2.1.lnk
    %PROGRAMFILES%\VirusTriggerBin\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A3F7B-E4AB-5C41-4926-3FAED82759F5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirusTriggerBinWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusTriggerBin]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{096CBA44-4A4C-49f7-8903-1E75550ABCB7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirusTriggerBin]
    [-HKEY_CURRENT_USER\Software\VirusTriggerBin]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirusTriggerBin\VirusTriggerBin.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirusTriggerBin"=-



    Version 2.374 (November 09, 2008


    %PROGRAMFILES%\Google\googletoolbar1.dll
    %PROGRAMFILES%\Google\setupcom.dat
    %PROGRAMFILES%\Google\setupext.dat
    %SYSTEM%\crypts.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]


    O2 - BHO: (no name) - {8710DF42-3171-4A3B-9079-3F7D7101552B} - C:\Program Files\Applications\iebt.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8710DF42-3171-4A3B-9079-3F7D7101552B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710DF42-3171-4A3B-9079-3F7D7101552B}]

    O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{E43B6656-814B-4839-8FF8-AFFDE0DA9A3F}"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  19. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.376 (November 20, 2008


    %PROGRAMFILES%\msvideoplugin\
    %PROGRAMFILES%\homeview\
    %STARTMENU%\Programs\homeview\


    %SYSTEM%\mws55681.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6733C78-821F-3BBF-ADE6-3DB71CAD887A}]


    %SYSTEM%\msiconf.exe
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msiexec.exe"=-


    %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\antivirustrigger 2.1.lnk
    %STARTMENU%\antivirustrigger 2.1.lnk
    %STARTMENU%\Programs\antivirustrigger 2.1\
    %DESKTOP%\antivirustrigger 2.1.lnk
    %PROGRAMFILES%\virtrigger\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C447D3-73A8-E1C7-C391-21BE4338CEBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VirTriggerWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirTrigger]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0088C75C-6361-4dfb-B2CF-576CACFA3C55}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VirTrigger]
    [-HKEY_CURRENT_USER\Software\VirTrigger]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirTrigger\VirTrigger.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\VirTrigger\VirTrigger.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "VirTrigger"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  20. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:
    Version 2.383 (December 10, 2008



    %PROGRAMFILES%\vrl32software\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{305043E5-F9D9-4B3A-A618-C4D0DA8031CE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{536CBA8A-9DB6-45CF-8D65-F486C49242D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B3A0AA5C-9FA3-408D-8193-2A948EF51D2D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\vrl32Warning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vrl32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6615B5-A259-4e55-905F-7F9CE60B379D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vrl32]
    [-HKEY_CURRENT_USER\Software\vrl32]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\vrl32software\vrl32.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\vrl32software\vrl32.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "vrl32"=-



    Version 2.382 (December 9, 2008


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Smax4"=-

    %USERPROFILE%\Application Data\Google\kjzna1562565.exe
    %USERPROFILE%\Application Data\Google\spcffwl.dll



    Version 2.381 (December 3, 2008


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
    "QuickTime Task"=-
    "VMware hptray"=-


    %PROGRAMFILES%\avrlabs\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avrlabsWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\avrlabs]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D695B871-8020-4041-A6D2-59F922E1B2E2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avrlabs]
    [-HKEY_CURRENT_USER\Software\avrlabs]

    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\avrlabs\avrlabs.exe"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    "C:\Program Files\avrlabs\avrlabs.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "avrlabs"=-



    Version 2.380 (November 30, 2008


    %PROGRAMFILES%\WebMediaViewer\

    O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C}]

    O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E}"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3B8FB116-D358-48A3-A5C7-DB84F15CBB04}]


    %PROGRAMFILES%\AnvTrgrsoftware\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C8B2A9C-24A0-4991-A74B-1E4931BD3A57}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BAE92F67-539C-41CD-9183-162BB40AAA0C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AnvTrgrWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AnvTrgrsoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95E9BCC0-2E84-4500-8A9C-0B7A96769124}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnvTrgrsoft]
    [-HKEY_CURRENT_USER\Software\AnvTrgrsoft]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AnvTrgrsoftware\AnvTrgr.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AnvTrgr"=-



    Version 2.379 (November 29, 2008

    Update: IEDFix.C 1.12



    Version 2.378 (November 24, 2008

    %PROGRAMFILES%\AvirTrsoftware\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A267370-076E-4af4-B986-77626B8E89DF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{764BC8B4-1159-4736-8AF1-F124A7C8C3A8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF3F06C6-D443-48A8-BDF2-4E31F0554EBF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3ED86073-2FA7-4CF4-810B-28B030671678}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvirTrWarning.WarningBHO.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AvirTrsoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A267370-076E-4af4-B986-77626B8E89DF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AvirTrsoft]
    [-HKEY_CURRENT_USER\Software\AvirTrsoft]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AvirTrsoftware\AvirTr.exe"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AvirTr"=-



    Version 2.377 (November 21, 2008


    %PROGRAMFILES%\WMVideoPlugin\
    %SYSTEM%\mws31209.dll
    %SYSTEM%\ws31209.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]
    [-HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C77BD12E-4A3C-33E3-858C-F2D04591C6B5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BB62EE8-3528-39F7-9070-F9F0C09329D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC3081A6-AC0C-331D-860E-AEF4790E6B5B}]


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  21. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.388 (December 31, 2008


    %STARTMENU%\Programs\videosoft\
    %PROGRAMFILES%\videosoft\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\videosoft]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videosoft]
    [-HKEY_CURRENT_USER\Software\videosoft]


    %PROGRAMFILES%\Total Protect 2009\
    %ALLUSERPROFILE%\StartMenu\Programs\Total Protect 2009\
    %ALLUSERPROFILE%\Desktop\Run Total Protect 2009.lnk

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\totalprotect]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\totalprotect]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Total Protect 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus Software]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Total Protect 2009"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  22. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.394 (February 8, 2009)



    %PROGRAMFILES%\freshplay\
    %STARTMENU%\Programs\freshplay

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
    [-HKEY_CURRENT_USER\SOFTWARE\freshplay]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    %ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
    [-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MS AntiSpyware 2009"=-



    Version 2.393 (February 7, 2009)

    %WINDOWS%\sysguard.exe
    %SYSTEM%\iehelper.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B21-41c1-9DCD-8382A2D07C61}]
    [-HKEY_CURRENT_USER\Software\AvScan]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "sysguard"=-



    Version 2.392 (January 27, 2009)


    %SYSTEM%\winsystems.dll

    %STARTMENU%\Programs\IE-Security.lnk
    %DESKTOP%\IE-Security.lnk
    %PROGRAMFILES%\IE-Security\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE-Security]
    [-HKEY_CURRENT_USER\Software\IE-Security]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "IE-Security"=-

    %STARTMENU%\XP Police Antivirus.lnk
    %DESKTOP%\XP Police Antivirus.lnk
    %PROGRAMFILES%\XPPoliceAntivirus\

    [-HKEY_CURRENT_USER\Software\XP Police Antivirus]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "PoliceAV"=-

    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  23. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.398 (February 19, 2009)



    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Internet Agent"=-
    %SYSTEM%\winagent.exe


    %PROGRAMFILES%\HDQuality\
    %STARTMENU%\Programs\HDQuality\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HDQuality]
    [-HKEY_CURRENT_USER\SOFTWARE\HDQuality]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality]



    Version 2.397 (February 16, 2009)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "[IA3_]"=-

    %WINDOWS%\iehost.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12c7290a-157b-4f43-b109-97e792c598ed}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A10FC9B-8D76-4E95-A9BE-ACDA2F665C30}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinGDIApp.WinGDI.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12c7290a-157b-4f43-b109-97e792c598ed}]



    Version 2.396 (February 15, 2009)


    %PROGRAMFILES%\CMVideoPlugin

    %PROGRAMFILES%\SmitFraudFixTool\
    %ALLUSERDESKTOP%\SmitFraudFixTool.lnk
    %USERPROFILE%\\Application Data\SmitFraudFixTool\
    %ALLUSERSTARTMENU%\Programs\SmitFraudFixTool\

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "SmitFraudFixTool"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EE433D-A290-4811-B562-8A1878AEE706}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{10EE433D-A290-4811-B562-8A1878AEE706}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB63BB6D-4A8A-4E69-9F4B-E099C874A2AA}]
    [-HKEY_CURRENT_USER\Software\SmitFraudFixTool]



    Version 2.395 (February 9, 2009)


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "systeminit.exe"=-



    Version 2.394 (February 8, 2009)


    %PROGRAMFILES%\freshplay\
    %STARTMENU%\Programs\freshplay

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\freshplay]
    [-HKEY_CURRENT_USER\SOFTWARE\freshplay]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\freshplay]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoFolderOptions"=-

    %ALLUSERPROFILE%\Application Data\CrucialSoft Ltd\

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\MS AntiSpyware 2009 5.7]
    [-HKEY_CURRENT_USER\Software\CrucialSoft Ltd]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MS AntiSpyware 2009"=-


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  24. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.399 (March 04, 2009)


    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WmpTray"=-

    %PROGRAMFILES%\MediaSystem\


    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
  25. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,279
    Location:
    UK
    Changelog:

    Version 2.405 (March 18, 2009)


    %WINDIR%\ieocx.dll
    [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEocxApp.IEocx.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}] (Already removed)
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}]


    %DESKTOP%\WinPC Defender.lnk
    %STARTMENU%\WinPC Defender.lnk

    [-HKEY_CURRENT_USER\Software\WinPC Defender]


    %SYSTEM%\rs32net.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "rs32net"=-

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "rs32net"=-


    [-HKEY_CURRENT_USER\Software\renus2008]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "renus2008.exe"=-



    Version 2.404 (March 16, 2009)


    %USERPROFILE%\Application Data\sysrc32.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Win32load"=-



    Version 2.403 (March 12, 2009)


    %ProgramFiles%\AntiSpyware Pro

    %PROGRAMFILES%\RegistryFox\
    %ALLUSERDESKTOP%\RegistryFox.lnk
    %USERPROFILE%\Application Data\RegistryFox\
    %ALLUSERSTARTMENU%\Programmes\RegistryFox\

    [-HKEY_CURRENT_USER\SOFTWARE\RegistryFox]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\6B4F6929EB6FE0E458263EBA6AF2EB30]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6B4F6929EB6FE0E458263EBA6AF2EB30]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\RegistryFox]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9296F4B6-F6BE-4E0E-8562-E3ABA62FBE03}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RegistryFox"=-



    Version 2.402 (March 11, 2009)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Shell"="Explorer.exe svchostw.exe"

    %SYSTEM%\svchostw.exe



    Version 2.401 (March 09, 2009)

    %WINDOWS%\ld01.exe
    %WINDOWS%\ld02.exe
    %WINDOWS%\pp2.exe
    %SYSTEM%\dll32.exe
    %SYSTEM%\dll32.dll


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "dll"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "sysldtray"=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "pp"=-

    %STARTMENU%\Programs\Malware Defender 2009\
    %DESKTOP%\Malware Defender 2009.lnk
    %PROGRAMFILES%\Malware Defender 2009\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Defender 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defender 2009]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "malwaredef"=-


    %STARTMENU%\Programs\System Guard 2009\
    %DESKTOP%\System Guard 2009.lnk
    %PROGRAMFILES%\System Guard 2009\
    %ALLUSERSPROFILE%\Application Data\Microsoft\Network\DLLs\iemodule.dll

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Guard 2009]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\System Guard 2009]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "systemguard"=-



    Version 2.400 (March 05, 2009)


    %WINDOWS%\iehost32.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "system tool"=-
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.