Monday, September 29, 2008

Remove PersonalAntiSpy - Personal AntiSpy Removal Tool

PersonalAntiSpy (Personal AntiSpy) is the latest rogue anti-spyware with aggrressive behaviour. Download Spyware Doctor + antivirus to detect and remove PersonalAntiSpy and other malware infections. PersonalAntiSpy will generate fake spyware detection messages to trick users into buying "full" version of this nasty software. PersonalAntiSpy may slow your PC and cause critical system errors and slowdowns.

PersonalAntiSpy (Personal AntiSpy) screenshot:


PersonalAntiSpy (Personal AntiSpy) automatical remover:

PersonalAntiSpy (Personal AntiSpy) manual removal instructions
Delete PersonalAntiSpy files:
pbm.exe
Activate.dat
AsAgents.dll
AsAgents.xml
atl71.dll
AutoProcess.dat
bnlink.dat
err.log
InstHelp.exe
lapv.dat
license.rtf
mfc71.dll
monstate.dat
msvcp71.dll
msvcr71.dll
pas.exe
pas.ini
pas.xml
pv.dat
readme.rtf
scanlog.xml
shellext.dll
shellext.xml
sr.log
Summary.dat
unins000.dat
unins000.exe
up.dat
upascw.exe
updater.dat
updaterdb.dat
UserAgent.dll
uwasffNT.exe
vbpv.dat
database
appupdate.dat
dbupdate.dat
enemies.dat
knownfiles.dat
tasks.dat
TEBase.dat
threatnet.dat
quaratine.dat
PersonalAntiSpy.lnk
Uninstall PersonalAntiSpy.lnk
Delete PersonalAntiSpy registry entries:
HKEY_CURRENT_USER\Software\PersonalAntiSpy Free
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\CLSID\
{_CLSID_WAShellExecuteCheck}
HKEY_CLASSES_ROOT\CLSID\
{1924FA29-9740-4F6B-A683-90FB42FC1237}
HKEY_CLASSES_ROOT\CLSID\
{5CAB6A79-7710-405a-9B08-A13E908534E9}
HKEY_CLASSES_ROOT\CLSID\
{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
HKEY_CLASSES_ROOT\Directory\shellex\
ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\Drive\shellex\
ContextMenuHandlers\ExplorerUPAS
HKEY_CLASSES_ROOT\Interface\
{4567AB12-A884-4CA6-B739-CEDB12FEF096}
HKEY_CLASSES_ROOT\Interface\
{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
HKEY_CLASSES_ROOT\Interface\
{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
HKEY_CLASSES_ROOT\TypeLib\
{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
HKEY_CLASSES_ROOT\TypeLib\
{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
HKEY_CLASSES_ROOT\TypeLib\
{C766ED4F-EF37-4C77-8F71-288661A2D513}
HKEY_CLASSES_ROOT\upashellext.ShellHook
HKEY_CLASSES_ROOT\upashellext.ShellHook.1
HKEY_CLASSES_ROOT\upashellext.WASContextMenu
HKEY_CLASSES_ROOT\upashellext.WASContextMenu.1
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier
HKEY_CLASSES_ROOT\uwasfsd.CreationNotifier.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\
Uninstall\PersonalAntiSpy Free_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PersonalAntiSpy Free
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\
uwasfsd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
uwasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Internet Settings\5.0\User Agent\
Post Platform “UPAS 3.2.155.0″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run “PASMonitor”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run “PersonalAntiSpy Free”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run “upascw”

Friday, September 26, 2008

SystemOptimizer 2008 may destroy your PC!

SystemOptimizer 2008 (SystemOptimizer2008) can only adjust your system to be open for virus and malware attacks. Any of the features declared by its promoters are not fulfilled. Removal of SystemOptimizer2008 should be complete and comprise dll-files deletion and related registry entries removal. In addition, since SystemOptimizer2008 affects victim’s machine thus impairing its protecting features, the possibility of other threats hidden download, even if they have no relation to our hero, is extremely high. If no affordable measures to remove SystemOptimizer2008 are taken, risk of hard damage to your system up to its crush is essential. Follow the link below to scan your PC free of charge (using Spyware Doctor) and to get rid SystemOptimizer2008.

SystemOptimizer 2008 (SystemOptimizer2008) screenshot:



SystemOptimizer 2008 (SystemOptimizer2008) automatical remover:

SystemOptimizer 2008 (SystemOptimizer2008) manual removal instructions:

Delete SystemOptimizer 2008 (SystemOptimizer2008) files:
SystemOptimizer2008.lnk
cwriter.exe
stmon.exe
Activate.dat
bnlink.dat
lapv.dat
License.rtf
LowProcess.exe
main.exe
main.xml
pv.dat
Readme.rtf
SCToolbar.dll
sqlite3.dll
sr.log
support.url
toolbar.xml
unins000.dat
unins000.exe
up.dat
updater.dat
Microsoft.VC80.CRT.manifest
msvcp80.dll
msvcr80.dll
mfc80.dll
Delete SystemOptimizer 2008 (SystemOptimizer2008) registry subkeys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Stats\{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Stats\{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}\iexplore
HKEY_CURRENT_USER\Software\SystemOptimizer2008
HKEY_CURRENT_USER\Software\SystemOptimizer2008Downloader
HKEY_CLASSES_ROOT\AppID\{3FC8C143-F2CC-4AB1-9AC0-8B1407302795}
HKEY_CLASSES_ROOT\AppID\SCToolbar.DLL
HKEY_CLASSES_ROOT\CLSID\{4AD56E6F-7074-41EE-8A40-583C2C76EFCD}
HKEY_CLASSES_ROOT\Interface\{0B187AB0-4CFF-42DA-9503-A38F6F998214}
HKEY_CLASSES_ROOT\SCToolbar.ShellBand
HKEY_CLASSES_ROOT\SCToolbar.ShellBand.1
HKEY_CLASSES_ROOT\TypeLib\{3FC8C143-F2CC-4AB1-9AC0-8B1407302795}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\U_GSCR_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products
HKEY_LOCAL_MACHINE\SOFTWARE\SystemOptimizer2008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "UGSCR 1.1.260.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "cwriter"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "Salestart"

Thursday, September 25, 2008

Get rid of AntiMalwarePro - manual removal instructions

AntiMalwarePro (AntiMalware Pro) was derived from such notorious though rather new fake malware removers as XP Protector 2009 and eAntivirusPro. This rogue utilizes the same with XP Protector 2009 and eAntivirusPro scheme of propagation starting either from comments posted at various forums by the rascals or from pop-ups at certain web-pages. In the former case, the comments include a reference to web-site with the name comprising as its part words like Google or MSN. These sites, certainly, has no relation to or authorization of Google and MSN or Mr. President). Nevertheless, it is a good warranty for users that the sites are at least harmless; in reality, though, visiting such sites users after various trickery are redirected to the purchase form of AntiMalwarePro and get the trial of this rogue installed secretly. The nearly same scheme is applicable also for latter case.
AntiMalwarePro (AntiMalware Pro) removal is strongly recommended for those taking care of their machines. If infected, do not be long in approving the decision to get rid of AntiMalwarePro, because it may become be too late too fast. Click the link below to scan your PC free of charge using Spwyare Doctor and then remove AntiMalwarePro with related threats in a fast and safe mode

AntiMalwarePro (AntiMalware Pro) screenshot:



AntiMalwarePro (AntiMalware Pro) automatical remover:
AntiMalwarePro (AntiMalware Pro) manual removal instructions:
Delete AntiMalwarePro (AntiMalware Pro) files:

setup_en[1].exe
antimalwarepro.exe

Delete AntiMalwarePro (AntiMalware Pro) registry entires:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antimalwarepro
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware PRO_is1
Antimalware Pro
AntimalwarePRO

AntispywareXP2009 - description and removal tool

Experts have blamed AntispywareXP 2009 or AntispywareXP2009 in lack of correspondence between its features as declared and as executed. Moreover, AntispywareXP 2009 is not a program that simply does not act to your benefits. The problem is not in this only. AntispywareXP2009 intentionally bothers you and affects your system in attempt to make you buy full version of this malware. The right solution would be to remove AntispywareXP 2009 or AntispywareXP2009 immediately. For free detection of spyware, adware and viruses, and to get rid of AntispywareXP 2009 or AntispywareXP2009, if detected, as well as of other malware, download Spyware Doctor antispyware + antivirus. Removal of Antispyware XP 2009 or AntispywareXP2009 is a mandatory requirement for your system due functioning.

Antispyware XP 2009 (AntispywareXP2009) automatical removal tool:

Virtual PC Guard (VirtualPCGuard) Removal Tips

Virtual PC Guard (VirtualPCGuard) can not protect your PC even from the oldest viruses. It is true, because:
1. the scanner of Virtual PC Guard is a fake application that selects entries from invariable database downloaded to your PC or stored at the remote computer and in any case unrelated to the threats challenging your PC safety;
2. the one and only goal of Virtual PC Guard is to make you purchase licensed version; however, it is not true, other aims are to make you pay for “Updates” after you pay for full version.
We recommend urgent Virtual PC Guard (VirtualPCGuard) removal. All the above is, honestly, not a big problem, if Virtual PC Guard would be harmless. However, Virtual PC Guard significantly and promptly slows down your PC and causes hard system disordering. In order to detect (for free) and remove Virtual PC Guard (VirtualPCGuard), follow the link below to download Spyware Doctor.

Virtual PC Guard (VirtualPCGuard) screenshot:


Virtual PC Guard (VirtualPCGuard) automatical remover:

Virtual PC Guard (VirtualPCGuard) manual removal instructions:
Delete Virtual PC Guard (VirtualPCGuard) files:
bm.exe
ugac.exe
Activate.exe
al.dat
dhlp.dll
FWSettings.bin
history.db
main.log
pgs.exe
ptask.exe
reload.exe
ResErrors.log
scnkrnl.dll
settings.ini
sqlite3.dll
sr.log
unins000.dat
unins000.exe
Config
Config\pgs.xml
Dat
Dat\Activate.dat
Dat\BkSites.dat
Dat\bnlink.dat
Dat\cd.dat
Dat\incmp.dat
Dat\index.dat
Dat\pv.dat
Engines
Engines\AWBase
Engines\AWBase\vbpv.dat
Engines\AWBase\database
Engines\AWBase\database\enemies.dat
Engines\PGBase
Engines\PGBase\vbpv.dat
Engines\plugins
BORLNDMM.DLL
SCANADWR.DLL
SCANBCDR.DLL
SCANDLDR.DLL
SCANDOS1.DLL
SCANEMUL.DLL
SCANFUNC.DLL
SCANKRNL.DLL
SCANMCR1.DLL
SCANOTHR.DLL
SCANSCR.DLL
SCANTOOL.DLL
SCANTROJ.DLL
SCANWIN1.DLL
UNACPU.DLL
UNADBX.DLL
unamscan.dll
UNMIME.DLL
UNPACK.DLL
UNPACKS.DLL
UNPACKS2.DLL
UNPEPACK.DLL
vbpv.dat
UpDate
UpDate\UA27601.DLL
UpDate\UA27602.DLL
UpDate\UA27603.DLL
UpDate\UA27604.DLL
UpDate\UADAILY.DLL
Graphics
Graphics\cross.gif
Graphics\ga6p.gif
Graphics\kb.url
Graphics\main.ico
Graphics\mini.ico
Graphics\Online.url
Graphics\support.ico
Graphics\Support.url
Graphics\uninstall.ico
LA
LA\lapv.dat
LA\License.rtf
Tools
Tools\pblock.dll
Tools\sbiebho.dll
Up
Up\ASupdater.dat
Up\gup.exe
Up\PGupdater.dat
Up\UBupdater.dat
Up\up.dat
Up\updater.dat
Up\Download
atl71.dll
capicom.dll
mfc71.dll
msvcp71.dll
msxml3a.dll
drivers\dhlp.sys
VirtualPCGuard.lnk
Contact Customer Support.lnk
Uninstall VirtualPCGuard.lnk
threats.log
update.log

Delete Virtual PC Guard (VirtualPCGuard) registry entires:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Stats\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Ext\Stats\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CURRENT_USER\Software\VirtualPCGuard
HKEY_CURRENT_USER\Software\VirtualPCGuard\Settings
HKEY_CLASSES_ROOT\AppID\{EA7522F6-87CF-411e-8A55-19EE4344B676}
HKEY_CLASSES_ROOT\AppID\pblock.DLL
HKEY_CLASSES_ROOT\CLSID\{079AA557-4A18-424A-8EEE-E39F0A8D41B9}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3124C396-FB13-4836-A6AD-1317F1713688}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3D813DFE-6C91-4A4E-8F41-04346A841D9C}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{3E784A01-F3AE-4DC0-9354-9526B9370EBA}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{4DD441AD-526D-4A77-9F1B-9841ED802FB0}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{FC220AD8-A72A-4EE8-926E-0B7AD152A020}\TypeLib
HKEY_CLASSES_ROOT\CLSID\{5C3F6257-3E00-45c2-88D5-CB0F3A17BF0E}
HKEY_CLASSES_ROOT\CLSID\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_CLASSES_ROOT\Interface\{2933BF96-7B36-11D2-B20E-00C04F983E60}
HKEY_CLASSES_ROOT\Interface\{2B8DE2FE-8D2D-11d1-B2FC-00C04FD915A9}
HKEY_CLASSES_ROOT\Interface\{3EFAA428-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{3EFAA429-272F-11D2-836F-0000F87A7782}
HKEY_CLASSES_ROOT\Interface\{C90352F7-643C-4FBC-BB23-E996EB2D51FD}
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB
HKEY_CLASSES_ROOT\PopupBlocker.IEGPB.1
HKEY_CLASSES_ROOT\SBIEBHO.IEFW
HKEY_CLASSES_ROOT\SBIEBHO.IEFW.2
HKEY_CLASSES_ROOT\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
HKEY_CLASSES_ROOT\TypeLib\{EA7522F6-87CF-411E-8A55-19EE4344B676}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
UAVUN_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Products
HKEY_LOCAL_MACHINE\SOFTWARE\ugac
HKEY_LOCAL_MACHINE\SOFTWARE\VirtualPCGuard
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dhlp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dhlp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\5.0\User Agent\Post Platform "UGA6P11 2.2.366.12"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "BMN"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "ptask"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "ugac"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run "VirtualPCGuard"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunOnce "overinstall"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\atl71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\capicom.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\mfc71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\msvcp71.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\msxml3.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\msxml3a.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
SharedDlls "C:\WINDOWS\system32\msxml3r.dll"

Wednesday, September 24, 2008

TotalSecure 2009 (Total Secure 2009) - manual removal instructions

TotalSecure 2009 has at least a dozen of clones designed on the same platform to the same purpose. In addition, they often come in one kit of rogues with fake codec or from infected spam messages. Failure to remove TotalSecure 2009 (TotalSecure2009) results in hard affection of your machine. Removal of TotalSecure 2009 (TotalSecure2009) does not equal to its uninstalling or disabling. To assure your PC safety, it is a mandatory requirement that you get rid of TotalSecure 2009 (TotalSecure2009) in a due manner and time. Deletion of all its files and related registry entries is required to get rid of TotalSecure 2009 (TotalSecure2009). Follow the link below to scan your PC using Spyware Doctor free of charge and than proceed to threats elimination, if any.

TotalSecure 2009 screenshot:


TotalSecure 2009 automatical remover:

TotalSecure 2009 manual removal instructions:
Delete TotalSecure 2009 files:
scan.exe
totalsecure.s1
totalsecure.s2
totalsecure.s3
totalsecure.s4
totalsecure.s5
totalsecure.s6
uninstall.exe
Total Secure 2009.lnk
Total Secure 2009.lnk
Delete TotalSecure 2009 registry entries:
HKEY_CURRENT_USER\Software\TotalSecure2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Total Secure 2009

Tuesday, September 23, 2008

MasterAntivirus 2009 (MasterAntivirus 2009) Removal Help

MasterAntivirus 2009 (MasterAntivirus 2009) is not a trusted antispyware. Its promoters tries to push it through the web-site http://masterantivirus-2009.com. This site may be infected. Its visiting is not recommended. The cheeky rascals at every possible place of the above web-site put images similar to Microsoft and Windows logo. They even dared make a statement that they are certified partners of Microsoft. Remove MasterAntivirus 2009 (Master Antivirus 2009), all such “certificates” are obvious violations. Microsoft did not give them any right to use its logo and would never grant this to people promoting fake antispyware. Remember, it is very important, MasterAntivirus 2009 (Master Antivirus 2009) removal is needed not only to throw the useless trash away but, first of all, to eliminate a serious threat that MasterAntivirus 2009 (Master Antivirus 2009) is. Unless you get rid of MasterAntivirus 2009 (Master Antivirus 2009), system operates with frequent errors and very slow. Overall collapse is thus just a matter of time. We recommend Spyware Doctor to scan your PC free of charge in order to detect this and other threats in a good time. Following the scan, proceed to malware / viruses removal, if any threat found.

MasterAntivirus 2009 screenshot:


MasterAntivirus 2009 automatical remover download:

Monday, September 22, 2008

Remove AntiMalware 2009 - Anti Malware 2009 Remover

AntiMalware 2009 or AntiMalware 2009 is not an original product but a rough copy of such notorious rogues like XP Protector 2009 and eAntivirusPro. Just uninstalling this program, you can not get rid of AntiMalware 2009. In order to ensure complete elimination of the threat you need either to make complicated manipulations or apply trusted antimalware solution. Regardless to the way in which this parasite was installed at your PC, AntiMalware 2009 removal should be done without biding to prevent any harm. Normal workflow of AntiMalware 2009 installation simulates control of the user over the download, but usually download and installation starts automatically no matter what you would click. Not sure whether infected? This might happen, as sometimes AntiMalware 2009 can not immediately display fake scan and alerts. You may scan your PC free of charge to detect malware and then get rid of AntiMalware 2009 and other detected threats. Click here to start the scan and to remove AntiMalware 2009 using Spyware Doctor + antivirus.

AntiMalware 2009 screenshot:


AntiMalware 2009 automatical remover:

AntiMalware 2009 manual removal instructions:
Delete AntiMalware 2009 files:

AntiMalware2009.exe
antimalwareinstaller.exe
forceuninstall.exe
pphc3nsj0e57c.exe
thcansj0e57c.exe
thcrkrj0etfg.exe
Delete AntiMalware 2009 registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\thcrkrj0etfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Internet Settings\User Agent\Post Platform "AntiMalware2009"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "SMthcrkrj0etfg"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\thcrkrj0etfg

Wednesday, September 17, 2008

eAntivirusPro - new headache for computer users

eAntivirusPro is the last AntivirusXP2008 clone. These two parasites have the similiar interface and aggressive marketing tactics. eAntivirusPro displays false scanning reports, annyoing pop-ups and advise users to purchase a registered version of the software in order to remove detected malware and fix all errors. But eAntivirusPro is just a dummy, it have no common with legitimate virus\spyware removers. So we recomend to remove eAntivirusPro before this malware damage your PC or install more nasty programs. Download automatical remover (Spyware Doctor + antivirus) to get rid of eAntivirusPro malware.

eAntivirusPro screenshot:


eAntivirusPro automatical remover:

eAntivirusPro manual removal instructions:
Delete eAntivirusPro files:
%CommonPrograms%\eAntivirusPro
%AppData%\whcc5dj0erc1
%ProgramFiles%\whcc5dj0erc1
%AppData%\whcc5dj0erc1\Quarantine
%AppData%\whcc5dj0erc1\Quarantine\Autorun
%AppData%\whcc5dj0erc1\Quarantine\Autorun\HKCU
%AppData%\whcc5dj0erc1\Quarantine\Autorun\HKCU\RunOnce
%AppData%\whcc5dj0erc1\Quarantine\Autorun\HKLM
%AppData%\whcc5dj0erc1\Quarantine\Autorun\HKLM\RunOnce
%AppData%\whcc5dj0erc1\Quarantine\Autorun\StartMenuAllUsers
%AppData%\whcc5dj0erc1\Quarantine\Autorun\StartMenuCurrentUser
%AppData%\whcc5dj0erc1\Quarantine\BrowserObjects
%AppData%\whcc5dj0erc1\Quarantine\Packages
Delete eAntivirusPro registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\
Uninstall\whcc5dj0erc1
HKEY_LOCAL_MACHINE\SOFTWARE\whcc5dj0erc1
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\S
ettings

AntivirusPro Removal Instructions - Remove Anti Virus Pro

AntivirusPro (aka Antivirus Pro or Anti Virus Pro) is a bogus software that may be installed through browser security holes or trojan infection. Zlob or Vundo trojans will issue fake security alerts stating that your computer is infected and then download and install AntivirusPro. After successful installation it will automatically scan your computer and "detect" a variety of fake malware infections that cannot be removed unless you first purchase the program. Remember that AntivirusPro may slow your computer and install more malware. The best way to remove AntivirusPro is to download Spyware Doctor (with antivirus).

AntivirusPro screenshot:


AntivirusPro automatical remover:

AntivirusPro manual removal instructions:
Delete AntivirusPro files:
AntivirusPro.lnk
AntivirusPro.exe
AntiVirusPro.exe
AntiVirusPro.exe.local
Core.dll
database.pkg
Localization.dll
msvcp71.dll
msvcr71.dll
Uninstall.exe
WndSystem.dll
Anti-virus-Pro.com
Delete AntivirusPro registry entries:
HKEY_CLASSES_ROOT\TypeLib\
{A53931E1-A3F9-4792-9304-127CE41B5872}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Anti Virus Pro spyware remover
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusPro

Tuesday, September 16, 2008

Remove VirusResponse Lab 2009 - VirusResponse Lab 2009 Remover

VirusResponse Lab 2009 is a bogus spyware and virus remover that urge users to pay for a full version of a program. VirusResponse Lab 2009 is fraudulent in every way. It is supposed to remove viruses but it is really computer parasite itself. This fake software may damage your computer, steal personal data, install more malware, hijack browser's homepage, slow PC perfomance, disable or change some Windows settings. We recomend to download Spyware Doctor + antivirus in order to remove VirusResponse Lab 2009 malware.

VirusResponse Lab 2009 screenshot:



VirusResponse Lab 2009 automatical removal tool (free scan):

VirusResponse Lab 2009 manual removal instructions:
Delete VirusResponse Lab 2009 files:
AVLWarning.dll
uninst.exe
VirusResponseLab2009.exe
VirusResponse Lab 2009 2.1.lnk
Delete VirusResponse Lab 2009 registry entries:
HKEY_CURRENT_USER\Software\VirusResponseLab2009
HKEY_CLASSES_ROOT\AVLWarning.WarningBHO
HKEY_CLASSES_ROOT\AVLWarning.WarningBHO.1
HKEY_CLASSES_ROOT\CLSID\
{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}
HKEY_CLASSES_ROOT\CLSID\
{F5734812-E6A1-8833-ECA9-949B5B8A88BF}
HKEY_CLASSES_ROOT\Interface\
{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusResponseLab2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
VirusResponseLab2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “VirusResponseLab2009″

Monday, September 15, 2008

New Rogue: AntivirusLab2009 (AntivirusLab 2009)

AntivirusLab2009 (AntivirusLab 2009) is the latest (15/09/2008 release) rogue anti-spyware that causes slow computer problem and critical system errors. AntivirusLab 2009 will generate fake spyware detection reports to trick users into buying full version of this bogus software. AntivirusLab 2009 may also download and install additional spyware programs and trojan horses and this is a serious threat to the security of your personal and financial information. If your PC is already infected - we recomend to use AntivirusLab 2009 remover (Spyware Doctor with antispyware).

AntivirusLab 2009 screenshot:


AntivirusLab 2009 removal tool:


AntivirusLab 2009 manual removal instructions:
Delete AntivirusLab 2009 files:
AntiVirusLab2009
AntiVirusLab2009.exe
AVLWarning.dll
uninst.exe
AntiVirus Lab 2009 2.1.lnk
fbjvt.dll
Delete AntivirusLab 2009 registry values:
HKEY_CURRENT_USER\Software\AntiVirusLab2009
HKEY_CLASSES_ROOT\AVLWarning.WarningBHO
HKEY_CLASSES_ROOT\AVLWarning.WarningBHO.1
HKEY_CLASSES_ROOT\CLSID\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}
HKEY_CLASSES_ROOT\CLSID\{C2A9759D-210A-0253-D944-8B76AC2B0D92}
HKEY_CLASSES_ROOT\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\App Paths\AntiVirusLab2009
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{A21C8D81-A9C7-46c6-A488-2A32FA0DAEB6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\AntiVirusLab2009
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “AntiVirusLab2009″

Sunday, September 14, 2008

Windows Antivirus - Security Center is 100% scamware

Windows Antivirus - Security Center is the latest bogus software (rogue anti-spyware) designed to stea money and damage your computer. It issues false positives to trick you into buying "full version" of this scareware. Windows Antivirus - Security Center may slow your computer and secretly install additional spyware. We recomend to remove Windows Antivirus - Security Center using Spyware Doctor with antivirus.

Windows Antivirus - Security Center screenshot:


Windows Antivirus - Security Center removal tool:


Thursday, September 11, 2008

Remove Micro Antivirus 2009 (MicroAntivirus 2009) - Manual Removal Instructions

The word “Micro”, according to the idea of Micro Antivirus 2009 developers, should be treated by users as evidence that this product is approved by Microsoft and Windows and other authorized authorities -). I dare hope in your sense of humor that would make you treat this word in its other meaning which is “very small” . It is understandable that Micro Antivirus 2009 has that relation to Microsof only due to its ability being installed at OS developed by this corporation. However, the relationships between Microsoft and this rogue includes the above but not limited to it, unfortunately. Get rid of Micro Antivirus 2009, as this malware disorders applications and makes Windows operate slower. Failure to perform timely removal of Micro Antivirus 2009 may cause upload of related threats, for instance, its clone MS Antivirus.
Download Spyware Doctor + antivirus to scan your PC for malware (free of charge) and remove Micro Antivirus 2009 in a safe mode with other threats found.

Micro Antivirus 2009 screenshot:


Micro Antivirus 2009 automatical remover:


Micro Antivirus 2009 manual removal instructions:
Delete Micro Antivirus 2009 files:
MicroAntivirus.lnk
microAV.cpl
microAV.exe
microAV.ooo
microAV0.dat
microAV1.dat
MicroAV.cpl
Delete Micro Antivirus 2009 registry entries:
HKEY_CURRENT_USER\Software\AntiVirus
HKEY_CURRENT_USER\Software\MicroAV
HKEY_CLASSES_ROOT\.key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ANTIVIRUS”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “ANTIVIRUS”

Wednesday, September 10, 2008

Antispyware Pro XP or AntispywarePro Xp - Removal Information

Antispyware Pro XP or AntispywarePro XP is the latest (08.09.2009 release) rogue anti-spyware with aggressive behaviour. When running Antispyware Pro XP it looks as if it finds spyware on your computer attempts to remove it only if you purchase a license for the program. Antispyware Pro XP does not remove anything and even after purchasing Antispyware Pro XP it still will not remove "detected" threats. Remember that Antispyware Pro XP may slow your computer and cause critical system errors and slowdowns. Download Antispyware Pro XP remover (Spyware Doctor with antispyware) to remove this nasty parasite.

Antispyware Pro XP screenshot:



Antispyware Pro XP removal tool:

Antispyware Pro XP manual removal instructions:
Delete Antispyware Pro XP files:
services.dll
Software Licensors
Antispyware PRO XP
BASE
DELETED
LOG
LOG\20080909202141140.log
SAVED
asproxp.exe
Delete Antispyware Pro XP registry entries:
HKEY_CURRENT_USER\Software\Software Licensors
HKEY_CURRENT_USER\Software\Software Licensors\
Antispyware PRO XP
HKEY_CURRENT_USER\Software\Software Licensors\
Installer
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “s9201″

Tuesday, September 9, 2008

XP Protector 2009 - new rogue. Removal Instructions

XP Protector 2009 or XPProtector 2009 attempts to reassure users in its reliability using many smart tactics. First of all, pay attention to the denomination of this rogue – you should know, I guess, what XP means; then, the game usually starts at web-sites like yahoo-us.info etc. The history repeats, as you might have already understood: at first the hackers utilize part of venerable brand name known as a name of popular operating system; further on, users are drawn into web-site containing in its name such names as google etc. Of course, there is no correlation between XP and Google and this pure malware. Then, things keep on developing in the same manner, since users after entering, for instance, the above web-site, can see misleading alert by XP Protector 2009 in a pretty same window with those usually generated by your system. BUT pay attention to slight differences in warnings generated by Widows XP and Vista. If you are running Vista, the chrome of your true system alerts would differ from those generated by this rogue and this is clear evidence that he alert was not generated by your system as it pretended to be.
Do not trust XP Protector 2009, this is a dangerous malware. Removal of XP Protector 2009 does not equal to its uninstalling. In order to get rid of XP Protector 2009 at all it is recommended to apply professional tool. Follow the link below in order to scan your system free of charge and remove XP Protector 2009 using Spyware Doctor + antivirus premium software!

XP Protector 2009 screenshot:


XP Protector 2009 automatical remover:

Monday, September 8, 2008

SpyDevastator - removal information

SpyDevastator (Spy Devastator) will not leave you alone. Its alerts and scans are repeated very often. Where you infected, if you leave your PC turned on but giving no commands to it for a while and then press any key, you may have no other choice but close alerts one by one tat takes considerable time (especially when system buzzes because of them). It should be mentioned, though, that sometimes SpyDevastator runs quietly for during long period. If all undesirable effects of SpyDevastator presence would limit to the above pop-ups!However, such promotion that rather bothers you than is harmful for your machine, is only the top of iceberg; the bottom covered by water is more essential. You may ignore various alerts but it is impossible to ignore depreciation of system performance and errors in applications run caused by the rogue. The sooner you get rid of SpyDevastator, the better, as early removal allows to prevent any significant damage; and otherwise, biding may cause irreversible losses up to system crush. Download Spyware Doctor + antivirus to get rid of this nasty malware.

SpyDevastator screenshot:

SpyDevastator removal tool:

Download SpyDevastator Remover

SpyDevastator manual removal instructions:

Delete SpyDevastator files:

SpyDevastator 1.32.lnk
SpyDevastator.lnk
SDBHO.dll
sdcfg.dat
SpyDevastator Website.lnk
blacklist.txt
msvcp71.dll
msvcr71.dll
sdev.sgn
SpyDevastator.exe
SpyDevastator.url
uninst.exe
Lang
Lang\English.ini

Delete SpyDevastator registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\
Uninstall\SpyDevastator
HKEY_CURRENT_USER\Software\SpyDevastator
HKEY_CLASSES_ROOT\CLSID\{
528A3CF7-AAF9-42FE-A5D0-2A8EDA9E299E}
HKEY_CLASSES_ROOT\IEBHO.IEBHO
HKEY_CLASSES_ROOT\IEBHO.IEBHO.1
HKEY_CLASSES_ROOT\SpyDevastator.COMApp
HKEY_CLASSES_ROOT\SpyDevastator.COMApp.1
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\
Explorer\Browser Helper Objects\
{528A3CF7-AAF9-42FE-A5D0-2A8EDA9E299E}
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “SpyDevastator”


Sunday, September 7, 2008

AntiRogue Killer is a rogue! Removal instructions

AntiRogue Killer (AntiRogueKiller) is the latest rogue anti-spyware software that may be installed by trojan horses or through system security holes. AntiRogue Killer displays popups and alert messages of imaginary infections or threats to get you to purchase the full AntiRogue Killer program. AntiRogue Killer may slow your computer and decrease internet connection speed. Download AntiRogue Killer remover (Spyware Doctor + antivirus) to detect and remove AntiRogue Killer malware.

AntiRogue Killer screenshot:

AntiRogue Killer automatical remover:


AntiRogue Killer manual removal instructions:
Delete AntiRogue Killer files:
AntiRogueKiller on the Web.lnk
AntiRogueKiller.lnk
Uninstall AntiRogueKiller lnk
AntiRogueKiller.exe
AntiRogueKiller.url
unins000.dat
unins000.exe
Delete AntiRogue Killer registry entries:
HKEY_LOCAL_MACHINE\Software\AntiRogue Killer
HKEY_CURRENT_USER\Software\AntiRogue Killer

Thursday, September 4, 2008

SmartAntivirus 2009 - new rogue with known face

SmartAntivirus 2009 is a rogue antispyware program that may look like a legitimate spyware removal tool. SmartAntivirus 2009 may get inside your machine through various security loopholes or via malicious Trojans. Once installed on your machine, SmartAntivirus 2009 will try to goad you into purchasing its full version. Moreover, it may slow your PC and cause serious system errors and slowdowns. Download SmartAntivirus 2009 remover to get rid of this nasty malware.

SmartAntivirus 2009 screenshots:




SmartAntivirus 2009 automatical remover:

Win32/adware.virtumonde and win32/PrivacyRemover.M64 Removal Tool

Win32/adware.virtumonde and Win32/PrivacyRemover.M64 are fake infections. They results from Zlob trojan. It may generate popups about Win32/adware.virtumonde and win32/PrivacyRemover.M64 detected on your computer or change desktop wallpaper. We recomend to remove Win32/adware.virtumonde and win32/PrivacyRemover.M64 false positives using automatical remover (Spyware Doctor + antivirus).

Win32/adware.virtumonde and Win32/PrivacyRemover.M64 message screenshot:


Win32/adware.virtumonde and Win32/PrivacyRemover.M64 automatical remover:

Wednesday, September 3, 2008

Doublestartpage.com - new browser hijacker. Removal Instructions

Doublestartpage.com is the latest hijacker that may be installed by Zlob trojan to promote rogue anti-spyware products. It displays fake security warnings to scare users and trick to download and purchase fake removers:
“Warning! W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer. If you are infected with this hijacker you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool.”

Remember that this hijacker may slow your PC and cause critical system errors and data loss. Doublestartpage.com have two versions: Doublestartpage.com/xp and Doublestartpage.com/vista for different Microsoft operational systems. Never visit this dangerous web-sites! We recomend to remove Doublestartpage.com using Spyware Doctor + antivirus with free scan.

Doublestartpage.com screenshots:


Doublestartpage.com automatical remover:

Doublestartpage.com manual removal instructions:

Delete Doublestartpage.com files:
icmntr.exe
icthis.exe
ictun.exe
icun.exe
isfmm.exe
isfmntr.exe
isfun.exe
pmuninst.exe
gtawclv.dll
Online Security Guide.url
Security Troubleshooting.url
Online Security Guide.url
Security Troubleshooting.url
pmmon.exe
Delete Doublestartpage.com registry entries:
{c96395b8-ab09-46a4-b539-7ddf6e061808}
{ba934431-76af-4c99-93c2-c3d21944a72e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{70d17a5f-ef27-4295-90f5-20ad6f24834f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\Internet Explorer Secure Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\IExplorer Security Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{D61D7E1A-6613-49CA-B6F9-51DB248E209D}

Monday, September 1, 2008

Remove XPAntivirus 2009 - XP Antivirus 2009 Remover

XPAntivirus 2009 is a new version of previously reviewed XPAntivirus 2008 rogue anti-spyware. It have some new "features" and infector files. If your computer is already infected - use XPAntivirus 2009 remover (Spyware Doctor + antivirus) or manual removal instructions. Remember that XPAntivirus 2009 is extremely dangerous rogue anti-spyware, it may slow your computer, open security holes to install other spyware and steal personal data.

XPAntivirus 2009 screenshot:


XPAntivirus 2009 automatical removal tool:

XPAntivirus 2009 manual removal instructions:
Delete XPAntivirus 2009 files:

xpa.exe
XPAntivirus.exe
scui.cpl
XP Antivirus 2008.lnk
XP Antivirus 2008
Uninstall XP Antivirus 2008.lnk
XP Antivirus 2008.lnk
krln32.exe
scvh0st.exe
trjdwnl.dll
shlext32.exe
Delete XPAntivirus 2009 registry entries:
HKEY_CURRENT_USER\Software\XP antivirus
HKEY_CURRENT_USER\Software\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPAntivirusFilter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XPAntivirusFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-dcf7-f96da086b434}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{6C6B8C69-9285-4D94-8492-9E920C8C2B65}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{74f25a2c-22b3-4023-8f1a-ca616c30a8b5}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{9a19966f-ae0e-4699-8cce-9b6f5f1c352c}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\Browser Helper Objects\{D714A94F-123A-45CC-8F03-040BCAF82AD6}\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\XP antivirus_is1\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run “XP Antivirus”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run “mmnext06″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run “shellbn”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run “System”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run “Windows Framework”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”

Antivir64 - easy detection and removal instructions

Antivir64 is the latest rogue security application with extremely aggressive behaviour. Antivir64 will generate and display a lot of fake warning popups, fake scan reports to trick user into buying a "full" version of Antivir64 program. Antivir64 will launch every time when users starts up their computers and it will generating millions of annoying popups that are very difficult to close. Users should delete Antivir64 as soon as possible from their computers to prevent damage of their computer and data loss. Download Spyware Doctor + Antivirus to get rid of this nasty malware.

Antivir64 screenshot:


Antivir64 automatical remover:

Antivir64 manual removal instructions:
Delete Antivir64 files:
Antivir64
Antivir64.exe
Buy.url
Help.url
HowToBuy.txt
ID.dat
License.txt
Uninstall.exe
Antivir64.lnk
Antivir64.ini
base.dat
base2.dat
Desc.dat
spline.dat
Purchase License.lnk
Start Antivir64.lnk
Support Page.lnk
Delete Antivir64 registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run “Antivir64″