Friday
2008-11-29, 22:06
The following instructions have been created to help you to get rid of "Zlob.Downloader.rid" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
Trojan, which downloads and installs various third-party spyware and malware to infected computers.
Removal Instructions:
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "RichVideoCodec".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$WINDIR>\voipwet.dll".
The file at "<$WINDIR>\jetctrl.dll".
The file at "<$WINDIR>\nretcip.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\ictmdl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesplugin.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesbpl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\isaddon.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmdl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpmini.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpunst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icmntr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icthis.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\ictun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\imsmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isamini.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isamonitor.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmm.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmntr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmsngr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmuninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\smmain.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesuninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\smmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesmin.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\imsmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\uninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\Uninstall.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\install.ico".
The file at "<$PROGRAMFILES>\RichVideoCodec\ot.ico".
The file at "<$PROGRAMFILES>\RichVideoCodec\ts.ico".
The file at "<$PROGRAMS>\RichVideoCodec\Uninstall.lnk".
The file at "<$WINDIR>\gormet.dll".
The file at "<$SYSDIR>\gormet.dll".
The file at "<$WINDIR>\hdtip.dll".
The file at "<$SYSDIR>\hdtip.dll".
The file at "<$WINDIR>\pmkret.dll".
The file at "<$SYSDIR>\pmkret.dll".
The file at "<$WINDIR>\werbetknp.dll".
The file at "<$SYSDIR>\werbetknp.dll".
The file at "<$WINDIR>\monhop.exe".
The file at "<$SYSDIR>\monhop.exe".
Make sure you set your file manager to display hidden and system files. If Zlob.Downloader.rid uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMS>\RichVideoCodec".
The directory at "<$PROGRAMFILES>\RichVideoCodec".
Make sure you set your file manager to display hidden and system files. If Zlob.Downloader.rid uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{28D203F3-4B8F-4BB4-A28D-6657BF1E3C2C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{28D203F3-4B8F-4BB4-A28D-6657BF1E3C2C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{DE38D02F-5257-4CF6-A13F-B6B9FCFC1090}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{DE38D02F-5257-4CF6-A13F-B6B9FCFC1090}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "voipwet.btgn", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "voipwet.ToolBar.1", plus associated values.
Delete the registry value "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry value "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
A key in HKEY_CLASSES_ROOT\ named "voipwet.bknw", plus associated values.
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\TypeLib\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Internet Security\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Protection Tools\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Security Tools\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Online Add-on\".
If Zlob.Downloader.rid uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
Trojan, which downloads and installs various third-party spyware and malware to infected computers.
Removal Instructions:
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "RichVideoCodec".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$WINDIR>\voipwet.dll".
The file at "<$WINDIR>\jetctrl.dll".
The file at "<$WINDIR>\nretcip.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\ictmdl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesplugin.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesbpl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\isaddon.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmdl.dll".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpmini.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpunst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icmntr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\icthis.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\ictun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\imsmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isamini.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isamonitor.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmm.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfmntr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\isfun.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmsngr.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmuninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\smmain.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesuninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\bpmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\pmmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\smmon.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\iesmin.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\imsmn.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\uninst.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\Uninstall.exe".
The file at "<$PROGRAMFILES>\RichVideoCodec\install.ico".
The file at "<$PROGRAMFILES>\RichVideoCodec\ot.ico".
The file at "<$PROGRAMFILES>\RichVideoCodec\ts.ico".
The file at "<$PROGRAMS>\RichVideoCodec\Uninstall.lnk".
The file at "<$WINDIR>\gormet.dll".
The file at "<$SYSDIR>\gormet.dll".
The file at "<$WINDIR>\hdtip.dll".
The file at "<$SYSDIR>\hdtip.dll".
The file at "<$WINDIR>\pmkret.dll".
The file at "<$SYSDIR>\pmkret.dll".
The file at "<$WINDIR>\werbetknp.dll".
The file at "<$SYSDIR>\werbetknp.dll".
The file at "<$WINDIR>\monhop.exe".
The file at "<$SYSDIR>\monhop.exe".
Make sure you set your file manager to display hidden and system files. If Zlob.Downloader.rid uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMS>\RichVideoCodec".
The directory at "<$PROGRAMFILES>\RichVideoCodec".
Make sure you set your file manager to display hidden and system files. If Zlob.Downloader.rid uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "{28D203F3-4B8F-4BB4-A28D-6657BF1E3C2C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{28D203F3-4B8F-4BB4-A28D-6657BF1E3C2C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{DE38D02F-5257-4CF6-A13F-B6B9FCFC1090}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{DE38D02F-5257-4CF6-A13F-B6B9FCFC1090}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{266C397B-1D69-49D4-9278-D8DA5CB47DCE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_CLASSES_ROOT\TypeLib\".
A key in HKEY_CLASSES_ROOT\ named "voipwet.btgn", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "voipwet.ToolBar.1", plus associated values.
Delete the registry value "{32D5226F-3A9A-43A1-A250-5B337A96529D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{399D8FE0-0E39-4F75-B957-1416330BFC0F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{4C5B3552-E18F-45BE-BEA8-78ACEC1F2C6B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D4170A6E-8CE3-444B-ACA4-B3A0AF12C55C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{E3F8DA0E-B18B-48E5-9C39-BB4F1FBA0DE1}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{602F5204-5CD4-4160-9506-2CA8266FAC4D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{6AEA32A1-63D2-4DE6-A1F8-C2132972C15F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{B039EF74-B33F-468E-BE93-2A4F0D61DF59}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{3DD88B10-20E4-4085-BB2C-5A58B49910A9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{5216FD0F-3915-4F95-95CF-4F09659F58C3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry value "{1AEE42CC-A5E4-42C1-B3EB-5ACC08F65FB5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{5F82ABBF-DE78-4E5B-848B-AB23CA58F0D4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{88418AA3-16F5-4FC2-A9D8-90B1266DF841}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8EB24324-3394-4C5F-B69C-744A74797952}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{B2F4DC0B-E764-4A72-B14F-D951DEE90023}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D1D2E0E6-23D8-4DEF-8748-F0E3F60AAD55}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{36009226-067D-47C0-A497-7B2E5D3FAF03}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8F00C1D4-B47F-4A91-AFD7-4EC9968FE9F9}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{CE58E4D5-E8E1-4F59-AC3F-6315810A7889}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{6A930694-495D-4C93-A483-D72FEF0EF1CE}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{A8954909-1F0F-41A5-A7FA-3B376D69E226}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{CF026274-F586-4940-86BD-065139E90B5C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
A key in HKEY_CLASSES_ROOT\ named "voipwet.bknw", plus associated values.
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{6162F78D-ACF0-424F-BDF2-F73484EE91EC}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{EA298426-9AD3-4979-AFB4-600A2104B701}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{19D21F2D-455C-4AAA-8DF0-58F3D76962B4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3BB8D1E6-A402-4C71-AE1B-1F50537A606A}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{A9C93148-B7B4-47A2-9B30-0980E29202A4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B983DE8B-60CD-4F7F-B09A-F8A33B26845C}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{FA90741A-3800-41D0-9569-1784F5DEC02D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{8C7222DC-C90F-4D6C-B934-0D9977694CDB}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{644CABF0-671A-4B70-86A2-ACC7485C74E4}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{09D84029-30FD-45FF-9262-46F48DD1FC47}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F7A3BB37-D5C6-4946-AF22-DFCF804C67AB}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{F9348173-297F-4B5C-85AF-178991A58975}" at "HKEY_CLASSES_ROOT\TypeLib\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Internet Security\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Protection Tools\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Security Tools\".
Remove "<$PROGRAMFILES>\RichVideoCodec" from registry value "Path" at "HKEY_CURRENT_USER\Software\Online Add-on\".
If Zlob.Downloader.rid uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.