WinPC Defender

» If you can't view the screen shot, you may have to click the screen shot when you put the mouse over the it.
» Dependant upon your browser settings.

This sleek program is another to watch out for. So be don't be tricked.

Below are entries found in the Registry(If you are unfamiliar with the registry...Leave this page NOW) and files associated with the program. WinPC Defender

Key Name:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Class Name:
Last Write Time: 6/10/2009 - 4:18 AM
  1. Value 1
    Name: sysav
    Type: REG_SZ
    Data: C:\Documents and Settings\User Name\Application Data\pcdefender.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\Documents and Settings\User Name\Application Data
1,022,976 bytes -pcdefender.exe

C:\WINDOWS\Prefetch
36,586 bytes - PCDEFENDER.EXE-354FEEB2.pf

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://winpcdefender09.com/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\Documents and Settings\User Name\Desktop\WinPC Defender.LNK

C:\Documents and Settings\User Name\Start Menu\WinPC Defender.LNK

Key Name: HKEY_CURRENT_USER\Software\WinPC Defender
Class Name:
Last Write Time: 6/17/2009 - 12:35 PM
  1. Value 0
    Name: Minimize
    Type: REG_SZ
    Data: 0


  2. Value 1
    Name: Start
    Type: REG_SZ
    Data: 1


  3. Value 2
    Name: Scan
    Type: REG_SZ
    Data: 1


  4. Value 3
    Name: id
    Type: REG_SZ
    Data: 186


  5. Value 4
    Name: UpdateDate
    Type: REG_SZ
    Data: 08-06-2009


  6. Value 5
    Name: fstart
    Type: REG_SZ
    Data: 0


  7. Value 6
    Name: site
    Type: REG_SZ
    Data: http://2payon.com/pp/?id=


  8. Value 7
    Name: lang
    Type: REG_SZ
    Data: en
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ext\stats\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_CURRENT_USER\software\winpc defender
HKEY_LOCAL_MACHINE\software\classes\clsid\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}\programmable
HKEY_LOCAL_MACHINE\software\classes\typelib\{a54dc52d-7aad-4d40-a126-337211631edc}
HKEY_LOCAL_MACHINE\software\classes\typelib\{a54dc52d-7aad-4d40-a126-337211631edc}\1.0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  1. defender.exe
  2. pcdef[1].exe
  3. WinPC Defender.exe
  4. pcdefender.exe-removed_skip
  5. ieocx.dll
  6. 1234.exe
  7. 7339880.exe
  8. c:\WINDOWS\ieocx.dll
  9. pcdefender.exe
  10. winpc defender.lnk
  11. install.exe
*********************************************************

HKEY_CLASSES_ROOT\CLSID\{39fc2065-c9c7-49cd-8942-44cc2dedc844}
HKEY_CLASSES_ROOT\CLSID\{96ad72e4-2e2b-4ffc-a5bb-279c2714af12}
HKEY_CLASSES_ROOT\IEocxApp.IEocx
HKEY_CLASSES_ROOT\IEocxApp.IEocx.1
HKEY_CLASSES_ROOT\Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_CLASSES_ROOT\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKEY_CLASSES_ROOT\TypeLib\{A54DC52D-7AAD-4D40-A126-337211631EDC}


HKEY_CURRENT_USER\Software\WinPC Defender
HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"
HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "sysav"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Content"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPCDefender
HKEY_LOCAL_MACHINE\SOFTWARE\WinPCDefender.com
  1. WinPC Defender

  2. WinPC Defender

  3. WinPC Defender

  4. WinPC Defender

  5. WinPC Defender

  6. WinPC Defender

  7. WinPC Defender

  8. WinPC Defender

  9. WinPC Defender