Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SystweakASP' = '"%PROGRAM_FILES%\RegClean Pro\SystweakASP.exe" /verysilent'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RDReminder' = '%PROGRAM_FILES%\RegClean Pro\RegCleanPro.exe -rem'
- %WINDIR%\Tasks\RegClean Pro_DEFAULT.job
- %WINDIR%\Tasks\RegClean Pro_UPDATES.job
- '%TEMP%\BackupSetup.exe' /S
- '%PROGRAM_FILES%\RegClean Pro\systweakasp.exe' /verysilent
- '%APPDATA%\Advanced System Protector\aspsetup.exe' /verysilent
- '%TEMP%\is-DUV4E.tmp\systweakasp.tmp' /SL5="$500DE,215147,153600,%PROGRAM_FILES%\RegClean Pro\systweakasp.exe" /verysilent
- '%TEMP%\RegClean8.exe' /verysilent
- '%TEMP%\is-5KDJU.tmp\RegClean8.tmp' /SL5="$30092,3850014,136704,%TEMP%\RegClean8.exe" /verysilent
- '%PROGRAM_FILES%\RegClean Pro\Cloud_Backup_Setup.exe' /S
- '%PROGRAM_FILES%\RegClean Pro\RegCleanPro.exe' babylon
- '%APPDATA%\Advanced System Protector\aspsetup.exe' (downloaded from the Internet)
- '%TEMP%\BackupSetup.exe' (downloaded from the Internet)
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\jscript.dll"
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'RegMonClass' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- %ALLUSERSPROFILE%\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
- %ALLUSERSPROFILE%\Desktop\RegClean Pro.lnk
- %TEMP%\is-C6VPS.tmp\roboot.exe
- %PROGRAM_FILES%\RegClean Pro\unins000.dat
- %PROGRAM_FILES%\RegClean Pro\unins000.msg
- %PROGRAM_FILES%\RegClean Pro\is-0GMBB.tmp
- %PROGRAM_FILES%\RegClean Pro\is-9S71P.tmp
- %PROGRAM_FILES%\RegClean Pro\is-5HHOT.tmp
- %PROGRAM_FILES%\RegClean Pro\is-CO3DF.tmp
- %PROGRAM_FILES%\RegClean Pro\is-GFHSD.tmp
- %PROGRAM_FILES%\RegClean Pro\is-VIAOJ.tmp
- %PROGRAM_FILES%\RegClean Pro\is-7SFJ9.tmp
- <SYSTEM32>\roboot.exe
- %APPDATA%\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat
- %APPDATA%\Systweak\RegClean Pro\Version 6.1\log_06-27-2013.log
- %TEMP%\is-DUV4E.tmp\systweakasp.tmp
- %APPDATA%\Advanced System Protector\aspsetup.exe
- %TEMP%\is-3IUET.tmp\isxdl.dll
- %TEMP%\is-3IUET.tmp\_isetup\_shfoldr.dll
- %TEMP%\nsf2.tmp\NSISdl.dll
- %TEMP%\nse4.tmp\NSISdl.dll
- %TEMP%\aff.conf
- %TEMP%\BackupSetup.exe
- %APPDATA%\Systweak\RegClean Pro\Version 6.1\bl.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\installtracker[1].aspx
- %TEMP%\ping.txt
- %PROGRAM_FILES%\RegClean Pro\is-5C0J6.tmp
- %PROGRAM_FILES%\RegClean Pro\is-RS2SQ.tmp
- %PROGRAM_FILES%\RegClean Pro\is-RDLI1.tmp
- %PROGRAM_FILES%\RegClean Pro\is-H3D54.tmp
- %PROGRAM_FILES%\RegClean Pro\is-FTU61.tmp
- %PROGRAM_FILES%\RegClean Pro\is-CH6F8.tmp
- %PROGRAM_FILES%\RegClean Pro\is-2IPT4.tmp
- %PROGRAM_FILES%\RegClean Pro\is-D39KB.tmp
- %TEMP%\is-5KDJU.tmp\RegClean8.tmp
- %TEMP%\nsf2.tmp\Registry.dll
- %TEMP%\RegClean8.exe
- %TEMP%\is-C6VPS.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\RegClean Pro\is-GOA0C.tmp
- %TEMP%\is-C6VPS.tmp\setup_en.bmp
- %TEMP%\is-C6VPS.tmp\pcbackup.bmp
- %PROGRAM_FILES%\RegClean Pro\is-SBL98.tmp
- %PROGRAM_FILES%\RegClean Pro\is-CQAI3.tmp
- %PROGRAM_FILES%\RegClean Pro\is-J0ACB.tmp
- %PROGRAM_FILES%\RegClean Pro\is-KCPVE.tmp
- %PROGRAM_FILES%\RegClean Pro\is-P3Q96.tmp
- %PROGRAM_FILES%\RegClean Pro\is-B1JRG.tmp
- %PROGRAM_FILES%\RegClean Pro\is-CV11K.tmp
- %PROGRAM_FILES%\RegClean Pro\is-RQQVS.tmp
- %PROGRAM_FILES%\RegClean Pro\is-MNJ2V.tmp
- %PROGRAM_FILES%\RegClean Pro\is-930BL.tmp
- %PROGRAM_FILES%\RegClean Pro\is-53N7E.tmp
- %PROGRAM_FILES%\RegClean Pro\is-71I2Q.tmp
- %PROGRAM_FILES%\RegClean Pro\is-42BDM.tmp
- %PROGRAM_FILES%\RegClean Pro\is-R7U8D.tmp
- %PROGRAM_FILES%\RegClean Pro\is-LLRQ6.tmp
- %APPDATA%\Advanced System Protector\aspsetup.exe
- %TEMP%\nsf2.tmp\Registry.dll
- %TEMP%\nsf2.tmp\NSISdl.dll
- %TEMP%\is-DUV4E.tmp\systweakasp.tmp
- %TEMP%\is-3IUET.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-3IUET.tmp\isxdl.dll
- %TEMP%\is-C6VPS.tmp\setup_en.bmp
- %TEMP%\is-C6VPS.tmp\roboot.exe
- %TEMP%\is-C6VPS.tmp\pcbackup.bmp
- %TEMP%\nse4.tmp\NSISdl.dll
- %TEMP%\is-5KDJU.tmp\RegClean8.tmp
- %TEMP%\is-C6VPS.tmp\_isetup\_shfoldr.dll
- from %PROGRAM_FILES%\RegClean Pro\is-RQQVS.tmp to %PROGRAM_FILES%\RegClean Pro\Spanish_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-CV11K.tmp to %PROGRAM_FILES%\RegClean Pro\Swedish_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-B1JRG.tmp to %PROGRAM_FILES%\RegClean Pro\Finnish_rcp_fi.ini
- from %PROGRAM_FILES%\RegClean Pro\is-P3Q96.tmp to %PROGRAM_FILES%\RegClean Pro\Portuguese_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-KCPVE.tmp to %PROGRAM_FILES%\RegClean Pro\Italian_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-J0ACB.tmp to %PROGRAM_FILES%\RegClean Pro\Japanese_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-CQAI3.tmp to %PROGRAM_FILES%\RegClean Pro\Norwegian_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-5C0J6.tmp to %PROGRAM_FILES%\RegClean Pro\portugese_rcp_pt.ini
- from %PROGRAM_FILES%\RegClean Pro\is-7SFJ9.tmp to %PROGRAM_FILES%\RegClean Pro\korean_rcp_ko.ini
- from %PROGRAM_FILES%\RegClean Pro\is-VIAOJ.tmp to %PROGRAM_FILES%\RegClean Pro\TraditionalCn_rcp_zh-tw.ini
- from %PROGRAM_FILES%\RegClean Pro\is-GFHSD.tmp to %PROGRAM_FILES%\RegClean Pro\xmllite.dll
- from %PROGRAM_FILES%\RegClean Pro\is-CO3DF.tmp to %PROGRAM_FILES%\RegClean Pro\polish_rcp_pl.ini
- from %PROGRAM_FILES%\RegClean Pro\is-5HHOT.tmp to %PROGRAM_FILES%\RegClean Pro\russian_rcp_ru.ini
- from %PROGRAM_FILES%\RegClean Pro\is-9S71P.tmp to %PROGRAM_FILES%\RegClean Pro\greek_rcp_el.ini
- from %PROGRAM_FILES%\RegClean Pro\is-0GMBB.tmp to %PROGRAM_FILES%\RegClean Pro\turkish_rcp_tr.ini
- from %PROGRAM_FILES%\RegClean Pro\is-42BDM.tmp to %PROGRAM_FILES%\RegClean Pro\German_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-FTU61.tmp to %PROGRAM_FILES%\RegClean Pro\isxdl.dll
- from %PROGRAM_FILES%\RegClean Pro\is-D39KB.tmp to %PROGRAM_FILES%\RegClean Pro\CleanSchedule.exe
- from %PROGRAM_FILES%\RegClean Pro\is-2IPT4.tmp to %PROGRAM_FILES%\RegClean Pro\RCPUninstall.exe
- from %PROGRAM_FILES%\RegClean Pro\is-RS2SQ.tmp to %PROGRAM_FILES%\RegClean Pro\RegCleanPro.dll
- from %PROGRAM_FILES%\RegClean Pro\is-GOA0C.tmp to %PROGRAM_FILES%\RegClean Pro\unins000.exe
- from %PROGRAM_FILES%\RegClean Pro\is-H3D54.tmp to %PROGRAM_FILES%\RegClean Pro\RegCleanPro.exe
- from %PROGRAM_FILES%\RegClean Pro\is-RDLI1.tmp to %PROGRAM_FILES%\RegClean Pro\install_left_image.bmp
- from %PROGRAM_FILES%\RegClean Pro\is-CH6F8.tmp to %PROGRAM_FILES%\RegClean Pro\systweakasp.exe
- from %PROGRAM_FILES%\RegClean Pro\is-71I2Q.tmp to %PROGRAM_FILES%\RegClean Pro\Dutch_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-LLRQ6.tmp to %PROGRAM_FILES%\RegClean Pro\eng_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-R7U8D.tmp to %PROGRAM_FILES%\RegClean Pro\French_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-MNJ2V.tmp to %PROGRAM_FILES%\RegClean Pro\Danish_rcp.ini
- from %PROGRAM_FILES%\RegClean Pro\is-SBL98.tmp to %PROGRAM_FILES%\RegClean Pro\Cloud_Backup_Setup.exe
- from %PROGRAM_FILES%\RegClean Pro\is-53N7E.tmp to %PROGRAM_FILES%\RegClean Pro\Cloud_Backup_Setup_Intl.exe
- from %PROGRAM_FILES%\RegClean Pro\is-930BL.tmp to %PROGRAM_FILES%\RegClean Pro\Chinese_rcp.ini
- 'cl#####ont.systweak.com':80
- 'localhost':445
- '<Private IP address>':80
- 'im.##stweak.com':80
- 'tr###.#ypcbackup.com':80
- 'in#####.outbrowse.com':80
- 'localhost':1040
- im.##stweak.com/installtracker.aspx?tr#####################
- cl#####ont.systweak.com/aspsl/aspsetup_systweak_default.exe
- tr###.#ypcbackup.com/8695a4a3/systweakinstall/MyPCBackup_Setup.exe
- in#####.outbrowse.com/installTrack.php?pu##############################################################################
- DNS ASK im.##stweak.com
- DNS ASK cl#####ont.systweak.com
- DNS ASK tr###.#ypcbackup.com
- DNS ASK in#####.outbrowse.com
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'