Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Registry Helper' = '"%PROGRAM_FILES%\Registry Helper\RegistryHelper.Exe" /boot'
- [<HKLM>\SYSTEM\ControlSet001\Services\Registry Helper Service] 'Start' = '00000002'
- '%PROGRAM_FILES%\Registry Helper\RegistryHelperService.exe'
- '%PROGRAM_FILES%\Registry Helper\RegistryHelper.exe' /Install /Freeze /delay5
- '%PROGRAM_FILES%\Registry Helper\RegistryHelperService.exe' /i
- '%PROGRAM_FILES%\Registry Helper\Starter.exe'
- %PROGRAM_FILES%\Registry Helper\Help\images\activation_successful.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\activation_incorrect.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\ignore_list.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\background.gif
- %PROGRAM_FILES%\Registry Helper\Help\images\about.jpg
- %PROGRAM_FILES%\Registry Helper\Help\Updates.htm
- %PROGRAM_FILES%\Registry Helper\Help\images\activate_now.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\activate.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\restore.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\program_settings.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\scan_options.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\scan_now.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\internet_speed_optimizer.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\index_16.gif
- %PROGRAM_FILES%\Registry Helper\Help\images\logo.gif
- %PROGRAM_FILES%\Registry Helper\Help\images\invalid_entries_detected.jpg
- %PROGRAM_FILES%\Registry Helper\Help\Restore.htm
- %PROGRAM_FILES%\Registry Helper\Help\Program Settings.htm
- %PROGRAM_FILES%\Registry Helper\Help\Scan Now.htm
- %PROGRAM_FILES%\Registry Helper\Help\Retrieve Lost Activation Key.htm
- %PROGRAM_FILES%\Registry Helper\Help\Invalid Entries Detected.htm
- %PROGRAM_FILES%\Registry Helper\Help\Internet Optimizer.htm
- %PROGRAM_FILES%\Registry Helper\Help\Overview.htm
- %PROGRAM_FILES%\Registry Helper\Help\License Agreement.htm
- %PROGRAM_FILES%\Registry Helper\Help\System Requirements.htm
- %PROGRAM_FILES%\Registry Helper\Help\Startup Manager.htm
- %PROGRAM_FILES%\Registry Helper\Help\Uninstall.htm
- %PROGRAM_FILES%\Registry Helper\Help\Technical Support.htm
- %PROGRAM_FILES%\Registry Helper\Help\Scanning.htm
- %PROGRAM_FILES%\Registry Helper\Help\Scan Options.htm
- %PROGRAM_FILES%\Registry Helper\Help\Splash Screen.htm
- %PROGRAM_FILES%\Registry Helper\Help\Scheduler.htm
- %PROGRAM_FILES%\Registry Helper\Registry Helper.url
- %ALLUSERSPROFILE%\Desktop\Registry Helper.lnk
- %PROGRAM_FILES%\Registry Helper\uninst.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Registry Helper\Visit our Website.lnk
- <SYSTEM32>\msflxgrd.ocx
- <SYSTEM32>\dhRichClient3.dll
- %ALLUSERSPROFILE%\Start Menu\Programs\Registry Helper\Registry Helper.lnk
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\BackupOptions.efs
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\StatusInfo.efs
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\RegistryHelper.ini
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\Ignored.efs
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Service\Service Log.txt
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Service\SentData.dat
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\Options.efs
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\Settings.efs
- %PROGRAM_FILES%\Registry Helper\Help\include\footer.js
- %PROGRAM_FILES%\Registry Helper\Help\images\updates.jpg
- <SYSTEM32>\mscomct2.ocx
- %PROGRAM_FILES%\Registry Helper\Help\include\jsfunctions.js
- %PROGRAM_FILES%\Registry Helper\Help\images\scheduler.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\scanning.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\startup_manager.jpg
- %PROGRAM_FILES%\Registry Helper\Help\images\splash_screen.jpg
- <SYSTEM32>\RegistryHelperLM.ocx
- <SYSTEM32>\NTSVC.ocx
- <SYSTEM32>\sqlite36_engine.dll
- <SYSTEM32>\DirectCOM.dll
- <SYSTEM32>\SYSINFO.OCX
- <SYSTEM32>\mscomctl.ocx
- <SYSTEM32>\MSINET.OCX
- <SYSTEM32>\RICHTX32.OCX
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter9.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter8.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter11.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter10.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter5.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter4.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter7.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter6.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter17.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter16.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter19.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter18.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter13.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter12.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter15.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter14.htm
- %PROGRAM_FILES%\Registry Helper\RegistryHelper.exe
- %PROGRAM_FILES%\Registry Helper\ErrorFound.wav
- %PROGRAM_FILES%\Registry Helper\Starter.exe
- %PROGRAM_FILES%\Registry Helper\RegistryHelperService.exe
- %TEMP%\nsc3.tmp\System.dll
- %TEMP%\nsn2.tmp
- %PROGRAM_FILES%\Registry Helper\msxml6.msi
- %PROGRAM_FILES%\Registry Helper\RegistryHelperSetupTR.exe
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter1.htm
- %PROGRAM_FILES%\Registry Helper\AdvisorLetters.exe
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter3.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter2.htm
- %PROGRAM_FILES%\Registry Helper\vbrun60sp5.exe
- %PROGRAM_FILES%\Registry Helper\RegistryHelperUninstaller.exe
- %PROGRAM_FILES%\Registry Helper\Registry Helper Screen Saver Setup.exe
- %PROGRAM_FILES%\Registry Helper\RegistryHelperSetupCB.exe
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\include\header.js
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\include\footer_short.js
- %PROGRAM_FILES%\Registry Helper\logo.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\include\jsfunctions.js
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\get_activation_key.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\update_computer_grey.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\include\footer.js
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\index_16.gif
- %PROGRAM_FILES%\Registry Helper\Help\Help_index.htm
- %PROGRAM_FILES%\Registry Helper\Help\Help_header.htm
- %PROGRAM_FILES%\Registry Helper\Help\Ignore List.htm
- %PROGRAM_FILES%\Registry Helper\Help\How To Order.htm
- %PROGRAM_FILES%\Registry Helper\Help\About.htm
- %PROGRAM_FILES%\Registry Helper\background.gif
- %PROGRAM_FILES%\Registry Helper\Help\Help.htm
- %PROGRAM_FILES%\Registry Helper\Help\Activate Now.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\delete_invalid_entries_grey.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\computerupdater_box.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\diskcleaner_box.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\delete_junk_files_grey.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter21.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter20.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\00_Advisor Letters Index.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\Letter22.htm
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\print_16.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\livedrive.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\startup_manager.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\signature.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\header.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\get_discount.gif
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\iPad_Video_Lessons.jpg
- %PROGRAM_FILES%\Registry Helper\Advisor Letters\images\internet_speed_optimizer.jpg
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\BackupOptions.efs
- %TEMP%\~DF1817.tmp
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\StatusInfo.efs
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\Options.efs
- %TEMP%\nsc3.tmp\System.dll
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Service\SentData.dat
- %ALLUSERSPROFILE%\Application Data\Registry Helper\Settings\Settings.efs
- 'www.re###lper.com':80
- 'www.sa####psoftware.com':80
- 'localhost':1036
- www.re###lper.com/rh/tr.asp?so#######################################################################################################################################################################################################################################################################################
- www.sa####psoftware.com/sa/SIError.asp?ex#########################################################################################################
- DNS ASK www.re###lper.com
- DNS ASK www.sa####psoftware.com
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ThunderRT6FormDC' WindowName: 'Registry Helper (SafeApp Software, LLC)'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Registry Helper Advisor'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Registry Helper Bundle Starter'