- This topic contains 10 replies, 2 participants, and was last updated by
, 3 years and 4 months ago.
-
Messages
-
-
Hello Nicolas,
Hello everybody.
After installing a graphics card, ZHP Cleaner found this key for me:
HKLM\SOFTWARE\Classes\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB} [TVWizard Class]
Of course no problem, but what surprises me is that I only found one, because on my register I find it in several places.
Of course I kept the HTML as well as the txt of the cleaner which I put somewhere safe, whenever you are interested.
This first key removed, my diag is clean. (Except for a few things that have nothing to do with it)
So ZHPDiag doesn't see these keys either Adware which are still on my registry.
As I don't really know how to interpret the situation, I prefer to share it with you.
I don't touch anything important, waiting for feedback.
Attached is the text of the diag: https://www.cjoint.com/c/JLlvmBkFjHd
Cleaner text: https://www.cjoint.com/c/JLlvnYGmMqd
FYI, I am with Windows 10 .64 bits .20H2 Updated 09/12/2020.
I haven't done anything with FRST
Please let me know if you would like me to check with ESET? For example.
Kind regards, JP
-
Hello JP,
CLSID keys are actually placed in different places in the registry.
For TVWizard, can you list me the Registry keys that are not identified by ZHPDiag.
Free support forum
Nicholas Coolman -
Hello Nicolas,
I don't think I forgot any!
KEYS remaining after ZHPLite:
HKEY_CLASSES_ROOT\DisplayServer.TVWizard\CLSID (Par défaut) 63005CD0-8541-439c-A66A-617F4B1F2BCB
HKEY_CLASSES_ROOT\DisplayServer.TVWizard.1\CLSID (Par défaut) 63005CD0-8541-439c-A66A-617F4B1F2BCB
HKEY_CLASSES_ROOT\Video_TVServer.TVSizeMove.1\CLSID (Par défaut) 63005CD0-8541-439c-A66A-617F4B1F2BCB
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DisplayServer.TVWizard\CLSID (Default) 63005CD0-8541-439c-A66A-617F4B1F2BCB (REG SZ by default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DisplayServer.TVWizard.1\CLSID\63005CD0-8541-439c-A66A-617F4B1F2BCB) (REG SZ par défaut)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Video_TVServer.TVSizeMove.1\CLSID \ 63005CD0-8541-439c-A66A-617F4B1F2BCB) (REG SZ by default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKCR\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB} (REG SZ par défaut)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm\NVControlPanel2\RegisteredServers\Overrides
{63005CD0-8541-439c-A66A-617F4B1F2BCB} (REG_DWORD at 0) (REGDWORD at 0)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKCR\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB} ( REG SZ value not defined)
Container: Appid
inprocServer32
ProgID
TypeLib
VersionindependentProgIDHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvlddmkm\NVControlPanel2\RegisteredServers\
Overrides {63005CD0-8541-439c-A66A-617F4B1F2BCB} (REG_DWORD à 0)If you have other tips, don't hesitate, it will be with pleasure!
Kind regards, JP -
OK, I'm going to update tables (classes and CLSID), you tell me if there are any lines left to do with the next version
Regards
NicolasFree support forum
Nicholas Coolman -
Mail dated 17/12/2020 Nicolas.
Hello Nicolas,
Hello everyone.
The version of ZHPCleaner 262 as well as the DIAG 262 does not present any improvement in the key
{63005CD0-8541-439c-A66A-617F4B1F2BCB}
After running both ZHP software and not seeing any improvement, I restored to the approximate date of my last post, then I ran ZHPCleaner and ZHPSuite version 262 again.
I get the same results as with version 261.
ZHPCleaner found the key for me:
HKLM\SOFTWARE\Classes\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB} [TVWizard Class] =>Adware.TVWizard
And so the following keys remain (checked just now)
Computer\HKEY_CLASSES_ROOT\DisplayServer.TVWizard\CLSID
Computer\HKEY_CLASSES_ROOT\DisplayServer.TVWizard.1\CLSID
Computer\HKEY_CLASSES_ROOT\Video_TVServer.TVSizeMove.1\CLSID
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DisplayServer.TVWizard\CLSID
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DisplayServer.TVWizard.1\CLSID
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Video_TVServer.TVSizeMove.1\CLSID
Ordinateur\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKCR\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB}
Ordinateur\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpResources\Registry\HKCR\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB}
Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm\NVControlPanel2\RegisteredServers\Overrides
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvlddmkm\NVControlPanel2\RegisteredServers\Overrides
FYI, ESET can't find anything, yet this key is cataloged as PUP.
Can it be the consequence of trade agreements?
Kind regards, JP
PS, not having any other stations on hand, I think that possibly other readers could check the presence or not of this key in their registers.
Kind regards, JP
-
Hello JP,
Can you make an export of this key for me?
HKLM\SOFTWARE\Classes\CLSID\{63005CD0-8541-439c-A66A-617F4B1F2BCB}
Free support forum
Nicholas Coolman -
Re, J.P.
No need for an export, after research, it turns out that this key {63005CD0-8541-439c-A66A-617F4B1F2BCB} comes from an nVidia version and therefore legitimate. it is also found at the “Services” level with the name “nvlddmkm”. ZHP version “263” will remove Adware designation
Free support forum
Nicholas Coolman -
-
Do you mean the key is deleted? if so you can retrieve it from the registry quarantine.
Free support forum
Nicholas Coolman -
Hello Nicolas,
Do you mean the key is deleted? ? Not at all, I expressed myself badly, I wanted to say that my message with what you asked me was gone!
I thank you for the leniency you bring,
My message was as follows, for me it was gone, but apparently it didn't arrive.
FYI, In HKLM\SOFTWARE\Classes\ I find at the end of the list CLSID (undefined value) then under this directory I find CLSID again with the key you asked me for.
I made several attempts to change the authorizations (administrators, users and effective access) nothing changes in the two ZHPs.
So here is the key including two types of authorization.
https://www.cjoint.com/c/JLrozI0sBCd
https://www.cjoint.com/c/JLroAPZa5Rd
I'm going away for a few hours, I'll be back in the evening.
On the other hand, before coming forward, I had found this key on several helper fix lists (some of which you know well) and nothing to rejoice on the net.
I think it's better that I remove the installation of this card and only reinstall the bare minimum that I need.
I don't want to be inundated with advertising.
What do you think ?
Kind regards, JP
-
Hello JP,
Strange, your answers were blocked in “Waiting for proofreading”, I just unblocked one and deleted the other duplicates.
In fact, you can limit yourself to a reduced installation for your card and check that this does not harm its operation.
Free support forum
Nicholas Coolman
-
- You must be logged in to reply to this topic.