Remove Employee Watcher, removal instructions

Employee Watcher manual removal:

Kill processes:
svchost.exe, smss.exe, initializer.exe, csrss.exe, csrss.ex

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdateProtection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdateProtection
HKEY_CLASSES_ROOT\ANSMTP.OBJ
HKEY_CLASSES_ROOT\ANSMTP.OBJ.1
HKEY_CLASSES_ROOT\axsCaptureScrn.axsCapScreen
HKEY_CLASSES_ROOT\dwshk36.HookPage
HKEY_CLASSES_ROOT\dwshk36.HookPage.1
HKEY_CLASSES_ROOT\dwshk36.KeyList
HKEY_CLASSES_ROOT\dwshk36.KeyList.1
HKEY_CLASSES_ROOT\dwshk36.KeyPage
HKEY_CLASSES_ROOT\dwshk36.KeyPage.1
HKEY_CLASSES_ROOT\dwshk36.MsgList
HKEY_CLASSES_ROOT\dwshk36.MsgList.1
HKEY_CLASSES_ROOT\dwshk36.RegMsg
HKEY_CLASSES_ROOT\dwshk36.RegMsg.1
HKEY_CLASSES_ROOT\dwshk36.WinHook
HKEY_CLASSES_ROOT\dwshk36.WinHook.6
HKEY_CLASSES_ROOT\InetCtls.Inet
HKEY_CLASSES_ROOT\InetCtls.Inet.1
HKEY_CLASSES_ROOT\Mabry.PingX
HKEY_CLASSES_ROOT\Mabry.PingX.1
HKEY_CLASSES_ROOT\Mabry.PingXCom
HKEY_CLASSES_ROOT\Mabry.PingXCom.1
HKEY_CLASSES_ROOT\Mabry.CPingXPropPage
HKEY_CLASSES_ROOT\Mabry.CPingXPropPage.1
HKEY_CLASSES_ROOT\CLSID\{0468C950-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\CLSID\{22B4C8F5-A686-42CC-8224-E4817445109F}
HKEY_CLASSES_ROOT\CLSID\{253664FB-EDFC-4AC6-BD69-B322F466AEED}
HKEY_CLASSES_ROOT\CLSID\{2C704DBB-9C46-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOT\CLSID\{389B19B9-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOT\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOT\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\CLSID\{6E29B981-9C50-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOT\CLSID\{6E29B982-9C50-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOT\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
HKEY_CLASSES_ROOT\CLSID\{855C49A7-9C3C-11D1-B784-00001C1AD1F8}
HKEY_CLASSES_ROOT\CLSID\{8B8BB3A2-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
HKEY_CLASSES_ROOT\CLSID\{DE5C2449-65D5-4413-BFCF-6BFCDF294665}
HKEY_CLASSES_ROOT\Interface\{0468C94F-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{0468C951-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{389B19B7-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOT\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOT\Interface\{3E3621C0-8635-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{48E59291-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}
HKEY_CLASSES_ROOT\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}
HKEY_CLASSES_ROOT\Interface\{8B8BB3A1-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{8B8BB3A3-8576-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}
HKEY_CLASSES_ROOT\Interface\{A834857C-9A90-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOT\Interface\{AB14F05E-4C1D-49DC-8BD5-9E6B510B3EBA}
HKEY_CLASSES_ROOT\Interface\{B78B0E98-0431-4A6B-8C3D-F240FE8725F5}
HKEY_CLASSES_ROOT\Interface\{D937A3C0-8634-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\Interface\{E9A5593C-CAB0-11D1-8C0B-0000F8754DA1}
HKEY_CLASSES_ROOT\Interface\{ED117630-4090-11CF-8981-00AA00688B10}
HKEY_CLASSES_ROOT\Interface\{F7C1A3FA-C511-488A-B583-4F153B9368C4}
HKEY_CLASSES_ROOT\TypeLib\{0468C933-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\TypeLib\{0468C941-83E2-11D3-BE51-00C0DFC2E32C}
HKEY_CLASSES_ROOT\TypeLib\{0A4AFE1D-F664-11D0-B649-00001C1AD1F8}
HKEY_CLASSES_ROOT\TypeLib\{1FAA49C4-16B7-4D28-8930-31BE1810D943}
HKEY_CLASSES_ROOT\TypeLib\{389B19AA-9A87-11D1-B77F-00001C1AD1F8}
HKEY_CLASSES_ROOT\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}
HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}
HKEY_CLASSES_ROOT\TypeLib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}

HELP:
how to remove registry entries

Delete files:
svchost.exe, smss.exe, initializer.exe, csrss.exe, csrss.ex, employee watcher [XVS] uninstaller.exe, uninstaller.exe

HELP:
how to remove harmful files

Delete directories:
C:\windowsupdate\
Misc:
[XVS] is the version number.
Some listed registry entries can be used by installed legitimate software.
The uninstaller requires a password to work.

Remove Employee Watcher. Description and removal instructions

Automatic Employee Watcher removal:

Employee Watcher manual removal:

Other programs to remove Employee Watcher:

Additional resources related to Employee Watcher:

Post Comment: