Basic Registry editing advice needed

I'm removing the Antivirlock Security Suite mess and going by the guides of various sites listing which registry entries are troublesome. I don't want to download and use these sites' removal tools either.

So my question is, do we have to delete every listed entry or do some of them just need editing? I ask because:

1)Were these entries already present, but only modified by the malware? If so, would removing them cause issue?

2) A registry entry listed on guide might not be exactly the same value as that in my registry. For instance, a guide may tell you to delete this:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

But what if your registry's entry is a 0 instead of a 1?

The blatantly obvious entries that were clearly specific to Antivirlock I deleted without hesistancy, but there are some ambiguous ones I'm concerned about (like above) so I came here.

Here's a list of targeted registries that we're told to delete (at least, these are the ones I'm unsure about):

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter “Enabled” = “0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache “%UserProfile%\Desktop\flash_player_installer\flash_player_installer.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyEnable” =”1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ?ProxyOverride” = “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation? = “1′


Any help would be appreciated, thanks!

I don't have a definitive answer for you, sorry, but what you posted is a good example of why I recommend wiping a disk, reformatting and reinstalling after a virus infection. I am not convinced antivirus/antimalware programs really identify all possible alterations to a registry or filesystem, and if one bad guy is missed and left behind after cleanup it may be enough to open your machine back up to new infections. And if you have gotten a rootkit there is no guarantee at all that your a/v cleanup is working right.
[

Thanks for the reply, Doug. None of the registry listings I pasted were results pulled from antivirus programs, but from various sites that have posted guides for manually removing the virus.

I've tried other sites asking if these entries should be outright deleted or do the values just need altering, but no dice.

Again I don't want to remove registry listings that were previously there before the virus. I suppose I could check another computer which never had this virus (or any of it's variants) to see if the listings I pasted are present there as well (and therefore maybe legit/necessary) , or if not present and I find out that the ones on the infected machine are just creations of the malware.

I also doubt that this warrants the tedious task of wiping everything and rebuilding from start, since the system can be recovered. Actually I managed to stop it before it fully unloaded anyhow, so I never even suffered it's symptoms. Of course I'd like to be clean of the remnant registry pieces.

Google is your friend.

Standard disclaimers of "muck with the registry at your own risk" and "not my fault if something gets screwed up".

Nicely done, thanks, Requinix!