PEDev.BHO, the spyware bundled with the DelFin Media Viewer, is a highly dangerous spyware program.  It delivers ads in a television-like broadcast using animated commercials.  It also delivers pop-up and pop-under ads.  The resources it takes to run this program are so large that typically it will freeze Internet Explorer and necessitate manual shut down.  If you are still able to run Internet Explorer, it will monitor your browsing habits and send the data to a remote server.

PEDev.BHO was created by The DelFin Project, Inc. from Boca Raton, FL.  In their End User Licensing Agreement, they admit to collecting information, stating that it is for customer service and advertising purposes.  They claim that they don’t collect “personal information” such as names and addresses, but do say that they’re capable of doing so, and will in certain circumstances.  This constitutes a privacy threat.

If you have PEDev.BHO on your computer, it is in your best interest to remove it immediately.  It is both a system stability and privacy threat.  SpyZooka by ZookaWare can consistently and effectively remove it from your computer.

Also known as:

Adware.PEDev
Delfin Media Viewer 2.11
Adware/DelFinMedia – by Panda.
Trj/StartPage.AP – by Panda.
E1412445-4FF8-410e-8D24-F2CF86B171A4 (unique BHO ID)

Associated Files:

systemroot+\system32\pcs\pcsvc.exepcsvc.exe
programfilesdir+\common files\dpi\dpi.exe
programfilesdir+\delfin\pgsdk.dll
programfilesdir+\delfin\pgvalidator.dll
programfilesdir+\delfin\promulgate\pgmonitr.exe
programfilesdir+\delfin\promulgate\pgsdk.dll
programfilesdir+\delfin\promulgate\user.html
systemroot+\system32\pcs\init.dll
systemroot+\system32\pcs\pcsvc.dll
systemroot+\system32\pcs\pcsvc.exe
systemroot+\system32\pcs\pcsvcaccess.ocxdescription.txt
license.txt
uninstal.log
vcc pgdataaccess.ocx
195.dfn
63mm.exe
adl_mteststub.exe
delfin.txt
delfinmediaviewer_sn-f2.11.00-050b1df6.pf
description.txt
dpi.exe-1288a7dc.pf
mm15201518.stub.exe
nsv.ocx
nsvs.dll
nsvsvc.exe
nsvsvc.exe-0526a206.pf
patchme.exe-2c053480.pf
picsvr.exe
picsvr.exe-3931cc42.pf
posttracker.exe-2d5da7dd.pf
srtin.exe
srtin.exe-1d9a984b.pf
tatss.exe-1f70ec22.pf
uppicsvr.exe
uppicsvr.exe-03b2caf3.pf
vidctrl.exe
vidctrl.inf
winproc32.exe
wsxsvc.exe.delete
wtsdfi.exe-2f0de634.pf
HKEY_CLASSES_ROOT\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
HKEY_CLASSES_ROOT\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}\pgdataaccess property page
HKEY_CLASSES_ROOT\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
HKEY_CLASSES_ROOT\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}\_dpgdataaccessevents
HKEY_CLASSES_ROOT\interface\{41700749-a109-4254-af13-be54011e8783}\_dpgdataaccess
HKEY_CLASSES_ROOT\vccpgdataaccess.pgdataaccessctrl.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{a8bd9566-9895-4fa3-918d-a51d4cd15865}
HKEY_LOCAL_MACHINE\software\classes\clsid\{d0070620-1e72-42e7-a14c-3a255ad31839}
HKEY_LOCAL_MACHINE\software\classes\interface\{2bb15d36-43be-4743-a3a0-3308f4b1a610}
HKEY_LOCAL_MACHINE\software\classes\interface\{41700749-a109-4254-af13-be54011e8783}
HKEY_LOCAL_MACHINE\software\classes\typelib\{2a7db8d1-43be-4ad3-a81e-9bb8c9d00073}
HKEY_LOCAL_MACHINE\software\classes\vccpgdataaccess.pgdataaccessctrl.1
HKEY_LOCAL_MACHINE\software\dpi\item1
HKEY_LOCAL_MACHINE\software\dpi\item2
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dpi
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dvx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\pcsv
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\promulgate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\vidctrl
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\pgtools
HKEY_LOCAL_MACHINE\software\pcsv
HKEY_LOCAL_MACHINE\software\tat
HKEY_LOCAL_MACHINE\software\vidctrl