The most common way spy- and adware links into Internet Explorer is creating a browser helper object. This is an advanced version of the BrowserHelper command.
BrowserHelperEx:[name of bho or bho clsid],<advanced file parameters>
While using RegyKey might be more fitting for just matching a browser helper object with a static name, you might encounter situations where a random name requires you to use the name of the associated class, or properties of the file the browser helper points to.
- The first parameter can identify both the BHO name, or the name of the class associated with the BHO.
- The second parameter, though optional, is highly recommended to refine the scan to be limited to BHO that point to a to be identified file, where the filename is gathered from the CLSID associated with the BHO.